Cloudflare checks broken yet AGAIN?

Users and developers helping users with generic and technical Pale Moon issues on all operating systems.

Moderator: trava90

Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36256
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by Moonchild » 2024-07-11, 10:30

RFC9578 wrote:The Privacy Pass protocol provides a privacy-preserving authorization
mechanism. In essence, the protocol allows Clients to provide
cryptographic tokens that prove nothing other than that they have
been created by a given server in the past
I.e. you would "authenticate your use of the web/internet" with a unique token. This token will be bound to your browser/client/computer/user account uniquely. No matter how this is called, this is not (overall) privacy-preserving, and your use of the 'net will depend on if the attester will attest your client. i.e. using this protocol the attester will have all control over your access, and is much worse than a captcha system, since it adds a cryptographic layer and the potential of locking down based on your device characteristics/identification (i.e. hardware!). While your privacy may be better protected between you and the server you are trying to visit since the server will only verify a token and not request details from you directly, and rely on a third party (although in CF's case that's not a given!), your privacy is compromised to a greater extent by having to deal with an attester:
RFC9576 wrote:In Privacy Pass, attestation is the process by which an Attester bears witness to, confirms, or authenticates a Client so as to verify properties about the Client that are required for issuance. Issuers trust Attesters to perform attestation correctly, i.e., to implement attestation procedures in such a way that those procedures are not subverted or bypassed by malicious Clients.[RFC9334] describes an architecture for attestation procedures. Using that architecture as a conceptual basis, Clients are RATS Attesters that produce attestation evidence, and Attesters are RATS Verifiers that appraise the validity of attestation evidence.The type of attestation procedure is a deployment-specific option and outside the scope of the issuance protocol. Example attestation procedures are below.
* Solving a CAPTCHA. Clients that solve CAPTCHA challenges can be attested to have this capability for the purpose of being ruled out as a bot or otherwise automated Client.
* Presenting evidence of Client device validity. Some Clients run on trusted hardware that is capable of producing device-level attestation evidence.
* Proving properties about Client state. Clients can be associated with state, and the Attester can verify this state. Examples of state include the Client's geographic region and whether the Client has a valid application-layer account.
:o

Important questions to ask: Who will be this attester? If the extension is ported to Pale Moon, will the attester accept it as a valid client when presenting itself? What criteria will the attester use? Who controls the attestation process?

This goes way beyond mere capabilities testing or presenting human/scripting challenges.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
dim22
Moongazer
Moongazer
Posts: 8
Joined: 2024-03-13, 04:52

Re: Cloudflare checks broken yet AGAIN?

Unread post by dim22 » 2024-07-11, 10:35

I noticed that the captcha is now in the shadow DOM.Maybe this is the reason?

digitalaudiorock
Moon lover
Moon lover
Posts: 80
Joined: 2017-08-16, 14:12

Re: Cloudflare checks broken yet AGAIN?

Unread post by digitalaudiorock » 2024-07-11, 11:33

From reading it, it sounds as though the website needs to support Privacy Pass first; or will it automatically work on all Cloudflare sites?
Yea, that's not really clear for sure. I could be wrong but it seems me that cloudflare itself would be handling all that as apposed to the individual sites(?).

This would certainly be a nice solution...albeit one that would sort of let CF off the hook for doing this.

Tom

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36256
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by Moonchild » 2024-07-11, 11:50

digitalaudiorock wrote:
2024-07-11, 11:33
I could be wrong but it seems me that cloudflare itself would be handling all that as apposed to the individual sites(?).
CF effectively sits in the middle, and they are the ones who would handle this. They are the "server" in this case, since they literally act like a server endpoint (your encrypted connection ends at CF too, and they have full access to all data; they are a full man-in-the-middle for websites). So, no, the origin servers don't need to support this. In fact, having been a CF customer myself, most of these kinds of changes "at the cloud edge" are never mentioned to site owners, at all.
Off-topic:
By the way, they are still sending me invoices even if I stopped using them and requested deletion of my account... with no way to contact them without an account, since their billing e-mail address just has an autoresponder to use their support portal which requires an active cloudflare account... >.< so that will be fun to deal with the next few days.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Lucio Chiappetti
Astronaut
Astronaut
Posts: 686
Joined: 2014-09-01, 15:11
Location: Milan Italy

Re: Cloudflare checks broken yet AGAIN?

