Cloudflare checks broken yet AGAIN?

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
User avatar
Kxeon
Hobby Astronomer
Hobby Astronomer
Posts: 24
Joined: 2024-05-09, 20:04

Re: Cloudflare checks broken yet AGAIN?

Unread post by Kxeon » 2024-07-09, 20:38

noellarkin wrote:
2024-07-09, 19:17
IMO alternative browsers need to present a unified front, whether it's confronting corporations like Cloudflare or dealing with EFF.
That seems like a good idea ngl. I would say something about it being absolutely impossible to get everyone together to fight the big guys; but I'm pretty sure it actually IS possible to do that, showing stuff like what's happening right now to us as an example, saying "This could be you!", and just like that, the little browsers are banded together in an alliance.
...
Ok, obviously it's not that simple, but I hope you get my point. This can happen to others, and it probably will happen to others if this isn't stopped.
To see a portion of my specs (CPU, GPU, Laptop Model, OS, and RAM) if not said already, go to my Bio

User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 33
Joined: 2023-08-13, 18:09

Re: Cloudflare checks broken yet AGAIN?

Unread post by stefan11111 » 2024-07-09, 21:23

Moonchild wrote:
2024-07-08, 18:55
stefan11111 wrote:
2024-07-08, 18:29
is it that hard to write good code that doesn't break other browsers
Not for a captcha, no.
stefan11111 wrote:
2024-07-08, 18:29
at least test your non-standard extensions on more browsers?
Well that's the issue, you see? Somewhere in the fairly recent past they started restricting what their captcha supports to a very very short list of browsers, which does not include Pale Moon or any other browser on UXP, nor some commonly-used other alternative browsers. Only a small handful of big, commercial browsers. That wasn't the case before, and wasn't the case at the time most websites decided to start using CF. Basically a rug-pull of sorts.

Since CloudFlare is effectively ghosting me at this point, and the EFF seems to not be interested in taking this up with me, I'm really not in a position to do anything about it at this moment. If you run into this issue, complain to CF and the website you are trying to use but can't because of CF's issues.
If it's not that hard to make a chaptcha work with browsers like palemoon, why break it?
What do they gain from breaking it, If it's not a hard thing to do?
Especially given it used to work fine.

User avatar
noellarkin
Fanatic
Fanatic
Posts: 111
Joined: 2021-07-27, 04:20

Re: Cloudflare checks broken yet AGAIN?

Unread post by noellarkin » 2024-07-10, 03:23

Kxeon wrote:
2024-07-09, 20:38
noellarkin wrote:
2024-07-09, 19:17
IMO alternative browsers need to present a unified front, whether it's confronting corporations like Cloudflare or dealing with EFF.
That seems like a good idea ngl. I would say something about it being absolutely impossible to get everyone together to fight the big guys; but I'm pretty sure it actually IS possible to do that, showing stuff like what's happening right now to us as an example, saying "This could be you!", and just like that, the little browsers are banded together in an alliance.
...
Ok, obviously it's not that simple, but I hope you get my point. This can happen to others, and it probably will happen to others if this isn't stopped.
It has to be done. What Cloudflare has done, is dictate what browser engines are allowed on the internet. It may not be their intention to do so, but fact remains that they're doing it regardless, and they have to be judged by outcomes, not intentions. Their premise is flawed: "if you can't pass feature detection for Chrome, Firefox or Safari, you're probably a bot" - - this effectively removes all incentive for independent developers to try making alternative engines. All future browsers will end up either being Chrome/FF forks or having to deal with Cloudflare issues.

Ultimately, the Pale Moon community isn't alone in this - - CF's move effectively reduces the browser ecosystem to a Google, Mozilla and Apple, and disincentivizes independent developers as well as newer players from entering the market. I'm curious how Midori, K-Meleon, QuteBrowser, Falkon, Luakit, NetSurf, New Moon, MyPal etc are doing.
Pale Moon can't and shouldn't try taking on CF alone, because then the optics are very "old man screams at clouds". If its 10 different browsers not working, then there's a MUCH stronger case to be made.

PS: this link: https://community.cloudflare.com/t/veri ... ain/683018 fails to open in Pale Moon, but opens in LibreWolf with resistFingerprinting on (which spoofs practically everything). So clearly, Cloudflare is NOT preventing fraud by filtering out browsers that spoof canvas etc, it is just locking out specific browsers based on feature detection.

PPS: I searched "cloudflare pale moon" and the most recent results seem to be from 4chan:
https://boards.4chan.org/g/thread/10134 ... ng-by-pale

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36067
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by Moonchild » 2024-07-10, 05:59

noellarkin wrote:
2024-07-10, 03:23
It has to be done.
I'm on board with joining forces but as you can imagine my plate is already way too full to organize anything like that. Someone independent and invested in this would have to step up and get independent/alternative browsers together (that kind of thing is also not my forte, anyway).
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
noellarkin
Fanatic
Fanatic
Posts: 111
Joined: 2021-07-27, 04:20

Re: Cloudflare checks broken yet AGAIN?

