" According to some in the Hacker News discussion of the problem, something else that can count as suspicious – other than using niche browsers or OSes – is something as simple as asking for a URL unaccompanied by any referrer IDs. To us, that sounds like a user with good security measures that block tracking, but it seems that, to the CDN merchant, this looks like an alert to an action that isn't operated by a human. "

It's also something poor scrapers/bots do too. Often they'll just trawl through a load of links and go direct. So one tactic CloudFlare (and others) do is block or slow down requests that don't contain that tracker information. But then good scrapers/bots will always go to the root of the site, then simulate clicks through to the desired page to scrape it.

But this method that they're blocking on is for the low hanging fruit, the "swiss cheese" approach if you will.

Take the Wall St Journal for example. My bot can scrape stock prices on it just fine, bypassing CloudFlare is waaay easier than it ought to be. Not going to publish the details of how I do it for obvious reasons.

However, just visiting the website as a regular Chrome user on Windows 11 can be quite a challenge.

Just like with the media industry and their anti-piracy efforts, it seems that the legitimate users suffer the most.

As for checking "User-Agent", surely that's the first thing a bot spoofs (the bots that ignore robots.txt on my sites do, at least), so again, it's less known legitimate browsers that set a legitimate header that are penalised.

I have a couple of sites I use TOR to access and they too seem to have issues using Cloudfare.

...You will use an approved browser (on an approved OS)

...You won't tamper with the content (block ads)

Adblockers like Ublock have been fighting back hard look at youtube attempts to ban them.

My own experience is that Cloudflare really don't give the slightest fleck of turd for whatever deleterious effect its "services" have on ordinary end users. If you're not actually a paying customer or law enforcement agency then you don't exist.

I've noticed them blocking access to a few sites recently on the basis of (correctly) geo-locating me in Andorra.

Absolute scumbags.

-A.

By hosting ads on your screen, you technically are a paying user...

Well, you're the product at least. The payment isn't going to Cloudflare, they're not going to care.

But you are blocking payment to Cloudflare's customer. If this happens often enough, they could be made to care...

I manage a medium size site and putting it through Cloudflare was the solution for stopping the multitude of DDOS bot attacks.

It has its uses.

How's that - can't get more "corporate" that a Google browser on Google hardware - yet still blocked me this morning.

As a niche browser user (Pale Moon) on a niche OS (illumos) I get hit by this.

The question really is whether this is deliberate censorship, or inability. If the latter, then the idea they can accurately identify traffic is called into question.

There are many user agent spoofers around, I use chameleon all the time and rotate the browser profile every 5 minutes to always haev a different fingerprint.

The set of profiles/user agents can be chosen in advance

https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/

This doesn't work though.

My credit union (Trumpistani for building society, I think) used Cloudflare to block my older Firefox by locking the browser up with javascript, even though I had a user agent spoofed. The browser would suddenly start using all the cores in xosview, and when I did kill -9 or kill -11 it would take 5-10 seconds for the process to actually die.

Then of course Firefox would be "helpful" by reopening the last page and locking up again.

This started happening about a week and a half ago.

This is mentioned in the sixth paragraph of the article.

I wonder if that is why Firefox on Android has started regularly locking up when opening a page over the last month or two. Only solution I've found is to close it and start again.

I have just sorted out a similar problem when using Palemoon.

A kind A/c posted the following :

You can get decent user agents by running a search for "The Latest and Most Common User Agents List". Give it a try, see if it works.

I did, and it worked for my problem.

It might sort out this nasty little "feature not a bug as well."

Browser agents can be easily faked by botnets, this mostly just hurts users.

Yes, plus a Python script doesn't have whatever javascript exploit they're using to lock up older browsers.

I wrote the script to download my credit union statement, because they broke Firefox.

Which is ironic, using a bot script to get around the bot script blocking.

"Aside from reporting it on Cloudflare's forum, there appears to be little users can do"

There is. They can desert sites that have this affliction.

Not really.

Most of the banks and credit unions here in Trumpistani use Cloudflare.

And of course they're useless when you report this as a problem. They just say "use the latest firefox" and assume you are hacking. The same thing happened when I questioned why they were setting .RU and .CN tracking cookies.

I have reported it to the NCUA and the FDIC but they don't give a shit either.

Now I have certainly stopped using a couple of vendors that use captcha. One of them was so retarded they didn't know captchas popped up. They were like "all you have to do is click 'I am human'" and I had to send them a screenshot.

Edit: I did run into the CEO of one of the vendors at Bike Week. That was an interesting conversation. We'll see if anything actually changes.

I suspect this is censorship. The big browsers can block downloading extensions, ad blockers etc. Alt browsers might not.

Early versions of Opera used to dodge this by offering the option of reporting themselves as IE. Unfortunately, browsers have been getting shorter customisation option lists.

The internet will become more restrictive with every passing week from now on courtesy of governments and big tech. The Empire is striking back. We can't do a lot about it other than hate them for ruining our net experience.

The internet will never become more restrictive with every passing week because many are fighting to stop that. There many things we can do about it.

I've been seeing "are you a robot" challenges from Cloudflare for a few weeks using Firefox, though that's probably because I've got ad blockers, anti-trackers, and NoScript plugins.

I also have been seeing intermittent blocking by Google News, alleging my IP address is engaging in "unusual" activity, which it is not.

As of this morning, after switching over to Waterfox as my default browser, Google News has been CAPTCHA challenging me every time I click on a link, even though the browser's UserAgent string is pretty vanilla:

Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0

I am also seeing Cloudflare nonsense in normal Firefox – which I have as failsafe for sites insisting on a standard browser. Funny, a good portion of the sites work just fine in links and w3m.

Can't anything about Google as I've not visited any their site since Search started hard-requiring JavaScript.

Cloudfare are arrogant and stupid

Also sites using them and using also captcha etc AFTER you logged in.

They always have been.

I cringe every time I have to unblock cloud flarte to view a web site. It is unnecessary and absurd and is counter to the very nature and purpose of the Internet.

Does this affect Screenreaders etc? If so then it's probably against the law in a number of countries under disability equality legislation.

This is a known problem, caused by "Disable Autoplay" extension. Enable autoplay on sites with CloudFlare protection and voila, problem solved.

Of course, it would be even better if CloudFlare DID something about it...

Where is this "Known" exactly? (And IIRC Disable Autoplay is a chrome extension, and not applicable to palemoon for instance)