<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:media="http://search.yahoo.com/mrss/"><channel><title><![CDATA[Prevent Ad Fraud and Click Fraud]]></title><description><![CDATA[Prevent and tackle ad fraud and click fraud with your Google Ads and Facebook Ads. ]]></description><link>https://button.solutions/blog/</link><image><url>https://button.solutions/blog/favicon.png</url><title>Prevent Ad Fraud and Click Fraud</title><link>https://button.solutions/blog/</link></image><generator>Ghost 5.88</generator><lastBuildDate>Fri, 17 Jul 2026 09:14:39 GMT</lastBuildDate><atom:link href="https://button.solutions/blog/rss/" rel="self" type="application/rss+xml"/><ttl>60</ttl><item><title><![CDATA[The Mystery of Google Chrome's On Device Model]]></title><description><![CDATA[<p><br><a href="https://www.linkedin.com/feed/update/urn:li:activity:7457020608120242178/?ref=button.solutions">https://www.linkedin.com/feed/update/urn:li:activity:7457020608120242178/</a><br><a href="https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/?ref=button.solutions">https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/</a></p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/05/image-2.png" class="kg-image" alt loading="lazy" width="527" height="609"></figure><p><br>This at first glance appears correct - but on deeper analysis does not measure up on Linux/Ubuntu. I measured 355MB download on Chrome 143 for the entire .config/google-chrome directory and 784MB for</p>]]></description><link>https://button.solutions/blog/the-mystery-of-google-chromes-on-device-model/</link><guid isPermaLink="false">69fc55c4bdffb392cc804631</guid><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Thu, 07 May 2026 09:33:08 GMT</pubDate><content:encoded><![CDATA[<p><br><a href="https://www.linkedin.com/feed/update/urn:li:activity:7457020608120242178/?ref=button.solutions">https://www.linkedin.com/feed/update/urn:li:activity:7457020608120242178/</a><br><a href="https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/?ref=button.solutions">https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/</a></p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/05/image-2.png" class="kg-image" alt loading="lazy" width="527" height="609"></figure><p><br>This at first glance appears correct - but on deeper analysis does not measure up on Linux/Ubuntu. I measured 355MB download on Chrome 143 for the entire .config/google-chrome directory and 784MB for .cache/google-chrome <br>(using <code>du -h -d 0</code>)</p><p>It&apos;s possible on Mac OS that these numbers are larger. Below, we show that on Mac OS specifically, there are flags that do more than on other OS types.</p><p></p><h2 id="background">Background</h2><p>Google doesn&apos;t need to train on device - every keystroke you type into the search/navigation bar is sent to google as an autocomplete request (unless you provide a different provider aka keylogger).</p><p>Google provides several features through this <a href="https://support.google.com/chrome/answer/16961953?hl=en&amp;ref=button.solutions" rel="noreferrer">service</a>:</p><ul><li>Helps with writing or rephrasing text</li><li>Warns you about scams</li><li>Summarizes web pages</li><li>Organizes your tabs</li></ul><p>Given the diversity of scams, it seems like a decent feature to keep around. The writing/rephrasing etc. seems less relevant for an on-device model, but if you <em>must</em> have an AI model, better to keep it local.</p><h2 id="presence-in-chromium-based-browsers">Presence in Chromium Based Browsers</h2><p>I also saw that in <a href="https://www.linkedin.com/feed/update/urn:li:activity:7457020608120242178/?dashCommentUrn=urn%3Ali%3Afsd_comment%3A%287457055856564592641%2Curn%3Ali%3Aactivity%3A7457020608120242178%29&amp;dashReplyUrn=urn%3Ali%3Afsd_comment%3A%287457328389889294336%2Curn%3Ali%3Aactivity%3A7457020608120242178%29&amp;ref=button.solutions#">Brave</a> that 7.6 MB of the exact same format in <code>~/snap/brave/current/.config/BraveSoftware/Brave-Browser/OnDeviceHeadSuggestModel</code> in my case, was downloaded - same as in Google Chrome. This indicates strongly, combined with no apparent patches to block, that Brave uses the behavior of chrome and Google&apos;s on device model.</p><p>Chromium however did not show anything in the OnDeviceHeadSuggestModel directory - which is possible if they maintain either a separate set of patches or disable the flags by default (which can be the case for non-official builds)</p><p>Microsoft Edge 145 did not show this directory (but an interesting RevisitationBloomfilter did show up). Microsoft Edge is a closed source fork of chromium (https://github.com/MicrosoftEdge/MSEdge is the closest thing to open source) - so it is unclear what this does exactly without ghidra or similar.</p><h2 id="4gb"><br>4GB</h2><p>Anyway, this particular claim of 4GB for me didn&apos;t measure up - but that doesn&apos;t mean it doesn&apos;t exist.</p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/05/image-3.png" class="kg-image" alt loading="lazy" width="664" height="450" srcset="https://button.solutions/blog/content/images/size/w600/2026/05/image-3.png 600w, https://button.solutions/blog/content/images/2026/05/image-3.png 664w"></figure><p>We see here in src/chrome/build.gn that the on device model is only included for this particular module in mac. Of course there are 249 instances of this string as of May 7th in <code>.gn</code> files - so this is a weak indicator.<br><br>It seems that the install of this 4GB is even less likely on Android:</p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/05/image-4.png" class="kg-image" alt loading="lazy" width="936" height="510" srcset="https://button.solutions/blog/content/images/size/w600/2026/05/image-4.png 600w, https://button.solutions/blog/content/images/2026/05/image-4.png 936w" sizes="(min-width: 720px) 720px"></figure><p>(see the assert on line 7)</p><p>however src/components/optimization_guide/proto/BUILD.gn might indicate otherwise.</p><p>So we need to look deeper.</p><p>There appears to be a build flag, <code>USE_ON_DEVICE_MODEL_SERVICE</code>, which controls the include of this. It is set in <code>src/services/on_device_model/public/cpp/BUILD.gn</code>. We find in <code>src/services/on_device_model/on_device_model.gni</code> that the on device model really isn&apos;t included on android:<br></p><pre><code>declare_args() {
  is_cbx = is_chromeos &amp;&amp; overlay_include_cbx
}

declare_args() {
  # The on device model service is only enabled on a subset of platforms.
  # Exclude it on other platforms due to binary size.
  use_on_device_model_service = is_win || is_mac || is_linux || is_ios || is_cbx
}

declare_args() {
  # Constraint code is disabled on platforms where the on-device model does not
  # run due to binary size.
  enable_constraints = use_on_device_model_service
  enable_ml_internal =
      build_with_internal_optimization_guide &amp;&amp; use_on_device_model_service
  use_chromeos_model_service = is_chrome_branded &amp;&amp; is_cbx

