Cloudflare blocking Pale Moon and other browsers with smaller user bases
Cloudflare blocking Pale Moon and other browsers with smaller user bases

Cloudflare blocking Pale Moon and other browsers

Cloudflare blocking Pale Moon and other browsers with smaller user bases
Cloudflare blocking Pale Moon and other browsers
These bastards haven’t MITMed half the internet for nothing. This isn’t the first time they abuse that either.
I hate that I once fell for it too when I just started out hosting stuff and put it behind their proxy.
On librewolf, i get blocked. its a firefox fork and still it happens. had to set up a Firefox User Agent plugin.
It is obvious that Cloudflare is being influenced to enforce browser monopolies. Imagine if Cloudflare existed in 2003 and stopped non Internet Explorer browsers. If you use cloudflare to "protect" your site you are discriminating against browser choice and are as bad as Microsoft in 1998.
Agreed. I use cloudflare for domain hosting because they're cheap, but I have never liked their protections.
I would be very interested to know how they plan to resolve these issues with "Ladybird." Using a new engine will likely clash with the FALSE "security measures" of many websites and harm the browsing experience. It’s often said that users should demand respect for web standards, but in the meantime, as usability declines, users will gradually drift away. Firefox learned this lesson the hard way.
Servo is another wip web browser, managed by the Linux foundation's European branch. It's a little less far along but is making relatively quick progress now. Apparently discord already mostly works, with sending messages currently being a problem.
Need to start spoofing user agent strings again.
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Hotbar 3.0)
So make useragent sniffing useless by all being Chrome?
Funnily enough, some webpages work better if you block webgl and set the user agent to Lynx or Dillo.
I just duplicated this. I downloaded Pale Moon and went to https://hear-me.social/ and clicked on "Register". It puts up a Cloudflare "managed challenge" which loops endlessly when using Pale Moon, but not the other browsers I've tried it with, including Zen, another Firefox fork.
It's a problem, for sure.
As a staunch Pale Moon user, Cloudflare is just being a bully and I circumvent their nonsense when I need to desperately use a particular site or just don't go to that site anymore if I can do without.
Greed. I honestly don't know if they're even aware of the problem. Most corporations have cut teams to the bone and I can't see Cloudflare being an exception. The janitor is probably writing detection rules now.
I was planning on moving away from Cloudflare to European providers anyway, so this just adds fuel to the fire.
I'm considering using BunnyDNS for DNS management, not using a CDN at all, and using Scaleway for serverless functions.
Maybe is against the ToS but I've used github as CDN for free in the past... Might work for you.
I never felt it was wrong, it was around the time of the Microsoft acquisition.
I appreciate the suggestion, but Github is also an American company. I've been moving my git repositories to Codeberg.
My sites don't get enough traffic to warrant a CDN really, but if necessary, BunnyCDN looks like it can fit the bill. Plus, my static sites are in Scaleway object storage.
Pale Moon still exists? Huh
Should change my user agent to sod off
I feel like I remember reading that the pale moon JavaScript engine was broken and causing the capcha to break repeatedly?
Let me see if I can find sources
EDIT: Looks like I was remembering a previous issue where the captchas were causing the entire pale moon browser to crash. I believe this has been fixed, but the new issue is a much less exciting block.
That's a shit take. What's the point of having user-agents if it's just a race to the bottom for only supporting a smaller list arbitrarily? It's not like the bots aren't going to just spoof as Chrome on Windows 11 anyways.
Yes
If I remember correctly, Cloudflare openly defended hosting a well known Neo-Nazi forum.
YES!
Yes its should.
I wonder what happens if you use Pale Moon but set the user agent to Firefox.
Another comment suggested that helped with LibreWolf, but that is a closer fork than Pale Moon, so not sure
Yeah? I ddos websites with Pale Moon and Iceweasel so what?
How can I test, if I get blocked? I just started using Waterfox and so far no issues.
