The internet is full of bots and some aren't nice (DDoS, scraping, exploits, AI..). To block bots, we must identify them in the traffic. That's hard as some pretend to be human/browsers! Let's explore JA3/JA4 hashes, fingerprinting the TLS handshake.

Internet traffic is mostly encrypted - one SNI extension still causes trouble. Encrypted Client Hello aims to fix this for a price of dependency on big tech. Is this the way?

And a few frustrated opinions.