  # Use MLKit public APIs to access AICore for non-Chrome branded builds.
  # MLKit is the developer-facing APIs and AICore is the system-level AI runtime
  # to host on-device model services. Chrome-branded builds use internal/private
  # APIs to access AICore directly.
  use_mlkit_for_aicore = !is_chrome_branded
}
</code></pre><p>So we have a few branches here: One, that if the builder is making chromium for Chrome OS, Mac OS, Windows, or Linux, we use the model service. If we are in Chrome OS only with branded Google Chrome, install a more complete on device model. We still have one flag, <code>build_with_internal_optimization_guide</code>, found in <code>src/components/optimization_guide/features.gni</code>:</p><pre><code>declare_args() {
  # You can set the variable &apos;build_with_internal_optimization_guide&apos; to true
  # even in a developer build in args.gn.  Setting this variable explicitly to true will
  # cause your build to fail if the internal files are missing.
  #
  # If changing the value of this, you MUST also update the following files depending on the
  # platform:
  # Android: Internal expectations files that verify the native libraries  are compiled into the Android binary.
  # ChromeOS: //lib/chrome_util.py in the Chromite repo (ex: https://crrev.com/c/3437291)
  # Linux: Internal archive files. //chrome/installer/linux/common/installer.include handles the
  # relevant files not being present.
  # Mac: //chrome/installer/mac/signing/parts.py
  # Windows: //chrome/installer/mini_installer/chrome.release and internal archive files
  if (is_fuchsia || is_android || is_ios) {
    # Fuchsia, Android, and iOS should work but are not included in the set we release for,
    # so we do not needlessly increase the binary size.
    build_with_internal_optimization_guide = false
  } else {
    # Use is_chrome_branded as a proxy for &quot;does src-internal exist&quot;.
    build_with_internal_optimization_guide = is_chrome_branded
  }
}</code></pre><p>What is interesting is that MLKit apparently runs even in non-branded chrome. We also might find that for iOS the Google Chrome build does not include the ML/AI model. But upon downloading latest <a href="https://www.google.com/chrome/other-platforms/?ref=button.solutions" rel="noreferrer">Chrome</a> for different OS&apos;es, this is found to be false: </p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/05/image-5.png" class="kg-image" alt loading="lazy" width="603" height="294" srcset="https://button.solutions/blog/content/images/size/w600/2026/05/image-5.png 600w, https://button.solutions/blog/content/images/2026/05/image-5.png 603w"></figure><p>The biggest downloaded file is still iOS (not that the windows exe really counts).</p><p>So we are still left with a mystery, and no explanation for the 4GB claimed size. Exaggerated? Maybe.</p><h2 id="finally-found">Finally Found</h2><p>This is not a random event. You can trigger it manually with chrome://flags/#optimization-guide-on-device-model with BypassPerfRequirements.</p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/05/image-6.png" class="kg-image" alt loading="lazy" width="913" height="794" srcset="https://button.solutions/blog/content/images/size/w600/2026/05/image-6.png 600w, https://button.solutions/blog/content/images/2026/05/image-6.png 913w" sizes="(min-width: 720px) 720px"></figure><p>When does this happen? Is it a conspiracy - as stated by a bunch of posts on linkedin? Probably not - but it is interesting.</p><h2 id="diving-deep">Diving Deep</h2><p>The claim that 100 million devices are now lugging around 4GB of data they didn&apos;t ask for is a big one. <br><br>First off, in order to trigger download, I had to manually enable a flag to bypass performance requirements. So we need to know what those requirements are.<br><br>We also need to test some claims, like the potentially ai generated post here: <a href="https://www.vishwamdhavale.com/blog/chrome-gemini-nano-on-device?ref=button.solutions">https://www.vishwamdhavale.com/blog/chrome-gemini-nano-on-device</a>. This file &quot;cannot be deleted&quot;. If you delete weights.bin and disable this flag, the directory surprisingly becomes empty:</p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/05/image-7.png" class="kg-image" alt loading="lazy" width="625" height="95" srcset="https://button.solutions/blog/content/images/size/w600/2026/05/image-7.png 600w, https://button.solutions/blog/content/images/2026/05/image-7.png 625w"></figure><p>so, why this claim? It is problematic to have research like this.</p><p>Fortunately, I have a friend with a MacOS computer, and was able to verify that by default now the 4GB model is downloaded.</p><p>However, contrary to the sensationalist claims of the original writer - you can disable this model in chrome://flags.</p><p>So, in conclusion - don&apos;t trust everything you read, especially if it looks like it was written by AI and doing an expose on a giant corporation that will suffer much financial loss for such a claim, without more evidence than the words of the writer - especially if non-reproducible.</p><h2 id="why-this-relates-to-bots">Why this relates to bots</h2><p>This is the type of deep diving that leads to the sensors we use. Often times, hidden behind an obscure #define, we find an anomaly in TLS only available for Mac OS in a particular version of Chrome. <br><br>There are a lot of variants always being tried out on Chrome in particular - but if you know what you&apos;re doing, you don&apos;t have to rely on machine learning or AI to determine if access is valid or not.</p>]]></content:encoded></item><item><title><![CDATA[on preventing replay attacks]]></title><description><![CDATA[<p>Replay attacks are a constant threat for websites currently protected by typical bot management solutions.