• onlooker
      link
      fedilink
      arrow-up
      19
      ·
      4 years ago

      Try browsing the web using Tor or a VPN. You will spend the day doing Google recaptchas for like 90% of the websites you visit, I guarantee it. All thanks to Cloudflare. Recaptchas are also an issue in itself, because what solving recaptchas does is it teaches Google’s AI to better perform at image recognition without the user’s consent, but this is never pointed out to the user. Users are basically doing Google’s work for them without even knowing it.

      Then there was the whole Cloudbleed fiasco. Private messages, credit card info, passwords, etc. All kinds of stuff was leaked online, which was not a good look.

      Then there’s their uptime. It’s not great. How many times have you seen this image? Your PC’s fine, the website you’re trying to reach is fine, but Cloudflare is down. Thus, no website for you.

      I’m sure there’s more, this is just off the top of my head. If Cloudflare is the answer, I’d rather have the problem, honestly.

      • Golden
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        4 years ago

        Hum I did not know that the captchas were because of Cloudflare!

      • stanleypar11
        link
        fedilink
        arrow-up
        4
        arrow-down
        11
        ·
        4 years ago
        1. The captcha thing is configurable, it can disabled entirely
        2. Cloudbleed was fixed ages ago
        3. You’ve just cherry-picked an image showing a Cloudflare error, I guarantee you Cloudflare has much higher uptime than the actual host has
          • stanleypar11
            link
            fedilink
            arrow-up
            4
            arrow-down
            2
            ·
            4 years ago

            Yes, in the Cloudflare dashboard you can either make a Firewall setting to “Allow” access to 0.0.0.0/0 or you can set your security options to “Essentially Off”… or both

            I’ve just tried it against my site and haven’t seen a captcha prompt

            I believe no one ever bothers to configure these which is why Tor users run into so much trouble with captchas on CF sites

              • stanleypar11
                link
                fedilink
                arrow-up
                4
                arrow-down
                2
                ·
                4 years ago

                I’m sure theres a difference between the security setting “Essentially Off” and “Off” (which is reserved for enterprise customers only). It could possibly mean that there are still some ip ranges or ASNs which are still forced to have a captcha displayed to them with the “Essentially Off” setting, but I haven’t encountered any.

                Also I may have been mistaken about the Firewall 0.0.0.0/0 setting, it seems that Cloudflare’s “security level” is its own version of Firewall rules that apply even before the customer’s rules. So, for example if I set my site’s security setting to “I’m under attack” then I will be displayed with a javascript challenge even if I have the Allow all from 0.0.0.0/0 firewall rule enabled

    • k_o_t
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      4 years ago

      yeah, as u/onlooker pointed out, it’s very hostile against Tor users, though it became slightly less problematic after CF switched from recaptcha. There’s also a ton of ethical and security problems. I was trying to find a github gist that summarized and elaborated on it nicely, but it appears i’ve lost it.

      If anyone can find it, please link to it.

      not the one that i originally meant, but here’s another one, suggested by u/ajz

      • flux
        link
        fedilink
        arrow-up
        2
        ·
        4 years ago

        it’s very hostile against Tor users, though it became slightly less problematic after CF switched from recaptcha

        I guess the pragmatic option is to provide a tor-hosted service for them. I imagine it is also protected against DoS-attacks, or if not, then it only impacts tor users.

      • stanleypar11
        link
        fedilink
        arrow-up
        1
        arrow-down
        3
        ·
        4 years ago

        That “codeberg” repository reads similar to a 5G conspiracy theorist blog

        • k_o_t
          link
          fedilink
          arrow-up
          3
          ·
          4 years ago

          yeah, it’s written in a somewhat weird style, but most of the stuff mentioned there you can literally verify yourself…