Instapy: Instagram New Data Policy and The Bot Detection

Created on 25 Apr 2018 · 23Comments · Source: timgrossmann/InstaPy

I read the new Instagram data policy. One thing caught my attention which was device operation. And it says:

Device operations: information about operations and behaviors performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).

So they already know if the browser is controlled by automated tests and it seems that they also track the device operations. It seems that they would detect that we use bot regardless of how hard we try to make the bot do things randomised.

What do you think?

discussion opinion question wontfix

Source

sevilyilmaz

Most helpful comment

From the reading of it, they just re-illustrated what information/data they are collecting. Based off previous experience, I believe those data already been collected even before the new policy comes to play.

the real question is "what would they do with it ?"
If they keep doing what they are doing today, We are fine and safe, as long as you don't run more than 2 accounts in your computer with 10000 likes, 5000 follow every day.

so, please keep it moderate, don't go crazy to get attention from Instagram.com.

CharlesCCC on 25 Apr 2018

👍3 🎉1

All 23 comments

Do that:

open instagram in chrome
start a story
minimize the browser
wait 5 sec
unminimize
-> story is at the same time state --> Instagram detect minimized browser

What can we do ? set the browser position to -3000 so it won't be on window but still not minimized.

Regarding foreground and background I would like to know more.

sionking on 25 Apr 2018

I do know that the story continue even when page is backgrounded (for obvious reasons)

sionking on 25 Apr 2018

try this:
https://mathiasbynens.be/demo/jquery-visibility

sionking on 25 Apr 2018

🎉1

We also need to fool the "hasFocus" javascript use. Can someone assist ?

sionking on 25 Apr 2018

How about webdriver detection? I think it can be detected from the navigator object of the browser. And Chrome shows an info that says something like "This browser is controlled by an automated test". Would disabling that help?

sevilyilmaz on 25 Apr 2018

This infobar you can disable easy (find my thread about it) but it is not related to website it self.
We should overcame this as well:
https://www.w3schools.com/jsref/tryit.asp?filename=tryjsref_document_hasfocus

sionking on 25 Apr 2018

👍2

so, please keep it moderate, don't go crazy to get attention from Instagram.com.

CharlesCCC on 25 Apr 2018

👍3 🎉1

@sionking I hope Instagram doesnt realize about that and start to detect position someday too. When I run the bot from a bat triggered by a window task set as invisible, the browser runs but it isnt seen. How does that count, as minimized or not?

pablodalma93 on 25 Apr 2018

In each verified new action (_mostly after _focus & blur_ events_), such as scrolling down or click-opening a link, clicking different position in a page, etc. activities, the logger- logging_client_events (from facebook-api-version: v2.6) is posting that event immidiately.
By which, IG's possible detectors generate a human/non-human status for the user.
_That logger, has been running for a long time before the last seasonal updates, that's why, I think sometimes you get non-human (_automated_) accaunts _interacted with you_ in return..._

Request URL: https://graph.instagram.com/logging_client_events
Request Method: POST
Status Code: 200 
Remote Address: 157.240.20.63:443

You might want to block Request URL xD (_!dangerous_)

What we can do?
5 steps I would recommend:
Hope IG _respects automaters_ xD
Do not exceed limits, never ever. (_eh.._)
We need a fully randomization with smart action _controller_ throughout the entire program.
Use efficieny guarranteed methods (e.g. interact with users with good amount, so the target user feels like to interact back 😄)
Use efficieny guarranteed methods (again)

uluQulu on 25 Apr 2018

@uluQulu hi,
"you get non-human (automated) accounts interacted with you in return..." where is this came from?
How can you be more targeted by bots ? you are visible to what you assign to, do you say the hashtag we search will get a different results for example? since I checked that many times and it seems original.

btw I recommend all to use:

def goto_url(browser,url):
    """ thing we should do before and after going to url"""
    browser.get(url)
    browser.execute_script('document.__proto__.hasFocus = function() {return true}')

This will fake the has focus method.

We should work on mouse movements too.
we need to compile our own chromedriver with different var name, Can anyone help ?

sionking on 26 Apr 2018

🎉1 😄1

Hey @sionking,
_There are some major use cases, e.g. when you upload a post it is up to IG to whom (!target users) and how show it ..._
(as I hit this topic, there is also a thing, your post is shown to less ppl once you post from a non-official application, e.g. through a _LR plugin_, or an _unofficial-API_ ... )

if you think clearly, you will find more cases

uluQulu on 26 Apr 2018

🎉1

What about chromedriver ? can anyone take this on him ? to compile it ? as in here:
https://stackoverflow.com/a/41220267/4215840

sionking on 26 Apr 2018

👍1

@sionking according to user @szx, it is also possible to simply open chromedriver.exe in hex editor, and just do the replacement manually, without actually doing any compiling. tried this ?

CharlesCCC on 26 Apr 2018

@CharlesCCC
Hi this not worked for me.... Can you try compile it ? as I can't find the time.
I would love also if a JS expert will overrun the hide.visibility function as I did with onFocus, can some one do it 2 ?

sionking on 26 Apr 2018

Real Mouse movements. Now. 100$. Someone?

sionking on 17 May 2018

🎉2 👍1

Maybe I'm late to the conversation but seems that IG limited the server calls from API to 200/h

https://techcrunch.com/2018/04/02/instagram-api-limit/

by just fetching a bunch of images you can hit that number... what can we do? Have you encountered any issue?

MrBeardedGuy on 30 Aug 2018

😕2 👎1

@MrBeardedGuy we are not using their API :)

CharlesCCC on 31 Aug 2018

@CharlesCCC Man, I'm fully ashamed of myself for asking that question! So dumb! I just freaked out for a second after reading the article and my brain went berserk.

MrBeardedGuy on 31 Aug 2018

@MrBeardedGuy it all good, we all have similar feeling before. LOL

CharlesCCC on 31 Aug 2018

@MrBeardedGuy is right about that concern.
It was part of the seasonal updates of 2018 scheduled to end at ~June-July.
And I think that particular change in API occurred ~March.
First of all it is an old issue and I think now that limit is 500 (_or just in sandbox mode?_). So you should not worry about it since it has been months after that change and everything works fine.

@CharlesCCC when it hits API it will have downsides for everybody. [think in bigger context]

Remember the graphql content size limit to 50? It also happened in that update season...

@MrBeardedGuy live the moment, if there is an issue, post it to find a solution if any.

Cheers 😂

uluQulu on 31 Aug 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. > If this problem still occurs, please open a new issue

stale[bot] on 13 Nov 2018

I belive it hit the API, Has anyone else seen this in there logs?
@uluQulu @timgrossmann

KingKorSin on 20 Nov 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.