I spent a total of 3 hours clicking CloudFlair check-boxes trying to be allowed to login to SaidIt today....like usual

submitted by SoCo from (self.whatever)

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]magnora7 6 insightful - 2 fun6 insightful - 1 fun7 insightful - 2 fun -  (7 children)

No we can't change it, because turning down tor limitations results in tons of spam accounts and spam posts that make this site even more unusable.

Try having a fixed IP, or just turning off VPNs. VPNs are largely just honeypots anyway...

[–]neolib 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (6 children)

But it looks like a Cloudflare bug, not a "limitation". I mean there's no captcha, just checkbox "verify you're human" or something. You click it, and it reloads again (or on reload there is no checkbox, so you have to return to saidit proper and try clicking login again, or you look at "verifying" message for minutes), and this procedure repeats for hours (or you are lucky to get in sometimes).

There was a big HN discussion btw with Cloudflare people participating, but that guy didn't use Tor, so their fix didn't do anything for me:

https://news.ycombinator.com/item?id=35742606

[–]magnora7 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (5 children)

The checkbox is actually an advanced form of captcha that detects mouse movements and timing to see that they look human, it's not just a random box (even though cloudflare disguised it that way)

[–]SoCo[S] 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (2 children)

It is also doing a bunch of challenge request communications and funky use of cookies and webworkers.

Many of the requests and cookie uses seem to be purposely done incorrectly, such as with incorrect samesite header rules. They expressly state something to the effect of 'testing your browser's security', so I guess that would be their excuse. Yet, when a website makes certain bad requests, your browser is supposed react in certain ways, which may help leak or fingerprint your network, browser, and/or device.

Cloudflare is notoriously unfriendly towards Tor users. They are a fingerprinting identifying service at their core and Tor is an anonymity services. They are inherent mortal enemies, by my figuring.

[–]Vulptex 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (1 child)

They don't even let you use plain old Firefox. You pretty much have to use Chrome, and only Chrome, because only it has enough tracking functionality to satisfy CloudFlare.

[–]LarrySwinger2 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I can get through their security check it Librewolf, and that has more anti-fingerprinting than vanilla Firefox.

[–]Vulptex 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

That explains why it's so much harder to pass with a touch screen.

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

Oh that's interesting, I didn't know that was an issue but it makes sense