If I open the gates, I can see oodles of connections from China or Singapore in my server logs, all from different IP addresses but all allegedly (according to their USER_AGENT) from iphones with identical software versions.
Maybe these are infected apps on actual iphones, maybe they are scrapers purporting to be iphones, but one thing is sure: the good old internet isn't any more.
Yikes, this can become a slippery slop towards surveillance state very quickly with these type of authentication or human verification. Kinda like what the invisible pixel thing on steroid, but event more intrusive and harder to evade.
Yes, thanks for bringing this up. We've made product decisions to improve bot detection that also move away from adtech-style tracking - happy to chat about the specifics privately, bchen at stytch dot com.
Related, I have a fairly unusual setup for my personal laptop and that makes many anti-bot products Very Unhappy (same for many of my teammates). It's easy to detect users who dare to run something other than stock Chrome/Safari, but it's disappointing that many services penalize you for it. We designed Intelligent Rate Limiting so that real users on unusual setups aren't blocked: https://stytch.com/docs/fraud/guides/device-fingerprinting/d...
The existence of residential proxies like these is a massive pain if you run free trials or giveaways or host user-generated content (aka a spam/scam opportunity). DSLRoot is only one service of many (see last year's takedown of 911 S5 https://www.scworld.com/news/fbi-takes-down-911-s5-botnet-li... ) and there's plenty of demand for it.
Imagine getting hit by thousands+ of different IP addresses with different user agents, etc. Banning these IPs is not a great option - lots of collateral damage because many real people share IPs, depending on ISP setup.
I work on bot detection involving device fingerprinting - imo this is one of the only ways to defend against residential proxy activity, since you can sniff out the warning flags of automation software and other shared indicators regardless of IP.