Forem: [Tanwydd] The latest articles on Forem by [Tanwydd] (@tanwydd). https://forem.com/tanwydd https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3874697%2Faf7553e1-11dc-4b40-b171-7d67491de89f.png Forem: [Tanwydd] https://forem.com/tanwydd en Mouse Movement, Typing Speed, and Why Your Bot Still Gets Caught After Fixing TLS [Tanwydd] Fri, 01 May 2026 11:23:32 +0000 https://forem.com/tanwydd/mouse-movement-typing-speed-and-why-your-bot-still-gets-caught-after-fixing-tls-4obf https://forem.com/tanwydd/mouse-movement-typing-speed-and-why-your-bot-still-gets-caught-after-fixing-tls-4obf <p>You fixed the TLS fingerprint. You sorted the Canvas. Your <code>navigator</code> object looks spotless. You're past the first three layers of detection.</p> <p>And then Akamai blocks you anyway. Thirty seconds into the session.</p> <p>Welcome to behavioral fingerprinting.</p> <h2> What behavioral analysis actually looks at </h2> <p>The first three detection layers — TLS, HTTP headers, JavaScript fingerprinting — are stateless. They analyze a single snapshot: what does this connection look like right now?</p> <p>Behavioral analysis is different. It builds a model over time. It watches what you do, how you do it, and whether it looks like something a human would do.</p> <p>The signals it collects:</p> <ul> <li>Mouse trajectory, speed and acceleration between clicks</li> <li>Time between keystrokes, and the distribution of that timing</li> <li>Scroll patterns — speed, direction changes, momentum</li> <li>Time between page load and first interaction</li> <li>Navigation flow — which elements get hovered before being clicked</li> <li>Idle periods — how long between actions, and what happens during them</li> </ul> <p>None of these signals are individually conclusive. Combined over a session, they build a behavioral profile that's surprisingly hard to fake.</p> <h2> The mouse problem </h2> <p>A bot moving a mouse from point A to point B takes the shortest path. Constant speed. Perfectly straight line. No hesitation, no correction, no overshoot.</p> <p>No human does that.</p> <p>Human mouse movement has a characteristic shape: slow acceleration at the start, peak speed in the middle, deceleration as you approach the target. The path curves. Sometimes you overshoot and correct. In the final approach, there's micro-tremor — tiny random movements as your hand steadies.</p> <p>The mathematical model that approximates this is a cubic Bezier curve with randomized control points, combined with a sine-based speed profile:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">math</span> <span class="kn">import</span> <span class="n">random</span> <span class="k">def</span> <span class="nf">bezier_path</span><span class="p">(</span><span class="n">p0</span><span class="p">,</span> <span class="n">p3</span><span class="p">,</span> <span class="n">steps</span><span class="o">=</span><span class="mi">40</span><span class="p">):</span> <span class="n">dx</span> <span class="o">=</span> <span class="n">p3</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">-</span> <span class="n">p0</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="n">dy</span> <span class="o">=</span> <span class="n">p3</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">-</span> <span class="n">p0</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="n">dist</span> <span class="o">=</span> <span class="n">math</span><span class="p">.</span><span class="nf">hypot</span><span class="p">(</span><span class="n">dx</span><span class="p">,</span> <span class="n">dy</span><span class="p">)</span> <span class="n">deviation</span> <span class="o">=</span> <span class="n">dist</span> <span class="o">*</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mf">0.15</span><span class="p">,</span> <span class="mf">0.40</span><span class="p">)</span> <span class="n">angle</span> <span class="o">=</span> <span class="n">math</span><span class="p">.</span><span class="nf">atan2</span><span class="p">(</span><span class="n">dy</span><span class="p">,</span> <span class="n">dx</span><span class="p">)</span> <span class="n">perp</span> <span class="o">=</span> <span class="n">angle</span> <span class="o">+</span> <span class="n">math</span><span class="p">.</span><span class="n">pi</span> <span class="o">/</span> <span class="mi">2</span> <span class="n">side</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">([</span><span class="o">-</span><span class="mi">1</span><span class="p">,</span> <span class="mi">1</span><span class="p">])</span> <span class="n">p1</span> <span class="o">=</span> <span class="p">(</span> <span class="n">p0</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">+</span> <span class="n">dx</span> <span class="o">*</span> <span class="mf">0.25</span> <span class="o">+</span> <span class="n">math</span><span class="p">.</span><span class="nf">cos</span><span class="p">(</span><span class="n">perp</span><span class="p">)</span> <span class="o">*</span> <span class="n">deviation</span> <span class="o">*</span> <span class="n">side</span><span class="p">,</span> <span class="n">p0</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="n">dy</span> <span class="o">*</span> <span class="mf">0.25</span> <span class="o">+</span> <span class="n">math</span><span class="p">.</span><span class="nf">sin</span><span class="p">(</span><span class="n">perp</span><span class="p">)</span> <span class="o">*</span> <span class="n">deviation</span> <span class="o">*</span> <span class="n">side</span><span class="p">,</span> <span class="p">)</span> <span class="n">p2</span> <span class="o">=</span> <span class="p">(</span> <span class="n">p0</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">+</span> <span class="n">dx</span> <span class="o">*</span> <span class="mf">0.75</span> <span class="o">+</span> <span class="n">math</span><span class="p">.</span><span class="nf">cos</span><span class="p">(</span><span class="n">perp</span><span class="p">)</span> <span class="o">*</span> <span class="n">deviation</span> <span class="o">*</span> <span class="n">side</span> <span class="o">*</span> <span class="mf">0.3</span><span class="p">,</span> <span class="n">p0</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="n">dy</span> <span class="o">*</span> <span class="mf">0.75</span> <span class="o">+</span> <span class="n">math</span><span class="p">.</span><span class="nf">sin</span><span class="p">(</span><span class="n">perp</span><span class="p">)</span> <span class="o">*</span> <span class="n">deviation</span> <span class="o">*</span> <span class="n">side</span> <span class="o">*</span> <span class="mf">0.3</span><span class="p">,</span> <span class="p">)</span> <span class="n">points</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">steps</span> <span class="o">+</span> <span class="mi">1</span><span class="p">):</span> <span class="n">t</span> <span class="o">=</span> <span class="n">i</span> <span class="o">/</span> <span class="n">steps</span> <span class="n">mt</span> <span class="o">=</span> <span class="mi">1</span> <span class="o">-</span> <span class="n">t</span> <span class="n">x</span> <span class="o">=</span> <span class="n">mt</span><span class="o">**</span><span class="mi">3</span><span class="o">*</span><span class="n">p0</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">+</span> <span class="mi">3</span><span class="o">*</span><span class="n">mt</span><span class="o">**</span><span class="mi">2</span><span class="o">*</span><span class="n">t</span><span class="o">*</span><span class="n">p1</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">+</span> <span class="mi">3</span><span class="o">*</span><span class="n">mt</span><span class="o">*</span><span class="n">t</span><span class="o">**</span><span class="mi">2</span><span class="o">*</span><span class="n">p2</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">+</span> <span class="n">t</span><span class="o">**</span><span class="mi">3</span><span class="o">*</span><span class="n">p3</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="n">y</span> <span class="o">=</span> <span class="n">mt</span><span class="o">**</span><span class="mi">3</span><span class="o">*</span><span class="n">p0</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="mi">3</span><span class="o">*</span><span class="n">mt</span><span class="o">**</span><span class="mi">2</span><span class="o">*</span><span class="n">t</span><span class="o">*</span><span class="n">p1</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="mi">3</span><span class="o">*</span><span class="n">mt</span><span class="o">*</span><span class="n">t</span><span class="o">**</span><span class="mi">2</span><span class="o">*</span><span class="n">p2</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="o">+</span> <span class="n">t</span><span class="o">**</span><span class="mi">3</span><span class="o">*</span><span class="n">p3</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="c1"># Sine speed profile: slow-fast-slow </span> <span class="n">speed</span> <span class="o">=</span> <span class="p">(</span><span class="n">math</span><span class="p">.</span><span class="nf">sin</span><span class="p">((</span><span class="n">t</span> <span class="o">-</span> <span class="mf">0.5</span><span class="p">)</span> <span class="o">*</span> <span class="n">math</span><span class="p">.</span><span class="n">pi</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="o">/</span> <span class="mi">2</span> <span class="n">delay</span> <span class="o">=</span> <span class="mf">10.0</span> <span class="o">/</span> <span class="p">(</span><span class="n">speed</span> <span class="o">+</span> <span class="mf">0.12</span><span class="p">)</span> <span class="c1"># Micro-tremor in the final approach </span> <span class="k">if</span> <span class="n">t</span> <span class="o">&gt;</span> <span class="mf">0.85</span><span class="p">:</span> <span class="n">x</span> <span class="o">+=</span> <span class="n">random</span><span class="p">.