IS24: user agent spoofing vs captcha issues?

[myhd]

Hi there,

First off, I just want to say I appreciate the great work that went into this project.

I’ve been working to get it running and even spent a bit of money on a captcha service provider to help things along.

It’s been a mixed experience overall (IS24 captcha broken!?), which made me stumble across something that might be of interest.

While testing, I accidentally discovered that captchas don’t seem to be displayed if a test script (not flathunter) pretends to be the well-known speech bubble chat app with a green color scheme. The mechanism is quite simple. I found this quite surprising!

My question is:

Could it be a potential solution for flathunter to spoof user agent strings to avoid captchas altogether, or would that be out of the question (e.g. for ethical reasons)?

Also, would this approach be considered less ethical than using captchas, or are both solutions on a similar ethical level?

I’m looking forward to hearing your thoughts on this!

Best regards, J

[codders]

Hi @myhd,

Sorry for the late reply. As you can see by the timing, this isn't a project that has my 100% focus. We actually already do some user-agent spoofing using this library. Those are, of course, all normal browser UAs. I don't have any ethical problems spoofing user agents - if you have a user-agent string that reliably works to bypass captchas, feel free to post it here and we'll see if that works for everyone and how long it is before someone blocks it.