Unread post by Lucio Chiappetti » 2024-07-11, 13:16

Quite annoyed to find that www.openstreetmap.org/ is now (not yesterday) beyond a cloudflare captcha which never resolves.
(By the way even chrome does not work ... gives another (never encountered before) message "site under heavy load - try again later"- :thumbdown:
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36256
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by Moonchild » 2024-07-11, 13:41

Lucio Chiappetti wrote:
2024-07-11, 13:16
is now (not yesterday) beyond a cloudflare captcha which never resolves.
(By the way even chrome does not work ... gives another (never encountered before) message "site under heavy load - try again later"- :thumbdown:
Probably means they are under attack and have enabled CF's "protection" "I'm under attack mode". Chrome reaches their servers but it's still overloaded (so much for cf mitigating the attack with their captcha...) so you get the error from there, while Pale Moon runs into the Cloud Firewall
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
somdcomputerguy
Lunatic
Lunatic
Posts: 397
Joined: 2014-02-23, 17:25
Location: Greenbrier County, West Virginia
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by somdcomputerguy » 2024-07-11, 13:56

Lucio Chiappetti wrote:
2024-07-11, 13:16
Quite annoyed to find that www.openstreetmap.org/ is now.. :thumbdown:
I use OSM once in a while, a bit more frequently lately, so I checked. With Pale Moon there is that loop, with floorp I only had to verify myself once but I too get that server is busy message when searching a location.
:cool: -bruce /* somdcomputerguy.com */
'If you change the way you look at things, the things you look at change.'

User avatar
Kerebron
Fanatic
Fanatic
Posts: 116
Joined: 2016-12-04, 22:01

Re: Cloudflare checks broken yet AGAIN?

Unread post by Kerebron » 2024-07-11, 13:59

I just tried openstreetmap.org and I passed Cloudflare verification without any problems, but then the connection to host times out (error 522).

Lucio Chiappetti
Astronaut
Astronaut
Posts: 686
Joined: 2014-09-01, 15:11
Location: Milan Italy

Re: Cloudflare checks broken yet AGAIN?

Unread post by Lucio Chiappetti » 2024-07-11, 16:05

Back from hike, OSM is now working as usual (no cloudflare captcha)
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)

vannilla
Moon Magic practitioner
Moon Magic practitioner
Posts: 2244
Joined: 2018-05-05, 13:29

Re: Cloudflare checks broken yet AGAIN?

Unread post by vannilla » 2024-07-11, 17:07

The captcha worked for me... but for how long?
Might as well start counting the days.

User avatar
somdcomputerguy
Lunatic
Lunatic
Posts: 397
Joined: 2014-02-23, 17:25
Location: Greenbrier County, West Virginia
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by somdcomputerguy » 2024-07-11, 18:13

Lucio Chiappetti wrote:
2024-07-11, 16:05
..OSM is now working..
Workin' fine now for me as well. No CAPTCHA or verify either. Probably remembered me from a couple hours ago..
:cool: -bruce /* somdcomputerguy.com */
'If you change the way you look at things, the things you look at change.'

digitalaudiorock
Moon lover
Moon lover
Posts: 80
Joined: 2017-08-16, 14:12

Re: Cloudflare checks broken yet AGAIN?

Unread post by digitalaudiorock » 2024-07-11, 20:25

The site I use that originally made me start this thread is working now, so clearly Cloudflare fixed something. Cool.

Tom

User avatar
jouven
Hobby Astronomer
Hobby Astronomer
Posts: 19
Joined: 2021-04-28, 11:15

Re: Cloudflare checks broken yet AGAIN?

Unread post by jouven » 2024-07-11, 23:31

Works again. How long did the issue last this time? 3 days?
Anyway, until next time!

User avatar
andyprough
Keeps coming back
Keeps coming back
Posts: 845
Joined: 2020-05-31, 04:33

Re: Cloudflare checks broken yet AGAIN?

