I'm sure they've had complex server-side detections for a while. But for the client parts: it should only contain the parts that must be on the client, and it could be done in a more benign-looking way. For example, the unavoidable client parts could've been done more fuzzily/broadly, for plausible deniability, and then narrowed on the server. (They may already have been following that strategy before now, without being noticed.)