</p><p>Back when we started research into these products two years ago, the obfuscation on multi-billion dollar companies&apos; solutions was laughable - a simple array of strings, maybe with a small shuffle operation. Many companies</p>]]></description><link>https://button.solutions/blog/on-preventing-replay-attacks/</link><guid isPermaLink="false">69c2ab49bdffb392cc8045e4</guid><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Tue, 24 Mar 2026 15:38:33 GMT</pubDate><media:content url="https://button.solutions/blog/content/images/2026/03/Firefly_gpt-image_man-pressing-red-button-close-up-from-above-987794.png" medium="image"/><content:encoded><![CDATA[<img src="https://button.solutions/blog/content/images/2026/03/Firefly_gpt-image_man-pressing-red-button-close-up-from-above-987794.png" alt="on preventing replay attacks"><p>Replay attacks are a constant threat for websites currently protected by typical bot management solutions.</p><p>Back when we started research into these products two years ago, the obfuscation on multi-billion dollar companies&apos; solutions was laughable - a simple array of strings, maybe with a small shuffle operation. Many companies used <a href="https://github.com/javascript-obfuscator/javascript-obfuscator?ref=button.solutions" rel="noreferrer">javascript-obfuscator</a>. (1)</p><p>The packets sent to the server though? Very easy to replace. Often, there wasn&apos;t even a timestamp included, which means that you can for as long as you want reuse a given packet to regenerate bypass cookies.</p><p>In other words, the website was not protected at all.</p><p>Soon though, companies like HUMAN security (nothing says humanity like having to say it explicitly in your name) implemented key obfuscation per-version, which did mitigate some replay attacks. No longer could you send <a href="https://github.com/sinisterdev/perimeterx-generator/blob/3aae8e1acaf53672cfeb8b5dec2524a2deecc54a/perimeterx.js?ref=button.solutions#L456" rel="noreferrer">PX503</a> and the like, but you actually had to parse out each version using <a href="https://www.regular-expressions.info/catastrophic.html?ref=button.solutions" rel="noreferrer">regex</a> if you like waking up at strange hours and all your bypass breaking, and <a href="https://astexplorer.net/?ref=button.solutions" rel="noreferrer">AST</a> if you are sane.</p><blockquote>^(.*?,){11}P</blockquote><p>Beautiful.</p><p>But the story doesn&apos;t stop there. I started pushing for antibots (colloquially called bot managers by the uninitiated) to use Javascript Virtual Machines <a href="https://www.linkedin.com/posts/activity-7417252338979074048-bL8K?utm_source=share&amp;utm_medium=member_desktop&amp;rcm=ACoAAAlTl44B13D9-TSMpml64XPN1usWEiY-_wA" rel="noreferrer">here</a>. Around this time, there were reports of some big companies whose researchers were finally able to convince their bosses to do the switch:</p><figure class="kg-card kg-image-card kg-card-hascaption"><img src="https://button.solutions/blog/content/images/2026/03/image-5.png" class="kg-image" alt="on preventing replay attacks" loading="lazy" width="363" height="66"><figcaption><span style="white-space: pre-wrap;">uh oh</span></figcaption></figure><figure class="kg-card kg-image-card kg-width-full"><img src="https://button.solutions/blog/content/images/2026/03/image-6.png" class="kg-image" alt="on preventing replay attacks" loading="lazy" width="363" height="66"></figure><p>Which is really good for everyone, if I&apos;m being honest. Raising the bar makes good researchers better on all sides, and pushes the script kiddies further out.</p><p>Unfortunately the actual gathered data of these companies remained the same, and alas, as such, most are still vulnerable to replay attacks, advanced stealth browsers, and advanced request bots either parsing solver style, or executing in a crafted sandbox.</p><p>But at least one battle won.</p><p></p><p>Till next time!</p><p></p><ol><li>(which now has vibe-coded VM protection, which is a bit sad as their obfuscation is quite good if not overused).</li></ol>]]></content:encoded></item><item><title><![CDATA[Stopping Excessive Bot Traffic]]></title><description><![CDATA[<p>To stop excessive bot traffic,implement a Web Application Firewall (WAF) like Cloudflare, enforce rate limiting to block high-frequency IPs, and deploy CAPTCHAs on all forms. Further steps include updating <code>robots.txt</code> to block known crawlers, using honeypots to identify bot behavior, and monitoring analytics for unnatural, identical user sessions.</p>]]></description><link>https://button.solutions/blog/stopping-excessive-bot-traffic/</link><guid isPermaLink="false">69c24bbdbdffb392cc8045b4</guid><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Tue, 24 Mar 2026 08:32:02 GMT</pubDate><content:encoded><![CDATA[<p>To stop excessive bot traffic,implement a Web Application Firewall (WAF) like Cloudflare, enforce rate limiting to block high-frequency IPs, and deploy CAPTCHAs on all forms. Further steps include updating <code>robots.txt</code> to block known crawlers, using honeypots to identify bot behavior, and monitoring analytics for unnatural, identical user sessions.