Reddit is blocking users based on user agents?
Started to get this message when accessing Reddit. I use LibreWolf as a browser, which does indeed provide a more generic user agent to combat fingerprinting, but nothing out of the ordinary either (Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/119.0). Anyone else experiencing this?
Edit: seems to have resolved itself. Thanks for confirming I wasn't doing anything wrong. Let's hope this isn't some new algorithm to test if for insufficient fingerprinting so Reddit can kick ad-resistant users.
Reddit is corrupt. It probably has something to do with them wanting to track you, and they can't track you if you have a blank user agent.
Stay here at Lemmy where humans are respected as humans instead of data mines. Life is more dignified here at Lemmy.
I saw a post a few days ago where one Lemmy user threatened to triangulate another user via IP, and then hurt them, because they said Linux doesn't work out of the box as well as windows in their experience.
This was on a main instance. The person didn't get in any trouble.
Did you report the comment?
Yikes. That's concerning.
Was it a shit post? Don't mistake me as being dismissive of threats, it's just that "triangulate based on IP" sounds like a joke.
No, unfortunately. The guy seemed really mad. Calling the other guy a moron, idiot, and telling him to apologise. From what I could see from the comments, it seems like the one guy visited the angry guys website, and the guy threatened to use his IP to find out where he lived. Then used threats about how it's nice to sleep at night without fear, and that if you piss the wrong people off you'll know.
All because the guy was having Linux issues and said windows worked better for them. I only found the thread because I'm also having the same issues lol.
That's a massive yikes. Be sure to report shit like that.
The mad guy sounds tech illiterate anyway. Nowadays you can't track people by IP anymore. Sure you get a city, maybe a city district and then what?
To prove my point, here's where my IP (Without VPN) will tell you where I live: Berlin. I live on the other side of the country compared to Berlin.
These scriptkiddies are so pathetic .
But Linux DOES require more effort to set up than Windows. Who in the hell would deny that?
Yo Pop OS is working ony Surface pro 3 perfectly basically, definitely better than Windows 10 was.
Yeah, Lemmy is full of shit heads and mods/admins rarely care. You can also see plenty of misogyny, non stop verbal abuse, etc. Lemmy is basically a playground for 13 year olds with development difficulties.
I'm just going to highlight these two sentences, and ask you think really really hard about why this comment has more downvotes than upvotes.
Maybe they think that saying "development difficulties" means it isn't verbally abusive? lol
That's all well and good but now that the smoke cleared it's a Twitter/Mastodon situation
Yeah. You're not wrong.
Ever since I discovered I can have infinite conversations with infinite people about infinite topics, I am addicted to this format.
Now see how they exploit us π‘
I'm my golden socialist utopia online platforms would flourish freely with each new conversation.
I don't quite understand what you mean. I know Twitter has kind of gone to hell, but beyond that I'm not sure.
I think his point was that most conversations happen where people are, and people are still more on Twitter than Mastodon by multiple orders of magnitude even after the "exodus".
I like the sentiment, but it is so incredibly naive to think that there aren't crawlers scraping every ounce of data from Lemmy as possible. While Lemmy itself may not be collecting user data (depending on who is hosting your home instances of choice), other data that is valuable can still be collected, particularly for LLM AI.
If you can access it, the data scrapers have already crawled it.
Especially considering the post from a little while ago showing that admins of Lemmy instances can see what individual users are upvoting and downvoting. There's nothing to stop a bad actor from setting up an instance and just harvesting data.
Everyone can see that via kbin. for example, here's your comment.
(not sure about downvotes... you might have to work a bit more to see those.)
What else can admin see?
Why use scraper on Lemmy when bots can federate and have the data directly sent to them?
Everything they can get from Lemmy is public and not necessarily tied to any specific person. Like I'm not actually Helen's lunch.
That's exactly what Helen's lunch would say.
That's why I just say dumb shit on here.
