New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
54% at me
Cloudflare's turnstile is 100x much better than other captcha out there. I dont wanna select patterns and busses for 10 times and find out that I am indeed a robot.
I'd say there is something fishy about OPs connection/config. I'm on a (private) VPN (with uBlock, CanvasBlocker, NoScript and a rotating user agent...) and i only very rarely get Cloudflare challenges at all (when sites select some kind of aggressive filtering i guess) and even then it's nothing more than clicking the checkbox once.
There's one thing Cloudflare 100% doesn't like when doing their challenges though and that is: Faked user agents. Doesn't really matter if you lie about the OS but if you are running FF and claim to be Chrome or something similar you are in for a captcha loop of doom.
Edit: According to Cloudflare i'm 97% human (obviously after setting NoScript to allow the site).
Anti-detect communities have solved and bypassed all their bot detections.
Even without modifying Chromium code.
So, these detections are useless for professional bot operators.
But they probably hired one experienced person from anti-detect community. Akamai also did the same and hired an experienced ex-bot writer, who now detects bots.
Yup, and the thing is, you don’t even have to be super clean to have an okay experience at most sites.
For example, when I turn on Windscribe, I seem at get captchas at like 20-30 % of Cloudflare sites (compared to almost never without it).
So even as a user they see as a little more suspect, it’s really nothing major.
To me, it feels like people have this expectation that they should be allowed to do everything that bots do while also having some sort of right to never face the consequence of doing so.
Use a DC IP? Chances are so are bots. Solve a captcha.
Use a commercial VPN? Again, so are bots, click on the damn motorcycle.
And I say this as someone who use a VPN myself at times. Having companies eat up those sky high AWS bandwidth costs for thousands of bots to scrape their pages just so that I can roam free with my $29/yr Windscribe VPN isn’t something that I feel is a privilege that I’ve earned.
I don't get why most people are blaming Cloudflare for it, when the website owners are mostly to blame. Cloudflare only displays the "solve a captcha" page if one of the following applies:
Most of the time, if you're a legitimate visitor, it's the last one. Website owners, like myself, choose to ban datacenter ASNs because they are abused so often and switching IPs is so easy. I currently have a list of approximately 200 ASNs that are set to always receive captchas, with most of them either being IPv6-only ASNs or large data centers.
Exactly, in all of those cases, you choose to do what bots do. Therefore, you get the same treatment. It’s really not that hard to avoid.
Well, let me know what I am choosing to do that bots do, so I can choose differently...
Depends how accurate your list of ASNs is I suppose..
Are you trying to make a point or do you literally not know? Because there’s not THAT many variables in play, exclude elements until it’s good and you’ve found the culprit
I really don't know..
Some websites don't work, others load the stupid picture puzzles over and over...
Occasionally switching from my customized Firefox to generic Chrome helps, usually not.
Usually IP address is the variable to change that fixes sites, but it isn't practical to switch to another ISP to make a website load.
Does your ISP use CGNAT?
@kevinds Anyway, I’d guess that ditching customized Firefox for Chrome & getting Cloudflare Warp will better it
Vendor lock is exactly what modern Internet needs /s
I said: Do like bots, be treated like a bot.
You’re talking about letting values about the internet affect your browsing experience. As long as you accept these drawbacks, I have nothing against that.
But you can’t go around having the same fingerprints as bots do and not expect to be treated like one, that’s where I take issue.
Nope, static public IPs
Chrome helps for some, but very few websites, maybe 1 in 30.
Chrome makes it way too difficult to unblock older TLS and any SSL version to become a seriously used browser.
Then I’d go Chrome & Warp as a first try, if you’re willing to sacrifice.
Let’s just put it like this: The privacy crowd & bots want the same thing, to not be profiled. It’s a lot easier to detect someone who dosen’t want to be profiled compared to detecting the reasons behind that.
It's not even that. DC very much isn't DC. Sure being on a DC IP might be what cost me those last 3% but there's other that'll be way, way worse. The problem is that people insist on using the cheapest/most generic DCs possible. The problem is that's what bot masters want too.
I facepalm every time i see someone sweating over $2-3 or a couple ms latency (it's not like this will necessarily be directly added to your normal latency anyways) while setting up a VPN. What good will that ultra cheap, super fast VPN be when you'll spend half your day picking out hydrants and bicycles? ...
Does anyone have experience using cloudflare tunnels free tier?
