Skip to content
  • Categories
  • World
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (Zephyr)
  • No Skin
Collapse
Brand Logo

The Nexus of Discussions

  1. Home
  2. Categories
  3. Uncategorized
  4. @rancidrabbit It's not clear whether or not Meta is changing UserAgent strings - I've seen at least one admin saying he's not seeing that.

@rancidrabbit It's not clear whether or not Meta is changing UserAgent strings - I've seen at least one admin saying he's not seeing that.

Scheduled Pinned Locked Moved Uncategorized
8 Posts 3 Posters 6 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
    thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
    thenexusofprivacy@infosec.exchange
    wrote last edited by thenexusofprivacy@infosec.exchange
    #1

    @rancidrabbit It's not clear whether or not Meta is changing UserAgent strings - I've seen at least one admin saying he's not seeing that. It's totally the kind of thing they'd do, but they get so much PR value out of being perceived as "good fedi citizens" that I don't know how they think of the tradeoffs.

    here's a post from @cuchaz with some tools to set up firewall-level blocks - https://gladtech.social/@cuchaz/115004304985099620

    rancidrabbit@anarchism.spaceR bonfire@indieweb.socialB 2 Replies Last reply
    • thenexusofprivacy@infosec.exchangeT thenexusofprivacy@infosec.exchange

      @rancidrabbit It's not clear whether or not Meta is changing UserAgent strings - I've seen at least one admin saying he's not seeing that. It's totally the kind of thing they'd do, but they get so much PR value out of being perceived as "good fedi citizens" that I don't know how they think of the tradeoffs.

      here's a post from @cuchaz with some tools to set up firewall-level blocks - https://gladtech.social/@cuchaz/115004304985099620

      rancidrabbit@anarchism.spaceR This user is from outside of this forum
      rancidrabbit@anarchism.spaceR This user is from outside of this forum
      rancidrabbit@anarchism.space
      wrote last edited by
      #2

      @thenexusofprivacy @cuchaz That may not be the right link....

      rancidrabbit@anarchism.spaceR thenexusofprivacy@infosec.exchangeT 2 Replies Last reply
      • rancidrabbit@anarchism.spaceR rancidrabbit@anarchism.space

        @thenexusofprivacy @cuchaz That may not be the right link....

        rancidrabbit@anarchism.spaceR This user is from outside of this forum
        rancidrabbit@anarchism.spaceR This user is from outside of this forum
        rancidrabbit@anarchism.space
        wrote last edited by
        #3

        @thenexusofprivacy @cuchaz But I tracked down the AS num for Facebook and a tool that lists the netblocks in it and added deny rules for those to nginx.conf:

        deny 57.144.0.0/14;
        deny 129.134.0.0/17;
        deny 157.240.0.0/17;
        deny 163.70.128.0/17;
        deny 157.240.192.0/18;
        deny 31.13.64.0/18;
        deny 173.252.64.0/19;
        deny 173.252.96.0/19;
        deny 31.13.96.0/19;
        deny 69.171.224.0/19;

        rancidrabbit@anarchism.spaceR 1 Reply Last reply
        • rancidrabbit@anarchism.spaceR rancidrabbit@anarchism.space

          @thenexusofprivacy @cuchaz But I tracked down the AS num for Facebook and a tool that lists the netblocks in it and added deny rules for those to nginx.conf:

          deny 57.144.0.0/14;
          deny 129.134.0.0/17;
          deny 157.240.0.0/17;
          deny 163.70.128.0/17;
          deny 157.240.192.0/18;
          deny 31.13.64.0/18;
          deny 173.252.64.0/19;
          deny 173.252.96.0/19;
          deny 31.13.96.0/19;
          deny 69.171.224.0/19;

          rancidrabbit@anarchism.spaceR This user is from outside of this forum
          rancidrabbit@anarchism.spaceR This user is from outside of this forum
          rancidrabbit@anarchism.space
          wrote last edited by
          #4

          @thenexusofprivacy @cuchaz Just need those for all of these other scrappers. *sigh*

          thenexusofprivacy@infosec.exchangeT 1 Reply Last reply
          • rancidrabbit@anarchism.spaceR rancidrabbit@anarchism.space

            @thenexusofprivacy @cuchaz That may not be the right link....

            thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
            thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
            thenexusofprivacy@infosec.exchange
            wrote last edited by thenexusofprivacy@infosec.exchange
            #5

            @rancidrabbit oops, right you are, how embarassing. fixed now!

            1 Reply Last reply
            • rancidrabbit@anarchism.spaceR rancidrabbit@anarchism.space

              @thenexusofprivacy @cuchaz Just need those for all of these other scrappers. *sigh*

              thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
              thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
              thenexusofprivacy@infosec.exchange
              wrote last edited by
              #6

              Yeah. In some ways Meta today is a relatively-easy case lolsob

              @rancidrabbit

              1 Reply Last reply
              • thenexusofprivacy@infosec.exchangeT thenexusofprivacy@infosec.exchange

                @rancidrabbit It's not clear whether or not Meta is changing UserAgent strings - I've seen at least one admin saying he's not seeing that. It's totally the kind of thing they'd do, but they get so much PR value out of being perceived as "good fedi citizens" that I don't know how they think of the tradeoffs.

                here's a post from @cuchaz with some tools to set up firewall-level blocks - https://gladtech.social/@cuchaz/115004304985099620

                bonfire@indieweb.socialB This user is from outside of this forum
                bonfire@indieweb.socialB This user is from outside of this forum
                bonfire@indieweb.social
                wrote last edited by
                #7

                @thenexusofprivacy

                That would be great to know.

                Probably this requires blocking at every possible level to be sure (eg. robots.txt, user agent, IP ranges...) And if some bots are using ActivityPub for scraping we could also block their HTTP signature public keys?

                We've prototyped a system that builds on Bonfire's circles/boundaries to define and enforce blocks at the instance, user, and post levels. Would love feedback and suggestions to make it stronger!

                @rancidrabbit @cuchaz @FediPact

                thenexusofprivacy@infosec.exchangeT 1 Reply Last reply
                • bonfire@indieweb.socialB bonfire@indieweb.social

                  @thenexusofprivacy

                  That would be great to know.

                  Probably this requires blocking at every possible level to be sure (eg. robots.txt, user agent, IP ranges...) And if some bots are using ActivityPub for scraping we could also block their HTTP signature public keys?

                  We've prototyped a system that builds on Bonfire's circles/boundaries to define and enforce blocks at the instance, user, and post levels. Would love feedback and suggestions to make it stronger!

                  @rancidrabbit @cuchaz @FediPact

                  thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
                  thenexusofprivacy@infosec.exchangeT This user is from outside of this forum
                  thenexusofprivacy@infosec.exchange
                  wrote last edited by
                  #8

                  Interesting, would love to find more about the circiles/boundaries-based prototype, is anything written up on that (or is there a repo to check)?

                  Agreed about blocking all the different paths. For the HTTP signature public keys, does that give any stronger protection than instance blocking?

                  @bonfire @rancidrabbit @cuchaz @FediPact

                  1 Reply Last reply
                  Reply
                  • Reply as topic
                  Log in to reply
                  • Oldest to Newest
                  • Newest to Oldest
                  • Most Votes


                  Please keep the community guidelines in mind!
                  • Login

                  • Don't have an account? Register

                  • Login or register to search.
                  • First post
                    Last post
                  0
                  • Categories
                  • World
                  • Recent
                  • Tags
                  • Popular
                  • Users
                  • Groups