Is Instoo Legit?

For details on how to test it yourself, checkout my tutorial here:

1. Instoo Doesn’t Use the Phone API

Around July 2019, Instagram started cracking down on automation bots. One of their strategies was to track all the bots that used their private phone API, which required signing with a specific key per device. Since these keys can be tracked, and bot makers have to get them from real phones, it becomes very easy to track all these bots. Instagram kept logs of them, and then started issuing the warning below to force users to log out of their bots.

Instoo never used the phone api to start with, so each user was running their own unique user-agent signature tied to their browser/IP.

2. Hyperparameter Optimizations

Instoo uses their global user data to automate very closely to a real human. This makes it very hard for Instagram to use machine learning to detect odd behavior, because the bots all blend into regular users. Even on fast mode, it automates very human like and as close to the limits of detection as possible. They achieved this by using their global user logs to test which actions cause blocks, and which actions blend into the crowd. Instoo constantly updates to maintain this cloak.

3. Emulating A Real Browser User Entirely

Instead of spamming millions of story views to the instagram endpoints, Instoo actually fully automates the real clicks inside the browser. This undoubtedly mixes it in with other regular users, since it’s impossible(due to security reasons) to track anyone outside the browser sandbox. This is why the internet has Captchas to detect bots. However, if instagram added a captcha to every button, people would stop using it fast. All other bots that just spam endpoints do run for a few hours/days, but then eventually get blocked. Feel free to test them side by side to see the difference. You will clearly see how Instoo automates realistically. Even things like gathering targets are completely manually automated.

4. Offloading Requests to Their Servers

They offload common requests like looking up user profile images to their servers, so your IP doesn’t do that. This reduces how often you contact Instagram’s servers, so they have far less data to track you with.

5. Using Stories to Mask Other Activities

Stories have no limits right now on Instagram. The reason is some users have thousands of followers, and Instagram itself has a “watch all” features. Instoo exploits this feature by using stories to mask the other activities. This is why stories are turned on by default, but they completely avoid detection this way. The algorithm does stories constantly, and randomly clicks through the site to do other actions in between to appear like a real human would.

If you liked this article, follow me on Medium for more like it!
Feel free to ask questions. I always respond.




Retired Founder CTO. Bestselling Author. I’ve built two automated Saas businesses, and I enjoy helping others get started.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

2017 ID2020 Summit: Highlights and Key Takeaways

Start your journey in Cyber security from today

Receipts from PointPay Payment System

Pippi Finance will host AMA with Decentralized Club on July 10th

Dangers of Public Wifi: Part One

The 3 laws of identity and access management


Mudley Pool #13 [19 July — 24 July 2021]

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Retired Founder CTO. Bestselling Author. I’ve built two automated Saas businesses, and I enjoy helping others get started.

More from Medium

How to create a website using Bluehost

5 Simple Ways You Can Increase Your Instagram Reach

How to Make Money Online As a Freelance Content Writer

freelance content writer

What Happens When My Creative Work Goes Viral