</span><span class="nf">gauss</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mf">0.7</span><span class="p">)</span> <span class="n">y</span> <span class="o">+=</span> <span class="n">random</span><span class="p">.</span><span class="nf">gauss</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mf">0.7</span><span class="p">)</span> <span class="n">delay</span> <span class="o">*=</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mf">1.3</span><span class="p">,</span> <span class="mf">2.2</span><span class="p">)</span> <span class="n">points</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">,</span> <span class="n">delay</span><span class="p">))</span> <span class="k">return</span> <span class="n">points</span> </code></pre> </div> <p>The sine speed profile is the key. It produces the natural deceleration near the target that's characteristic of human motor control. Without it, the movement looks mechanical even if the path curves.</p> <h2> Overshooting </h2> <p>About 30% of the time, humans overshoot their target and correct. Your bot should do the same:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">move_to</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">):</span> <span class="k">if</span> <span class="n">random</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">&lt;</span> <span class="mf">0.30</span><span class="p">:</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_execute_move</span><span class="p">(</span> <span class="n">x</span> <span class="o">+</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="o">-</span><span class="mi">20</span><span class="p">,</span> <span class="mi">20</span><span class="p">),</span> <span class="n">y</span> <span class="o">+</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="o">-</span><span class="mi">15</span><span class="p">,</span> <span class="mi">15</span><span class="p">),</span> <span class="p">)</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mf">0.08</span><span class="p">,</span> <span class="mf">0.20</span><span class="p">))</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_execute_move</span><span class="p">(</span><span class="n">x</span><span class="p">,</span> <span class="n">y</span><span class="p">)</span> </code></pre> </div> <p>30% is calibrated from observational data on human mouse behavior. Too high and it looks like a nervous tic. Too low and you lose the behavioral diversity that makes the pattern look human.</p> <h2> Typing speed: log-normal, not uniform </h2> <p>A bot typing at constant speed is one of the oldest and most reliable detection signals. The fix is obvious — add random delays between keystrokes.</p> <p>But random uniform delays still don't look human. Human typing speed follows a log-normal distribution — most keystrokes happen in a typical range, but there's a long tail of slower keystrokes when you pause to think, notice a mistake, or just lose focus for a moment.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">numpy</span> <span class="k">as</span> <span class="n">np</span> <span class="k">def</span> <span class="nf">typing_delay</span><span class="p">()</span> <span class="o">-&gt;</span> <span class="nb">float</span><span class="p">:</span> <span class="k">return</span> <span class="nf">float</span><span class="p">(</span><span class="n">np</span><span class="p">.</span><span class="nf">clip</span><span class="p">(</span><span class="n">np</span><span class="p">.</span><span class="n">random</span><span class="p">.</span><span class="nf">lognormal</span><span class="p">(</span><span class="n">mean</span><span class="o">=</span><span class="mf">4.2</span><span class="p">,</span> <span class="n">sigma</span><span class="o">=</span><span class="mf">0.5</span><span class="p">),</span> <span class="mi">28</span><span class="p">,</span> <span class="mi">400</span><span class="p">))</span> </code></pre> </div> <p>On top of the base delay, about 4% of keystrokes should trigger a longer pause — the distraction event where you look away from the screen for a second:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">delay_ms</span> <span class="o">=</span> <span class="nf">typing_delay</span><span class="p">()</span> <span class="k">if</span> <span class="n">random</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">&lt;</span> <span class="mf">0.04</span><span class="p">:</span> <span class="n">delay_ms</span> <span class="o">+=</span> <span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mi">400</span><span class="p">,</span> <span class="mi">1400</span><span class="p">)</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">delay_ms</span> <span class="o">/</span> <span class="mi">1000</span><span class="p">)</span> </code></pre> </div> <h2> Typos </h2> <p>Humans make typing errors. Bots don't. A session with zero typos across hundreds of keystrokes is statistically suspicious.</p> <p>The realistic typo model uses a QWERTY neighbor map:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">QWERTY</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">q</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">w</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">s</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">z</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">s</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">w</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">e</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">d</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">x</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">z</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">d</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">s</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">e</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">r</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">f</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">c</span><span class="sh">"</span><span class="p">,</span><span class="sh">"</span><span class="s">x</span><span class="sh">"</span><span class="p">],</span> <span class="c1"># ... </span><span class="p">}</span> <span class="k">def</span> <span class="nf">get_typo</span><span class="p">(</span><span class="n">char</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">neighbors</span> <span class="o">=</span> <span class="n">QWERTY</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">char</span><span class="p">.</span><span class="nf">lower</span><span class="p">())</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">neighbors</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="n">wrong</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choice</span><span class="p">(</span><span class="n">neighbors</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrong</span><span class="p">.</span><span class="nf">upper</span><span class="p">()</span> <span class="k">if</span> <span class="n">char</span><span class="p">.</span><span class="nf">isupper</span><span class="p">()</span> <span class="k">else</span> <span class="n">wrong</span> </code></pre> </div> <p>Typo rate around 4% feels natural. Below 1% starts to look suspicious. Above 8% looks like a bad typist — which is fine, humans vary.</p> <h2> Idle behavior </h2> <p>A session where every second is productive action is not a human session. Humans pause, scroll aimlessly, move the mouse for no reason, hover over things without clicking them.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">idle</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">duration_s</span><span class="p">:</span> <span class="nb">float</span><span class="p">):</span> <span class="n">end</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">+</span> <span class="n">duration_s</span> <span class="k">while</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="o">&lt;</span> <span class="n">end</span><span class="p">:</span> <span class="k">if</span> <span class="n">random</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">&lt;</span> <span class="mf">0.35</span><span class="p">:</span> <span class="n">action</span> <span class="o">=</span> <span class="n">random</span><span class="p">.</span><span class="nf">choices</span><span class="p">(</span> <span class="p">[</span><span class="sh">"</span><span class="s">move</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">scroll_tiny</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">hover</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">tremor</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">pause</span><span class="sh">"</span><span class="p">],</span> <span class="n">weights</span><span class="o">=</span><span class="p">[</span><span class="mi">3</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">]</span> <span class="p">)[</span><span class="mi">0</span><span class="p">]</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_execute_idle_action</span><span class="p">(</span><span class="n">action</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="n">random</span><span class="p">.</span><span class="nf">uniform</span><span class="p">(</span><span class="mf">0.3</span><span class="p">,</span> <span class="mf">1.2</span><span class="p">))</span> </code></pre> </div> <p>The 35% activity rate during idle periods is empirically reasonable. Higher and the bot never stops moving. Lower and the session looks catatonic between actions.</p> <h2> The timing between actions </h2> <p>The distribution of time between actions matters as much as the actions themselves.</p> <p>Human session timing follows a roughly 80/20 pattern: most transitions happen quickly (1-3 seconds), but about 20% involve a longer pause — reading, thinking, getting distracted.