←back to thread

Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

1343 points Hold-And-Modify | 2 comments | 05 Feb 25 19:08 UTC | HN request time: 0.417s | source

Hello.

Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

Users reports began on January 31:

https://forum.palemoon.org/viewtopic.php?f=3&t=32045

This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

https://community.cloudflare.com/t/access-denied-to-pale-moo...

Partial list of other browsers that are being denied access:

Falkon, SeaMonkey, IceCat, Basilisk.

Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

https://news.ycombinator.com/item?id=31317886

A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

1. jmbwell ◴[05 Feb 25 20:46 UTC] No.42954854[source]▶

>>42953508 (OP) #

I'm still in the habit of granting Cloudflare a presumption of good faith. Developers frequently make assumptions about things like browsers that can cause problems like this. Something somewhere gets over-optimized, or someone somewhere does some 80/20 calculation, or something gets copy-pasted or (these days) produced by an LLM. There are plenty of reasons why this might be entirely unintentional, or that the severity of the impacts of a change were underestimated.

I agree that this exposes the risk of relying overmuch on handful of large, opaque, unaccountable companies. And as long as Cloudflare's customers are web operators (rather than users), there isn't a lot of incentive for them to be concerned about the user if their customers aren't.

One idea might be to approach web site operators who use Cloudflare and whose sites trigger these captchas more than you'd like. Explain the situation to the web site operator. If the web site operator cares enough about you, they might complain to Cloudflare. And if not, well, you have your answer.

replies(1): >>42966804 #

2. chaoskitty ◴[06 Feb 25 21:45 UTC] No.42966804[source]▶

>>42954854 (TP) #

How many times do they have to do the same thing before we modify our presumtion?