What is the difference between antidetect browsers and BaaS services

[Man]

Fraudsters do everything possible to hide their online activity. To do this, they mask their location using various tricks, infect real users' devices to direct attacks through them, and use automated scripts. If earlier it was BaaS, or Bot-as-a-Service, that is, “bot as a service”, now there are antidetect browsers.

This type of software is not new, but recently attackers have increasingly begun to use them for scraping, click generation, mass creation of fake accounts, etc. Although historically these browsers were created and used manually, they are now automated, which allows attackers to use their capabilities on a large scale.

In this article, we will tell you what antidetect browsers are, how they differ from BaaS, and how to detect them.

Contents
1. What are antidetect browsers?
2. What is Bot-as-a-Service
3. What is the difference between antidetect browsers and BaaS
4. Server-side fingerprinting
5. Client-side fingerprinting
6. Randomization is the secret weapon of antidetect browsers
7. How to block browsers with detection protection

What are antidetect browsers​

Antidetect browser is a specialized browser that uses various methods to mask user activity, including encryption of transmitted data, redirection of IP addresses, disabling cookies, and other methods. As a rule, they are used by those involved in traffic arbitrage and Internet marketing.

They are used for multi-accounting in social networks, dropshipping, web scraping, gambling and other cheating. In addition, such browsers can bypass systems blocking access to content or sites depending on the region.

Masking techniques such as IP address, browser version, and operating system spoofing help hide the true user profile. Spoofing these details involves impersonating another user.

Additionally, browsers with detection protection can protect users from reading digital traces, such as cookies. They can also block reading of data via Canvas.

What is Bot-as-a-Service​

BaaS service providers allow companies to use bots on a subscription or per-volume basis. In this case, the customer does not need to create their own program, train it, support and improve it.

For example, these could be chatbots, scrapers and other crawlers, social media bots, clickbots.

What is the difference between antidetect browsers and BaaS​

At first glance, both BaaS and browsers with detection protection are aimed at easing the problems associated with bots and ad fraud. Both aim to reduce the risk of blocking. However, the latter is considered more effective because it has a special camouflage kit.

If Bot-as-a-Service is an online service accessible from anywhere in the world, working on the principle of “just add URL”, then antidetect browsers need to be installed on your device.

Server side fingerprinting​

As for the settings, the fraudsters primarily care about controlling a set of parameters - digital traces on the server side. In this way, they fake profiles and pretend to be real users. What parameters are used:

• Geolocation by IP address. Ideally, it corresponds to the country in which the site is located.
• Language. Must match the geolocation.
• Referer: Matches the URL being viewed in the browser (e.g. it's bad if the cart page doesn't have a referer).
• A reliable User-agent. This is usually the latest version of Chrome, as it is the most popular browser.
• TLS (Transport Layer Security) fingerprint. Matches the device specified in user-agent.
• Other: Additional HTTP headers and cookies that sites set for various purposes.

All of these values are configured and processed by BaaS providers and browsers with detection protection.

Client-side fingerprinting​

As it turns out, server-side digital footprint spoofing is not enough. A browser is not just a set of fields in an HTTP request, but also software that real users interact with. Therefore, bot detection and blocking tools also collect some browser activity data using JavaScript (JS), such as mouse cursor position and movements, device digital footprints, browser capabilities, etc.

Since the client-side digital footprint is also carefully checked, fraudsters have two options to simulate multiple real browsers in parallel: either they run a real browser (on a real device or a virtual machine), or they integrate a headless browser into their script.

This is where anti-detection browsers have a significant advantage over BaaS. A fraudster who works through BaaS does not see the interface with the imitation of a browser and the execution of JS (if the program is capable of this). They work at the URL level.

Antidetect browsers simulate one full profile for each task on the principle of "one task = one URL" or "one task = one registration attempt". Each separate tab can be used as a separate profile. Also, the set of digital traces on the server side must match the device declared in the user-agent. And the set of digital traces of the device must match the server ones.

The concept of "one task - one profile" is very important. For example, when we are talking about thousands of registration attempts. The more often a profile (or part of it) is reused, the higher the risk of its detection and blocking. In other words, antidetect browsers put all signals that can represent one person in a profile into a container and guarantee the uniqueness of the profile for each task.

Here is an example of creating and configuring such a profile for a browser, where you can download cookies, select OS, useragent, etc.

Randomization is the secret weapon of antidetect browsers​

In addition, browsers that are protected from detection use randomization of different parts of the digital footprint to create multiple independent profiles and therefore multiple “people”.

For example, anti-bot tools take into account screen sizes, audio, media, graphics, and rendering capabilities, and can ask the intended browser to create an HTML canvas tag. All of these signals can be randomized.

So, given the operating system and browser name, they generate corresponding profiles from their knowledge base of WebGL vendors, graphics card IDs, etc. Randomization allows the attackers to target multiple unique profiles.

However, randomization comes with the problem of maintaining consistency: the combination of all the values in the profile must still reflect the browser used by the person on the real device. Otherwise, all the artificially created digital noise will be useless. This is what can be used to detect and block them.

How to Block Browsers with Detection Protection​

Such anti-detection capabilities of browsers are a real challenge for services that block invalid traffic. By the time an anomalous signature is detected, it may already be too late — the fraud has already been committed. However, they can be detected and dealt with. Here's how:

— IP addresses of proxy servers

Antidetect browsers do not process proxy server IP addresses. Fraudsters provide their lists or API keys to the proxy service, which is used by the program installed on the user's device. What parameters can signal fraud:

• Insufficient IP address pool. In this case, profiles will not be unique. Fraud can be detected by these discrepancies.
• The IP pool is sufficient, but its sources are limited. In this scenario, the standard definition of IP addresses with low reputation is used.

— Browsers do not simulate a session

They execute all the queries related to the task in an isolated profile. Therefore, if the query chain does not correspond to the real behavior and interaction, the user behavior analysis will reveal an anomaly.

— Randomization may result in the creation of inconsistent profiles

The browser generates identifiers and versions, but some values may be missing altogether. This allows anti-fraud systems to detect and block such visits. Mismatches between digital traces and their values also allow fraud to be detected. For example, when the profile indicates MacOS, but the Chrome browser is used.

 

[Usernamee]

Any good Anonymous phone number and emails out there ?