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">wait_between_actions</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="nb">long</span><span class="p">:</span> <span class="nb">bool</span> <span class="o">=</span> <span class="bp">False</span><span class="p">):</span> <span class="k">if</span> <span class="nb">long</span> <span class="ow">or</span> <span class="n">random</span><span class="p">.</span><span class="nf">random</span><span class="p">()</span> <span class="o">&gt;</span> <span class="mf">0.80</span><span class="p">:</span> <span class="n">delay</span> <span class="o">=</span> <span class="nf">float</span><span class="p">(</span><span class="n">np</span><span class="p">.</span><span class="n">random</span><span class="p">.</span><span class="nf">lognormal</span><span class="p">(</span><span class="n">mean</span><span class="o">=</span><span class="mf">1.8</span><span class="p">,</span> <span class="n">sigma</span><span class="o">=</span><span class="mf">0.6</span><span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">delay</span> <span class="o">=</span> <span class="nf">float</span><span class="p">(</span><span class="n">np</span><span class="p">.</span><span class="n">random</span><span class="p">.</span><span class="nf">lognormal</span><span class="p">(</span><span class="n">mean</span><span class="o">=</span><span class="mf">0.3</span><span class="p">,</span> <span class="n">sigma</span><span class="o">=</span><span class="mf">0.4</span><span class="p">))</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="nf">max</span><span class="p">(</span><span class="mf">0.5</span><span class="p">,</span> <span class="nf">min</span><span class="p">(</span><span class="n">delay</span><span class="p">,</span> <span class="mf">45.0</span><span class="p">)))</span> </code></pre> </div> <h2> What you can't fully fake </h2> <p>Behavioral analysis at the most sophisticated level builds a model of you specifically, not just humans in general.</p> <p>The most advanced systems don't just ask "does this look human?" They ask "does this look like the same human who was here yesterday?" A new session with suspiciously perfect behavioral patterns — no warmup, immediately optimal mouse paths — can look wrong even if every individual signal is within human range.</p> <p>The mitigation is session warmup: spend time doing idle activity before starting meaningful work, and build browsing history before hitting the target site.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">await</span> <span class="n">browser</span><span class="p">.</span><span class="nf">warm_history</span><span class="p">(</span> <span class="n">sites</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">https://www.google.com</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">https://www.wikipedia.org</span><span class="sh">"</span><span class="p">],</span> <span class="n">dwell_s</span><span class="o">=</span><span class="mf">10.0</span><span class="p">,</span> <span class="p">)</span> <span class="k">await</span> <span class="n">browser</span><span class="p">.</span><span class="nf">warmup</span><span class="p">(</span><span class="n">duration_s</span><span class="o">=</span><span class="mf">5.0</span><span class="p">)</span> <span class="k">await</span> <span class="n">browser</span><span class="p">.</span><span class="nf">goto</span><span class="p">(</span><span class="sh">"</span><span class="s">https://target.com</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> The honest ceiling </h2> <p>Behavioral fingerprinting is the hardest layer to beat because it's the hardest to specify. TLS has a defined format. Canvas fingerprinting has a defined algorithm. Human behavior doesn't — it's noisy, variable, and the detection systems are trained on real data you don't have access to.</p> <p>The goal isn't to perfectly simulate a human. It's to be indistinguishable within the confidence bounds of the detection system. Those bounds are finite and different for every target.</p> <p>Getting close enough is an engineering problem, not an unsolvable one. But it requires understanding what you're actually trying to match — not just adding random delays and hoping for the best.</p> <p><em>This series covered the three main detection layers: TLS fingerprinting, Canvas/WebGL spoofing, and behavioral analysis. The common thread: coherence across all layers matters more than perfecting any single one.</em></p> webscraping botdetection browserautomation cybersecurity How Your Canvas Fingerprint Gets You Caught (And Why Random Noise Makes It Worse) [Tanwydd] Sat, 25 Apr 2026 08:54:12 +0000 https://forem.com/tanwydd/how-your-canvas-fingerprint-gets-you-caught-and-why-random-noise-makes-it-worse-3ba1 https://forem.com/tanwydd/how-your-canvas-fingerprint-gets-you-caught-and-why-random-noise-makes-it-worse-3ba1 <p>You fixed the TLS fingerprint. You patched <code>navigator.webdriver</code>. Your User-Agent is perfect. And you're still getting blocked.</p> <p>Chances are it's the Canvas.</p> <h2> What canvas fingerprinting actually is </h2> <p>Every browser renders graphics slightly differently. The GPU, the driver version, the OS font rendering engine, the antialiasing settings — all of these introduce tiny variations in how pixels end up on screen.</p> <p>Canvas fingerprinting exploits this. The detection script draws something on an invisible canvas element — usually a mix of text, shapes and gradients — then reads back the pixel data with <code>toDataURL()</code> or <code>getImageData()</code>. The resulting string is hashed and becomes your fingerprint.</p> <p>The variations are tiny. We're talking about differences at the level of individual pixel values, often invisible to the human eye. But they're consistent — the same browser on the same machine produces the same hash every time. And they're unique enough to identify you across sessions, across IPs, across proxies.</p> <p>Your IP changes. Your canvas hash doesn't.</p> <h2> Why headless Chromium is obvious </h2> <p>Here's the specific problem with running Playwright or Puppeteer in headless mode: without a GPU pipeline, the browser falls back to software rendering.</p> <p>Software rendering is deterministic and perfect. No GPU quirks, no driver variations, no antialiasing artifacts. Every headless Chromium instance on every machine produces an identical canvas output.</p> <p>That's not how real browsers work. Real browsers are slightly imperfect in ways that are consistent per device. A perfectly identical canvas hash across thousands of sessions is a massive red flag.</p> <p>The fix for this specific problem is <code>--headless=new</code> — Playwright's modern headless mode that preserves the full GPU pipeline:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">context</span> <span class="o">=</span> <span class="k">await</span> <span class="n">playwright</span><span class="p">.</span><span class="n">chromium</span><span class="p">.</span><span class="nf">launch_persistent_context</span><span class="p">(</span> <span class="n">headless</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">--headless=new</span><span class="sh">"</span><span class="p">],</span> <span class="c1"># preserves GPU stack </span><span class="p">)</span> </code></pre> </div> <p>But even with <code>--headless=new</code>, your canvas hash is still consistent across sessions. Which brings us to the noise problem.</p> <h2> Why random noise makes things worse </h2> <p>The obvious solution seems to be: add random noise to the canvas output on every render. Randomize the pixel values slightly so the hash changes.</p> <p>This is wrong. And it's worse than doing nothing.</p> <p>Here's why: real browsers produce a consistent canvas hash per device. The same machine always gives the same result. If your canvas hash changes on every page load, every request, every session — that's not how any real browser behaves. Detection systems don't just check what your hash is. They check whether it's stable.</p> <p>A canvas hash that changes randomly is as obvious as <code>navigator.webdriver = true</code>. It's a different signal, but it's still a signal.</p> <h2> The right approach: deterministic per-session noise </h2> <p>What you want is noise that is:</p> <ul> <li> <strong>Consistent within a session</strong> — the same hash for the same browser instance</li> <li> <strong>Different across sessions</strong> — different profile directories produce different hashes</li> <li> <strong>Realistic in magnitude</strong> — tiny variations, not wholesale pixel changes</li> </ul> <p>The way to achieve this is a seeded pseudo-random number generator, where the seed is derived from something stable per profile — like the profile directory name.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">hashlib</span> <span class="k">def</span> <span class="nf">_session_seed</span><span class="p">(</span><span class="n">profile_dir_name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="k">return</span> <span class="nf">int</span><span class="p">(</span><span class="n">hashlib</span><span class="p">.</span><span class="nf">md5</span><span class="p">(</span><span class="n">profile_dir_name</span><span class="p">.