This is the second post in our series on AI bots and their impact on fraud and detection systems. In the first article, we outlined the main categories of bots emerging from the generative AI ecosystem, explained their roles, and showed how each affects detection strategies. We grouped AI-driven automation| The Castle blog
Time zone is a valuable signal in both bot and fraud detection. It's commonly used in browser fingerprinting and can be correlated with other data, like IP geolocation or language preferences, to flag inconsistencies. For example, a user claiming to be in Paris but presenting a system time zone of| The Castle blog
The other day, I bought sneaker proxies by mistake. I know, I know, how do you accidentally buy sneaker proxies? Well, I needed residential proxies for purposes and thought, hey, why not treat myself to the premium stuff? Instead of a basic sedan, I’ll get the proxy equivalent of| The Castle blog
Every time there's a Hacker News thread about bots, bot detection, or CAPTCHAs, a familiar complaint shows up: people using VPNs, ad blockers, Firefox forks, or privacy tools get bombarded with CAPTCHAs or blocked entirely. It feels like modern anti-bot systems are punishing users just for trying to protect their| The Castle blog
In this post, we analyze an open-source CAPTCHA solver designed to bypass a custom challenge deployed on Binance, one of the most popular crypto platforms. While the solver is publicly available, we’ve intentionally chosen not to link to the original repository. The code is minimally documented and was clearly| The Castle blog
Disposable email addresses are temporary inboxes that allow users to receive messages without linking the address to a long-term identity. Unlike Gmail or Outlook, which are built for ongoing use and personal association, disposable email services are built for anonymity and convenience. Most disposable services require no signup or verification.| The Castle blog
Bots are often used to conduct attacks at scale. They can be used to automatically test stolen credit cards, steal user accounts (account takeover), and create thousands of fake accounts. Detecting bot activity has traditionally relied on techniques like Web Application Firewalls (WAFs), CAPTCHAs, and static fingerprinting. However, with the| The Castle blog