Unread post by andyprough » 2024-07-12, 05:34

digitalaudiorock wrote:
2024-07-11, 20:25
The site I use that originally made me start this thread is working now, so clearly Cloudflare fixed something. Cool.

Tom
The timing is interesting because I emailed Martin Brinkmann with Ghacks.net and Liam Proven with TheRegister.com about it last evening, giving them both the link to your cloudflare community forum thread. Neither one of them wrote a story about it today, but I'm wondering if either of them started poking around and asking questions. I'm not trying to take any credit, but it may be a useful method in the future to both a) create a cloudflare community forum posting, and then a couple days later b) contact some tech reporters, linking them to the cloudflare forum thread.

I think it would make for an excellent tech article by the way - "The Internet's Gatekeeper Blocking Independent Devs from Legitimate Access to the Web".

digitalaudiorock
Moon lover
Moon lover
Posts: 80
Joined: 2017-08-16, 14:12

Re: Cloudflare checks broken yet AGAIN?

Unread post by digitalaudiorock » 2024-07-12, 13:03

andyprough wrote:
2024-07-12, 05:34
The timing is interesting because I emailed Martin Brinkmann with Ghacks.net and Liam Proven with TheRegister.com about it last evening, giving them both the link to your cloudflare community forum thread.
Interesting. Thanks for doing that! That may actually have something to do with it getting fixed. It seemed odd for it to suddenly get fixed with not so much as a comment on that Cloudflare thread from Cloudflare themselves.

Tom

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36256
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by Moonchild » 2024-07-12, 13:11

digitalaudiorock wrote:
2024-07-12, 13:03
not so much as a comment on that Cloudflare thread from Cloudflare themselves.
Their current de facto response to this topic and any other potentially damaging topic seems to be don't respond/ghost. And definitely never admit they did anything wrong.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
stefan11111
Apollo supporter
Apollo supporter
Posts: 33
Joined: 2023-08-13, 18:09

Re: Cloudflare checks broken yet AGAIN?

Unread post by stefan11111 » 2024-07-14, 17:41

I can confirm that it's working here too.
Still, doesn't look good for the future.

User avatar
andyprough
Keeps coming back
Keeps coming back
Posts: 845
Joined: 2020-05-31, 04:33

Re: Cloudflare checks broken yet AGAIN?

Unread post by andyprough » 2024-07-16, 15:29

digitalaudiorock wrote:
2024-07-12, 13:03
andyprough wrote:
2024-07-12, 05:34
The timing is interesting because I emailed Martin Brinkmann with Ghacks.net and Liam Proven with TheRegister.com about it last evening, giving them both the link to your cloudflare community forum thread.
Interesting. Thanks for doing that! That may actually have something to do with it getting fixed. It seemed odd for it to suddenly get fixed with not so much as a comment on that Cloudflare thread from Cloudflare themselves.

Tom
Liam Proven with TheRegister emailed me back this morning. He said he's heard from two people about this Cloudflare issue with Pale Moon. He said he would like to see the problem himself, asks if I know of any sites where it's not working right now. If you know of any sites where this problem is happening right now, please let me know. Otherwise I'll email him back in the next day or two telling him Cloudflare appears to have temporarily resolved it again, but Pale Moon users have had this happen so many times that we are [unfortunately] waiting for the problem to pop up again.

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 36256
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by Moonchild » 2024-07-16, 19:52

As far as I can tell, CloudFlare at the moment has fixed their captchas and challenges (again) - I've tested a few different sites with different forms of browser "verification" challenges by CF and they all pass, so we currently can't demonstrate the problem to your contact at TheRegister, unfortunately.
"Just because you are offended doesn't mean you are right." -- unknown
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

User avatar
moonbat
Knows the dark side
Knows the dark side
Posts: 5188
Joined: 2015-12-09, 15:45
Contact:

Re: Cloudflare checks broken yet AGAIN?

Unread post by moonbat » 2024-07-16, 23:16

Best to inform him that it's working for now - and that you will let him know the next time it fails.
"One hosts to look them up, one DNS to find them and in the darkness BIND them."

Image
KDE Neon on a Slimbook Ryzen 7 with 64 GB RAM
AutoPageColor|PermissionsPlus|PMPlayer|Pure URL|RecordRewind|TextFX

Post Reply