Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

Yesterday I was attempting to buy a product on a small retailer's website—as soon as I hit the "add to cart" button I got a message from Cloudflare: "Sorry, you have been blocked". My only recourse was to message the owner of the domain asking them to unblock me. Of course, I didn't, and decided to buy the product elsewhere. I wasn't doing anything suspicious.. using Arc on a M1 MBP; normal browsing habits.

Not sure if this problem is common but; I would be pretty upset if I implemented Cloudflare and it started to inadvertently hurt my sales figures. I would hope the cost to retailers is trivial in this case, I guess the upside of blocking automated traffic can be quite great.

Just checked again and I'm still blocked on the website. Hopefully this kind of thing gets sorted out.

> I would be pretty upset if I implemented Cloudflare and it started to inadvertently hurt my sales figures.

The problem is that all these Cloudflare forensics-based throttling and blocking efforts don't hurt sales figures.

The number of legitimate users running Arc is a rounding error. Arc browser users often come to Cloudflare without third-party tracking and without cookies, which is weird and therefore suspicious - you look an awful lot like a freshly instantiated headless browser, in contrast to the vast majority of legitimate users who are carrying around a ton of tracking data. And by blocking cookies and ads, you wouldn't even be attributable in most of the stats if they did let you in.

It would be like kicking anyone wearing dark sunglasses out of a physical store: sure, burglars are likely to want to hide their eyes. Retail shrink is something like 1.5% of inventory, while blind users are <0.5% of the population. It would violate the ADA (and basic ethics) to prohibit out all blind shoppers, so in the real world we've decided that it's not legal to discriminate on this basis even if it would be a net positive for your financials.

The web is a nearly unregulated open ocean, Cloudflare can effectively block anyone for any reason and they don't have much incentive to show compassion to legitimate users that end up as bycatch in their trawl nets.

The number of legitimate users on "not chrome, edge, safari, or firefox" is about 10% of the browser market. I don't know about you, but if I'm running a shop, and the whole point of my website is to make sales, but my front door is preventing 10% of those sales? That door is getting replaced.

Then you get burglars in your shop instead of legitimate customers.

User Agents look the way they do because this is a recurring issue.

A browser without network effects gets blocked, they look for a way to bypass the blocking, then they become mainstream and now the de-facto UA is larger than before.