Show HN: Bot, proxy and fake email detection without captchas
truesign.aiI've been researching the bot & proxies space for years. I slowly incubated a service to protect public forms, contents and APIs. It recenty reached a few million daily requests and I now dare to bring it to light.
Truesign detects bots, proxies/vpns and fake emails, through a single request from the browser, without challenges or user interaction. It can block the request based on rules you choose, or grant a token with encrypted information about the visitor for you to decide.
I created a few pages to showcase how it works:
- https:/demo.truesign.ai/protected-form : a form you can't post if you're a bot, a human behind a vpn, or input a fake/disposable email
- https:/demo.truesign.ai/protected-content : a page you can't access if you're a bot or a human behind a vpn
- https:/demo.truesign.ai/protected-content-no-js : like above but there's no Javascript analysis of the browser, it only catches trivial bots like a python script or curl. For those that need to serve their content to javascript-less cients.
I'd love if you hackers could attempt to troll the above using bots or VPNs. I'll share the results in 24h.
Some interesting points about Truesign:
- your contents are protected by simple HTTP redirections, no need to place your whole infra behind a MITM (== Cloudflare)
- attack detection: allow bots and anonymizers until their traffic exceeds a suspicious threshold
- granular rules (i.e. block bots, flag fake emails) that can be switched in real time
- admin dashboard to inspect and analyze your traffic
There's a free plan to play around. Also I offer discounts to free/public services.
Super interested in your feedback! I've tried it and I have to admit it's more accurate and faster than I expected. Didn't try the email deep validation yet, but looks promising! This technology provides an effective way to block bots and VPNs without disrupting the user experience, which is valuable for many projects. And the free plan is a practical addition. I like that it catches bots with no need for challenges but, how does it stack up against other Proof of Work solutions? Truesign doesn't use PoW. The bot detection works by collecting network and browser signals. The PoW solutions I've seen out there just add 1-2 seconds of delay before granting access to the whole site. It could work against random unsophisticaed crawlers but I don't see how that can stop determined bots. the VPN detection is pretty cool, how does it work? it analyzes the network packets in real time, they contain many data points if you know where to look. Residential and mobile proxies are also detected.