Comment by kevincox
3 years ago
This reminds me of the origin of "jaywalking". People used to walk wherever they wanted but when cars became a thing they found that people where in their way. So they started to blame people for "jaywalking" to turn it into a bad thing that the pedestrians are doing rather than framing it as cars wanting to take some of the road away from pedestrians.
We are trying to frame people who are trying to protect their privacy as "suspicious" rather than saying that we want to track them better.
Likening packets on the internet to people in a street is not an accurate analogy. The reason people use these solutions is that they're inundated with garbage traffic that is often automated. The internet is more like a street with 5 real people and 1,000 malicious humanoid robots.
You get 1005 requests for a file. They are all real requests. You simply send back the data.
You want to determine who is manually asking vs automated so you can ignore requests that aren't manually generated.
We are more in the case of adding a turnaround on footpaths to block motorbikes and other 2-wheel scooters. captcha also exists in the real world.
Instead of Cloudflare there should be a protocol that would allow host to notify upstream providers that they should reject incoming traffic from specific address ranges. If there was such protocol all Cloudflare business would be zeroed in a minute, but sadly that is not going to happen.
>there should be a protocol that would allow host to notify upstream providers that they should reject incoming traffic from specific address ranges
At the server or datacenter level, it's call a firewall :)
Considering that a lot of the internet is still behind a NAT I’m not sure that’s a completely bulletproof solution.
If it needs a checkbox to confirm you're a human then I would say that's a lost battle. A bot would be just as able to click that as I am. And I keep being hit with these over and over again. It's well beyond just annoying, especially when it is sites that I have a long standing relationship with. Which I wonder: are those sites even aware that Cloudflare keeps popping up that check dialog?
You are right that scripts can check a checkbox. Which is why the "checkboxes" that cloudflare/recaptcha display to you are not actually checkboxes. They're fingerprinting and behavioral analysis scripts.
There is no reason whasoever you should need to prove you are not a bot in order to view an effectively static website. For interaction you may need anti-spam measures, for viewing no.
The FUD and moralization of groupthink conformance.
When not in a vehicle and there are no cops around, I do the New Yorker thing: I completely ignore signals and focus on traffic. The prima facie and prime directive is safety over conformance. I will not waste my life at the behest of some Christmas lights.
Statistically you're at such a higher risk on the road than anywhere else, it's best to minimize the amount of time spent in a motor vehicle. This is why I don't waste time putting on my seatbelt, run all red lights, and always floor the gas pedal for the duration of my trips.
You forgot the /s
Same thing with fraud against a business being turned into “identity theft”.