Comment by noplacelikehome
2 days ago
As a user of an unsigned Firefox fork, Turnstile has ruined a moderate portion of the Internet for me. The way Cloudflare doesn’t think twice about eroding user freedoms, for the sake of a gate that can be trivially bypassed with solvarr or similar, is deeply disturbing. They are no longer a force for good on the web.
As bad as cloudflare is there is a reason people use it.
If you try and run a site that has content that LLMs want or expensive calls that require a lot of compute and can exhaust resources if they are over used the attack is relentless. It can be a full time job trying to stop people who are dedicated to scrapping the shit out of your site.
Even CF doesnt even really stop it any more. The agent run browsers seem to bypass it with relative ease.
Granted, but there are open source alternatives that don’t have the same obsession with meaningless digital signatures. Turnstile is just a terrible product.
What are the open source options? Turnstile is a replacement for Recaptcha after google moved it from a free product to a paid one.
The main advantage of Turnstile is that is benefits from CFs ubiquity to help judge legitimate vs illegitimate requests.
I would love to know what other options are available in this space aside from Turnstile, Recaptcha and HCaptcha.
1 reply →
Vast majority of websites today can and should be static, which makes even the aggressive llm scrapping non-issue.
One of the things that a lot of LLM scrapers are fetching are git repositories. They could just use git clone to fetch everything at once. But instead, they fetch them commit by commit. That's about as static as you can get, and it is absolutely NOT a non-issue.
7 replies →
I see people saying that a lot, but I use Zen which is a fork of Firefox and I don't think I've ever had an issue with Turnstile, at least not noticeably more than I had on mobile Chrome.
Zen has been signed for close to a year.
Isn't it the opposite? They allow you to still use it when it would almost certainly be better for cloudflare and the website behind then to just block you.
How does Cloudflare know you are using the fork? Can you not just set the user agent to match firefox's (or even chrome's for that matter)
Quite likely fingerprinting detection, which is remaining firmly enabled.
How does that work technically? Presumably a fork of firefox is almost indistinguishable from firefox from Cloudflare's perspective?
1 reply →