If you ban an IP or even an ASN, there could be (many) thousands sharing that same identifier. Some kid will unknowingly run some free game that does some lightweight scraping in the background as monetization and you ban the whole ISP?
For some definition of "common", yes. Some try to be less shady by asking for consent (e.g. in exchange for in-game credits), others are essentially malware.
FYI this is a rebranding of the notorious “Luminati” service that sold a residential proxy network based on the ”Hola VPN” chrome extension. They’ve upped their game and now pay application developers to embed their botnet in their application.
the idea that games should be written solely to extract revenue from players is so repulsive to me that I actively disrespect and disfavor people I know who work on things like this.
humans are a truly horrible species and this kind of thing is a great example of why I believe that.
That's every billion dollar publisher that releases games with initial purchase + microtransactions beyond cosmetics. So Activision/Blizzard, EA, Take Two, and Ubisoft. Like it's one thing to do free-to-play + pay-to-win but it's quite another to charge $60 and then make the game worse solely to drive people to buy things that will make it suck less. And they all do it.
Residential IPs are extremely valuable for scraping or other automation flows so yeah getting kids to run a free game that has malware seems plausible.
How would that be a false positive? The kid might not be malicious, but they absolutely are running a bot, even if unknowingly. If anything, calling attention to it could help people notice, and therefore clean up such things.
The kid isn't. But everyone else using their ISP that your ASN-based block also blocks is a false positive. An ASN block easily has a granularity of "10% of an entire large country". And nobody is going to take your site blocking e.g. all Comcast users as "oh, we should investigate which Comcast user made some slightly suspicious requests, thanks for telling us".
Fair, but we are talking about blocking just OP's site, correct? OP flagging a bot doesn't take down that ISP's access to the internet, unless I'm grossly misunderstanding the power any individual site owner has.
So is that such a bad thing? If OP is going to use this to provide data about bots, blocking mass amounts of the internet could actually be a terrific example of how many people are at least tangentially connected to bots.