I am thinking of buying a home server and sending everything through the tunnel. I know the home server IP will be masked and all ports are protected.
What are the limitations though? I feel like there would be a bandwidth cap or something, but I can't find information. Also, if I send a massive file through tunnel and person downloads it... There has to be a file size restriction or something.
I know I could buy a small VPS and put a VPN, but I think cloudflare protection will be better.
I can attest that FF itself (even in rather customized form) isn't the problem. I'm actually quite surprised that Cloudflare doesn't choke on CanvasBlocker (which does way more than block canvas elements) or Chamelon (beyond claiming to be a different Browser during captchas) but seemingly it doesn't care at all.
I'd guess your ISP must have a horrible reputation then. If i were in your position i'd build a little router that routes everything over VPN (or get some out of the box solution if something worthwhile exists and you feel like spending money). The big question will be where you put your exit though. Like i said above results differ a lot depending on DCs/providers. Coming from one of Hetzner's IPs for example will highly likely only make your situation worse.
So use a VPN to change my IP address, or use Cloudflare's VPN to kind of, but not really, change my IP.
Unless I really, really need to, I just find another site/store.
Sometimes open tickets with the site to say WTF, why am I blocked.
It likely does, but again, no idea why...
Some databases are 'fun' to deal with, others are easier.
I have and or can get admin access to every host connected to my ASN, already watch the gateway routers for any bad traffic.
To me this just confirms that you just feel like you should be able to not have captchas while your fingerprint is clearly similar to those of bots. You can submit all the tickets you want, but it'll stay that way until you decide that it isn't worth it.
Probably depends on what customizations are put into place. A too customized browser can definitely cause problems, even Chrome.
Anyway, what I was trying to say is that comments like these:
Are actually, 99 % of the time, including this, just arguments in disguise. What they actually mean is: "I know why I'm getting flagged, and algoritms see that my fingerprints are awfully close to that of a bot. However, I don't wish to change this, instead, I want to make every site ditch their antibot measures so that I can continue to roam how I please."
Yeah, it's not really transparent what exactly goes into those ratings even if Hetzner being a major source of abuse is somewhat obvious. Personally i have a theory that not a lot of human webtraffic originating on a given IP block also results in bad ratings, so if it's some kind of corporate network with not a lot of random webtraffic originating there it might very well be the reason for the bad repuation.
My exit is currently in a range that seemingly has so many VPNs that Google actually classifies it as Chinese even if it's very unmistakable central European DC IPs. I guess having a lot of those guys as neighbors (and them not doing questionable stuff) does quite a bit towards convincing all those websafety systems that this range is actually highly likely to be used by humans.
Yeah, like i said, i'm actually surprised myself that i don't run into more problems.
I wouldn’t even say it’s a theory, you’re definitely right. Signs of high % of automated usage from a certain identifiable block/range/ASN 100 % comes into play. But there’s a lot more to it as well, as you know.
It’s not really different compared to when @jar blocks an IP range or an ASN, if Gmail sends him 100 spam emails per day, he still won’t block them, but if HostPapa does the same, he might.
This is why I’m not getting the ”all these companies lose so much by blocking me” comments, because they don’t. The whole point of these automated ratings is to block shit, they’re well aware humans sometimes face the consequence of this, it’s just a numbers game.
Open homepage,
"403 Forbidden"
Is all that is displayed.. Change from WiFi to LTE, website loads...
Same browser, same settings, same host, different IP, site works...
Yes, I'm opening a ticket...
walmart's website for 3 years told me every single product was unavailable in stores and online...
Same thing, change to LTE data, website works..
That one was fun... After messing with support for a year, contacted the Office of the President.. Two weeks later, website worked great, still works..
Some websites are just endless captchas, yes, I'm opening a ticket if I would like to use their site.
When the ONLY thing that changes is my IP address and suddenly the sites work, I'm calling bullshit to your theory. Their anti-bot measures are broken.
Sounds like a great hobby👍
@kevinds you call bullshit on the theory that you’re flagged for automated traffic because you share fingerprints (such as ASN, IP range, etc) with automated traffic?
Maybe call bullshit on water being wet while you’re at it
I know there is no automated traffic comming from my ASN...
So far, the solution presented is to use a VPN, if using a VPN fixes a site, that proves their anti-bot system is broken.
You really don’t get it, but that’s fine tbh