←back to thread

Using Cloudflare on your website could be blocking RSS users

(openrss.org)
556 points campuscodi | 8 comments | 16 Oct 24 22:46 UTC | HN request time: 0.559s | source | bottom
Show context
amatecha ◴[17 Oct 24 06:43 UTC] No.41867018[source]
I get blocked from websites with some regularity, running Firefox with strict privacy settings, "resist fingerprinting" etc. on OpenBSD. They just give a 403 Forbidden with no explanation, but it's only ever on sites fronted by CloudFlare. Good times. Seems legit.
replies(13): >>41867245 #>>41867420 #>>41867658 #>>41868030 #>>41868383 #>>41868594 #>>41869190 #>>41869439 #>>41869685 #>>41869823 #>>41871086 #>>41873407 #>>41873926 #
BiteCode_dev ◴[17 Oct 24 07:26 UTC] No.41867245[source]
Cloudflare is a fantastic service with an unmatched value proposition, but it's unfortunately slowly killing web privacy, with 1000s paper cuts.

Another problem is "resist fingerprinting" prevents some canvas processing, and many websites like bluesky, linked in or substack uses canvas to handle image upload, so your images appear to be stripes of pixel.

Then you have mobile apps that just don't run if you don't have a google account, like chatgpt's native app.

I understand why people give up, trying to fight for your privacy is an uphill battle with no end in sight.

replies(3): >>41867859 #>>41867883 #>>41869163 #
1. pjc50 ◴[17 Oct 24 12:48 UTC] No.41869163[source]
The privacy battle has to be at the legal layer. GDPR is far from perfect (bureaucratic and unclear with weak enforcement), but it's a step in the right direction.

In an adversarial environment, especially with both AI scrapers and AI posters, websites have to be able to identify and ban persistent abusers. Which unfortunately implies having some kind of identification of everybody.

replies(4): >>41869472 #>>41869801 #>>41870438 #>>41871900 #
2. BiteCode_dev ◴[17 Oct 24 13:27 UTC] No.41869472[source]
That's another problem, we want cheap easy solutions like tracking people, instead of more targetteed or systemic ones.
3. nonameiguess ◴[17 Oct 24 14:05 UTC] No.41869801[source]
No, it's more than that. Cloudflare's bot protection has blocked me from sites where I have a paid account, paid for by my real checking account with my real name attached. Even when I am perfectly willing to give out my identity and be tracked, I still can't because I can't even get to the login page.
replies(1): >>41873954 #
4. wbl ◴[17 Oct 24 15:15 UTC] No.41870438[source]
You notice that Analogue Devices puts their (incredibly useful) information up for free. That's because they make money other ways. Ad supported content farm Internet had a nice run but we will get on without it.
5. Gormo ◴[17 Oct 24 17:51 UTC] No.41871900[source]
> The privacy battle has to be at the legal layer.

I couldn't disagree more. The way to protect privacy is to make privacy the standard at the implementation layer, and to make it costly and difficult to breach it.

Trying to rely on political institutions without the practical and technical incentives favoring privacy will inevitably result in the political institutions themselves becoming the main instrument that erodes privacy.

replies(1): >>41873938 #
6. HappMacDonald ◴[17 Oct 24 21:21 UTC] No.41873938[source]
Yet without regulation nothing stops large companies from simply changing the implementation layer for one that pads their bottom line better, or just rebuild it from scratch.

If people who valued privacy really controlled the implementation layer we wouldn't have gotten to this point in the first place.

replies(1): >>41874117 #
7. HappMacDonald ◴[17 Oct 24 21:23 UTC] No.41873954[source]
They block such visits because their pragma suspects that your visit is the account of a real human that was hacked by a bot.
8. Gormo ◴[17 Oct 24 21:42 UTC] No.41874117{3}[source]
The point we're at is one in which privacy is still attainable via implementation-layer measures, even if it requires investing some effort and making some trade-offs to sustain. The alternative -- placing trust in regulation, which never works in the long run -- will inevitably result in regulatory capture that eliminates those remaining practical measures and replaces them with, at best, a performative illusion.