- cross-posted to:
- technews@radiation.party
- cross-posted to:
- technews@radiation.party
The author was blocked from accessing a work website due to issues with Cloudflare’s browser integrity checks. Despite having credentials to prove his identity, an attempt to bypass the checks by disabling fingerprinting in Firefox resulted in Cloudflare blocking all access. He could still access the site on Chrome, showing the block was based on his browser configuration. This left the author unable to complete important work tasks and questioning how much control individuals really have over authentication in an increasingly centralized web ecosystem dependent on remote attestation. It highlights the need for transparency and user agency in how identity verification is implemented online.
I don’t think that’s what happened to the author. Cloudflare generally doesn’t leave you on that page if it detects a suspicious browser. Plus, how is cloudflare supposed to use your corporate VPN and your certificate to verify your identity? They don’t have an omnipotent view of all corporate VPNs that exist. The check that cloudflare does on that page is pretty javascript heavy and I assume it was just temporarily broken in Firefox. Which is an issue in itsself, but it’s not the massive deal that the author makes out.
I can’t speak for the author but I’ve experienced this issue a few times, with increasing frequency of late, on Firefox and even other apps (not Chrome). Especially if I’m browsing under private mode (which I often am, just because I don’t like any cookies/cache to be saved for random sites). Now, it’s not like it’s some random site who’s Javascript broke or something, perfectly functioning sites would stop working and display that CloudFlare access denied message, when they previously worked just fine.
The other app I’d experience issues with is Tachiyomi, a manga reader and scraper. Whilst it works fine for the most part, every once in a while I’d get blocked by CloudFlare, which prevents Tachiyomi from searching/accessing various manga sites. But if I access the said site via Chrome, it’d work just fine.
It’s not just CloudFlare. Sometimes, when again browsing via Firefox’s private mode and say I needed to run a Google search, Google sometimes throws a captcha at me because it finds my activities “suspicious”.
Just so you know, there’s nothing unusual about my internet setup - I’m just a standard home user, with a static-ish IP from a well known ISP. My public IP has been the same for over an year now, and I don’t run any web/mail servers or anything that my ISP or a website would dislike.
What it is, is just plain discrimination. Just because I have my privacy filters up and blocking all tracking and crap, it’s seeing me as suspicious. If this sort of stuff is going to be the norm, I can only imagine how much more bleak our future would be if Google’s WEI went into effect.