Cloudflare Accused of Blocking Niche Browsers (palemoon.org) 21
Long-time Slashdot reader BenFenner writes: For the third time in recent memory, CloudFlare has blocked large swaths of niche browsers and their users from accessing web sites that CloudFlare gate-keeps. In the past these issues have been resolved quickly (within a week) and apologies issued with promises to do better. (See 2024-03-11, 2024-07-08, and 2025-01-30.)
This time around it has been over six weeks and CloudFlare has been unable or unwilling to fix the problem on their end, effectively stalling any progress on the matter with various tactics including asking browser developers to sign overarching NDAs.
That last link is an update posted today by Pale Moon's main developer: Our current situation remains unchanged: CloudFlare is still blocking our access to websites through the challenges, and the captcha/turnstile continues to hang the browser until our watchdog terminates the hung script after which it reloads and hangs again after a short pause (but allowing users to close the tab in that pause, at least). To say that this upsets me is an understatement. Other than deliberate intent or absolute incompetence, I see no reason for this to endure. Neither of those options are very flattering for CloudFlare.
I wish I had better news.
In a comment, Slashdot reader BenFenner shares a list posted by Pale Moon's developer of reportedly affected browsers:
This time around it has been over six weeks and CloudFlare has been unable or unwilling to fix the problem on their end, effectively stalling any progress on the matter with various tactics including asking browser developers to sign overarching NDAs.
That last link is an update posted today by Pale Moon's main developer: Our current situation remains unchanged: CloudFlare is still blocking our access to websites through the challenges, and the captcha/turnstile continues to hang the browser until our watchdog terminates the hung script after which it reloads and hangs again after a short pause (but allowing users to close the tab in that pause, at least). To say that this upsets me is an understatement. Other than deliberate intent or absolute incompetence, I see no reason for this to endure. Neither of those options are very flattering for CloudFlare.
I wish I had better news.
In a comment, Slashdot reader BenFenner shares a list posted by Pale Moon's developer of reportedly affected browsers:
- Pale Moon
- Basilisk
- Waterfox
- Falkon
- SeaMonkey
- Various Firefox ESR flavors
- Thorium (on some systems)
- Ungoogled Chromium
- K-Meleon
- LibreWolf
- MyPal 68
- Otter browser
Slashdot reader Z00L00K speculates that "this is some kind of anti-bot measure that fails. I suspect that the reason for them wanting a NDA to be signed is to prevent ways to circumvent the anti-bot measures..."
Re: (Score:1)
They said 'niche' browsers, not 'Nietzsche'.
web sites that CloudFlare gate-keeps (Score:3)
Are any of the web sites that CloudFlare gate-keeps important?
Re: (Score:2)
Wikipedia says that nearly 20% of all web sites use CloudFlare. https://en.wikipedia.org/wiki/... [wikipedia.org] That's a pretty big swath of the internet, and is likely to include some important sites.
Slashdot uses CloudFlare, so if you consider Slashdot "important" then you have one example. https://leadiq.com/c/slashdot-... [leadiq.com]
Other notable websites that use Cloudflare include:
- Shopify
- Walmart
- Best Buy
- Vimeo
- Stack Overflow
- OpenAI
I run a niche browser (Score:2)
Either my browser isnt niche enough to make the cut, or I have not wandered into any clodware hosted pages.
I know they have (Score:3)
Configurable (Score:1)
Isn't this up to the sites who configure and use cloudflare? DeepSeek locked down their site hard when getting DDoSed it even blocked Firefox with UBlock. Once the ddos stopped they opened it up
Re:Oh no! A 16-year-old fork of obsolete Firefox c (Score:4, Insightful)
And Safari is a 22-year-old fork of obsolete Konqueror code. So what?
This isn't an accident; they're deliberating only telling the makers of the biggest browsers how to get in.
Example of affected websites? (Score:3)
From the link "affected browsers" in TFS, this would affect http://www.steamdb.info/ [steamdb.info] https://sourceforge.net/ [sourceforge.net] but both open fine for me with palemoon-33.6.1 and ungoogled-chromium-133.0.6943.141_p1
Re: (Score:2, Informative)
From the link "affected browsers" in TFS, this would affect http://www.steamdb.info/ [steamdb.info] https://sourceforge.net/ [sourceforge.net] but both open fine for me with palemoon-33.6.1 and ungoogled-chromium-133.0.6943.141_p1
Linux Firefox ESR user is here. SteamDB did not pass bot check yesterday.
Re: (Score:2)
The Pale Moon guy's attitude sucks (Score:3)
Re: (Score:3)
1) CloudFlare launches a DOS attack on your browser (and others), then ignores your communication, and only stops the attack only after a huge user outcry. Promises are made that this won't happen again.
2) 4 months pass and the exact same thing happens. Your bug reports and similar get completely ignored, the DOS attack only stops after a huge user outcry. Promises are made this should not and will not happen again. Your browser will be added to their test suite.
3) 6 months pass and they are DOS-i
Anti-bot measures (Score:2)
Re: (Score:2)
These days bots account for a significant amount of internet traffic.
Operation: Impersonation (Score:3)
Re: (Score:2)
Cloudflare is malware
As a part of a group that runs a genealogy website, we have had to implement CloudFlare to thwart scraping attempts. Before we moved to CloudFlare, these scrapers would literally bring down our site, like a DDOS. Maybe it's malware to you, for us, it's what keeps us online.