Just look at how Reddit uses fingerprinting, absolutely part of their tracking
They absolutely can. A blank user agent is a fingerprint like any other.
https://www.reddit.com/r/ModSupport/comments/17vbyr8/whoa_there_pardner_error_message/
Text:
"bad code change" describes pretty much every vide change they've done over the past 7ish years lol
I also don't believe them. This was a test.
Or it was just a bug. You know, the thing that happens literally all the time in every codebase in the world
Maybe, but this is exactly the sort of thing I would expect them to do a test run for. They are desperate to stop ad-blocking.
Tests and QA don't catch everything. From what I can tell this affects a small percent of users, so it's very likely that it slipped through any testing that was done if that's the case
Why are you still using that shitty site?
I say this as someone that was there since before the digg migration.
Wish they would at least be honest in their messaging, the whole βquirkyβ official reddit branding doesnβt really work anymore now that theyβve gone full corporate mode
Au contraire, it's totally kawaii-dystopia-punk! :P
Now that Web Environment Integrity is shut down, Reddit decides to take matters into their own hands..
Best I can do is "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0 master race checking in
Same here on firefox mobile just started 10 minutes ago
Im not tech certified so i just figured out its my privacy possum doing this user agent thing which i like
Whatβs a user agent?
Little descriptor your browser has to tell websites what it is and where it comes from
It also tells the website the OS you're running, as well as the browser, and various version numbers of stuff.
One interesting experiment is to use a user agent changer to view a website, and watch how the website changes every time you load a new user agent.
Google will remove search options if you're using Firefox (mobile?), for example. But if you change your user agent to say you have Chrome, even if you are actually using Firefox, those options magically come back and work. It's almost as if that's anti-competitive behavior or something...
It's also how a lot of websites know whether or not to give you Windows executables or Mac executables, or Linux executables, etc.
Firefox with user agent as chrome
Firefox with user agent as firefox
Holy smokes, the whole graph is removed.. and they moved up "Shopping"
Brilliant example. I think some of the search tools like date range or image color also get removed with the Firefox user agent, but I don't quite remember.
While it's true that many browsers choose to follow a convention that includes that info,
User-Agentis just a string, so something likefukuis a legitimate UAhttps://www.rfc-editor.org/rfc/rfc1945#section-10.15
Really? Huh, TIL. Thanks.
Before the paranoid think it's invasive, it's used mainly to tell the website what your browsers capabilities are, so that features work and render properly. And by "tell the website", I mean they generally serve the same "code" to everyone, and your browser just uses different parts of it.
It's not as big of a deal now, but browsers used to render things very differently and had unique style features. Safari is still a big offender of this.
The above Google search features probably means the developers being Google, probably just thoroughly tested the more niche features on Chrome. And probably at some point, other browsers like Safari shit the bed (common) because they used features that Safari didn't support at the time, and decided to just disable them for Safari.
It's also used to create a digital fingerprint so you can be tracked without downloading a cookie.
Uhh, I'm unaware of how that's even possible. There is no uniquely identifiable information in the UA. Everyone keeping their browser and os up to date are going to fall into the same few buckets. Are you pulling that out of your ass, or do you actually know of a technique that abuses it?
It is one of dozens of things used to establish a unique fingerprint. Check this out, I bet you can be individually identified and tracked with nothing more than what your browser reveals, including the UA.
https://amiunique.org/
Reddit uses exactly this to enforce site bans so they can identify people that just change emails or even public ip addresses. It's almost certainly used to create phantom profiles at hundreds of sites whether you make an account or not.
https://smartframe.io/blog/browser-fingerprinting-everything-you-need-to-know/
Not the person you're replying to, but I would second what they're saying. I recall many years ago reading a post from the Tor browser team explaining that they customise the UA and even browser window size to avoid fingerprinting. It's not the UA alone, but that in combination with other values the site you're visiting can detect.
