Well, it finally happened to me. I was blocked out of a website I use for work because of Cloudflare. And I have no idea if or when I'll be...

The author was blocked from accessing a work website due to issues with Cloudflare’s browser integrity checks. Despite having credentials to prove his identity, an attempt to bypass the checks by disabling fingerprinting in Firefox resulted in Cloudflare blocking all access. He could still access the site on Chrome, showing the block was based on his browser configuration. This left the author unable to complete important work tasks and questioning how much control individuals really have over authentication in an increasingly centralized web ecosystem dependent on remote attestation. It highlights the need for transparency and user agency in how identity verification is implemented online.

The problem is that they’re a monopoly abusing their position to make it impossible to have the basic privacy you should be unconditionally entitled to to browse the internet.

It should be blanket illegal to block/discriminate against traffic based on the browser used in literally all contexts.

LoafyLemon
link
fedilink
11Y

The situation is analogous to being at sea – if you don’t respond to calls and signals, you are viewed as a potential threat. Altering user agents doesn’t decrease your visibility; in fact, it has the opposite effect. It amplifies the uniqueness of your digital fingerprint, thereby making you more identifiable.

By default, Firefox uses a single identifier for all users, making it difficult to pinpoint individual users, which aligns with the recommended approach as described above.

if you don’t respond to calls and signals, you are viewed as a potential threat

This is unconditionally unacceptable behavior and an inexcusable and unforgivable violation of privacy. It is not and cannot under any circumstances be your business what a user does on their own computer while connected to your site. There are no exceptions.

Willfully terminating a connection for anything resembling that in any way should automatically get your domain seized with no path to ever getting it back.

LoafyLemon
link
fedilink
11Y

Oh, it’s quite evident that you’ve never had the joy of owning or managing a website. Your perspective is truly enlightening, showcasing your vast experience in the world of cybersecurity.

It’s perfectly possible to understand how the internet works without being a piece of shit who thinks they’re entitled to dictate the software choices of their customers.

LoafyLemon
link
fedilink
11Y

Well, that escalated quickly. Thanks for proving my point. Blocked.

Escalated like running arbitrary code on someone else’s computer to decide if they’re allowed to visit your site?

It’s not possible to be an acceptable human being and think that’s OK.

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 60 users / day
  • 170 users / week
  • 619 users / month
  • 2.31K users / 6 months
  • 1 subscriber
  • 3.28K Posts
  • 67K Comments
  • Modlog