Yes, bots being >50% of all traffic is bonkers, but at the same time I'm increasingly becoming convinced that bot defenses are (largely? equally? also?) harmful to the overall ecosystem.

Everything bot detection relies on is basically ossification: TLS fingerprinting, protocol offering and preference, HTTP header presence and ordering, ...

Assuming / enforcing those is overall bad for the web, and all browsers and clients should really grease all of that.

and the ones with the biggest muscles circumvent all of those filters easily anyway while it blocks the low volume little guys that nobody actually wanted to block

Jan Schaumann

@jschauma@mstdn.social

Yeah. I mean, there's _some_ value in trivial defenses to somewhat tone down the noise (akin to e.g., run sshd on a different port than 22, just to avoid the very noisy trivial scanners), but it's never going to be effective against dedicated actors.

August 19, 2025 at 3:06:16 PM

Elk Logo

Welcome to Elk!

Elk is a nimble Mastodon web client. You can login to your Mastodon account and use it to interact with the fediverse.

Expect some bugs and missing features here and there. Elk is Open Source and we're actively improving it as a community project. Join us and let's build it together!

If you'd like to report a bug, help us testing, give feedback, or contribute, reach out to us on GitHub and get involved.

To boost development, you can sponsor the Team through GitHub Sponsors. We hope you enjoy Elk!

Joaquín SánchezAnthony Fu三咲智子 Kevin DengDaniel RoePatakTAKAHASHI Shuuji

The Elk Team