Comment by MetaWhirledPeas
19 days ago
> Cloudflare also has a feature to block known AI bots and even suspected AI bots
In addition to other crushing internet risks, add wrongly blacklisted as a bot to the list.
19 days ago
> Cloudflare also has a feature to block known AI bots and even suspected AI bots
In addition to other crushing internet risks, add wrongly blacklisted as a bot to the list.
This is already a thing for basically all of the second[0] and third worlds. A non-trivial amount of Cloudflare's security value is plausible algorithmic discrimination and collective punishment as a service.
[0] Previously Soviet-aligned countries; i.e. Russia and eastern Europe.
Yep. Same for most of Asia too.
Cloudflare's filters are basically straight up racist.
I have stopped using so many sites due to their use of Cloudflare.
If 90% of your problem users come from 1-2 countries, seems pretty sensible to block that country. I know I have 0 paying users in those countries, so why deal with it? Let them go fight it out doing bot wars in local sites
4 replies →
Well, not racist per-se - if you visit the countries (regardless of race) you’re screwed too.
Geo-location-ist?
People hate collective punishment because it works so well.
Anecdatally, by default, we now block all Chinese and Russian IPs across our servers.
After doing so, all of our logs, like ssh auth etc, are almost completely free and empty of malicious traffic. It’s actually shocking how well a blanket ban worked for us.
7 replies →
Putting everyone in jail also works well to prevent crime.
1 reply →
Works how? Are these blocks leading to progress toward solving any of the underlying issues?
3 replies →
Innocent people hate being punished for the behavior of other people, whom the innocent people have no control over.*
FTFY.
2 replies →
I have a growing Mastodon thread of this shit: https://mastodon.social/@grishka/111934602844613193
It's of course trivially bypassable with a VPN, but getting a 403 for an innocent get request of a public resource makes me angry every time nonetheless.
Exactly. I have to use a VPN just for this kind of bu**it. :/
The difference between politics and diplomacy is that you can survive in politics without resorting to collective punishment.
unrelated: USSR might have been 2nd world. Russia is 3rd world (since 1991) -- banana republic
No, Russia is by definition the 2nd world. It's about spheres of influence, not any kind of economic status. The First World is the Western Bloc centered around the US, the Second World is the Eastern Bloc centered around then-USSR and now-Russia (although these days more centered on China), the Third World is everyone else.
2 replies →
What do you mean crushing risk? Just solve these 12 puzzles by moving tiny icons on tiny canvas while on the phone and you are in the clear for a couple more hours!
If you live in a region which it is economically acceptable to ignore the existence of (I do), you sometimes get blocked by website r̶a̶c̶k̶e̶t̶ protection for no reason at all, simply because some "AI" model saw a request coming from an unusual place.
Sometimes it doesn’t even give you a Captcha.
I have come across some websites that block me using Cloudflare with no way of solving it. I’m not sure why, I’m in a large first-world country, I tried a stock iPhone and a stock Windows PC, no VPN or anything.
That’s just no way to know.
That’s probably a page/site rule set by the website owner. Some sites block EU IPs as the costs of complying with GDPR outweigh the gain.
10 replies →
If it clears you at all. I accidentally set a user agent switcher on for every site instead of the one I needed it for, and Cloudflare would give me an infinite loop of challenges. At least turning it off let me use the Internet again.
These features are opt-in and often paid features. I struggle to see how this is a "crushing risk," although I don't doubt that sufficiently unskilled shops would be completely crushed by an IP/userAgent block. Since Cloudflare has a much more informed and broader view of internet traffic than maybe any other company in the world, I'll probably use that feature without any qualms at some point in the future. Right now their normal WAF rules do a pretty good job of not blocking legitimate traffic, at least on enterprise.
The risk is not to the company using Cloudflare; the risk is to any legitimate individual who Cloudflare decides is a bot. Hopefully their detection is accurate because a false positive would cause great difficulties for the individual.
For months, my Firefox was locked out of gitlab.com and some other sites I wanted to use, because CloudFlare didn't like my browser.
Lesson learned: even when you contact the sales dept. of multiple companies, they just don't/can't care about random individuals.
Even if they did care, a company successfully doing an extended three-way back-and-forth troubleshooting with CloudFlare, over one random individual, seems unlikely.
We’re rapidly approaching a login-only internet. If you’re not logged in with google on chrome then no website for you!
Attestation/wei enable this
And not just a login but soon probably also the real verified identity tied to it. The internet is becoming a worse place than the real world.