</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()[:</span><span class="mi">8</span><span class="p">],</span> <span class="mi">16</span><span class="p">)</span> <span class="o">%</span> <span class="p">(</span><span class="mi">2</span><span class="o">**</span><span class="mi">31</span><span class="p">)</span> </code></pre> </div> <p>Then use that seed to drive a simple LCG (Linear Congruential Generator) in JavaScript, and apply tiny pixel-level noise based on it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Seeded LCG — deterministic per session</span> <span class="kd">let</span> <span class="nx">_seed</span> <span class="o">=</span> <span class="nx">SESSION_SEED</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">_lcg</span> <span class="o">=</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">_seed</span> <span class="o">=</span> <span class="p">(</span><span class="nx">_seed</span> <span class="o">*</span> <span class="mi">1664525</span> <span class="o">+</span> <span class="mi">1013904223</span><span class="p">)</span> <span class="o">%</span> <span class="mi">4294967296</span><span class="p">;</span> <span class="k">return</span> <span class="nx">_seed</span> <span class="o">/</span> <span class="mi">4294967296</span><span class="p">;</span> <span class="p">};</span> <span class="c1">// Apply noise without mutating the original canvas</span> <span class="kd">const</span> <span class="nx">_applyNoise</span> <span class="o">=</span> <span class="p">(</span><span class="nx">imgData</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">for </span><span class="p">(</span><span class="kd">let</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">imgData</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span> <span class="o">+=</span> <span class="mi">4</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nf">_lcg</span><span class="p">()</span> <span class="o">&lt;</span> <span class="mf">0.05</span><span class="p">)</span> <span class="p">{</span> <span class="nx">imgData</span><span class="p">.</span><span class="nx">data</span><span class="p">[</span><span class="nx">i</span><span class="p">]</span> <span class="o">+=</span> <span class="p">(</span><span class="nf">_lcg</span><span class="p">()</span> <span class="o">&gt;</span> <span class="mf">0.5</span> <span class="p">?</span> <span class="mi">1</span> <span class="p">:</span> <span class="o">-</span><span class="mi">1</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>The key detail: modify a copy of the canvas, not the original. If you mutate the original canvas, you break legitimate rendering on the page. The correct approach intercepts <code>toDataURL()</code>, <code>getImageData()</code> and <code>toBlob()</code>, draws to a temporary off-screen canvas, applies noise there, and returns the result.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">_origToDataURL</span> <span class="o">=</span> <span class="nx">HTMLCanvasElement</span><span class="p">.</span><span class="nx">prototype</span><span class="p">.</span><span class="nx">toDataURL</span><span class="p">;</span> <span class="nx">HTMLCanvasElement</span><span class="p">.</span><span class="nx">prototype</span><span class="p">.</span><span class="nx">toDataURL</span> <span class="o">=</span> <span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">ctx</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nf">getContext</span><span class="p">(</span><span class="dl">'</span><span class="s1">2d</span><span class="dl">'</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">ctx</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">off</span> <span class="o">=</span> <span class="nb">document</span><span class="p">.</span><span class="nf">createElement</span><span class="p">(</span><span class="dl">'</span><span class="s1">canvas</span><span class="dl">'</span><span class="p">);</span> <span class="nx">off</span><span class="p">.</span><span class="nx">width</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">width</span><span class="p">;</span> <span class="nx">off</span><span class="p">.</span><span class="nx">height</span> <span class="o">=</span> <span class="k">this</span><span class="p">.</span><span class="nx">height</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">octx</span> <span class="o">=</span> <span class="nx">off</span><span class="p">.</span><span class="nf">getContext</span><span class="p">(</span><span class="dl">'</span><span class="s1">2d</span><span class="dl">'</span><span class="p">);</span> <span class="nx">octx</span><span class="p">.</span><span class="nf">drawImage</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">img</span> <span class="o">=</span> <span class="nx">_origGetImageData</span><span class="p">.</span><span class="nf">call</span><span class="p">(</span><span class="nx">octx</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="nx">off</span><span class="p">.</span><span class="nx">width</span><span class="p">,</span> <span class="nx">off</span><span class="p">.</span><span class="nx">height</span><span class="p">);</span> <span class="nf">_applyNoise</span><span class="p">(</span><span class="nx">img</span><span class="p">);</span> <span class="nx">octx</span><span class="p">.</span><span class="nf">putImageData</span><span class="p">(</span><span class="nx">img</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> <span class="k">return</span> <span class="nx">_origToDataURL</span><span class="p">.</span><span class="nf">apply</span><span class="p">(</span><span class="nx">off</span><span class="p">,</span> <span class="nx">arguments</span><span class="p">);</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">_origToDataURL</span><span class="p">.</span><span class="nf">apply</span><span class="p">(</span><span class="k">this</span><span class="p">,</span> <span class="nx">arguments</span><span class="p">);</span> <span class="p">};</span> </code></pre> </div> <h2> The toString() problem </h2> <p>There's a secondary issue that most canvas spoofing implementations miss: <code>Function.prototype.toString()</code>.</p> <p>When you replace a native browser function with your own JavaScript wrapper, any script that calls <code>.toString()</code> on that function sees JavaScript source code instead of <code>function toDataURL() { [native code] }</code>. That's detectable.</p> <p>The fix is to maintain a registry of patched functions and override <code>Function.prototype.toString</code> to return the native code string for any function in that registry:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">_patchedFns</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">WeakSet</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">_native</span> <span class="o">=</span> <span class="p">(</span><span class="nx">fn</span><span class="p">,</span> <span class="nx">name</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">try</span> <span class="p">{</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">defineProperty</span><span class="p">(</span><span class="nx">fn</span><span class="p">,</span> <span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">value</span><span class="p">:</span> <span class="nx">name</span><span class="p">,</span> <span class="na">configurable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nx">_</span><span class="p">)</span> <span class="p">{}</span> <span class="nx">_patchedFns</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="nx">fn</span><span class="p">);</span> <span class="k">return</span> <span class="nx">fn</span><span class="p">;</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">_origFnToString</span> <span class="o">=</span> <span class="nb">Function</span><span class="p">.</span><span class="nx">prototype</span><span class="p">.</span><span class="nx">toString</span><span class="p">;</span> <span class="nb">Function</span><span class="p">.</span><span class="nx">prototype</span><span class="p">.</span><span class="nx">toString</span> <span class="o">=</span> <span class="nf">_native</span><span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">_patchedFns</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="k">this</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="s2">`function </span><span class="p">${</span><span class="k">this</span><span class="p">.</span><span class="nx">name</span> <span class="o">||</span> <span class="dl">''</span><span class="p">}</span><span class="s2">() { [native code] }`</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">_origFnToString</span><span class="p">.</span><span class="nf">call</span><span class="p">(</span><span class="k">this</span><span class="p">);</span> <span class="p">},</span> <span class="dl">'</span><span class="s1">toString</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>Any function wrapped with <code>_native()</code> now looks indistinguishable from a browser built-in when inspected.</p> <h2> Canvas is one signal among many </h2> <p>Fixing canvas fingerprinting is necessary but not sufficient. Detection systems correlate multiple signals:</p> <p><strong>WebGL fingerprinting</strong> — same concept, different API. The GPU vendor string, renderer string, and the output of <code>readPixels()</code> all contribute to a fingerprint. The same deterministic noise approach applies.</p> <p><strong>AudioContext fingerprinting</strong> — the Web Audio API processes a signal through an oscillator and reads back the output. Again, tiny hardware-level variations create a unique hash. Tiny noise on <code>getChannelData()</code> output breaks this.</p> <p><strong>Font enumeration</strong> — <code>document.fonts.check()</code> and <code>measureText()</code> reveal which fonts are installed, which varies by OS. The browser's reported font list should match the OS implied by the User-Agent.</p> <p><strong><code>getBoundingClientRect()</code> noise</strong> — font rendering affects element dimensions. Tiny noise on bounding rect values breaks font fingerprinting via layout measurement.</p> <p>These signals are correlated. A Windows User-Agent with a Linux font list is suspicious. A Mac User-Agent with an NVIDIA GPU renderer is suspicious. Coherence across all signals matters as much as any individual fix.</p> <h2> The timing problem </h2> <p>One more thing that's easy to miss: your JavaScript wrappers add overhead. <code>toDataURL()</code> now does extra work — copying the canvas, applying noise, returning the result. That takes time.</p> <p>Detection scripts measure how long canvas operations take. A <code>toDataURL()</code> call that takes 3x longer than expected is a signal.