←back to thread

Tell HN: Cloudflare is blocking Pale Moon and other non-mainstream browsers

1343 points Hold-And-Modify | 1 comments | 05 Feb 25 19:08 UTC | HN request time: 0s | source

Hello.

Cloudflare's Browser Intergrity Check/Verification/Challenge feature used by many websites, is denying access to users of non-mainstream browsers like Pale Moon.

Users reports began on January 31:

https://forum.palemoon.org/viewtopic.php?f=3&t=32045

This situation occurs at least once a year, and there is no easy way to contact Cloudflare. Their "Submit feedback" tool yields no results. A Cloudflare Community topic was flagged as "spam" by members of that community and was promptly locked with no real solution, and no official response from Cloudflare:

https://community.cloudflare.com/t/access-denied-to-pale-moo...

Partial list of other browsers that are being denied access:

Falkon, SeaMonkey, IceCat, Basilisk.

Hacker News 2022 post about the same issue, which brought attention and had Cloudflare quickly patching the issue:

https://news.ycombinator.com/item?id=31317886

A Cloudflare product manager declared back then: "...we do not want to be in the business of saying one browser is more legitimate than another."

As of now, there is no official response from Cloudflare. Internet access is still denied by their tool.

Show context
windsignaling ◴[05 Feb 25 21:30 UTC] No.42955454[source]
As a website owner and VPN user I see both sides of this.

On one hand, I get the annoying "Verify" box every time I use ChatGPT (and now due its popularity, DeepSeek as well).

On the other hand, without Cloudflare I'd be seeing thousands of junk requests and hacking attempts everyday, people attempting credit card fraud, etc.

I honestly don't know what the solution is.

replies(15): >>42955722 #>>42955733 #>>42956022 #>>42956059 #>>42956088 #>>42956502 #>>42957016 #>>42957235 #>>42959074 #>>42959436 #>>42959515 #>>42959590 #>>42963545 #>>42963562 #>>42966987 #
inetknght ◴[05 Feb 25 21:50 UTC] No.42955733[source]
> On the other hand, without Cloudflare I'd be seeing thousands of junk requests and hacking attempts everyday, people attempting credit card fraud, etc.

Yup!

> I honestly don't know what the solution is.

Force law enforcement to enforce the laws.

Or else, block the countries that don't combat fraud. That means... China? Hey isn't there a "trade war" being "started"? It sure would be fortunate if China (and certain other fraud-friendly countries around Asia/Pacific) were blocked from the rest of the Internet until/unless they provide enforcement and/or compensation their fraudulent use of technology.

replies(4): >>42955875 #>>42956042 #>>42956211 #>>42956314 #
jeroenhd ◴[05 Feb 25 22:26 UTC] No.42956211[source]
A lot of the fake browser traffic I'm seeing is coming from American data centres. China plays a major part, but if we're going by bot traffic, America will end up on the ban list pretty quickly.
replies(1): >>42957032 #
inetknght ◴[05 Feb 25 23:44 UTC] No.42957032[source]
America does have laws against this kind of thing.

So instead of banning America, report the IP addresses to their American hosts for spam and malicious intent. If the host refuses to do anything, report it to law enforcement. If law enforcement doesn't do anything... then you're proving my point.

replies(2): >>42957421 #>>42960274 #
dmantis ◴[06 Feb 25 08:24 UTC] No.42960274{3}[source]
So you are saying that if 95% of world population, including Chinese, Russians, etc reports American bot farm to American police, somebody would really review that and go after Americans?

BTW, how they should report it, if they are a small business/physical person without lawyers? Does US police have some kind of online hotline to report US criminals for foreigners or smth?

replies(1): >>42961400 #
inetknght ◴[06 Feb 25 11:35 UTC] No.42961400{4}[source]
It's almost as if there should be an international body of laws which covers fraud...
replies(1): >>42974330 #
dmantis ◴[07 Feb 25 16:14 UTC] No.42974330{5}[source]
That's not feasible for bots, crawling, IP laws, etc.

Strict fraud could be handled, but everything above is really different per jurisdiction by obvious reasons. There is nothing clearly good or bad in bots, or e.g. pirates, it depends on particular cultural perception. And if one nation thinks that the action is not a crime, it doesn't make sense to them to prosecute such actions for foreign requests.

replies(1): >>42979033 #
1. inetknght ◴[08 Feb 25 00:17 UTC] No.42979033{6}[source]
One problem at a time. A lot of the malicious activity of bots/crawling/etc hide behind plain fraud.

Combat fraud first so you can start to really identify the other more troublesome troublemakers.

Bots? Declare the owner. Lie about the owner? Fraud.

Crawling? Bots.

Intellectual property? That's an entire whole other industry.