Lol… You gonna browse how daddy told you or you won’t get to browse
I just duplicated this. I downloaded Pale Moon and went to https://hear-me.social and clicked on “Register”. It puts up a Cloudflare “managed challenge” which loops endlessly when using Pale Moon, but not the other browsers I’ve tried it with, including Zen, another Firefox fork.
It’s a problem, for sure.
As a staunch Pale Moon user, Cloudflare is just being a bully and I circumvent their nonsense when I need to desperately use a particular site or just don’t go to that site anymore if I can do without.
Greed. I honestly don’t know if they’re even aware of the problem. Most corporations have cut teams to the bone and I can’t see Cloudflare being an exception. The janitor is probably writing detection rules now.
What doesn’t work with Lynx is a wrong website.
Agree for static content like news and blogs. Disagree for dynamic content like games and social media. And the latter is mostly for scale (having server-side templating is expensive for rapidly changing content).
Then again, there’s a case for snapshotting SM pages every so often for things like crawlers and cli browsers.
It is obvious that Cloudflare is being influenced to enforce browser monopolies. Imagine if Cloudflare existed in 2003 and stopped non Internet Explorer browsers. If you use cloudflare to “protect” your site you are discriminating against browser choice and are as bad as Microsoft in 1998.
If you use cloudflare to “protect” your site you are discriminating against browser choice and are as bad as Microsoft in 1998.
😕
Agreed. I use cloudflare for domain hosting because they’re cheap, but I have never liked their protections.
These bastards haven’t MITMed half the internet for nothing. This isn’t the first time they abuse that either.
I hate that I once fell for it too when I just started out hosting stuff and put it behind their proxy.
What is MITMed?
“Man in the middle”. They are used by a lot of web services as a proxy, usually to prevent DDOS attacks.
And when Cloudflare is the proxy for a web site, it’s Cloudflare that provides the HTTPS connection, meaning that you don’t actually have an encrypted channel directly to the site. Cloudflare is the man-in-the-middle eavesdropping on all of your communications with that site. Your bank transactions, your medical records, your personal messages, etc.
Interesting. I’m going to keep this in mind.
Weird how much of a monopoly cloudflare has on the internet. I guess it’s going to start being an indicator for me for services that have becomes “too big for their britches.”
Small companies use CF as well. It really is one of the best ways to prevent all sorts of bad actors
One of the easiest, perhaps. Not best. Anything that gives a single entity control over so much of the internet, and positions them to snoop on so much of everyone’s communications, will never be “best”.
Lol what?
I thought they just did rate limiting and such, I can’t believe they do SSL as well.
Have you ever tried to visit a web site and found a Cloudflare error page instead? It might have looked like this:
Do you know how they’re able to insert that error page into the response that reaches your browser, even though it’s an https connection and your browser assures you that it’s “secure”?
Clouldflare is able to do this because they are a middle-man between you and the site. They can eavesdrop and/or alter anything sent or received on that connection.
I thought that was for their hosted websites, had no idea whether they even do hosting/cloud infra.
But yes, I hate them to my core.
What do you use now instead of cloudflare?
Need to start spoofing user agent strings again.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)
I would be very interested to know how they plan to resolve these issues with “Ladybird.” Using a new engine will likely clash with the FALSE “security measures” of many websites and harm the browsing experience. It’s often said that users should demand respect for web standards, but in the meantime, as usability declines, users will gradually drift away. Firefox learned this lesson the hard way.
Servo is another wip web browser, managed by the Linux foundation’s European branch. It’s a little less far along but is making relatively quick progress now. Apparently discord already mostly works, with sending messages currently being a problem.
I wonder what happens if you use Pale Moon but set the user agent to Firefox.
Another comment suggested that helped with LibreWolf, but that is a closer fork than Pale Moon, so not sure
Pale Moon still exists? Huh
deleted by creator
Which bots use Palemoon as their UA string?
Zero, it’s always outdated versions of Firefox or Chrome (if a UA is even provided at all)
If I remember correctly, Cloudflare openly defended hosting a well known Neo-Nazi forum.
