@corbin @scott worth noting that AUTHORIZED_FETCH is also a thing, which (aiui) would require scraping to come from something vaguely shaped like a fedi instance, so they'd have to burn domains instead of just IPs
still fairly cheap at Facebook's scale, mind you!
in any case, maybe I'm being too optimistic, but I'd be surprised if facebook resorted to outright ban evasion