</p> <p>The fix is to add a small amount of noise to <code>performance.now()</code> so timing measurements are slightly unpredictable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">_origPerfNow</span> <span class="o">=</span> <span class="nx">performance</span><span class="p">.</span><span class="nx">now</span><span class="p">.</span><span class="nf">bind</span><span class="p">(</span><span class="nx">performance</span><span class="p">);</span> <span class="nx">performance</span><span class="p">.</span><span class="nx">now</span> <span class="o">=</span> <span class="nf">_native</span><span class="p">(</span><span class="kd">function</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="nf">_origPerfNow</span><span class="p">()</span> <span class="o">+</span> <span class="p">(</span><span class="nf">_lcg</span><span class="p">()</span> <span class="o">-</span> <span class="mf">0.5</span><span class="p">)</span> <span class="o">*</span> <span class="mf">0.2</span><span class="p">;</span> <span class="p">},</span> <span class="dl">'</span><span class="s1">now</span><span class="dl">'</span><span class="p">);</span> </code></pre> </div> <p>±0.1ms of jitter is enough to mask the overhead of your wrappers without being detectable itself.</p> <p><em>Next: mouse movement, typing speed, and why behavioral fingerprinting is harder to fake than canvas — and what that looks like in code.</em></p> webdev security javascript automation Why Playwright Gets You Blocked Even With Proxies [Tanwydd] Sat, 18 Apr 2026 23:30:43 +0000 https://forem.com/tanwydd/why-playwright-gets-you-blocked-even-with-proxies-3h2a https://forem.com/tanwydd/why-playwright-gets-you-blocked-even-with-proxies-3h2a <p>You've spent hours setting up your scraper. Rotating proxies, real Chrome User-Agent, <code>navigator.webdriver</code> set to <code>undefined</code>, perfect headers. You run it. Blocked. Instantly.</p> <p>What's going on?</p> <p>Chances are you never even made it to the layer where your headers live.</p> <h2> The problem isn't your IP </h2> <p>When you start with browser automation, the logic feels solid: change the IP, the server doesn't know who I am. In 2015 that was enough. Today Akamai, Cloudflare and PerimeterX haven't cared much about your IP for a long time. What they care about is something else.</p> <p>They care about how you talk before you say anything.</p> <p>When your bot opens an HTTPS connection, the first thing that happens isn't an HTTP request. It's a TLS negotiation — the protocol that sets up the encrypted channel. During that negotiation your client sends a message called ClientHello containing, among other things, which cipher suites it supports, which TLS extensions it uses, and in what order it declares them.</p> <p>That set of characteristics has a hash. It's called JA3. And that hash identifies with reasonable accuracy what software is opening the connection — before reading a single HTTP header, before executing any detection JavaScript, before analyzing anything.</p> <p><code>requests</code> has its own JA3. <code>httpx</code> has its own. Playwright's Chromium has its own. And none of them match a commercial Google Chrome installed on a real Windows machine.</p> <h2> The mismatch that gives you away </h2> <p>Here's the specific problem with Playwright: it downloads and uses its own Chromium binary. Technically it's the same codebase as Chrome, but the TLS fingerprint isn't identical to a commercial Chrome build.</p> <p>The result is a contradiction that antibot systems catch in milliseconds:</p> <ul> <li>Your headers say: <em>"I'm Google Chrome 124 on Windows 10"</em> </li> <li>Your TLS fingerprint says: <em>"I'm an automated Chromium binary"</em> </li> </ul> <p>Blocked. And it doesn't matter how well you've handled the JavaScript evasion layer, because the block happens at the network level. The server never even gets to run anything in the browser.</p> <h2> The real detection layers </h2> <p>It helps to understand the order these systems operate in:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Layer 1 — Network: IP, ASN, TLS fingerprint (JA3/JA4) Layer 2 — HTTP: Headers, header order, User-Agent, Client Hints Layer 3 — JavaScript: Canvas, WebGL, AudioContext, navigator.* Layer 4 — Behavior: Mouse, keyboard, scroll, timing </code></pre> </div> <p>Most evasion guides talk about layers 3 and 4. They matter, but if you fail at layer 1 the other three are irrelevant. The server never gets to execute them.</p> <h2> What actually works </h2> <p><strong>Option 1: use the system's Chrome binary</strong></p> <p>If you point Playwright at the Chrome binary installed on the operating system, the TLS fingerprint is that of a real Chrome:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">context</span> <span class="o">=</span> <span class="k">await</span> <span class="n">playwright</span><span class="p">.</span><span class="n">chromium</span><span class="p">.</span><span class="nf">launch_persistent_context</span><span class="p">(</span> <span class="n">executable_path</span><span class="o">=</span><span class="sh">"</span><span class="s">/usr/bin/google-chrome</span><span class="sh">"</span><span class="p">,</span> <span class="n">user_data_dir</span><span class="o">=</span><span class="sh">"</span><span class="s">./profile</span><span class="sh">"</span><span class="p">,</span> <span class="n">headless</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">args</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">--headless=new</span><span class="sh">"</span><span class="p">],</span> <span class="p">)</span> </code></pre> </div> <p>The <code>--headless=new</code> flag isn't optional. Playwright's old headless mode disables the GPU pipeline and the Canvas fingerprint goes flat and fake. Akamai's <code>sensor.js</code> catches it immediately. With <code>--headless=new</code> the full graphics stack is preserved.</p> <p><strong>Option 2: curl-cffi for direct requests</strong></p> <p>When you don't need JavaScript rendering — APIs, simple endpoints, resource downloads — <code>curl-cffi</code> solves the TLS problem without a browser:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">curl_cffi.requests</span> <span class="kn">import</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">BrowserType</span> <span class="k">async</span> <span class="k">with</span> <span class="nc">AsyncSession</span><span class="p">(</span><span class="n">impersonate</span><span class="o">=</span><span class="n">BrowserType</span><span class="p">.</span><span class="n">chrome124</span><span class="p">)</span> <span class="k">as</span> <span class="n">session</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="k">await</span> <span class="n">session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">https://example.com/api/data</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>It uses libcurl with patches to reproduce Chrome's exact ClientHello, including cipher suite order and extensions. The resulting JA3 is indistinguishable from a real Chrome.</p> <p>One detail that often gets missed: the <code>Sec-Fetch-*</code> headers. If you're hitting an API, the mode has to match what a real browser would send in that situation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Same-origin AJAX call </span><span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Sec-Fetch-Site</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">same-origin</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Sec-Fetch-Mode</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">cors</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Sec-Fetch-Dest</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">empty</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="c1"># Full page load </span><span class="n">headers</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">Sec-Fetch-Site</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">none</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Sec-Fetch-Mode</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">navigate</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Sec-Fetch-Dest</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">document</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Sec-Fetch-User</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">?1</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>Sending <code>Sec-Fetch-Mode: navigate</code> in an AJAX call never happens in a real browser. Akamai knows that.</p> <p><strong>The architecture that holds up best</strong></p> <p>Combine both: system Chrome for interactive navigation where you need JS, curl-cffi for direct requests where you just need data. The trick is syncing cookies between the two layers — if you don't, the session cookies generated by the browser won't be available in your direct requests and vice versa.</p> <h2> JA4: what comes after JA3 </h2> <p>JA4 is the evolution of JA3, published in 2023. More robust, harder to evade with simple tricks, and more useful for analysts. If JA3 was the ID card of your TLS connection, JA4 is the ID card plus the history.</p> <p>The good news is that <code>curl-cffi</code> covers it too — by impersonating Chrome at the libcurl level, the resulting JA4 is equally coherent.</p> <h2> What fixing TLS doesn't solve </h2> <p>Getting the TLS fingerprint right is necessary but it's not the finish line. Once you pass layer 1 they keep analyzing:</p> <p><strong>HTTP/2 fingerprinting</strong> — similar to JA3 but for the HTTP/2 protocol. The order of SETTINGS frames and WINDOW_UPDATE values also identify the client.</p> <p><strong>JavaScript fingerprinting</strong> — Canvas, WebGL, AudioContext, fonts, <code>navigator.webdriver</code>, <code>window.chrome</code>. This layer requires active spoofing via scripts that run before the page loads.</p> <p><strong>Behavior</strong> — mouse movement patterns, typing speed, timing between actions, scroll. The more advanced systems build a behavioral model per session and detect anomalies.