I appreciate (and encourage) using real life problems as a pretext for researching new topics and developing new skills, but
1. I'm really curious as to what's the desired outcome here? A spambot to flood people's notifications?
2. I'll admit that I have absolutely no idea how Instagram's API layer (and protection) works but wouldn't capturing the HTTP calls a more appropriate and easier approach to take?
I know agencies get paid to manage other business's instagram accounts, and want ways to post/comment/engage/etc with multiple business's accounts at once. You'd still have a human driving/scheduling/approving the activity, but you wouldn't have to jump between so many hoops to do so.
Yeah, it could definitely be used badly and there is a thin line between account management and growth-bot spam.
But that is part of what makes it interesting to me. Instagram has real anti-abuse systems, rate limits, weird UI states, etc. It's just a good place to experiment, everyone knows about it and it's something I was interested in.
I was totally expecting to get the account banned quickly.
Although I just added a disclaimer to make it clear.
1. Social media accounts with lots of engagement and high follower counts are worth big money these days. However, it takes a ton of effort to build that up organically. It's not difficult to see possible motives for something like this.
2. Leveraging their private APIs will get you banned even quicker than OPs method.
I tried all sorts of automation in the past and always get banned at the end. Not worth it. Use AI or whatever to generate your social media content but always post it manually for best engagement and not getting banned
on business pages they literally give you access to the posting API.... And you can automate against that. Not that they will give you much action on that without the sweet sweet accelerant of ad money.
The mouse might be one signal but Instagram is almost certainly looking at way more than that and feed it to some ML-based abuse detection.
They likely have entire teams working on this, plus adversarial teams trying to break their own detection systems.
I'm blocking as much tracking as I reasonably can and they still caught it within a few days. So I doubt this failed because of one obvious browser API. It is probably a combination of behavioural signals that made the account look automated.
>A full screenshot is huge. Over 7 million pixels on a typical screen.
Hmmm i don't think that's true? 1080p is 2M, 2K is 4M, 4K is 8M. Are we really in an era where full 4K is "typical"? For reading Instagram? I've got 4 screens i use on a daily basis that are all 2K or less. I mean my TV was only 1080p until a few months ago lol. Maybe I'm just slow.
Also: you're automating the browser, just make the window smaller then!
This is also why creating a regular account is so difficult on all the social networks. You sign up and it is instantly banned and you have to go through a whole review and approval process just to use it. Incredibly user and company hostile.
A new account doing anything unusual looks suspicious immediately. A 10yo account with normal history and real usage would probably be much less likely to get banned for the same behaviour.
Statuses cannot be disabled, so the little notification dot is always there (I solved that by archiving everyone's statuses) and the phone call feature cannot start a recording when you get called. If you need to record a call you need to do so separately.
If for some reason you want to stop using WhatsApp, you just cannot. You socially exclude yourself.
Most people you know are there so you cannot just leave it. Some companies run their business there. Some government services and banks have a WhatsApp chat bot, and don't accept email or phone calls anymore.
I wish I could fully leave WhatsApp, but I can't without paying a social price. The network effects are a straitjacket.
I appreciate (and encourage) using real life problems as a pretext for researching new topics and developing new skills, but
1. I'm really curious as to what's the desired outcome here? A spambot to flood people's notifications?
2. I'll admit that I have absolutely no idea how Instagram's API layer (and protection) works but wouldn't capturing the HTTP calls a more appropriate and easier approach to take?
> what's the desired outcome here?
I know agencies get paid to manage other business's instagram accounts, and want ways to post/comment/engage/etc with multiple business's accounts at once. You'd still have a human driving/scheduling/approving the activity, but you wouldn't have to jump between so many hoops to do so.
Yeah, it could definitely be used badly and there is a thin line between account management and growth-bot spam.
But that is part of what makes it interesting to me. Instagram has real anti-abuse systems, rate limits, weird UI states, etc. It's just a good place to experiment, everyone knows about it and it's something I was interested in.
I was totally expecting to get the account banned quickly.
Although I just added a disclaimer to make it clear.
1. Social media accounts with lots of engagement and high follower counts are worth big money these days. However, it takes a ton of effort to build that up organically. It's not difficult to see possible motives for something like this.
2. Leveraging their private APIs will get you banned even quicker than OPs method.
Adding to the 2nd point: It's one of the most watched APIs for suspicious activity ever.
Anything not from their vanilla app, the littlest dot on their charts will trigger severe alarms and actions.
