←back to thread

Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

1343 points Hold-And-Modify | 1 comments | 05 Feb 25 19:08 UTC | HN request time: 0s | source

Hello.

Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

Users reports began on January 31:

https://forum.palemoon.org/viewtopic.php?f=3&t=32045

This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

https://community.cloudflare.com/t/access-denied-to-pale-moo...

Partial list of other browsers that are being denied access:

Falkon, SeaMonkey, IceCat, Basilisk.

Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

https://news.ycombinator.com/item?id=31317886

A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

Show context
nikkwong ◴[06 Feb 25 05:13 UTC] No.42959315[source]
Yesterday I was attempting to buy a product on a small retailer's website—as soon as I hit the "add to cart" button I got a message from Cloudflare: "Sorry, you have been blocked". My only recourse was to message the owner of the domain asking them to unblock me. Of course, I didn't, and decided to buy the product elsewhere. I wasn't doing anything suspicious.. using Arc on a M1 MBP; normal browsing habits.

Not sure if this problem is common but; I would be pretty upset if I implemented Cloudflare and it started to inadvertently hurt my sales figures. I would hope the cost to retailers is trivial in this case, I guess the upside of blocking automated traffic can be quite great.

Just checked again and I'm still blocked on the website. Hopefully this kind of thing gets sorted out.

replies(13): >>42959473 #>>42959512 #>>42960071 #>>42960395 #>>42960397 #>>42961792 #>>42961906 #>>42964337 #>>42964617 #>>42965068 #>>42965688 #>>42965889 #>>42970070 #
taurknaut ◴[06 Feb 25 07:43 UTC] No.42960071[source]
> using Arc on a M1 MBP; normal browsing habits.

Well i've certainly never heard of this browser before and it still seems pretty young. I'd guess it's the same issue.

replies(4): >>42960105 #>>42960119 #>>42960456 #>>42961276 #
yurishimo ◴[06 Feb 25 07:51 UTC] No.42960105[source]
Arc is almost 3 (4?) years old and was the darling child of dev influencers for the better part of 2 years. It's not a niche browser, especially amongst devs that are likely to work at Cloudflare.
replies(2): >>42960283 #>>42965256 #
littlestymaar ◴[06 Feb 25 08:25 UTC] No.42960283[source]
It's definitely a niche browser. I think I heard of it once on HN over the past few years, and I'd be surprised if there was actually more than a few thousands of people using it.
replies(2): >>42960423 #>>42960454 #
oneeyedpigeon ◴[06 Feb 25 08:53 UTC] No.42960454[source]
I would be surprised if it were that low; the arcbrowser sub Reddit has 50 thousand members. Still, regardless of the actual figure, I think there's a broader point which avoids the need to agree on an absolute threshold: should cloudflare block access to websites using a blacklist or should it grant access using a whitelist? Especially since it's trivial to spoof your user agent.
replies(1): >>42960962 #
littlestymaar ◴[06 Feb 25 10:25 UTC] No.42960962{3}[source]
I'm not defending Cloudflare on any way, blocking niche browsers is sad. I'm just saying that it doesn't make sense to say it's not a niche browser.
replies(1): >>42961218 #
1. oneeyedpigeon ◴[06 Feb 25 11:05 UTC] No.42961218{4}[source]
That's fair. I'm sure it's not as well-used/known as Chrome, Firefox, Edge, or Safari. Probably not even Opera, although I'd be interested to see their respective "new users" numbers. I think it's in the same ballpark as Brave — definitely known, just not one of the big 5.