User agent is also the very first thing checked on the below fingerprinting site. I was surprised to see that 0.00% of me have the same user agent as me!
https://www.amiunique.org/fingerprint
https://en.wikipedia.org/wiki/Device_fingerprint#Browser_fingerprint
I guess you've never heard of JA3 fingerprints?
I think that they probably made it so their app looks nicer and want chrome to match, anyway then there's apps that just block you if you're not using chromium or derivatives, despite working on the browser you're using. Ahem Ms-teams and another video conferencing software that I had to use.
Yeah I didn't think disabling features for Firefox users would make sense. The user would have to know you're punishing them for it to be effective at incentivising them to switch to chrome.
I personally don't trust Google anyway and mainly just use duckduckgo.
Google also changes a bunch of features if you change the user agent to some really old or non existent browser versions.
I don't think they are making Firefox worse on purpose. I think it's just something they don't bother to fix.
Hello
Can confirm I have a problem with Reddit and I am empty inside.
Rel
Is this a typo or the latest expression I have to remember now?
It's not a typo. Rel - relatable. I'm just using it cuz I don't want to be outdated
Thank you!
No problem :)
DNF
tells a website what browser or app you're using
Couldn't find any explanation on Google so I tried emailing them about this. I got back this lovely gem:
But VPN worked.
RiF just kicked me out. I think reddit is trying to do another sweep to break unofficial apps/plug-ins/etc.
Patched boost still working can't post as I'm temp banned for reporting spam
Funny how that works, isn't it?
I got perma-banned for "mod abuse" for reporting too much misinformation.
The fuck are they doing over there
they do realise bullshit kills a platform
They realized they got more money for ads if they have gullable users
this shit happens here, too. capricious bans not for breaking the rules but for hurting mod feelings, OR, literally just reporting each spam comment. swear to god, i got banned for reporting all the copy-pasted comments left by a user and the reason was abusing the report button.
peggy lou baldwin wasn't happy.
Probably best for people like that to never be in charge of anything
They do?
Well from an advertising point of view just look at Twitter loads of big advertisers pulling out due to the anout of shite on there now
It was still working for you until now? I uninstalled it several weeks ago because I couldn't get anything. Kinda makes me want to reinstall it and try again.
My RIF hasn't worked for months, but I think there is a way to patch it with Revanced? IDK, I haven't tried it. I do miss the porn though.
There's one called Stealth I got on recommendation from here. Can't log in but NSFW subs are available and you can still build your own feed.
Sorry I guess it's android only https://f-droid.org/en/packages/com.cosmos.unreddit/
Infinity works last I checked, it just gets rate-limited really hard, so it's hard to read comments. You also can't sign in anymore, so no more interaction.
Patched Sync still working for me.
Glitch or not, fuck reddit
Happened to me yesterday (Windows 11, Chrome latest version.) A simple wipe of my browser files fixed it.
I don't even know how to use an API, let alone write code more complex than a For or Do Until loop in VBA, which I literally learned on the job to automate a finance task I was picking up.
Either Spez is turning paranoid that everyone and their mother is leeching off his data, or this was a critical bug.
Spez is a morally bankrupt cuck anyway.
User agent blocking is typically done when they are trying to block bots or crawlers.
they're trying to limit automated scrap or the like. avoid that domain as much as you can
I'm sure this is exactly it, they want to stop any / all non official API access to prevent bots and scraping, I'm certain, it matches with their recent behaviors.
Oh, it is. I assure you. Anything but lose ad revenue.
Why hope that? That's exactly what it is. If anything we should encourage shit like that so the site can crash and burn even more. They deserve nothing. It's too bad many of the subreddit blackouts only lasted 48 hours, and even worse people gave up and went back to reddit.
Let's hope they do something really crazy and start requiring ID for all users so more people will get fed up and leave.
