←back to thread

Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

1343 points Hold-And-Modify | 8 comments | 05 Feb 25 19:08 UTC | HN request time: 0.02s | source | bottom

Hello.

Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

Users reports began on January 31:

https://forum.palemoon.org/viewtopic.php?f=3&t=32045

This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

https://community.cloudflare.com/t/access-denied-to-pale-moo...

Partial list of other browsers that are being denied access:

Falkon, SeaMonkey, IceCat, Basilisk.

Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

https://news.ycombinator.com/item?id=31317886

A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

Show context
nikkwong ◴[06 Feb 25 05:13 UTC] No.42959315[source]
Yesterday I was attempting to buy a product on a small retailer's website—as soon as I hit the "add to cart" button I got a message from Cloudflare: "Sorry, you have been blocked". My only recourse was to message the owner of the domain asking them to unblock me. Of course, I didn't, and decided to buy the product elsewhere. I wasn't doing anything suspicious.. using Arc on a M1 MBP; normal browsing habits.

Not sure if this problem is common but; I would be pretty upset if I implemented Cloudflare and it started to inadvertently hurt my sales figures. I would hope the cost to retailers is trivial in this case, I guess the upside of blocking automated traffic can be quite great.

Just checked again and I'm still blocked on the website. Hopefully this kind of thing gets sorted out.

replies(13): >>42959473 #>>42959512 #>>42960071 #>>42960395 #>>42960397 #>>42961792 #>>42961906 #>>42964337 #>>42964617 #>>42965068 #>>42965688 #>>42965889 #>>42970070 #
LeifCarrotson ◴[06 Feb 25 17:08 UTC] No.42964337[source]
> I would be pretty upset if I implemented Cloudflare and it started to inadvertently hurt my sales figures.

The problem is that all these Cloudflare forensics-based throttling and blocking efforts don't hurt sales figures.

The number of legitimate users running Arc is a rounding error. Arc browser users often come to Cloudflare without third-party tracking and without cookies, which is weird and therefore suspicious - you look an awful lot like a freshly instantiated headless browser, in contrast to the vast majority of legitimate users who are carrying around a ton of tracking data. And by blocking cookies and ads, you wouldn't even be attributable in most of the stats if they did let you in.

It would be like kicking anyone wearing dark sunglasses out of a physical store: sure, burglars are likely to want to hide their eyes. Retail shrink is something like 1.5% of inventory, while blind users are <0.5% of the population. It would violate the ADA (and basic ethics) to prohibit out all blind shoppers, so in the real world we've decided that it's not legal to discriminate on this basis even if it would be a net positive for your financials.

The web is a nearly unregulated open ocean, Cloudflare can effectively block anyone for any reason and they don't have much incentive to show compassion to legitimate users that end up as bycatch in their trawl nets.

replies(4): >>42964656 #>>42965053 #>>42966257 #>>42967049 #
RobotToaster ◴[06 Feb 25 17:42 UTC] No.42964656[source]
I wonder if cloudflare blocks like these affect screen reader users, in which case they may violate the ADA.
replies(2): >>42964968 #>>42973781 #
dragontamer ◴[06 Feb 25 18:17 UTC] No.42964968[source]
And if they did violate the ADA, do you seriously expect this administration's anti-DEI Department of Justice to pursue legal action?
replies(3): >>42965202 #>>42965622 #>>42966268 #
gosub100[dead post] ◴[06 Feb 25 19:27 UTC] No.42965622[source]
[flagged]
1. Analemma_ ◴[06 Feb 25 19:50 UTC] No.42965845[source]
I can find you literally hundreds of posts from people insisting that ADA is nothing but a small-business-killing shakedown, that it's makework for lawyers, that it's doing nothing to help the disabled, and that it's just as bad if not worse than DEI. What makes your claim better than theirs?
replies(3): >>42966224 #>>42966878 #>>42967204 #
2. gosub100 ◴[06 Feb 25 20:34 UTC] No.42966224[source]
I call your bluff. Do it.
replies(1): >>42966480 #
3. vscapitalx ◴[06 Feb 25 21:04 UTC] No.42966480[source]
https://www.forbes.com/sites/gusalexiou/2023/06/30/website-a...

https://www.the215guys.com/blog/ada-lawsuits-targeting-websi...

replies(1): >>42967482 #
4. lcnPylGDnU4H9OF ◴[06 Feb 25 21:54 UTC] No.42966878[source]
> What makes your claim better than theirs?

Well, for starters it's not so absolute:

> it's doing nothing to help the disabled

It's obviously doing something for the disabled. Reserved disabled parking spots and wheelchair-accessible building entrances are requirements of the ADA. It seems reasonable to think it "improves people's lives". A whole bunch of contrary opinions are not necessarily reasons for disagreement as much as they are simply disagreement.

replies(2): >>42967289 #>>42980507 #
5. 1shooner ◴[06 Feb 25 22:35 UTC] No.42967204[source]
>it's doing nothing to help the disabled

I make you a deal: Instead of hundreds of posts from random people, find me just 50 posts from disabled people that agree with this.

6. fsckboy ◴[06 Feb 25 22:48 UTC] No.42967289[source]
I've no problem with the govt making sure that disabled people get accommodation so they can participate in civic life. I do have a problem with the govt requiring private individuals to pay for it, "handle the load", etc. even engaged in public accommodation: because it's obvious that a 20,000 sq ft publicly trade Delaware class C corp retailer has room for ramps and generous allocations of space around swinging doors, bathrooms etc. But if I rent a 500 sq foot postage stamp shop in NYC to open my dream counter service juice store which is a step up from the sidewalk, it's just too much of a burden for a new business of which 9 out of 10 fail anyway. You think juice store owners have anything against disabled people? they don't.

We all need to pay for it, not pass feel good legislation that shoves it down the throats of sole proprieter LLCs.

7. gosub100 ◴[06 Feb 25 23:19 UTC] No.42967482{3}[source]
the first link had one comment in support of the move, and a single, dissenting (yet reasonable) reply.2nd article had no comments whatsoever. Remember, the claim I'm responding to was "literally hundreds of posts from people insisting that ADA is nothing but a small-business-killing shakedown, that it's makework for lawyers, that it's doing nothing to help the disabled"
8. what ◴[08 Feb 25 04:55 UTC] No.42980507[source]
>reserved disabled parking spots

I’ve never seen an actually disabled person use one. They’re always occupied by cars with placards but the people are pretty clearly abled or able enough to walk across the parking lot.