Unread post by noellarkin » 2024-07-10, 07:23

FWIW there's a fair amount of support for Pale Moon in the thread https://community.cloudflare.com/t/veri ... /683018/15 - - and a general acknowledgement that this is a result of Cloudflare's negligence - - an improvement from the victim-blaming that happened the last time this happened.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36067
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by Moonchild » 2024-07-10, 07:35

That's good to see, at least! Maybe some people are actually waking up to what's happening, here.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
noellarkin
Fanatic
Fanatic
Posts: 111
Joined: 2021-07-27, 04:20

Re: Cloudflare checks broken yet AGAIN?

Unread post by noellarkin » 2024-07-10, 10:14

Are there any tech journalism websites that are sympathetic to Pale Moon that can publish an article on the matter?
I remember Martin Brinkmann (gHacks) had a whole blog category dedicated to Pale Moon, including reporting on the first time this cloudflare mess went down:
https://www.ghacks.net/2022/05/05/fix-p ... ification/
And there may be some influencers/youtubers who may be willing to post/stream about it.

digitalaudiorock
Moon lover
Moon lover
Posts: 80
Joined: 2017-08-16, 14:12

Re: Cloudflare checks broken yet AGAIN?

Unread post by digitalaudiorock » 2024-07-10, 10:50

Yea, yesterday it was looking like that Cloudflare thread I started might auto-close with nothing but my posts and whoever those pro-Cloudflare trolls are. Nice to see that thing caught fire.

There's a number of references about Cloudlfare breaking some browsers as to whether it was intentional or not. However what WAS intentional is that, for quite some time, Cloudflare has been pretending to the public that they can do all these security checks reliably and kept really quiet about browser support. Then over time they seem to have pulled the rug out from under everyone with this "Oh by the way, we only support browsers X Y and Z" bullshit. The trolls in that thread claim that all site owners are aware of this, and that's bullshit. If they were up front from the beginning saying "If you use this feature nobody can visit your site unless they use browsers X, Y, and Z", no WAY would so many sites be using it.

Now THAT was a VERY deceptive stunt to pull and WAS very much intentional.

EDIT: PLUS all helped them gain a huge footprint in that market, in part because competing ones don't attempt that sort of browser specific nonsense (putting THEM at a disadvantage in many ways). THAT'S the part that makes this deception an issue for ALL of us.

Tom

User avatar
noellarkin
Fanatic
Fanatic
Posts: 111
Joined: 2021-07-27, 04:20

Re: Cloudflare checks broken yet AGAIN?

Unread post by noellarkin » 2024-07-10, 11:19

Does anyone have a HackerNews account? Would make sense to post it there.

User avatar
jouven
Hobby Astronomer
Hobby Astronomer
Posts: 19
Joined: 2021-04-28, 11:15

Re: Cloudflare checks broken yet AGAIN?

Unread post by jouven » 2024-07-10, 12:19

I don't know Louis Rossman standing in this community, I'm sure he'll have day with this situation, doesn't need to be specifically Pale Moon if it's also happening with other browsers.

User avatar
noellarkin
Fanatic
Fanatic
Posts: 111
Joined: 2021-07-27, 04:20

Re: Cloudflare checks broken yet AGAIN?

Unread post by noellarkin » 2024-07-10, 12:38

jouven wrote:
2024-07-10, 12:19
Louis Rossman
LOVE his content :)
So what's the best way to get in touch with him? And who should do it? I'm not sure if random users tweeting at him would work. Does anyone here have a youtube channel/twitter account with many followers?
You're right, he has made videos slamming Chrome for anti-competitive practices before: https://www.youtube.com/watch?v=_x7NSw0Irc0
Regarding the united front, I'll check this out later tonight, download some more alternative browsers, and check if they're working with Turnstile sites.

digitalaudiorock
Moon lover
Moon lover
Posts: 80
Joined: 2017-08-16, 14:12

Re: Cloudflare checks broken yet AGAIN?

Unread post by digitalaudiorock » 2024-07-10, 14:04

Out of curiosity I just tested Waterfox Classic (I tested with the https://idope.se/ link posted earlier), and that goes into an infinite loop without even prompting with a checkbox at all...completely broken. Regular Waterfox still works.

So I guess whatever the broke must be specific to UXP (XUL) based browsers(?). Not that that matters. Nobody gets to say that XUL browsers are obsolete (try as many seem to). That's why web standards exists.

Tom


User avatar
noellarkin
Fanatic
Fanatic
Posts: 111
Joined: 2021-07-27, 04:20

Re: Cloudflare checks broken yet AGAIN?