</p> <p>Each layer adds work. But it also adds robustness. A scraper that only handles TLS falls at the JavaScript layer. One that handles all layers consistently is genuinely hard to tell apart from a real user.</p> <p><em>Next up: Canvas fingerprinting in detail — how it actually works, why deterministic per-session noise beats random noise, and how antibot systems detect poorly implemented spoofing.</em></p> python playwright webscraping cybersecurity Building a Self-Hosted Bot Management Platform with Docker, FastAPI and React [Tanwydd] Wed, 15 Apr 2026 19:25:46 +0000 https://forem.com/tanwydd/building-a-self-hosted-bot-management-platform-with-docker-fastapi-and-react-4pdj https://forem.com/tanwydd/building-a-self-hosted-bot-management-platform-with-docker-fastapi-and-react-4pdj <p>Managing more than two or three automated scripts in production is where things get messy. You end up with a collection of Python files scattered across servers, credentials hardcoded or stored in plaintext somewhere, no visibility into what's running or failing, and deployments that require SSH access and manual intervention.</p> <p>I built BotFarm to solve this. It's a self-hosted platform that lets you create, deploy, monitor and maintain containerized Python bots from a web dashboard — no SSH required.</p> <h2> The problem with ad-hoc bot management </h2> <p>The typical evolution of a bot infrastructure goes like this:</p> <p>You write a script. It works. You add another. Then five more. At some point you have fifteen scripts running on a server, some as cron jobs, some as systemd services, some launched manually. Credentials are in config files with 644 permissions. Logs go to files that nobody reads until something breaks. Deploying a new version means SSHing in, pulling the repo, restarting the service, and hoping nothing else broke.</p> <p>This is fine for personal projects. It's not fine when other developers need to deploy and manage their own bots, when you need an audit trail, or when credentials need to be kept secure.</p> <p>BotFarm replaces all of that with a centralized dashboard.</p> <h2> Architecture </h2> <p>Every bot runs in its own Docker container with resource limits (512MB RAM, 0.5 CPUs by default). The dashboard never touches the Docker socket directly — all container operations go through <code>tecnativa/docker-socket-proxy</code>, which exposes only the operations the dashboard actually needs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> Internet │ ▼ :80 / :443 ┌──────────────┐ │ Nginx │ TLS · reverse proxy · static assets └──────┬───────┘ │ :8080 (internal) ▼ ┌──────────────────┐ ┌───────────────────────┐ │ Dashboard │─────────▶ Docker Socket Proxy │ │ FastAPI + React │ :2375 │ (allowlist only) │ └──────┬───────────┘ internal└──────────┬────────────┘ │ │ /var/run/docker.sock │ :3306 (internal) ▼ ▼ Docker Engine ┌─────────────┐ │ │ MariaDB │ ┌──────────────┼──────────────┐ └─────────────┘ bot-a bot-b bot-n [512MB] [512MB] [512MB] [0.5CPU] [0.5CPU] [0.5CPU] </code></pre> </div> <p>The Docker Socket Proxy is not optional — it's the architectural decision that makes this safe to run in a multi-developer environment. Without it, a compromised dashboard container has full control over the Docker daemon. With it, the blast radius is contained to the allowlisted operations: <code>CONTAINERS</code>, <code>IMAGES</code>, <code>BUILD</code>, <code>NETWORKS</code>.</p> <h2> Credential management </h2> <p>Storing bot credentials is the part most people get wrong. Plaintext in environment files, base64-encoded strings passed as environment variables, secrets committed to git — all of these are real patterns I've seen in production.</p> <p>BotFarm encrypts all credentials with AES-256-GCM before storing them in the database. Each encryption operation uses a random IV, so the same plaintext produces a different ciphertext every time. The master key lives in <code>/etc/botfarm.env</code> with 600 permissions, generated at install time and never touched again.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">base64</span> <span class="kn">from</span> <span class="n">cryptography.hazmat.primitives.ciphers.aead</span> <span class="kn">import</span> <span class="n">AESGCM</span> <span class="k">def</span> <span class="nf">encrypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">master_key</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">iv</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="nf">urandom</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="c1"># 96-bit random IV per encryption </span> <span class="n">aesgcm</span> <span class="o">=</span> <span class="nc">AESGCM</span><span class="p">(</span><span class="n">master_key</span><span class="p">)</span> <span class="n">ciphertext</span> <span class="o">=</span> <span class="n">aesgcm</span><span class="p">.</span><span class="nf">encrypt</span><span class="p">(</span><span class="n">iv</span><span class="p">,</span> <span class="n">plaintext</span><span class="p">.</span><span class="nf">encode</span><span class="p">(),</span> <span class="bp">None</span><span class="p">)</span> <span class="c1"># Store IV + ciphertext together </span> <span class="k">return</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64encode</span><span class="p">(</span><span class="n">iv</span> <span class="o">+</span> <span class="n">ciphertext</span><span class="p">).</span><span class="nf">decode</span><span class="p">()</span> <span class="k">def</span> <span class="nf">decrypt</span><span class="p">(</span><span class="n">encrypted</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">master_key</span><span class="p">:</span> <span class="nb">bytes</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">data</span> <span class="o">=</span> <span class="n">base64</span><span class="p">.</span><span class="nf">b64decode</span><span class="p">(</span><span class="n">encrypted</span><span class="p">)</span> <span class="n">iv</span><span class="p">,</span> <span class="n">ciphertext</span> <span class="o">=</span> <span class="n">data</span><span class="p">[:</span><span class="mi">12</span><span class="p">],</span> <span class="n">data</span><span class="p">[</span><span class="mi">12</span><span class="p">:]</span> <span class="n">aesgcm</span> <span class="o">=</span> <span class="nc">AESGCM</span><span class="p">(</span><span class="n">master_key</span><span class="p">)</span> <span class="k">return</span> <span class="n">aesgcm</span><span class="p">.</span><span class="nf">decrypt</span><span class="p">(</span><span class="n">iv</span><span class="p">,</span> <span class="n">ciphertext</span><span class="p">,</span> <span class="bp">None</span><span class="p">).</span><span class="nf">decode</span><span class="p">()</span> </code></pre> </div> <p>At runtime, decrypted credentials are injected into each bot container as environment variables — they exist in memory during execution and are never written to disk.</p> <h2> Real-time log streaming via WebSocket </h2> <p>One of the more interesting technical problems was streaming container logs to the browser in real time. The naive approach — polling a REST endpoint every few seconds — introduces latency and hammers the database unnecessarily.</p> <p>The solution is a WebSocket endpoint that reads directly from the Docker container's log stream:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.websocket</span><span class="p">(</span><span class="sh">"</span><span class="s">/ws/logs/{bot_id}</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">stream_logs</span><span class="p">(</span><span class="n">websocket</span><span class="p">:</span> <span class="n">WebSocket</span><span class="p">,</span> <span class="n">bot_id</span><span class="p">:</span> <span class="nb">int</span><span class="p">):</span> <span class="k">await</span> <span class="n">websocket</span><span class="p">.</span><span class="nf">accept</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="n">container</span> <span class="o">=</span> <span class="n">docker_client</span><span class="p">.</span><span class="n">containers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">bot_</span><span class="si">{</span><span class="n">bot_id</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">for</span> <span class="n">log_line</span> <span class="ow">in</span> <span class="n">container</span><span class="p">.</span><span class="nf">logs</span><span class="p">(</span><span class="n">stream</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">follow</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">tail</span><span class="o">=</span><span class="mi">50</span><span class="p">):</span> <span class="k">await</span> <span class="n">websocket</span><span class="p">.</span><span class="nf">send_text</span><span class="p">(</span><span class="n">log_line</span><span class="p">.</span><span class="nf">decode</span><span class="p">().</span><span class="nf">strip</span><span class="p">())</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">exc</span><span class="p">:</span> <span class="k">await</span> <span class="n">websocket</span><span class="p">.</span><span class="nf">send_text</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Stream error: </span><span class="si">{</span><span class="n">exc</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">finally</span><span class="p">:</span> <span class="k">await</span> <span class="n">websocket</span><span class="p">.</span><span class="nf">close</span><span class="p">()</span> </code></pre> </div> <p>The same pattern applies to build logs — when you deploy a new version of a bot, the Docker image build output streams directly to the browser line by line via a separate WebSocket endpoint.