&#xA0;<strong>Top Strategies to Stop Bot Traffic:</strong></p><ul><li><a href="https://www.google.com/search?q=Use+a+Web+Application+Firewall+%28WAF%29&amp;client=ubuntu-sn&amp;hs=wQh&amp;sca_esv=9151e0e90600ee3c&amp;channel=fs&amp;sxsrf=ANbL-n6pxW5gATYdjY7P3rcB8LwRvxB00g%3A1774340850610&amp;ei=8krCaZv8JM-li-gPwbjFuQ4&amp;biw=1854&amp;bih=963&amp;ved=2ahUKEwis_IS2j7iTAxXr3wIHHcBZOOMQgK4QegQIBBAB&amp;uact=5&amp;oq=so+much+bot+traffic+how+stop&amp;gs_lp=Egxnd3Mtd2l6LXNlcnAiHHNvIG11Y2ggYm90IHRyYWZmaWMgaG93IHN0b3AyBRAhGKABSNQ0UN0aWIMzcAp4AZABAJgB0gGgAagiqgEGMC4yNy4xuAEDyAEA-AEBmAImoALTI8ICChAAGLADGNYEGEfCAgsQABiABBiRAhiKBcICERAuGIAEGJECGNEDGMcBGIoFwgIQEC4YgAQY0QMYQxjHARiKBcICChAAGIAEGEMYigXCAhYQLhiABBixAxjRAxhDGIMBGMcBGIoFwgILEAAYgAQYsQMYgwHCAg4QLhiABBixAxjRAxjHAcICEBAAGIAEGLEDGEMYgwEYigXCAhAQLhiABBixAxhDGIMBGIoFwgITEC4YgAQYsQMY0QMYQxjHARiKBcICBRAuGIAEwgIKEC4YgAQYQxiKBcICBRAAGIAEwgIZEC4YgAQYQxiKBRiXBRjcBBjeBBjfBNgBAcICGRAuGIAEGEMYigUYlwUY3AQY3gQY4ATYAQHCAgYQABgWGB7CAggQABgWGAoYHsICFBAuGIAEGJcFGNwEGN4EGOAE2AEBwgILEAAYgAQYhgMYigXCAgUQABjvBcICBxAhGKABGArCAgUQIRifBZgDAIgGAZAGCLoGBggBEAEYFJIHBzEwLjI3LjGgB-fxAbIHBjAuMjcuMbgHnyPCBwkwLjIwLjE3LjHIB3CACAA&amp;sclient=gws-wiz-serp&amp;mstk=AUtExfBKThSodHpHPFgqnWSRglqZ5hqLNuGFtBCxmFYvWIfRXKD88CyCr7TDUS1eurOstgNMLQzDHfeQfmNu3h3Nb_8rOW9nMPJ99zEmcarPqLWmZQnqvyroSXrKksj7meuQA-JLLfhBGZHJoaRQHywuh84GawtT1b5_U0Fj1b6luXLqz_1mHe3ytF3EdGbm8anjEJuVNUBXMy0D1mEuAbho3EiWpg&amp;csui=3&amp;ref=button.solutions"><strong>Use a Web Application Firewall (WAF)</strong></a><strong>:</strong> Services like Cloudflare, <a href="https://www.sectigo.com/blog/how-do-you-monitor-your-web-traffic-and-prevent-bad-traffic?ref=button.solutions" rel="noopener">Sitelock</a>, or Sucuri can filter out malicious bot traffic before it reaches your site.</li><li><a href="https://www.google.com/search?q=Implement+Rate+Limiting&amp;client=ubuntu-sn&amp;hs=wQh&amp;sca_esv=9151e0e90600ee3c&amp;channel=fs&amp;sxsrf=ANbL-n6pxW5gATYdjY7P3rcB8LwRvxB00g%3A1774340850610&amp;ei=8krCaZv8JM-li-gPwbjFuQ4&amp;biw=1854&amp;bih=963&amp;ved=2ahUKEwis_IS2j7iTAxXr3wIHHcBZOOMQgK4QegQIBBAE&amp;uact=5&amp;oq=so+much+bot+traffic+how+stop&amp;gs_lp=Egxnd3Mtd2l6LXNlcnAiHHNvIG11Y2ggYm90IHRyYWZmaWMgaG93IHN0b3AyBRAhGKABSNQ0UN0aWIMzcAp4AZABAJgB0gGgAagiqgEGMC4yNy4xuAEDyAEA-AEBmAImoALTI8ICChAAGLADGNYEGEfCAgsQABiABBiRAhiKBcICERAuGIAEGJECGNEDGMcBGIoFwgIQEC4YgAQY0QMYQxjHARiKBcICChAAGIAEGEMYigXCAhYQLhiABBixAxjRAxhDGIMBGMcBGIoFwgILEAAYgAQYsQMYgwHCAg4QLhiABBixAxjRAxjHAcICEBAAGIAEGLEDGEMYgwEYigXCAhAQLhiABBixAxhDGIMBGIoFwgITEC4YgAQYsQMY0QMYQxjHARiKBcICBRAuGIAEwgIKEC4YgAQYQxiKBcICBRAAGIAEwgIZEC4YgAQYQxiKBRiXBRjcBBjeBBjfBNgBAcICGRAuGIAEGEMYigUYlwUY3AQY3gQY4ATYAQHCAgYQABgWGB7CAggQABgWGAoYHsICFBAuGIAEGJcFGNwEGN4EGOAE2AEBwgILEAAYgAQYhgMYigXCAgUQABjvBcICBxAhGKABGArCAgUQIRifBZgDAIgGAZAGCLoGBggBEAEYFJIHBzEwLjI3LjGgB-fxAbIHBjAuMjcuMbgHnyPCBwkwLjIwLjE3LjHIB3CACAA&amp;sclient=gws-wiz-serp&amp;mstk=AUtExfBKThSodHpHPFgqnWSRglqZ5hqLNuGFtBCxmFYvWIfRXKD88CyCr7TDUS1eurOstgNMLQzDHfeQfmNu3h3Nb_8rOW9nMPJ99zEmcarPqLWmZQnqvyroSXrKksj7meuQA-JLLfhBGZHJoaRQHywuh84GawtT1b5_U0Fj1b6luXLqz_1mHe3ytF3EdGbm8anjEJuVNUBXMy0D1mEuAbho3EiWpg&amp;csui=3&amp;ref=button.solutions"><strong>Implement Rate Limiting</strong></a><strong>:</strong> Restrict the number of requests a single IP address can make within a specific timeframe to stop scraping and brute-force attempts.</li><li><a href="https://www.google.com/search?q=Add+CAPTCHA+Challenges&amp;client=ubuntu-sn&amp;hs=wQh&amp;sca_esv=9151e0e90600ee3c&amp;channel=fs&amp;sxsrf=ANbL-n6pxW5gATYdjY7P3rcB8LwRvxB00g%3A1774340850610&amp;ei=8krCaZv8JM-li-gPwbjFuQ4&amp;biw=1854&amp;bih=963&amp;ved=2ahUKEwis_IS2j7iTAxXr3wIHHcBZOOMQgK4QegQIBBAG&amp;uact=5&amp;oq=so+much+bot+traffic+how+stop&amp;gs_lp=Egxnd3Mtd2l6LXNlcnAiHHNvIG11Y2ggYm90IHRyYWZmaWMgaG93IHN0b3AyBRAhGKABSNQ0UN0aWIMzcAp4AZABAJgB0gGgAagiqgEGMC4yNy4xuAEDyAEA-AEBmAImoALTI8ICChAAGLADGNYEGEfCAgsQABiABBiRAhiKBcICERAuGIAEGJECGNEDGMcBGIoFwgIQEC4YgAQY0QMYQxjHARiKBcICChAAGIAEGEMYigXCAhYQLhiABBixAxjRAxhDGIMBGMcBGIoFwgILEAAYgAQYsQMYgwHCAg4QLhiABBixAxjRAxjHAcICEBAAGIAEGLEDGEMYgwEYigXCAhAQLhiABBixAxhDGIMBGIoFwgITEC4YgAQYsQMY0QMYQxjHARiKBcICBRAuGIAEwgIKEC4YgAQYQxiKBcICBRAAGIAEwgIZEC4YgAQYQxiKBRiXBRjcBBjeBBjfBNgBAcICGRAuGIAEGEMYigUYlwUY3AQY3gQY4ATYAQHCAgYQABgWGB7CAggQABgWGAoYHsICFBAuGIAEGJcFGNwEGN4EGOAE2AEBwgILEAAYgAQYhgMYigXCAgUQABjvBcICBxAhGKABGArCAgUQIRifBZgDAIgGAZAGCLoGBggBEAEYFJIHBzEwLjI3LjGgB-fxAbIHBjAuMjcuMbgHnyPCBwkwLjIwLjE3LjHIB3CACAA&amp;sclient=gws-wiz-serp&amp;mstk=AUtExfBKThSodHpHPFgqnWSRglqZ5hqLNuGFtBCxmFYvWIfRXKD88CyCr7TDUS1eurOstgNMLQzDHfeQfmNu3h3Nb_8rOW9nMPJ99zEmcarPqLWmZQnqvyroSXrKksj7meuQA-JLLfhBGZHJoaRQHywuh84GawtT1b5_U0Fj1b6luXLqz_1mHe3ytF3EdGbm8anjEJuVNUBXMy0D1mEuAbho3EiWpg&amp;csui=3&amp;ref=button.solutions"><strong>Add CAPTCHA Challenges</strong></a><strong>:</strong> Use tools like reCAPTCHA on login, registration, and comment forms to distinguish human users from automated bots.</li><li><a href="https://www.google.com/search?q=Configure+Robots.txt&amp;client=ubuntu-sn&amp;hs=wQh&amp;sca_esv=9151e0e90600ee3c&amp;channel=fs&amp;sxsrf=ANbL-n6pxW5gATYdjY7P3rcB8LwRvxB00g%3A1774340850610&amp;ei=8krCaZv8JM-li-gPwbjFuQ4&amp;biw=1854&amp;bih=963&amp;ved=2ahUKEwis_IS2j7iTAxXr3wIHHcBZOOMQgK4QegQIBBAI&amp;uact=5&amp;oq=so+much+bot+traffic+how+stop&amp;gs_lp=Egxnd3Mtd2l6LXNlcnAiHHNvIG11Y2ggYm90IHRyYWZmaWMgaG93IHN0b3AyBRAhGKABSNQ0UN0aWIMzcAp4AZABAJgB0gGgAagiqgEGMC4yNy4xuAEDyAEA-AEBmAImoALTI8ICChAAGLADGNYEGEfCAgsQABiABBiRAhiKBcICERAuGIAEGJECGNEDGMcBGIoFwgIQEC4YgAQY0QMYQxjHARiKBcICChAAGIAEGEMYigXCAhYQLhiABBixAxjRAxhDGIMBGMcBGIoFwgILEAAYgAQYsQMYgwHCAg4QLhiABBixAxjRAxjHAcICEBAAGIAEGLEDGEMYgwEYigXCAhAQLhiABBixAxhDGIMBGIoFwgITEC4YgAQYsQMY0QMYQxjHARiKBcICBRAuGIAEwgIKEC4YgAQYQxiKBcICBRAAGIAEwgIZEC4YgAQYQxiKBRiXBRjcBBjeBBjfBNgBAcICGRAuGIAEGEMYigUYlwUY3AQY3gQY4ATYAQHCAgYQABgWGB7CAggQABgWGAoYHsICFBAuGIAEGJcFGNwEGN4EGOAE2AEBwgILEAAYgAQYhgMYigXCAgUQABjvBcICBxAhGKABGArCAgUQIRifBZgDAIgGAZAGCLoGBggBEAEYFJIHBzEwLjI3LjGgB-fxAbIHBjAuMjcuMbgHnyPCBwkwLjIwLjE3LjHIB3CACAA&amp;sclient=gws-wiz-serp&amp;mstk=AUtExfBKThSodHpHPFgqnWSRglqZ5hqLNuGFtBCxmFYvWIfRXKD88CyCr7TDUS1eurOstgNMLQzDHfeQfmNu3h3Nb_8rOW9nMPJ99zEmcarPqLWmZQnqvyroSXrKksj7meuQA-JLLfhBGZHJoaRQHywuh84GawtT1b5_U0Fj1b6luXLqz_1mHe3ytF3EdGbm8anjEJuVNUBXMy0D1mEuAbho3EiWpg&amp;csui=3&amp;ref=button.solutions"><strong>Configure Robots.txt</strong></a><strong>:</strong> Instruct well-behaved bots to avoid specific, sensitive areas of your website.