Yes
That’s a shit take. What’s the point of having user-agents if it’s just a race to the bottom for only supporting a smaller list arbitrarily? It’s not like the bots aren’t going to just spoof as Chrome on Windows 11 anyways.
YES!
Yes its should.
How can I test, if I get blocked? I just started using Waterfox and so far no issues.
You can go to https://hear-me.social and click on the register button. This puts up a Cloudflare managed challenge screen which endlessly loops when using Pale Moon. It would be interesting to see if Waterfox has the same issue.
Works fine with Waterfox.
Took a minute and a refresh, but it worked on Ironfox on android.
Works with librewolf.
I was planning on moving away from Cloudflare to European providers anyway, so this just adds fuel to the fire.
I’m considering using BunnyDNS for DNS management, not using a CDN at all, and using Scaleway for serverless functions.
Maybe is against the ToS but I’ve used github as CDN for free in the past… Might work for you.
I never felt it was wrong, it was around the time of the Microsoft acquisition.
I appreciate the suggestion, but Github is also an American company. I’ve been moving my git repositories to Codeberg.
My sites don’t get enough traffic to warrant a CDN really, but if necessary, BunnyCDN looks like it can fit the bill. Plus, my static sites are in Scaleway object storage.
On librewolf, i get blocked. its a firefox fork and still it happens. had to set up a Firefox User Agent plugin.
Its kind of funny but thats how user agents have been for a while. It’s historically just been browsers pretending to be one another.
Yeah and that’s why it’s one of the basics of the basics you learn as a software developer that you shouldn’t sniff the useragent, because it’s unreliable and causes issues. Yet all big webpages (especially those pretending to be a software) do it, causing issues. Even just trimming the useragent string (xorigin.trimming.policy) makes “advanced services” like a webshop unusable.
Just don’t do useragent sniffing, do feature detection instead.
I just won’t use cloudflare, that’s fine.
That’s analogous to saying you won’t call any numbers on certain carrier
It’s possible, but your overall service is devalued if you can’t connect to a large group of people.
Then you won’t browse about 20% of the Internet, which doesn’t sound like a lot but it’s disproportionately impacting sites you would generally want to browse
I posted to this effect in a Firefox alternatives thread: if you use an alternative low adoption rate FOSS browser you trade increased privacy via less/no data harvesting for decreased privacy via much higher susceptibility to browser fingerprinting by google/meta/etc. doesn’t matter if you resize your windows if your browser reports its one that only 5,000 people use. And something tells me the tech giants have a way around user agent spoofing
And now even if you don’t care about that? Fuck you. Cloudflare locks you out of the modern internet because of course anyone not using chrome or safari is a bot
I have pretty draconian privacy protections on my devices and home network. It makes the internet hostile. Captchas regularly fail and I have to try them many times. Embedded youtube videos always think I am a bot and refuse to play unless I sign in, I get weird interstitial pages with captchas on google search, yandex, etc (kagi and searx don’t so I use searx), etc.
Advertisers have pushed companies to make the internet openly hostile to anyone who wants to maintain privacy. And to be clear google and meta are advertisers first and foremost. Fuck them
I have given up hiding from the tracking. Instead flood them with a torrent of bullshit data. AdNauseam, click on all the adverts. If the internet is going to be hostile then I shall be actively malicious to it in response.
But everyone else is
deleted by creator
That’s good in theory, but a site behind Cloudflare won’t necessarily notice that a legitimate user got blocked. If you want them to care, you’ll have to find a way to contact them. For more impact, tell them which competitor you spent money with instead.
That’s a good bit of small business which is already pretty aware of the boot they are under.
I mean the criticism against Cloudflare is 100% valid. Having a single service be the single point of failure for half the web, not to mention that they can read the contents of every single request they proxy, is a terrible joke.
But the service they provide is real. A small business/service just doesn’t have the capabilities to handle a DDoS attack. And every minute their site is down means lost customers/users.
Should change my user agent to sod off
