Comment by Avamander

Comment by Avamander 20 hours ago

10 replies

View on Hacker News

> Why do you think Chrome bothers with this extra headers. Anti-spoofing, bot detection, integrity or something else?

Bot detection. It's a menace to literally everyone. Not to piss anyone off, but if you haven't dealt with it, you don't have anything of value to scrape or get access to.

motorest 18 hours ago

> Bot detection. It's a menace to literally everyone. Not to piss anyone off, but if you haven't dealt with it, you don't have anything of value to scrape or get access to.

What leads you to believe that bit developers are unable to set a request header?

They managed fine to set Chrome's user agent. Why do you think something like X-Browser-Validation is off limits?

Reply View 5 replies
  • Sophira 14 hours ago

    Because you would need to reproduce an explicit Google copyright statement which states that you don't have the right to copy it ("All rights reserved.") in order to do it fully.

    That presumably gives Google the legal ammunition it needs to sue you if you do it.

    Reply View 3 replies
    • userbinator 10 hours ago

      Companies like SEGA have tried doing stuff like that in the past, and lost.

      Reply View 0 replies
    • tomsonj 13 hours ago

      It seems like the requirement to reproduce this copyright header alone, nevermind the validation hash, would be enough to scare off scrapers?

      Reply View 1 reply
      • Sophira 13 hours ago

        I'm no lawyer, but my take on it is that by reproducing this particular value for the validation header, you are stating that you are the Chrome browser. It's likely that this has been implemented in such a way that other browsers could use it too if they so choose; the expected contents of the copyright header can then change depending on what you have in the validation header.

        To me, it seems likely that the spec is for a legally defensible User-Agent header.

        Reply View 0 replies
  • Avamander 7 hours ago

    > They managed fine to set Chrome's user agent. Why do you think something like X-Browser-Validation is off limits?

    It's not off-limits technically. But do you think it'll remain this simple going forward? I doubt that.

    Reply View 0 replies
lxgr 18 hours ago

Do you mean bot and non-Chrome-using human detection?

Reply View 0 replies
IshKebab 14 hours ago

Bots can easily copy the header though so I don't see how that helps?

Reply View 1 reply
  • Avamander 9 hours ago

    Only if they know to implement it and while it uses a more trivial approach. I expect it to become increasingly difficult gradually. It's also yet another way to make mistakes and make it entirely obvious that one is forging Chrome.

    Reply View 0 replies
ohdeargodno 19 hours ago

Bullshit. You don't have anything of value either. Scrapers will ram through _anything_, and figure out if it's useful later.

Reply View 0 replies