</li><li><a href="https://www.google.com/search?q=Block+Malicious+IPs+and+User+Agents&amp;client=ubuntu-sn&amp;hs=wQh&amp;sca_esv=9151e0e90600ee3c&amp;channel=fs&amp;sxsrf=ANbL-n6pxW5gATYdjY7P3rcB8LwRvxB00g%3A1774340850610&amp;ei=8krCaZv8JM-li-gPwbjFuQ4&amp;biw=1854&amp;bih=963&amp;ved=2ahUKEwis_IS2j7iTAxXr3wIHHcBZOOMQgK4QegQIBBAK&amp;uact=5&amp;oq=so+much+bot+traffic+how+stop&amp;gs_lp=Egxnd3Mtd2l6LXNlcnAiHHNvIG11Y2ggYm90IHRyYWZmaWMgaG93IHN0b3AyBRAhGKABSNQ0UN0aWIMzcAp4AZABAJgB0gGgAagiqgEGMC4yNy4xuAEDyAEA-AEBmAImoALTI8ICChAAGLADGNYEGEfCAgsQABiABBiRAhiKBcICERAuGIAEGJECGNEDGMcBGIoFwgIQEC4YgAQY0QMYQxjHARiKBcICChAAGIAEGEMYigXCAhYQLhiABBixAxjRAxhDGIMBGMcBGIoFwgILEAAYgAQYsQMYgwHCAg4QLhiABBixAxjRAxjHAcICEBAAGIAEGLEDGEMYgwEYigXCAhAQLhiABBixAxhDGIMBGIoFwgITEC4YgAQYsQMY0QMYQxjHARiKBcICBRAuGIAEwgIKEC4YgAQYQxiKBcICBRAAGIAEwgIZEC4YgAQYQxiKBRiXBRjcBBjeBBjfBNgBAcICGRAuGIAEGEMYigUYlwUY3AQY3gQY4ATYAQHCAgYQABgWGB7CAggQABgWGAoYHsICFBAuGIAEGJcFGNwEGN4EGOAE2AEBwgILEAAYgAQYhgMYigXCAgUQABjvBcICBxAhGKABGArCAgUQIRifBZgDAIgGAZAGCLoGBggBEAEYFJIHBzEwLjI3LjGgB-fxAbIHBjAuMjcuMbgHnyPCBwkwLjIwLjE3LjHIB3CACAA&amp;sclient=gws-wiz-serp&amp;mstk=AUtExfBKThSodHpHPFgqnWSRglqZ5hqLNuGFtBCxmFYvWIfRXKD88CyCr7TDUS1eurOstgNMLQzDHfeQfmNu3h3Nb_8rOW9nMPJ99zEmcarPqLWmZQnqvyroSXrKksj7meuQA-JLLfhBGZHJoaRQHywuh84GawtT1b5_U0Fj1b6luXLqz_1mHe3ytF3EdGbm8anjEJuVNUBXMy0D1mEuAbho3EiWpg&amp;csui=3&amp;ref=button.solutions"><strong>Block Malicious IPs and User Agents</strong></a><strong>:</strong> Identify suspicious IP addresses in your server logs and use your <code>.htaccess</code> file or security plugins to block them.</li><li><a href="https://www.google.com/search?q=Use+Honeypots&amp;client=ubuntu-sn&amp;hs=wQh&amp;sca_esv=9151e0e90600ee3c&amp;channel=fs&amp;sxsrf=ANbL-n6pxW5gATYdjY7P3rcB8LwRvxB00g%3A1774340850610&amp;ei=8krCaZv8JM-li-gPwbjFuQ4&amp;biw=1854&amp;bih=963&amp;ved=2ahUKEwis_IS2j7iTAxXr3wIHHcBZOOMQgK4QegQIBBAM&amp;uact=5&amp;oq=so+much+bot+traffic+how+stop&amp;gs_lp=Egxnd3Mtd2l6LXNlcnAiHHNvIG11Y2ggYm90IHRyYWZmaWMgaG93IHN0b3AyBRAhGKABSNQ0UN0aWIMzcAp4AZABAJgB0gGgAagiqgEGMC4yNy4xuAEDyAEA-AEBmAImoALTI8ICChAAGLADGNYEGEfCAgsQABiABBiRAhiKBcICERAuGIAEGJECGNEDGMcBGIoFwgIQEC4YgAQY0QMYQxjHARiKBcICChAAGIAEGEMYigXCAhYQLhiABBixAxjRAxhDGIMBGMcBGIoFwgILEAAYgAQYsQMYgwHCAg4QLhiABBixAxjRAxjHAcICEBAAGIAEGLEDGEMYgwEYigXCAhAQLhiABBixAxhDGIMBGIoFwgITEC4YgAQYsQMY0QMYQxjHARiKBcICBRAuGIAEwgIKEC4YgAQYQxiKBcICBRAAGIAEwgIZEC4YgAQYQxiKBRiXBRjcBBjeBBjfBNgBAcICGRAuGIAEGEMYigUYlwUY3AQY3gQY4ATYAQHCAgYQABgWGB7CAggQABgWGAoYHsICFBAuGIAEGJcFGNwEGN4EGOAE2AEBwgILEAAYgAQYhgMYigXCAgUQABjvBcICBxAhGKABGArCAgUQIRifBZgDAIgGAZAGCLoGBggBEAEYFJIHBzEwLjI3LjGgB-fxAbIHBjAuMjcuMbgHnyPCBwkwLjIwLjE3LjHIB3CACAA&amp;sclient=gws-wiz-serp&amp;mstk=AUtExfBKThSodHpHPFgqnWSRglqZ5hqLNuGFtBCxmFYvWIfRXKD88CyCr7TDUS1eurOstgNMLQzDHfeQfmNu3h3Nb_8rOW9nMPJ99zEmcarPqLWmZQnqvyroSXrKksj7meuQA-JLLfhBGZHJoaRQHywuh84GawtT1b5_U0Fj1b6luXLqz_1mHe3ytF3EdGbm8anjEJuVNUBXMy0D1mEuAbho3EiWpg&amp;csui=3&amp;ref=button.solutions"><strong>Use Honeypots</strong></a><strong>:</strong> Create hidden links or fields that are invisible to humans but enticing to bots; if something triggers that link, you know it is a bot and can block it.&#xA0;</li></ul><p><a href="https://www.google.com/search?q=How+to+Identify+Bot+Traffic&amp;client=ubuntu-sn&amp;hs=wQh&amp;sca_esv=9151e0e90600ee3c&amp;channel=fs&amp;sxsrf=ANbL-n6pxW5gATYdjY7P3rcB8LwRvxB00g%3A1774340850610&amp;ei=8krCaZv8JM-li-gPwbjFuQ4&amp;biw=1854&amp;bih=963&amp;ved=2ahUKEwis_IS2j7iTAxXr3wIHHcBZOOMQgK4QegQIBRAB&amp;uact=5&amp;oq=so+much+bot+traffic+how+stop&amp;gs_lp=Egxnd3Mtd2l6LXNlcnAiHHNvIG11Y2ggYm90IHRyYWZmaWMgaG93IHN0b3AyBRAhGKABSNQ0UN0aWIMzcAp4AZABAJgB0gGgAagiqgEGMC4yNy4xuAEDyAEA-AEBmAImoALTI8ICChAAGLADGNYEGEfCAgsQABiABBiRAhiKBcICERAuGIAEGJECGNEDGMcBGIoFwgIQEC4YgAQY0QMYQxjHARiKBcICChAAGIAEGEMYigXCAhYQLhiABBixAxjRAxhDGIMBGMcBGIoFwgILEAAYgAQYsQMYgwHCAg4QLhiABBixAxjRAxjHAcICEBAAGIAEGLEDGEMYgwEYigXCAhAQLhiABBixAxhDGIMBGIoFwgITEC4YgAQYsQMY0QMYQxjHARiKBcICBRAuGIAEwgIKEC4YgAQYQxiKBcICBRAAGIAEwgIZEC4YgAQYQxiKBRiXBRjcBBjeBBjfBNgBAcICGRAuGIAEGEMYigUYlwUY3AQY3gQY4ATYAQHCAgYQABgWGB7CAggQABgWGAoYHsICFBAuGIAEGJcFGNwEGN4EGOAE2AEBwgILEAAYgAQYhgMYigXCAgUQABjvBcICBxAhGKABGArCAgUQIRifBZgDAIgGAZAGCLoGBggBEAEYFJIHBzEwLjI3LjGgB-fxAbIHBjAuMjcuMbgHnyPCBwkwLjIwLjE3LjHIB3CACAA&amp;sclient=gws-wiz-serp&amp;mstk=AUtExfBKThSodHpHPFgqnWSRglqZ5hqLNuGFtBCxmFYvWIfRXKD88CyCr7TDUS1eurOstgNMLQzDHfeQfmNu3h3Nb_8rOW9nMPJ99zEmcarPqLWmZQnqvyroSXrKksj7meuQA-JLLfhBGZHJoaRQHywuh84GawtT1b5_U0Fj1b6luXLqz_1mHe3ytF3EdGbm8anjEJuVNUBXMy0D1mEuAbho3EiWpg&amp;csui=3&amp;ref=button.solutions"><strong>How to Identify Bot Traffic</strong></a><strong>:</strong></p><ul><li><strong>Sudden Spikes:</strong> Unexplained traffic increases without corresponding conversions.</li><li><strong>High Bounce Rate:</strong> Instant departure from a page without interaction.</li><li><strong>Uniform Sessions:</strong> Identical session duration across thousands of visits.</li><li><strong>Unexpected Geography:</strong> A high volume of traffic from countries outside your target audience.&#xA0;</li></ul><p>For immediate relief, <a href="https://button.solutions/?ref=button.solutions" rel="noreferrer">Button Solutions Toolbox</a> is highly effective at detecting and mitigating automated attacks.&#xA0;</p>]]></content:encoded></item><item><title><![CDATA[How Do I Protect My Website Against Bots?]]