[gruez]

>It can be used to force users to use certain software, e.g., certain browsers, and to enable Javascript subjecting users to data collection, surveillance and ads

>Certainly the problem is not the individual www user who doesnt use an "approved" graphical, Javascript-enabled browser who gets blocked or fingerprinted trying to make a single request

The alternatives to javascript fingerprinting are either ineffective (TLS fingerprinting and/or IP rate limits), or even worse for privacy (eg. attestation).

>If residential proxies are the problem then why not go after the companies that provide them

[realusername]

> The alternatives to javascript fingerprinting are either ineffective (TLS fingerprinting and/or IP rate limits), or even worse for privacy (eg. attestation).

Javascript fingerprinting itself is ineffective, these kind of checks only stop the most basic bots and I'd argue the same for attestation.

[gruez]

It's ineffective in the sense that in the worst case, bots can buy used iPads or whatever and use a robot arm + camera to do the scraping, but each incremental step increases the cost for scrapers. TLS fingerprinting means you can't use curl/requests and call it a day. Javascript makes it even more complicated by requiring a headful browser to solve challenges. The purpose is to increase the cost, not to eliminate all bots.