Still ongoing on multiple IP's and different browsers. Plain Edge and their app works - so it seems that Chrome/Brave and FF are not welcome, which smells like a privacy issue. Well reddit - that was the last straw.
oh no
anyway
I was using plain old safari and got this message also
I'm getting that message too, I've tried on Firefox, chrome, with and without VPN. I think it's something wrong with the site?
Edit: seems to work again now
I bet it's a glitch, all of my browsers are blocked on home Internet and on cell data.
I get this error in the Firefox Developer Edition, can't acces it from mobile Chrome either...
Edit: Seems to work again
It's fucked for me too. As much spicy intrigue is generated by thinking this is nefarious, I think some dumb shit just fucked something up and broke the site
Reddit does a lot to try to track alts, and it still fails. It's probably impossible to have anything that sophisticated in the fediverse.
All of my alts or any new account are instanta banned because I pissed off the AITA mods by creating an alt AITA_mods_are_all_incels.
They don't even get the most obvious alts. I used to mod defaults back in the early 2010s on reddit and there were some notorious spammers and trolls, here's a few notable examples.
One guy in particular chalked up at least 100 alts, there was a whole private subreddit create just to keep track of this person. They talked in a very idiosyncratic way and had a few harassment targets, they'd often go to trans subreddits and find someone to send horrible messages to. Typically when they found a target, they'd create a username for them, like if they found a person who picked the trans name "Jennifer" for instance they'd make a user account "NeverJennifer" then start to send suicide messages, then they'd create alts as they got blocked/suspended etc.
There's a spammer on reddit called Oliver Gaspirtz/Oliver Markus Malloy/Introvert Comics who used to run a bunch of subs between 30-40 alt accounts, mostly to sell their own content and books, and market themselves as a sort of online guru/politics understander type. They had a persona to sell redpill stuff, another for pro-cop propaganda, another for agreeable liberal takes. They'd have accounts with bios like "I'm a trans woman!" or "I love Ukraine!" for whatever the hot topic at the moment was they wanted to speak on behalf of. Recently they had all their main accounts and subs deleted apparently after harassing co-moderators of other subs. They still run a smaller network of subs though, mostly for self-promotion.
oliver markus malloy is fucking awful and i'm glad to see it was just a grift rather than earnest bad politics
Oh he's fully earnest in his bad politics and bad history, he just hides inconvenient aspects of his politics depending on the grifts he's running. Check the communities I moderate on here for some examples. Guy is 24/7/365 posting political spam to reddit. Apart from Olly himself I'm probably the 2nd most responsible for ruining his reputation on reddit, and he's done everything he can to me including threatening to report me to the FBI for it.
Time to become the Mozilla you wish to be in this world.
Iβm getting this as well. Mobile Safari on iOS 17.
I've got Hermit setup for /r/CombatFootage and it's still loading fine.
I've got a custom user agent ('mobile') and I block everything that I can.
I would strongly discourage changing your user agent to anything no standard. Doing that makes you extremely easy to spot in a data set
Image Transcription: Text
whoa there, pardner!
reddit's awesome and all, but you may have a bit of a problem.
Make sure your User-Agent is not empty, is something unique and descriptive and try again. if you're supplying an alternative User-Agent string, try changing back to default as that can sometimes result in a block.
You can read Reddit's Terms of Service here.
if you think that we've incorrectly blocked you or you would like to discuss easier ways to get the data you want, please contact us at this email address.
I'm getting the same message on mobile Firefox browser
But they don't care at all about bots.
Wasn't user agent parsing already broken with Mosaik Browser?
I think what it is is, they were probably hoping the web integrity would work originally that Google was proposing, and were probably planning to take advantage of that. However, I guess since it has not went through yet at Google that they are still using their version of it but just limiting it to empty user agents in the browser?
Other than for that reason that I wouldn't worry about someone user agent as an owner for reddit. If bots were an issue, wouldn't I issue a warning for the user to slow down and maybe temporarily block the IP or something like that?
Saw the comments so I thought I would check it out. Iβm getting that message as of right now, but I am running a VPN.