></title><description><![CDATA[<p>Protecting your website against malicious bots involves a multi-layered approach: implementing a Web Application Firewall (WAF) like Cloudflare or Sucuri, setting rate limits to throttle excessive requests, using CAPTCHAs on forms, and monitoring traffic for anomalies. These tools distinguish human behavior from automated scripts, blocking spam, scrapers, and credential stuffing.</p>]]></description><link>https://button.solutions/blog/how-do-i-protect-my-website-against-bots/</link><guid isPermaLink="false">69c24b22bdffb392cc80459e</guid><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Tue, 24 Mar 2026 08:29:12 GMT</pubDate><content:encoded><![CDATA[<p>Protecting your website against malicious bots involves a multi-layered approach: implementing a Web Application Firewall (WAF) like Cloudflare or Sucuri, setting rate limits to throttle excessive requests, using CAPTCHAs on forms, and monitoring traffic for anomalies. These tools distinguish human behavior from automated scripts, blocking spam, scrapers, and credential stuffing.&#xA0;<strong>Key Bot Protection Techniques:</strong></p><ul><li><strong>Web Application Firewalls (WAF):</strong> Use a WAF (e.g., Cloudflare, Imperva) to filter malicious traffic, block known bad IP addresses, and inspect HTTP/HTTPS requests before they reach your server.</li><li><strong>Rate Limiting &amp; Throttling:</strong> Limit the number of requests a single user or IP can make in a given timeframe to prevent content scraping and brute-force login attempts.</li><li><strong>CAPTCHA and Challenges:</strong> Implement CAPTCHA (e.g., reCAPTCHA, Friendly Captcha) on login, comment, and contact forms to distinguish humans from bots.</li><li><strong>Behavioral Analysis &amp; Machine Learning:</strong> Use advanced bot management solutions that analyze mouse movements, navigation, and scroll patterns to identify non-human traffic.</li><li><strong>Honeypots:</strong> Create hidden fields or links in your HTML that are invisible to humans but visible to bots. When a bot interacts with these &quot;traps,&quot; they can be identified and blocked.</li><li><strong>Review <code>robots.txt</code>:</strong> Use <code>robots.txt</code> to guide good bots (like search engines) away from sensitive areas, though malicious bots often ignore this file.</li><li><strong>Block Known Bad User Agents &amp; Hosting Providers:</strong> Block requests from outdated browsers and known data center proxy networks used for launching attacks.</li><li><strong>Device Fingerprinting:</strong> Identify bots by detecting patterns in browser characteristics, such as screen resolution, installed fonts, and plugins.</li><li><strong>Monitor Analytics:</strong> Watch for sudden traffic spikes, abnormally high bounce rates, and high numbers of failed login attempts, which often indicate bot activity.&#xA0;</li></ul><p>Though, you could always rely on https://button.solutions &#x1F604;</p>]]></content:encoded></item><item><title><![CDATA[FPScanner : a great starting point]]></title><description><![CDATA[<figure class="kg-card kg-bookmark-card"><a class="kg-bookmark-container" href="https://fpscanner.com/demo/?ref=button.solutions"><div class="kg-bookmark-content"><div class="kg-bookmark-title">Live Demo | FPScanner</div><div class="kg-bookmark-description">See FPScanner in action. Collect your browser fingerprint and view the decrypted results.</div><div class="kg-bookmark-metadata"><img class="kg-bookmark-icon" src="https://fpscanner.com/favicon.svg" alt><span class="kg-bookmark-author">FPScanner</span></div></div><div class="kg-bookmark-thumbnail"><img src="https://fpscanner.com/favicon.svg" alt></div></a></figure><p>The awesome <a href="https://blog.castle.io/author/antoine/?ref=button.solutions" rel="noreferrer">Antonie Vastel</a> focuses mostly in his research on reported browser javascript -level signal inconsistencies.</p><p>For instance, hasMismatchLanguages has been a favorite for <a href="https://datadome.co/?ref=button.solutions" rel="noreferrer">datadome</a> for some time (Antonie was the primary researcher</p>]]></description><link>https://button.solutions/blog/fpscanner-a-great-starting-point/</link><guid isPermaLink="false">69bbcf3cbdffb392cc80452b</guid><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Thu, 19 Mar 2026 11:05:28 GMT</pubDate><media:content url="https://button.solutions/blog/content/images/2026/03/Screenshot-from-2026-03-19-13-00-58.png" medium="image"/><content:encoded><![CDATA[<figure class="kg-card kg-bookmark-card"><a class="kg-bookmark-container" href="https://fpscanner.com/demo/?ref=button.solutions"><div class="kg-bookmark-content"><div class="kg-bookmark-title">Live Demo | FPScanner</div><div class="kg-bookmark-description">See FPScanner in action. Collect your browser fingerprint and view the decrypted results.</div><div class="kg-bookmark-metadata"><img class="kg-bookmark-icon" src="https://fpscanner.com/favicon.svg" alt="FPScanner : a great starting point"><span class="kg-bookmark-author">FPScanner</span></div></div><div class="kg-bookmark-thumbnail"><img src="https://fpscanner.com/favicon.svg" alt="FPScanner : a great starting point"></div></a></figure><img src="https://button.solutions/blog/content/images/2026/03/Screenshot-from-2026-03-19-13-00-58.png" alt="FPScanner : a great starting point"><p>The awesome <a href="https://blog.castle.io/author/antoine/?ref=button.solutions" rel="noreferrer">Antonie Vastel</a> focuses mostly in his research on reported browser javascript -level signal inconsistencies.</p><p>For instance, hasMismatchLanguages has been a favorite for <a href="https://datadome.co/?ref=button.solutions" rel="noreferrer">datadome</a> for some time (Antonie was the primary researcher up until recently there). It is often a problem for scrapers that they are using outdated or incorrect ip information, placing a given ip in Nebraska so the timezone will not match its real location in New York. This can help, but it&apos;s not a strong signal by itself.