←back to thread

Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

1343 points Hold-And-Modify | 6 comments | 05 Feb 25 19:08 UTC | HN request time: 1.089s | source | bottom

Hello.

Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

Users reports began on January 31:

https://forum.palemoon.org/viewtopic.php?f=3&t=32045

This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

https://community.cloudflare.com/t/access-denied-to-pale-moo...

Partial list of other browsers that are being denied access:

Falkon, SeaMonkey, IceCat, Basilisk.

Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

https://news.ycombinator.com/item?id=31317886

A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

Show context
ai-christianson ◴[05 Feb 25 20:07 UTC] No.42954365[source]
How many of you all are running bare metal hooked right up to the internet? Is DDoS or any of that actually a super common problem?

I know it happens, but also I've run plenty of servers hooked directly to the internet (with standard *nix security precautions and hosting provider DDoS protection) and haven't had it actually be an issue.

So why run absolutely everything through Cloudflare?

replies(20): >>42954540 #>>42954566 #>>42954576 #>>42954719 #>>42954753 #>>42954770 #>>42954846 #>>42954917 #>>42954977 #>>42955107 #>>42955135 #>>42955479 #>>42956166 #>>42956201 #>>42956652 #>>42957837 #>>42958038 #>>42958248 #>>42963387 #>>42964892 #
1. johnklos ◴[06 Feb 25 01:29 UTC] No.42957837[source]
I've been hosting web sites on my own bare metal in colo for more than 25 years. In all that time I've dealt with one DDoS that was big enough to bring everything down, and that was because of a specific person being pissed at another specific person. The attacker did jail time for DDoS activities.

Every other attempt at DDoS has been ineffective, has been form abuse and credential stuffing, has been generally amateurish enough to not take anything down.

I host (web, email, shells) lots of people including kids (young adults) who're learning about the Internet, about security, et cetera, who do dumb things like talk shit on irc. You'd think I'd've had more DDoS attacks than that rather famous one.

So when people assert with confidence that the Internet would fall over if companies like Cloudflare weren't there to "protect" them, I have to wonder how Cloudflare marketed so well that these people believe this BS with no experience. Sure, it could be something else, like someone running Wordpress with a default admin URL left open who makes a huge deal about how they're getting "hacked", but that wouldn't explain all the Cloudflare apologists.

Cloudflare wants to be a monopoly. They've shown they have no care in the world for marginalized people, whether they're people who don't live in a western country or people who simply prefer to not run mainstream OSes and browsers. They protect scammers because they make money from scammers. So why would people want to use them? That's a very good question.

replies(2): >>42958872 #>>42962313 #
2. mvdtnz ◴[06 Feb 25 03:53 UTC] No.42958872[source]
I'm sorry but lumping in people who prefer to use a weird browser with "marginalised people" does not help your credibility.
replies(2): >>42959455 #>>42966194 #
3. Aachen ◴[06 Feb 25 05:47 UTC] No.42959455[source]
What bit do you mean specifically? As a fellow web hoster, who also hosted kids before (from a game making forum), I can fully corroborate what they're saying
replies(1): >>42959764 #
4. mvdtnz ◴[06 Feb 25 06:51 UTC] No.42959764{3}[source]
Clearly you didn't even read his post (or mine) if you're asking. I'm obviously referring to

> Cloudflare wants to be a monopoly. They've shown they have no care in the world for marginalized people, whether they're people who don't live in a western country or people who simply prefer to not run mainstream OSes and browsers.

5. systems_glitch ◴[06 Feb 25 13:55 UTC] No.42962313[source]
Same basic experience. The colo ISP soaks up most actual DDoS. We had a couple mid-sized ones when we were hosting irc.binrev.net from salty b& users. No real effect other than the colo did let us know it was happening and that it was "not a significant amount of DDoS by our standards."
6. johnklos ◴[06 Feb 25 20:30 UTC] No.42966194[source]
You're focusing on the wrong kind of pedantry.

"Marginalized" has a specific connotation, sure, but people can be marginalized for reasons other than, or in addition to, those that fit the connotation.