undefined | Better HN

0 pointsgruez11mo ago0 comments

I've never had that, even with something like tor browser. You must be doing something extra suspicious like an user agent spoofer.

0 comments

praisewhitey11mo ago

Firefox with Enhanced Tracking Protection turned on is enough to trigger it.

aaronmdjones11mo ago

You need to whitelist challenges.cloudflare.com for third-party cookies.

If you don't do this, the third-party cookie blocking that strict Enhanced Tracking Protection enables will completely destroy your ability to access websites hosted behind CloudFlare, because it is impossible for CloudFlare to know that you have solved the CAPTCHA.

This is what causes the infinite CAPTCHA loops. It doesn't matter how many of them you solve, Firefox won't let CloudFlare make a note that you have solved it, and then when it reloads the page you obviously must have just tried to load the page again without solving it.

https://i.imgur.com/gMaq0Rx.png

genewitch11mo ago

You're telling me cloudflare has to store something on my computer to let them know I passed a captcha?

This sounds like "we only save hashed minutiae of your biometrics"

3 more replies

gruezOP11mo ago

The infinite loop or the challenge appearing? I've never had problems with passing the challenge, even with ETP + RFP + ublock origin + VPN enabled.

cookiengineer11mo ago

Cloudflare is too stupid to realize that carrier grade NATs exist a lot in Germany. So there's that, sharing an IP with literally 20000 people around me doesn't make me suspicious when it's them that trigger that behavior.

Your assumption is that anyone at cloudflare cares. But guess what, it's a self fulfilling prophecy of a bot being blocked, because not a single process in the UX/UI allows any real user to complain about it, and therefore all blocked humans must also be bots.

Just pointing out the flaw of bot blocking in general, because you seem to be absolutely unaware of it. Success rate of bot blocking is always 100%, and never less, because that would imply actually realizing that your tech does nothing, really.

Statistically, the ones really using bots can bypass it easily.

3 more replies

megous11mo ago

Proper response here is "fuck cloudflare", instead of blaming the user.

gruezOP11mo ago

It's well within your rights to go out of your way to be suspicious (eg. obfuscating your user-agent). At the same time sites are within their rights to refuse service to you, just like banks can refuse service to you if you show up wearing a balaclava.

megous11mo ago

You're assuming too much. I'm not obfuscating/masking anything. I'm just using Firefox with some (to the user/me) useless web APIs disabled to reduce the attack surface of the browser and CF is not doing feature testing. It's not just websites that need to protect themselves.

Eg. Anubis here works fine for me, completely out-classing the CF interstitial page with its simplicity.

xena11mo ago

Apparently user-agent switchers don't work for fetch() requests, which means that Anubis can't work with people that do that. I know of someone that set up a version of brave from 2022 with a user-agent saying it's chrome 150 and then complaining about it not working for them.

j / k navigate · click thread line to collapse