You can go to https://hear-me.social/ and click on the register button. This puts up a Cloudflare managed challenge screen which endlessly loops when using Pale Moon. It would be interesting to see if Waterfox has the same issue.
Works fine with Waterfox.
Works with librewolf.
Took a minute and a refresh, but it worked on Ironfox on android.
Disgusting and unsurprising.
Most web admins do not care. I've lost count of how many sites make me jump through CAPTCHAS or outright block me in private browsing or on VPN. Most of these sites have no sensitive information, or already know exactly who I am because I am already authenticating with my username and password. It's not something the actual site admins even think about. They click the button, say "it works on my machine!" and will happily blame any user whose client is not dead-center average.
Enter username, but first pass this CAPTCHA.
Enter password, but first pass this second CAPTCHA.
Here's another CAPTCHA because lol why not?
Some sites even have their RSS feed behind Cloudflare. And guess what that means? It means you can't fucking load it in a typical RSS reader. Good job!
The web is broken. JavaScript was a mistake. Return to
monkegopher.Fuck Cloudflare.
I get why you're frustrated and you have every right to be. I'm going to preface what I'm going to say next by saying I work in this industry. I'm not at Cloudflare but I am at a company that provides bot protection. I analyze and block bots for a living. Again, your frustrations are warranted.
Ok, enough apologetics. This is a cat and mouse game that the rest of us are being drug into. Sometimes I feel like this is a made up problem. Ultimately, I think this type of thing should be legislated. And before the bot bros jump in and say it's their right to scrape and take data it's not. Terms of use are plainly stated by these sites. They consider it stealing.
Thank you for coming to my Tedx Talk on bots.
Edit: I just want to say that allowing any user agent with "Pale Moon" or "Goanna" isn't the answer. It's trivially easy to spoof a user agent which is why I worked on fingerprinting it. Changing Pale Moon's user agent to Firefox is likely to cause you problems too. The fork they are using has different fingerprints than an up to date Firefox browser.
Dude, thank you for this context. I was already aware of these considerations but just wanted to thank you for sharing this with everyone. Its participation like this that makes the internet a better place. 🍻
Thank you for that info, very helpful.
Also Cloudflare adds a caching layer, often physically closer to users. Increasing speed of delivery and reducing server costs. It's a no-brainer for server admins.
Also, I don't work for Cloudflare either. The animosity is new to me, and certainly something I'll look into.
But captchas have now proven useless, since bots are better at solving them now than humans?
Thanks for sharing!
Ever heard of counting attempts? Log the IP, present a CAPTCHA after 100 requests in a minute.
Besides, if I wrote a bot I would run a browser dialer from Chrome. It would request your site in a Chrome tab and appear completely legitimate to your stupid fingerprinting scripts
You're definitely right that it's a game of one-upping each other. Unfortunately, it's now directed in a path that infringes on privacy of the users it aims to serve.
Since you're working in the internet security industry, what's your take on something like Altcha as opposed to more invasive means of protecting against both attacks?
I consider it more trespassing than stealing myself.
https://tildeverse.org/
Tilde.teams and tilde.club even have outwardly facing email accounts.
We have a newsgroup server.
We have a dedicated irc server.
Member gopher/https/gemini pages.
And other services.
And each tilde has it's own focus.
Be kind. Contribute as you can to discussions.
What is gemini
https://tilvids.com/videos/watch/e1d6ed23-315a-4fc6-8d5b-6d96d51e4819
Rocking the web bloat.
https://media.ccc.de/v/mch2022-83-rocking-the-web-bloat-modern-gopher-gemini-and-the-small-internet
Be Free.
So cute :)
LibreWolf is next, and it's not exactly niche. I'm seeing it more and more, and LW defaults, even dropping resist settings, gets bounced by CloudFlare every time.
Fire dragon here and yeah, sometimes Google won't even let me log in either.
Wouldn't that also block Firefox by proxy?