That still forces you to go and proactively solve a ton of CAPTCHAs to get points or tokens or whatever it calls them. And some things seem to be just plain irretrievably broken regardless, whether by Cloudflare or by the clients I can't say.
People use CloudFlare to solve a multitude of problems, some of which include automated attacks by bots, which would make the website unavailable in the first place.
If you're going to use a non-mainstream browser then you're going to compromise in some way. If people are going to defend their website against attackers then there's compromise.
CloudFlare isn't the problem, it's a symptom of other problems left unsolved. Is it a compromise? Yup. What's the alternative? Not using it and thus having constant downtime?
Using a "non-mainstream browser" is not in fact an indicator of malicious or even "annoying" behavior. It's almost certainly not even statistically associated. In fact, if you're going to build a bot that impersonates a browser, the natural choice right now is to impersonate Chrome. And there are frameworks available for puppeting Chrome.
What they seem to be doing is just presenting a CAPTCHA to anything at all unusual. Which is actually kind of strange, given the vast amount of raw data available to them. They should be able to learn real indicators.
I'm actually not even sure Cloudflare is primarily responsible for most of this... exactly. The problem is more likely that Cloudflare gives its users a lot of knobs to twiddle, and most of the users are probably not up to twiddling them correctly. That could be the main source of these problems.
And there are so many possible combinations that it would be hard for Cloudflare to really test them, or even think about how all the knobs might interact.
Taking away knobs would be a good start, but there may be reasons they don't think they can do that. Probably reasons that are more about their customers' perceptions than about their customer's real needs.
Come to think of it, isn't one of those knobs the ability to turn off PrivacyPass? I don't have access to a Cloudflare account at the moment, but I seem to remember that it was.
That still forces you to go and proactively solve a ton of CAPTCHAs to get points or tokens or whatever it calls them. And some things seem to be just plain irretrievably broken regardless, whether by Cloudflare or by the clients I can't say.
You can't have it both ways.
People use CloudFlare to solve a multitude of problems, some of which include automated attacks by bots, which would make the website unavailable in the first place.
If you're going to use a non-mainstream browser then you're going to compromise in some way. If people are going to defend their website against attackers then there's compromise.
CloudFlare isn't the problem, it's a symptom of other problems left unsolved. Is it a compromise? Yup. What's the alternative? Not using it and thus having constant downtime?
Using a "non-mainstream browser" is not in fact an indicator of malicious or even "annoying" behavior. It's almost certainly not even statistically associated. In fact, if you're going to build a bot that impersonates a browser, the natural choice right now is to impersonate Chrome. And there are frameworks available for puppeting Chrome.
What they seem to be doing is just presenting a CAPTCHA to anything at all unusual. Which is actually kind of strange, given the vast amount of raw data available to them. They should be able to learn real indicators.
I'm actually not even sure Cloudflare is primarily responsible for most of this... exactly. The problem is more likely that Cloudflare gives its users a lot of knobs to twiddle, and most of the users are probably not up to twiddling them correctly. That could be the main source of these problems.
And there are so many possible combinations that it would be hard for Cloudflare to really test them, or even think about how all the knobs might interact.
Taking away knobs would be a good start, but there may be reasons they don't think they can do that. Probably reasons that are more about their customers' perceptions than about their customer's real needs.
Come to think of it, isn't one of those knobs the ability to turn off PrivacyPass? I don't have access to a Cloudflare account at the moment, but I seem to remember that it was.
9 replies →
If Cloudflare has decided that Firefox is a "non-mainstream browser" and is applying a penalty to its users, then Cloudflare is the problem.
7 replies →
And what if I have to use 3 browsers and don't want to set up accounts or give up privacy?
Then that's your own prerogative.
it never worked on my tor browser