→ Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives
https://blog.cloudflare.com/perplexity-is-using-stealth-undeclared-crawlers-to-evade-website-no-crawl-directives/

“We observed that #Perplexity [an AI-powered answer engine] uses not only their declared #user_agent, but also a generic browser intended to #impersonate Google Chrome on macOS when their declared crawler was blocked.”

“This activity was observed across tens of thousands of domains and millions of requests per day.”

Tuesday, July 29, 2025

“Peace through strength is possible,” Zelensky — Investigation: Despite sanctions, American trucks are being used by Russia to launch kamikaze drones — Unidentified drone enters Lithuania from Belarus amid rising tensions — Ukraine liberates Kindrativka village in Sumy Oblast amid ongoing Russian offensive … and more

https://activitypub.writeworks.uk/2025/07/tuesday-july-29-2025/

#FBI warns of ongoing #scam that uses #deepfake audio to #impersonate government officials

The FBI is warning people to be vigilant of an ongoing malicious messaging campaign that uses AI-generated voice audio to impersonate government officials in an attempt to trick recipients into clicking on links that can infect their computers.
#ai #security #privacy

https://arstechnica.com/security/2025/05/fbi-warns-of-ongoing-scam-that-uses-deepfake-audio-to-impersonate-government-officials/

lexiforest 版的 curl-impersonate 出 v1.0.0rc1

先前在「fork 出來的 curl-impersonate」有提到 curl-impersonate 本來的作者 lwthiker 已經沒在維護了，現在是 lexiforest 版看起來是比較活躍的版本：「lexiforest/curl-impersonate」。 剛剛看到 v1.0.0rc1 的消息，頁面上也提到 breaking change： Breaking changes on v1.0, see release page for details. 看起來比較明顯的是改 binary 的名字這件事情，因為不只支援 chrome 很久了，所以把 binary 裡面 chrome 的名字拿掉： Changed the binary name from (lib)curl-impersonat…

https://blog.gslin.org/archives/2025/04/14/12348/lexiforest-%e7%89%88%e7%9a%84-curl-impersonate-%e5%87%ba-v1-0-0rc1/

fork 出來的 curl-impersonate

原來的 lwthiker/curl-impersonate 已經超過一年沒更新了，不過看起來有其他人 fork 出來繼續維護 (以及開發)：「lexiforest/curl-impersonate」。 目前支援的版本還算新，Chrome 支援 133 (目前 stable 最新版是四天前出的 134)，Firefox 支援 135 (目前 stable 最新版是月初出的 136)，其他的幾個瀏覽器看起來也都有跟上。 最近遇到一些網站會擋到 TLS fingerprint，剛好拿這個出來用... …

https://blog.gslin.org/archives/2025/03/30/12326/fork-%e5%87%ba%e4%be%86%e7%9a%84-curl-impersonate/

實作更多功能的 curl-impersonate fork

從「Curl-Impersonate (github.com/lexiforest)」這邊看到的消息。

前情提要可以在「修正 Curl 的 TLS handshake，避開 bot 偵測機制」這邊看到，當時介紹了 curl-impersonate 這個專案，可以修改 TLS 的行為 (尤其是 handshake 階段)，讓

https://blog.gslin.org/archives/2024/12/31/12168/%e5%af%a6%e4%bd%9c%e6%9b%b4%e5%a4%9a%e5%8a%9f%e8%83%bd%e7%9a%84-curl-impersonate-fork/

Visualizing the Companies Online Scammers Impersonate the Most
https://www.visualcapitalist.com/companies-online-scammers-impersonate-the-most/ #infographic #online #scammers #impersonate

Ooof, there's a #critical #security #issue (# CVE-2024-23832) on older #Mastodon #instances where remote attackers can #takeover and #impersonate any account:

https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

via @heisec: https://www.heise.de/news/Mastodon-Diebstahl-beliebiger-Identitaeten-im-foederierten-Kurznachrichtendienst-9615961.html

Update your instances, friends! 4.2.5 seems to be safe.

Companies Make it Too Easy for Thieves to #Impersonate Police and Steal Our Data | Electronic Frontier Foundation
@eff #privacy

https://www.eff.org/deeplinks/2024/01/companies-make-it-too-easy-thieves-impersonate-police-and-steal-our-data

The privilege #escalation flaw (CVE-2023-20105, CVSS score: 9.6), it said, stems from incorrect handling of #password change requests, thereby allowing an #attacker to alter the passwords of any user on the system, including an administrative read-write user, and then #impersonate that user.

#cibersecurity #Cisco #VMware #updates

https://thehackernews.com/2023/06/urgent-security-updates-cisco-and.html?m=1

One of the good things about getting into #mastodon during this big #twitterMigration is that my name hasn't been taken by the famous #actor or any fans trying to #impersonate him yet on really any #instance

A #TrustAndSafety problem on #Mastodon is that it's easy for a bad actor to #impersonate someone else by using the same username on a different server.

I've been trying one possible UI improvement to make impersonation easier to spot: to always attach the favicon of the server when showing the username.

Because many servers never change their favicon from the default, to further distinguish servers I also recolor the favicon depending on the server.

Screenshots shows @elk UI before and after.

I was about to #delete my #BlueBird account. I finally decided now was the time. It’s #toxic over there. But realised that by doing so it would let someone else possibly #impersonate me. So hanging on to my #handle. But I’ve stopped posting and doom-scrolling. I’ve found a nicer place to hang out #Mastodon