</p> <h2> Bot versioning with visual diff </h2> <p>Every time you save a new version of a bot's code, BotFarm stores the previous version and generates a diff. From the dashboard you can see the full history, compare any two versions side by side, and roll back to any previous version in one click.</p> <p>The code editor is Monaco — the same editor that powers VS Code — embedded directly in the dashboard. You get syntax highlighting, autocomplete and error detection without leaving the browser.</p> <h2> Writing a bot </h2> <p>Bots are standard Python scripts with access to <code>bot_logger</code>, a shared library that handles logging and metrics:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">from</span> <span class="n">bot_logger</span> <span class="kn">import</span> <span class="n">BotLogger</span> <span class="n">logger</span> <span class="o">=</span> <span class="nc">BotLogger</span><span class="p">()</span> <span class="k">try</span><span class="p">:</span> <span class="n">creds</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">BOT_CREDENTIALS</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">{}</span><span class="sh">"</span><span class="p">))</span> <span class="n">logger</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="sh">"</span><span class="s">INFO</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Bot started</span><span class="sh">"</span><span class="p">)</span> <span class="n">records</span> <span class="o">=</span> <span class="nf">process_data</span><span class="p">(</span><span class="n">creds</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="sh">"</span><span class="s">INFO</span><span class="sh">"</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Cycle complete: </span><span class="si">{</span><span class="n">records</span><span class="si">}</span><span class="s"> records processed</span><span class="sh">"</span><span class="p">)</span> <span class="n">logger</span><span class="p">.</span><span class="nf">metric</span><span class="p">(</span><span class="sh">"</span><span class="s">records_processed</span><span class="sh">"</span><span class="p">,</span> <span class="n">records</span><span class="p">)</span> <span class="k">finally</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">close</span><span class="p">(</span><span class="n">exit_code</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> </code></pre> </div> <p>The <code>finally</code> block is important — <code>logger.close()</code> writes the final execution status to the database and releases resources. If it doesn't run, the dashboard shows the bot as still running.</p> <h2> Security model </h2> <p>A few decisions worth explaining:</p> <p><strong>JWT with automatic refresh.</strong> Tokens expire after one hour. The frontend automatically refreshes at the 50-minute mark without interrupting the user's session. On logout, the token's JTI is revoked in the database — subsequent requests with that token are rejected even if it hasn't expired.</p> <p><strong>Rate limiting on login.</strong> Ten attempts per minute per IP using <code>slowapi</code>. After that, requests are rejected with 429 until the window resets. Simple, effective, no CAPTCHA complexity.</p> <p><strong>Audit log as append-only.</strong> The database user that the application uses (<code>botfarm_app</code>) has INSERT and SELECT on the audit log table — never UPDATE or DELETE. This is enforced at the database privilege level, not just in application code. An audit log you can delete is not an audit log.</p> <p><strong>bcrypt with cost 12.</strong> Slow enough to make brute force impractical, fast enough that legitimate logins don't feel slow on modern hardware.</p> <h2> The stack </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Layer</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>Backend</td> <td>FastAPI 0.115 · Python 3.12 · Uvicorn</td> </tr> <tr> <td>Frontend</td> <td>React 18 · Vite · Chart.js · Monaco Editor</td> </tr> <tr> <td>Database</td> <td>MariaDB 11</td> </tr> <tr> <td>Containers</td> <td>Docker Engine · Docker Compose v2</td> </tr> <tr> <td>Proxy</td> <td>Nginx (TLS 1.2/1.3)</td> </tr> <tr> <td>Docker security</td> <td>tecnativa/docker-socket-proxy</td> </tr> <tr> <td>Encryption</td> <td>AES-256-GCM · bcrypt · JWT HS256</td> </tr> <tr> <td>Platform</td> <td>AlmaLinux 10 LTS</td> </tr> </tbody> </table></div> <h2> What it doesn't do </h2> <p>BotFarm is infrastructure for managing bots, not a scraping framework. It doesn't handle proxy rotation, browser automation, or anti-detection. Those concerns live in the bot code itself — BotFarm just provides the container to run it in, the credentials to authenticate with, and the visibility to know when something breaks.</p> python docker fastapi devops Detecting Deepfake Audio in Python: Why the Threshold Matters More Than the Model [Tanwydd] Sun, 12 Apr 2026 11:32:00 +0000 https://forem.com/tanwydd/detecting-deepfake-audio-in-python-why-the-threshold-matters-more-than-the-model-3i3l https://forem.com/tanwydd/detecting-deepfake-audio-in-python-why-the-threshold-matters-more-than-the-model-3i3l <p>Cloning a voice used to require a recording studio and a professional impersonator. Today it takes a few seconds of audio and a free API call.</p> <p>That changes the threat model for any system that verifies identity by voice.</p> <h2> The problem with voice verification in 2026 </h2> <p>Voice biometrics have been used in contact centers and banking for years. The assumption was that a voice is hard to fake — you either sound like someone or you don't, and training a model to tell the difference was expensive enough to deter casual fraud.</p> <p>That assumption is gone. Modern voice cloning tools can reproduce a speaker's voice with enough fidelity to fool both humans and many biometric systems, using as little as three to five seconds of target audio. The barrier is now effectively zero for anyone motivated enough to try.</p> <p>The response can't just be "better biometrics." It has to include detection of synthetic audio alongside speaker verification.</p> <h2> Two problems, two models </h2> <p>VoiceID Compare solves both problems in a single API call:</p> <ol> <li> <strong>Speaker verification</strong> — do these two audio samples belong to the same person?</li> <li> <strong>Deepfake detection</strong> — was either sample generated by AI?</li> </ol> <p>These are separate tasks that require separate models. Confusing them is a common mistake — a deepfake detector doesn't tell you if two voices match, and a speaker verification model doesn't tell you if the audio is synthetic.</p> <h2> Speaker verification: embeddings and cosine similarity </h2> <p>The speaker verification component uses <strong>SpeechBrain's ResNet model</strong>, trained on VoxCeleb — a large-scale dataset of celebrity speech collected from YouTube.</p> <p>The model doesn't compare audio files directly. It converts each audio sample into an <strong>embedding</strong> — a vector of floating point numbers that represents the speaker's vocal characteristics in a high-dimensional space.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">speechbrain.inference.speaker</span> <span class="kn">import</span> <span class="n">SpeakerRecognition</span> <span class="n">model</span> <span class="o">=</span> <span class="n">SpeakerRecognition</span><span class="p">.</span><span class="nf">from_hparams</span><span class="p">(</span> <span class="n">source</span><span class="o">=</span><span class="sh">"</span><span class="s">speechbrain/spkrec-resnet-voxceleb</span><span class="sh">"</span> <span class="p">)</span> <span class="n">score</span><span class="p">,</span> <span class="n">prediction</span> <span class="o">=</span> <span class="n">model</span><span class="p">.</span><span class="nf">verify_files</span><span class="p">(</span><span class="n">audio_path_1</span><span class="p">,</span> <span class="n">audio_path_2</span><span class="p">)</span> </code></pre> </div> <p>The similarity between two embeddings is calculated using <strong>cosine similarity</strong> — the angle between the two vectors in that high-dimensional space. Vectors pointing in the same direction (same speaker) have high cosine similarity. Vectors pointing in different directions (different speakers) have low similarity.</p> <p>The raw score is normalized to a 0-100 percentage scale for human readability.</p> <h2> Why audio preprocessing matters </h2> <p>Raw audio files from real-world sources are messy. Different sample rates, different channel counts, different durations, background noise. Feeding inconsistent audio to the model produces unreliable results.</p> <p>Before embedding extraction, every audio file goes through normalization:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">torchaudio</span> <span class="k">def</span> <span class="nf">preprocess_audio</span><span class="p">(</span><span class="n">path</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">waveform</span><span class="p">,</span> <span class="n">sample_rate</span> <span class="o">=</span> <span class="n">torchaudio</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">path</span><span class="p">)</span> <span class="c1"># Convert to mono </span> <span class="k">if</span> <span class="n">waveform</span><span class="p">.</span><span class="n">shape</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="o">&gt;</span> <span class="mi">1</span><span class="p">:</span> <span class="n">waveform</span> <span class="o">=</span> <span class="n">waveform</span><span class="p">.</span><span class="nf">mean</span><span class="p">(</span><span class="n">dim</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">keepdim</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="c1"># Resample to 16kHz (model requirement) </span> <span class="k">if</span> <span class="n">sample_rate</span> <span class="o">!=</span> <span class="mi">16000</span><span class="p">:</span> <span class="n">resampler</span> <span class="o">=</span> <span class="n">torchaudio</span><span class="p">.