[enjoytheview]

You don't need to precisely identify users across sessions without their consent to detect bots, advanced anti-bots make heavy use of biometrics to detect bots and don't rely too heavily on fingerprinting, mostly because they're easy to spoof in general, but generating human-like mouse data is a bigger challange.

[jsmith45]

Sure, but on the other hand, a lot of anti-fingerprinting efforts strive to reduce the info available including things like mouse movement data.

Mouse movement data is a fairly potent fingerprinting vector. Bucketing the average spouse speed and acceleration rates could provide provide useful information. This may imply specific OS speed settings, or physical mouse DPI. A machine learning system would likely be able to distinguish traditional mouse, vs trackpoint, vs touchpad, vs trackball. Etc.

Also it is not just bots that have non-human like mouse movement. Many assistive technologies would have no mouse movement, or would auto snap the mouse to relevant spot. That is actually a quite powerful for fingerprinting, since assistive technology users are a pretty small subset of internet users, so only a relatively small amount of additional data is needed to uniquely fingerprint that user/machine.

[enjoytheview]

I wonder if that would be enough to precisely identify a single user between millions like regular fingerprinting can already do, but yeah it's still a big fingerprinting vector

[faet]

https://github.com/Xetera/ghost-cursor

[enjoytheview]

Bezier curves are easily detected by machine learning models as non-human, that software wont work on akamai or any decent anti-bot

[paleotrope]

I wonder if you could use a chicken like in the old chicken tic-tac-toe machines to mimic real user behavior.