Big correlation systems. The safest path used to be to automate the app itself, through mobile automation, but they even got too sensitive to that.
I don't doubt the whole app has a behavioural analysis component, full screen size, much like a big "I am not a robot" checkbox.
Also, it's very likely their private APIs are CSRF-protected or similar.
You can trigger their systems even by manually just following and unfollowing to drive account engagement. No automation required.
This whole "You're not using the software the way we want you to use the software" regime can't end soon enough...
I tried all sorts of automation in the past and always get banned at the end. Not worth it. Use AI or whatever to generate your social media content but always post it manually for best engagement and not getting banned
on business pages they literally give you access to the posting API.... And you can automate against that. Not that they will give you much action on that without the sweet sweet accelerant of ad money.
Pray for the organic, pay for the boost.
I realized months ago that social networks are distribution systems. Want acceleration? Pay.
There is little incentive to make anything viral/organically boosted.
>Not worth it.
most of "engagement" on every big platform has always been bot activity, which strongly suggests that all their measures can be countered.
Have you tried to post with something like Buffer or Hootsuite?
As someone that has recently built out a once-daily crawler for a not so ban-happy site, thanks for the article.
I havenāt had to go the CV route yet, but I know itās a matter of time once they āimproveā the site and it starts breaking regularly.
It failed because the web browser lets the content know where the mouse cursor is, with absolute precission. It shouldn't.
The mouse might be one signal but Instagram is almost certainly looking at way more than that and feed it to some ML-based abuse detection.
They likely have entire teams working on this, plus adversarial teams trying to break their own detection systems.
I'm blocking as much tracking as I reasonably can and they still caught it within a few days. So I doubt this failed because of one obvious browser API. It is probably a combination of behavioural signals that made the account look automated.
>A full screenshot is huge. Over 7 million pixels on a typical screen.
Hmmm i don't think that's true? 1080p is 2M, 2K is 4M, 4K is 8M. Are we really in an era where full 4K is "typical"? For reading Instagram? I've got 4 screens i use on a daily basis that are all 2K or less. I mean my TV was only 1080p until a few months ago lol. Maybe I'm just slow.
Also: you're automating the browser, just make the window smaller then!
Yeah, fair point. I overstated that part.
Iāve edited it to focus more on the actual problem: the bot starts with a large visual search space and has to narrow it down to a small target.
Thanks for the feedback.
[dead]
what if i were purely interested in archiving local community posts? does anyone have experience on scraping without getting banned?
i have no interest in juicing engagement, purely from a "20 years from now it'll be cool to know this existed at all" aspect.
I would guess that low-volume scraping is probably much less likely to cause problems.
This is also why creating a regular account is so difficult on all the social networks. You sign up and it is instantly banned and you have to go through a whole review and approval process just to use it. Incredibly user and company hostile.
This is also why old accounts have value.
A new account doing anything unusual looks suspicious immediately. A 10yo account with normal history and real usage would probably be much less likely to get banned for the same behaviour.
You start to wonder if thatās a good place to be present
that is why it is called a gift
Agreed. For better or worse, social networks are the fb marketplace of eyes.
how could this be for better?
If you're a business, it is a great way to get customers.
Thank you. Thanks to you, I was able to break free from my Instagram addiction
This is not related to the article. But I would like to see people generated feeds rather than automated feeds.
e.g. contradictory feeds.
1. motivational post followed immediately be demotivational post iteratively. this will allow people not be stuck in one basin of attraction.
2. wealth flaunting posts followed by poverty posts to elicit a strong contrast and inequality.
3. science posts followed by pseudo-science posts
4. feeds that are generated like DJ sets. instead of playing with music, the feed would play with emotions.
Other such combinations.
A spam post here about how to spam Instagram. This is what the internet is now.
How is it a spam post?
It is just an amateur blog post about a small automation experiment. I am not selling anything or promoting a tool.
Every product zuckerberg has is cancerous except WhatsApp
WhatsApp got toxic also.
Statuses cannot be disabled, so the little notification dot is always there (I solved that by archiving everyone's statuses) and the phone call feature cannot start a recording when you get called. If you need to record a call you need to do so separately.
If for some reason you want to stop using WhatsApp, you just cannot. You socially exclude yourself.
Most people you know are there so you cannot just leave it. Some companies run their business there. Some government services and banks have a WhatsApp chat bot, and don't accept email or phone calls anymore.
I wish I could fully leave WhatsApp, but I can't without paying a social price. The network effects are a straitjacket.