Unread post by noellarkin » 2024-07-10, 15:03

Other browsers that fail the Turnstile captcha:
- SeaMonkey
- Falkon
- New Moon
- Basilisk
- K-Meleon

Browsers the pass the Turnstile captcha (apart from FF, Chrome, Safari):
- MyPal
- QuteBrowser

User avatar
Kxeon
Hobby Astronomer
Hobby Astronomer
Posts: 24
Joined: 2024-05-09, 20:04

Re: Cloudflare checks broken yet AGAIN?

Unread post by Kxeon » 2024-07-10, 16:52

noellarkin wrote:
2024-07-10, 15:03
Other browsers that fail the Turnstile captcha:
- SeaMonkey
- Falkon
- New Moon
- Basilisk
- K-Meleon
Alrighty, so Basilisk and K-Meleon are both Goanna... but what's with Falkon and SeaMonkey? Don't they use the same engines as Chrome and Firefox respectively? :wtf:
Maybe Falkon is broken because of QtWebEngine and SeaMonkey because of SpiderMonkey? But QtWebEngine is based off of Chromium...
It seems that Konqueror fails Turnstile on both engines too... (WebEngine and Okular)
NetSurf also fails, but that definitely shouldn't be all that much of a surprise from what I can tell. (It doesn't even appear, lol.)
I would test Ladybird but it seems like I can't run it at all because it can't find Ninja..
Oh wait, as it turns out, second try was the charm! Oh, and by the way, it failed again. Turnstile doesn't even appear on Ladybird.

Code: Select all

23030.323 WebContent(454788): (js log) "Turnstile Widget seem to have crashed: " "wqpgj"
To see a portion of my specs (CPU, GPU, Laptop Model, OS, and RAM) if not said already, go to my Bio

User avatar
billmcct
Keeps coming back
Keeps coming back
Posts: 987
Joined: 2012-09-04, 15:19
Location: Costa Rica & Union City Georgia USA

Re: Cloudflare checks broken yet AGAIN?

Unread post by billmcct » 2024-07-10, 18:11

Well for me in PM, and I'm using the AVX2 x64 build, only:
https://idope.se/
https://jackssmallengines.com/
Fails, all others I don't even get a captcha, goes straight to page.

In Basilisk, only:
https://jackssmallengines.com/
Fails, all others go straight to page for me, NO captchas.
I am also using a VPN.
--------------------------------------------------------------------------------------------------------------
Dell Precision 15 7550
Windows 10 Pro. 22H2
Xeon W-10885M
64 GB DDR4 ECC memory (128 GB max)
500 GB Corsair T500 main M2 SSD
1 TB Intel storage M2 SSD (6 TB max)
Intel onboard GPU 1080p
Quadro RTX 5000 Max-Q GPU 4K

Pale Moon 33.2.x x64 AVX2 build

The difference between the Impossible and the Possible lies in a man's Determination.
Tommy Lasorda

digitalaudiorock
Moon lover
Moon lover
Posts: 80
Joined: 2017-08-16, 14:12

Re: Cloudflare checks broken yet AGAIN?

Unread post by digitalaudiorock » 2024-07-10, 19:02

all others I don't even get a captcha, goes straight to page.
This is one that everyone should avoid getting confused by...that is whether or not you get the challenge at all. That can likely be based on a number of factors we can never know about...for example whether you're using a VPN that results in an unresolvable WAN IP they they see for you're request etc. That's a totally unrelated blank box on their end I think.

Tom

User avatar
noellarkin
Fanatic
Fanatic
Posts: 111
Joined: 2021-07-27, 04:20

Re: Cloudflare checks broken yet AGAIN?

Unread post by noellarkin » 2024-07-10, 19:14

digitalaudiorock wrote:
2024-07-10, 19:02
all others I don't even get a captcha, goes straight to page.
This is one that everyone should avoid getting confused by...that is whether or not you get the challenge at all.
yep, IMO the litmus test is: when someone does get a captcha, are they able to pass the challenge?

User avatar
artics
New to the forum
New to the forum
Posts: 1
Joined: 2024-07-11, 08:49

Re: Cloudflare checks broken yet AGAIN?

Unread post by artics » 2024-07-11, 08:52

A solution could be the Privacy Pass extension.

https://github.com/cloudflare/pp-browser-extension

If some XUL wizard can port this to Palemoon we will never need to worry about Cloudflare checks again.

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 5113
Joined: 2015-12-09, 15:45
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by moonbat » 2024-07-11, 09:00

artics wrote:
2024-07-11, 08:52
A solution could be the Privacy Pass extension.
From reading it, it sounds as though the website needs to support Privacy Pass first; or will it automatically work on all Cloudflare sites?
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
Linux Mint 21 Xfce x64 on HP i5-5200 laptop, 12 GB RAM.
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

Post Reply