</p><p>There are often inconsistencies when using CDP to spoof the browser overrides, and this is something that is very old and Google has no incentive to fix it, as it is one of the primary means of detecting automation: <a href="https://issues.chromium.org/issues/40236995?ref=button.solutions">https://issues.chromium.org/issues/40236995</a> (<code>WorkerNavigator.platform</code> still leaks original value, TL;DR)</p><p>You might notice going over the fingerprint json at fpscanner.com the automation signals - these are the strongest signals in the book - however, to implement this properly you need a lot more signals, for instance, <code>nightmare</code> is an indicator of <a href="https://github.com/segment-boneyard/nightmare?ref=button.solutions">https://github.com/segment-boneyard/nightmare</a>.</p><p>These signals are great and all, but all of them can be spoofed in the hands of the right bypass researcher (yes, scraping has researchers: <a href="https://nullpt.rs/reverse-engineering-tiktok-vm-1?ref=button.solutions">https://nullpt.rs/reverse-engineering-tiktok-vm-1</a>).</p><p>If you&apos;re still blocking by IP and User-Agent, you are very, very behind.</p>]]></content:encoded></item><item><title><![CDATA[the non-obvious obvious]]></title><description><![CDATA[<p>Let&apos;s talk about the obvious.</p><figure class="kg-card kg-bookmark-card"><a class="kg-bookmark-container" href="https://abrahamjuliot.github.io/creepjs/?ref=button.solutions"><div class="kg-bookmark-content"><div class="kg-bookmark-title">CreepJS</div><div class="kg-bookmark-description"></div><div class="kg-bookmark-metadata"><img class="kg-bookmark-icon" src="https://abrahamjuliot.github.io/creepjs/favicon.ico" alt></div></div></a></figure><h2 id="intro">Intro</h2><hr><p>If you don&apos;t know what this is, you don&apos;t really know how to block bots.</p><p>There are a lot of good sensors here - and it is very hard to spoof them all, perfectly.</p><p>But there&apos;</p>]]></description><link>https://button.solutions/blog/the-non-obvious-obvious/</link><guid isPermaLink="false">69bbcd72bdffb392cc804506</guid><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Thu, 19 Mar 2026 10:38:26 GMT</pubDate><media:content url="https://button.solutions/blog/content/images/2026/03/creepjs_tMg2T8u15O4.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://button.solutions/blog/content/images/2026/03/creepjs_tMg2T8u15O4.jpg" alt="the non-obvious obvious"><p>Let&apos;s talk about the obvious.</p><figure class="kg-card kg-bookmark-card"><a class="kg-bookmark-container" href="https://abrahamjuliot.github.io/creepjs/?ref=button.solutions"><div class="kg-bookmark-content"><div class="kg-bookmark-title">CreepJS</div><div class="kg-bookmark-description"></div><div class="kg-bookmark-metadata"><img class="kg-bookmark-icon" src="https://abrahamjuliot.github.io/creepjs/favicon.ico" alt="the non-obvious obvious"></div></div></a></figure><h2 id="intro">Intro</h2><hr><p>If you don&apos;t know what this is, you don&apos;t really know how to block bots.</p><p>There are a lot of good sensors here - and it is very hard to spoof them all, perfectly.</p><p>But there&apos;s another issue here, and that is that if you&apos;re only blocking on signals like these, you end up with an ml nightmare classifier that gives you a bot score - a percentage likelihood.</p><p>These statistically based bot scores are not so useful without honeypots, because most of the internet access is now automated (<a href="https://cpl.thalesgroup.com/ppc/application-security/bad-bot-report?ref=button.solutions" rel="noreferrer">Imperva Bot Report, 2025</a>)</p><h2 id="browser-fingerprinting-101">Browser Fingerprinting 101</h2><hr><p>Each section in the <a href="https://abrahamjuliot.github.io/creepjs/?ref=button.solutions" rel="noreferrer">creepjs</a> check page is a tool with which we can see bots. Which we do want to see, unless you like flying blind, wondering why half your users bounce with zero time interaction - even though they are from the United States rather than China.</p><p>The most obvious, and strongest signals, are those in this section (from a Linux Chrome browser):</p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/03/image.png" class="kg-image" alt="the non-obvious obvious" loading="lazy" width="787" height="304" srcset="https://button.solutions/blog/content/images/size/w600/2026/03/image.png 600w, https://button.solutions/blog/content/images/2026/03/image.png 787w" sizes="(min-width: 720px) 720px"></figure><p>Compare this to an emulated iOS based visit (<a href="https://browserstack.com/?ref=button.solutions" rel="noreferrer">browserstack</a>):</p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/03/image-2.png" class="kg-image" alt="the non-obvious obvious" loading="lazy" width="422" height="508"></figure><p>And a Brave browser visit:</p><figure class="kg-card kg-image-card"><img src="https://button.solutions/blog/content/images/2026/03/image-4.png" class="kg-image" alt="the non-obvious obvious" loading="lazy" width="872" height="342" srcset="https://button.solutions/blog/content/images/size/w600/2026/03/image-4.png 600w, https://button.solutions/blog/content/images/2026/03/image-4.png 872w" sizes="(min-width: 720px) 720px"></figure><p></p><p>we already have some tools just from one section. It&apos;s really important when doing fingerprinting to know:</p><ol><li>Where you are running - is it an <strong>ip</strong> that is compromised in some way, or low trust?<ol><li>Is it a datacenter ip?