Comment by LeifCarrotson
1 year ago
> I would be pretty upset if I implemented Cloudflare and it started to inadvertently hurt my sales figures.
The problem is that all these Cloudflare forensics-based throttling and blocking efforts don't hurt sales figures.
The number of legitimate users running Arc is a rounding error. Arc browser users often come to Cloudflare without third-party tracking and without cookies, which is weird and therefore suspicious - you look an awful lot like a freshly instantiated headless browser, in contrast to the vast majority of legitimate users who are carrying around a ton of tracking data. And by blocking cookies and ads, you wouldn't even be attributable in most of the stats if they did let you in.
It would be like kicking anyone wearing dark sunglasses out of a physical store: sure, burglars are likely to want to hide their eyes. Retail shrink is something like 1.5% of inventory, while blind users are <0.5% of the population. It would violate the ADA (and basic ethics) to prohibit out all blind shoppers, so in the real world we've decided that it's not legal to discriminate on this basis even if it would be a net positive for your financials.
The web is a nearly unregulated open ocean, Cloudflare can effectively block anyone for any reason and they don't have much incentive to show compassion to legitimate users that end up as bycatch in their trawl nets.
Something tells me that if you asked the store owner that the poster tried to give money to, they'd be furious at cloudflare for stopping the transaction.
Yeah maybe if you somehow managed to email them without their email provider stopping that email from reaching them…
What about all false positives in aggregate?
The problem is site owners do not know - it just adds to the number of blocked threats in cloudflare's reassuring emails.
It is difficult to gauge the size of the Cloudflare effect.. if the usage statistics the site owner is collecting.. are also not collected for those undesirables.
The number of legitimate users on "not chrome, edge, safari, or firefox" is about 10% of the browser market. I don't know about you, but if I'm running a shop, and the whole point of my website is to make sales, but my front door is preventing 10% of those sales? That door is getting replaced.
You don't think the people actually running the shops, whose income depends on the shop, have thought of that and thus there exists a downside that more than offsets the upside?
The people running the shops aren't the people making the decision - Cloudflare is. The shop's only real decision is "use Cloudflare" or "die to all the attacks Cloudflare exists to prevent"
Yes. I suspect that many people who run online shops don’t think about this issue and, mostly, don’t even know there is an issue.
Then you get burglars in your shop instead of legitimate customers.
User Agents look the way they do because this is a recurring issue.
A browser without network effects gets blocked, they look for a way to bypass the blocking, then they become mainstream and now the de-facto UA is larger than before.
Fun fact: you can't steal paid software by faking a user agent, because that's not how sales work. But you can lose sales by blocking user agents.
And use your brain for a hot second will you? Bad actors don't use a rare user agent, they use the same Chrome user agent that everyone else uses.
If you were running a shop, you would realize that nearly 100% of the fraud is "not chrome, edge, safari, or firefox"
It's unfortunate yes but that's what drives the threat signatures
Why would fraudsters use a browser that's likely to be blocked? They'll be using the standard browsers like (mostly) everyone else.
edit: it's noted downthread that automated testing of card details to find valid ones is a reason.
Why would you assume that the 10% of non standard browsers are going to buy anything?
Demographic is important here. If I was running a shop that sold software for Linux users, sure. If I'm running a store that sells pretty much anything else? I'm not caring.
Why would you expect people using non-standard browsers don't buy things? Presumably they still eat food, wear clothing, and enjoy hobbies.
I'd think that a non-standard browser also strongly suggests that they're a financially-comfortable middle-class individual, and quite possibly a whale with FAANG income.
1 reply →
>That door is getting replaced.
Sure. If there was another place to buy a better door at. But if that door manufacturer's the only one that makes doors, if the door installer and door technicians all tell you that they can't or won't make another door for you, then you just deal. Maybe crank up the prices a bit to try to mitigate your 10% shortfalls.
The place where a business looks at that problem and sees money being left on the table that it can't live without and that it has no other way of making up for... that is a very narrow stretch, and only very marginal businesses live there.
I wonder if cloudflare blocks like these affect screen reader users, in which case they may violate the ADA.
And if they did violate the ADA, do you seriously expect this administration's anti-DEI Department of Justice to pursue legal action?
Yes because accessibility and DEI are different despite partisans' attempts to make "DEIA" a real thing.
12 replies →
[flagged]
10 replies →
[dead]
In my experience, screen reader users stick to the mainstream browsers to preserve compatibility. https://webaim.org/projects/screenreadersurvey10/