I spent a total of 3 hours clicking CloudFlair check-boxes trying to be allowed to login to SaidIt today....like usual

submitted by SoCo from (self.whatever)

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]magnora7 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 2 fun -  (13 children)

No we can't change it, because turning down tor limitations results in tons of spam accounts and spam posts that make this site even more unusable.

Try having a fixed IP, or just turning off VPNs. VPNs are largely just honeypots anyway...

[–]BISH 3 insightful - 4 fun3 insightful - 3 fun4 insightful - 4 fun -  (0 children)

We need to get /u/socks a VPN with tor.

[–]neolib 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (6 children)

But it looks like a Cloudflare bug, not a "limitation". I mean there's no captcha, just checkbox "verify you're human" or something. You click it, and it reloads again (or on reload there is no checkbox, so you have to return to saidit proper and try clicking login again, or you look at "verifying" message for minutes), and this procedure repeats for hours (or you are lucky to get in sometimes).

There was a big HN discussion btw with Cloudflare people participating, but that guy didn't use Tor, so their fix didn't do anything for me:

https://news.ycombinator.com/item?id=35742606

[–]magnora7 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (5 children)

The checkbox is actually an advanced form of captcha that detects mouse movements and timing to see that they look human, it's not just a random box (even though cloudflare disguised it that way)

[–]SoCo[S] 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (2 children)

It is also doing a bunch of challenge request communications and funky use of cookies and webworkers.

Many of the requests and cookie uses seem to be purposely done incorrectly, such as with incorrect samesite header rules. They expressly state something to the effect of 'testing your browser's security', so I guess that would be their excuse. Yet, when a website makes certain bad requests, your browser is supposed react in certain ways, which may help leak or fingerprint your network, browser, and/or device.

Cloudflare is notoriously unfriendly towards Tor users. They are a fingerprinting identifying service at their core and Tor is an anonymity services. They are inherent mortal enemies, by my figuring.

[–]Vulptex 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (1 child)

They don't even let you use plain old Firefox. You pretty much have to use Chrome, and only Chrome, because only it has enough tracking functionality to satisfy CloudFlare.

[–]LarrySwinger2 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I can get through their security check it Librewolf, and that has more anti-fingerprinting than vanilla Firefox.

[–]Vulptex 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

That explains why it's so much harder to pass with a touch screen.

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Oh that's interesting, I didn't know that was an issue but it makes sense

[–]SoCo[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (2 children)

Turning off my VPN would be turning off my security, the most important part, which protects me from targeted network attacks.

While most VPN companies may be forced by governments to be spy, tracking, and hacking services for them, one can alternatively use Tor which (further) encrypts all of your (already https encrypted) traffic through the proxy chain.

[–]magnora7 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

I see what you are saying, but VPNs don't actually offer that much security, and we can't make this site more vulnerable to attacks than it already is, and we know for a fact turning it lower causes a lot of problems

[–]Vulptex 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I think it's some secret plan CloudFlare has and not site-specific settings. It wasn't giving humans any problems for a whole year, even on obvious VPN and TOR IPs. Then suddenly you couldn't even use plain Firefox, and this affected the entire web not just saidit. There was no noticeable difference in attacks here or anywhere.

If I had to guess, CloudFlare is trying to sneak data mining into its security checks. They want to force you to use Chrome so they and Google can track you easier.

[–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

Are you sure? Until recently this hadn't been a problem at all for about a year, so why is it only acting up now?

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Probably because we're getting attacked and the attackers want us to make new holes for them to get through