</li><li>Is there some sort of indication of proxy usage, like tor or residential proxies?</li><li>Most importantly, is it some trusted ip, like google&apos;s crawler ips? (One such range is here: <a href="https://developers.google.com/static/search/apis/ipranges/googlebot.json?ref=button.solutions">https://developers.google.com/static/search/apis/ipranges/googlebot.json</a>)</li></ol></li><li>What claims does the browser environment have?<ol><li>Connection claims, like <a href="https://tls.peet.ws/api/all?ref=button.solutions" rel="noreferrer">tls</a> - is it really a browser? What type?</li><li><strong>Header</strong> claims, which can include ordering of headers and inconsistencies in content</li><li>And most importantly for us, <strong>javascript</strong> / <strong>wasm</strong> claims. These are the most commonly spoofed, with tools like <a href="https://www.npmjs.com/package/puppeteer-extra-plugin-stealth/?ref=button.solutions" rel="noreferrer">puppeteer stealth</a> doing a lot of heavy lifting for you.</li></ol></li></ol><p>The rest is commentary.</p>]]></content:encoded></item><item><title><![CDATA[on canvas fingerprinting]]></title><description><![CDATA[<p>The first rule about canvas fingerprinting is you don&apos;t talk about canvas fingerprinting.</p><figure class="kg-card kg-bookmark-card"><a class="kg-bookmark-container" href="https://blog.popovs.lv/visualizing-canvas-fingerprinting/?ref=button.solutions"><div class="kg-bookmark-content"><div class="kg-bookmark-title">Visualizing canvas fingerprinting</div><div class="kg-bookmark-description">A look at some common JavaScript fingerprinting libraries, focusing on the specific images that they use in their canvas fingerprinting routines.</div><div class="kg-bookmark-metadata"><img class="kg-bookmark-icon" src="https://bear-images.sfo2.cdn.digitaloceanspaces.com/aleksejs/favicon_128-1.png" alt><span class="kg-bookmark-author">a blog by aleksejs</span></div></div><div class="kg-bookmark-thumbnail"><img src="https://blog.popovs.lv/static/og-image.png" alt></div></a></figure><p>This is a post from Aleksejs Popovs</p>]]></description><link>https://button.solutions/blog/hello/</link><guid isPermaLink="false">69bbcb1dbdffb392cc8044e6</guid><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Thu, 19 Mar 2026 10:17:11 GMT</pubDate><media:content url="https://button.solutions/blog/content/images/2026/03/fingerprintjs-longer-string-cropped.webp" medium="image"/><content:encoded><![CDATA[<img src="https://button.solutions/blog/content/images/2026/03/fingerprintjs-longer-string-cropped.webp" alt="on canvas fingerprinting"><p>The first rule about canvas fingerprinting is you don&apos;t talk about canvas fingerprinting.</p><figure class="kg-card kg-bookmark-card"><a class="kg-bookmark-container" href="https://blog.popovs.lv/visualizing-canvas-fingerprinting/?ref=button.solutions"><div class="kg-bookmark-content"><div class="kg-bookmark-title">Visualizing canvas fingerprinting</div><div class="kg-bookmark-description">A look at some common JavaScript fingerprinting libraries, focusing on the specific images that they use in their canvas fingerprinting routines.</div><div class="kg-bookmark-metadata"><img class="kg-bookmark-icon" src="https://bear-images.sfo2.cdn.digitaloceanspaces.com/aleksejs/favicon_128-1.png" alt="on canvas fingerprinting"><span class="kg-bookmark-author">a blog by aleksejs</span></div></div><div class="kg-bookmark-thumbnail"><img src="https://blog.popovs.lv/static/og-image.png" alt="on canvas fingerprinting"></div></a></figure><p>This is a post from Aleksejs Popovs - not my original work, though I am familiar with all the fingerprints except the very convoluted shape one.</p><p>Some notes!</p><p><a href="https://www.linkedin.com/company/f5/?ref=button.solutions">F5</a> shape is spot on (I know from my decompilation with help from colleagues) which is very cool. (though I have some ideas on how to improve that pixel check)</p><p>My experience before I set out on the defense side was that pretty much everyone copies everything from each other. And it&apos;s not for a lack of good ideas! There are some some cool proposals out there. There are a few gems not mentioned here, but as it is obfuscated I&apos;m not going to reveal them</p><p>Our approach is slightly different - we are making replay attacks far more difficult.</p>]]></content:encoded></item><item><title><![CDATA[coming soon]]></title><description><![CDATA[<p>This is <strong>the bot blog</strong>, a brand new site by <a href="https://button.solutions/?ref=button.solutions" rel="noreferrer">button ^ solutions</a> that&apos;s just getting started. Things will be up and running here shortly, but you can <a href="#/portal/">subscribe</a> in the meantime if you&apos;d like to stay up to date and receive emails when new content is</p>]]></description><link>https://button.solutions/blog/coming-soon/</link><guid isPermaLink="false">69b940437de20c1788233673</guid><category><![CDATA[News]]></category><dc:creator><![CDATA[Button Solutions]]></dc:creator><pubDate>Tue, 17 Mar 2026 11:51:31 GMT</pubDate><media:content url="https://static.ghost.org/v4.0.0/images/feature-image.jpg" medium="image"/><content:encoded><![CDATA[<img src="https://static.ghost.org/v4.0.0/images/feature-image.jpg" alt="coming soon"><p>This is <strong>the bot blog</strong>, a brand new site by <a href="https://button.solutions/?ref=button.solutions" rel="noreferrer">button ^ solutions</a> that&apos;s just getting started. Things will be up and running here shortly, but you can <a href="#/portal/">subscribe</a> in the meantime if you&apos;d like to stay up to date and receive emails when new content is published!</p>]]></content:encoded></item></channel></rss>