> Some kind of fingerprint block. The block persisted across IP addresses, browsers, incognito tabs, and devices so it can't be based on cookies / storage.

Then what is it based on, if it happens across different devices and different IP addresses?

I find it very surprising that the NSA would go to such technologically advanced lengths to block FOIA requesters from their website (which, needless to say, doesn't contain any sensitive information).

Yeah weird, right? Highly surprising, high entropy, highly informative bit of signal possibly. Obvious way to admit SHA-0 is a pressure point maybe.

Idk, maybe you can figure out the block, I think it's beyond me. Here's a picture if that helps haha! :)

https://imgur.com/a/rNIjrB2

Highly unlikely to be a coincidence but I took it to mean: Don't make these requests ... OK ... haha! :)

It’s just Akamai being overzealous against bots.

It could simply be you read more pages and it may have triggered anti-scraping rules.

I cannot access many .gov websites either, and maybe it was after 5 pages or so.

This honestly seems kinda fun. If one was really dedicated: buy new device with cash; purchased and used outside city of residence; don’t drive there, non-electric bike or walk; only use device to connect to the website from public wifi; never connect to own wifi; don’t use same VPN service as usual. Not sure if I missed anything. Probably did.

Or walk into an internet cafe. Cafe membership systems, if any, probably aren't yet connected enough to prevent showing you the raw Internet for first few minutes, for few more years. Everyone who's vocal online should try this once in a while. Even Google search results noticeably change depending on your social classes inferred from location and whatnot.

This seems like a good way to learn what information your system is leaking that it shouldn't be leaking, eg if you use a VPN and they still block you, your VPN is probably not doing what it claims to be doing. (AFAIK a correctly implemented VPN would not send any of your computer or browser information to nsa.gov.)

VPNs do not do what you seem to think they do. A VPN is a privacy tool as much as restarting your router to get a new IP lease is a privacy tool.

> and they still block you, your VPN is probably not doing what it claims to be doing.

Of course it's doing what it should: binds IP address to a credit card used to pay for VPN! It's much solid that browser fingerprinting.

there are MANY different ways to fingerprint something or someone, see e.g. https://abrahamjuliot.github.io/creepjs/ or https://scrapeops.io/web-scraping-playbook/how-to-bypass-clo....

also fun fact, even Tor Browser can't hide the real OS you're running when a site uses javascript-based OS queries.

They probably have someone specifically assigned to crack every device you use.

IIUC blocking people from making FOIA requests is illegal / can be grounds for a lawsuit, and they can always just classify anything they don’t want to give away, so it doesn’t really make sense for the NSA to do something like that. Their website is probably just broken.

That url (http://nsa.gov/serve-from-netstorage/) works via Tor, so maybe try that? ;)

I'm curious as to why the NSA still has http:// urls.

It redirects to HTTPS.