</span><span class="n">transforms</span><span class="p">.</span><span class="nc">Resample</span><span class="p">(</span><span class="n">sample_rate</span><span class="p">,</span> <span class="mi">16000</span><span class="p">)</span> <span class="n">waveform</span> <span class="o">=</span> <span class="nf">resampler</span><span class="p">(</span><span class="n">waveform</span><span class="p">)</span> <span class="k">return</span> <span class="n">waveform</span> </code></pre> </div> <p>16kHz mono is the format the ResNet model was trained on. Deviating from it degrades accuracy in ways that aren't always obvious — the model still produces an output, it's just less reliable.</p> <h2> Deepfake detection: Wav2Vec2 </h2> <p>The deepfake detection component uses a fine-tuned <strong>Wav2Vec2 model</strong> from HuggingFace, trained to classify audio as real or synthetic.</p> <p>Wav2Vec2 is a self-supervised model originally designed for speech recognition. The fine-tuned version used here has been trained on a dataset of real and AI-generated speech samples, learning to identify the subtle artifacts that synthetic audio introduces — phase discontinuities, unnatural prosody, artifacts from vocoder processing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">transformers</span> <span class="kn">import</span> <span class="n">pipeline</span> <span class="n">deepfake_detector</span> <span class="o">=</span> <span class="nf">pipeline</span><span class="p">(</span> <span class="sh">"</span><span class="s">audio-classification</span><span class="sh">"</span><span class="p">,</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">garystafford/wav2vec2-deepfake-voice-detector</span><span class="sh">"</span> <span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">deepfake_detector</span><span class="p">(</span><span class="n">audio_path</span><span class="p">)</span> <span class="c1"># Returns: [{'label': 'fake', 'score': 0.73}, {'label': 'real', 'score': 0.27}] </span></code></pre> </div> <p>The output is a probability score per class. A score of 0.73 for 'fake' means the model is 73% confident the audio was synthetically generated.</p> <h2> The threshold problem </h2> <p>Here's where most implementations go wrong: they treat the model's output as ground truth.</p> <p>It isn't. It's a probability estimate with a confidence interval that varies depending on audio quality, recording conditions, the specific voice cloning tool used, and how much the model has been updated relative to the latest generation of synthesis tools.</p> <p>The threshold — the score above which you classify audio as a deepfake — is a design decision, not a model parameter. And it has asymmetric consequences:</p> <ul> <li> <strong>Too low</strong> (e.g. 40%): high false positive rate. Legitimate users get flagged. Trust collapses.</li> <li> <strong>Too high</strong> (e.g. 80%): high false negative rate. Actual deepfakes get through. False confidence.</li> </ul> <p>For forensic use, the threshold needs to be calibrated against your specific threat model and your tolerance for each type of error. The system should surface the raw score, not just a binary verdict.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">DEEPFAKE_ALERT_THRESHOLD</span> <span class="o">=</span> <span class="mf">0.60</span> <span class="c1"># tunable per deployment </span> <span class="k">def</span> <span class="nf">interpret_deepfake_score</span><span class="p">(</span><span class="n">score</span><span class="p">:</span> <span class="nb">float</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">score_pct</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">score</span> <span class="o">*</span> <span class="mi">100</span><span class="p">,</span> <span class="mi">1</span><span class="p">),</span> <span class="sh">"</span><span class="s">alert</span><span class="sh">"</span><span class="p">:</span> <span class="n">score</span> <span class="o">&gt;=</span> <span class="n">DEEPFAKE_ALERT_THRESHOLD</span><span class="p">,</span> <span class="sh">"</span><span class="s">verdict</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">possible deepfake</span><span class="sh">"</span> <span class="k">if</span> <span class="n">score</span> <span class="o">&gt;=</span> <span class="n">DEEPFAKE_ALERT_THRESHOLD</span> <span class="k">else</span> <span class="sh">"</span><span class="s">appears genuine</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>The 60% default is a starting point, not a recommendation. In a banking compliance context you might want 50%. In a forensic investigation you might want to surface everything above 30% for manual review.</p> <h2> Running both models in parallel </h2> <p>Speaker verification and deepfake detection are independent. Running them in parallel cuts processing time roughly in half.</p> <p>Since both are CPU/GPU bound, they need to run in a thread pool to avoid blocking an async event loop:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">asyncio</span> <span class="kn">from</span> <span class="n">concurrent.futures</span> <span class="kn">import</span> <span class="n">ThreadPoolExecutor</span> <span class="n">executor</span> <span class="o">=</span> <span class="nc">ThreadPoolExecutor</span><span class="p">(</span><span class="n">max_workers</span><span class="o">=</span><span class="mi">2</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">compare</span><span class="p">(</span><span class="n">audio_path_1</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">audio_path_2</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="n">loop</span> <span class="o">=</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">get_event_loop</span><span class="p">()</span> <span class="n">speaker_task</span> <span class="o">=</span> <span class="n">loop</span><span class="p">.</span><span class="nf">run_in_executor</span><span class="p">(</span> <span class="n">executor</span><span class="p">,</span> <span class="n">verify_speaker</span><span class="p">,</span> <span class="n">audio_path_1</span><span class="p">,</span> <span class="n">audio_path_2</span> <span class="p">)</span> <span class="n">deepfake_task</span> <span class="o">=</span> <span class="n">loop</span><span class="p">.</span><span class="nf">run_in_executor</span><span class="p">(</span> <span class="n">executor</span><span class="p">,</span> <span class="n">detect_deepfake</span><span class="p">,</span> <span class="n">audio_path_1</span> <span class="p">)</span> <span class="n">similarity</span><span class="p">,</span> <span class="n">deepfake</span> <span class="o">=</span> <span class="k">await</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">gather</span><span class="p">(</span><span class="n">speaker_task</span><span class="p">,</span> <span class="n">deepfake_task</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">similarity_pct</span><span class="sh">"</span><span class="p">:</span> <span class="n">similarity</span><span class="p">,</span> <span class="sh">"</span><span class="s">audio_1_deepfake</span><span class="sh">"</span><span class="p">:</span> <span class="n">deepfake</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>Wrap with <code>asyncio.wait_for</code> — model inference on long audio files can take tens of seconds and you don't want hung requests blocking the server.</p> <h2> The combination that should raise flags </h2> <p>The most dangerous scenario isn't a low similarity score or a high deepfake score in isolation. It's high similarity combined with a high deepfake score.</p> <p>That means: the voice sounds like the target person, but the audio was probably synthesized. That's a cloning attack.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">interpret_result</span><span class="p">(</span><span class="n">similarity_pct</span><span class="p">:</span> <span class="nb">float</span><span class="p">,</span> <span class="n">deepfake_score</span><span class="p">:</span> <span class="nb">float</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="k">if</span> <span class="n">similarity_pct</span> <span class="o">&gt;=</span> <span class="mi">75</span> <span class="ow">and</span> <span class="n">deepfake_score</span> <span class="o">&gt;=</span> <span class="mf">0.60</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">HIGH RISK: voice matches but audio may be synthetic — possible cloning attack</span><span class="sh">"</span> <span class="k">if</span> <span class="n">similarity_pct</span> <span class="o">&gt;=</span> <span class="mi">75</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">same person</span><span class="sh">"</span> <span class="k">if</span> <span class="n">similarity_pct</span> <span class="o">&gt;=</span> <span class="mi">55</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">inconclusive — manual review recommended</span><span class="sh">"</span> <span class="k">return</span> <span class="sh">"</span><span class="s">different people</span><span class="sh">"</span> </code></pre> </div> <p>This case needs explicit handling in the interpretation logic, not just surfacing both scores independently.</p> <h2> What this doesn't solve </h2> <p>No system catches everything. The current generation of voice cloning tools produces audio that fools both humans and models at rates that should make anyone uncomfortable relying on voice verification as a sole authentication factor.</p> <p>This is a layer in a defense stack, not a complete solution. Combined with behavioral signals, session context, and human review for edge cases, it raises the cost of a successful attack significantly. Used alone as a binary gate, it will eventually be bypassed.</p> <p>The honest answer to "is this voice real?" is always a probability, not a fact. The system's job is to surface that probability clearly enough that the humans making decisions can act on it.</p> ai machinelearning python security