top | item 21169867

(no title)

ridgewell | 6 years ago

Is the situation improved by using the Privacy Pass add-on [1] from Cloudflare?

Supposedly:

>Privacy Pass is a Chrome/Firefox browser extension to make browsing Cloudflare-protected websites a better experience for users. In particular, if a user IP address is designated to have a poor reputation then the user may have to solve a Cloudflare CAPTCHA page before they can gain access to such websites. Privacy Pass uses elliptic curve cryptography to generate 'anonymous' tokens after a single CAPTCHA page is solved. These tokens can be used in future engagements with Cloudflare websites to prevent having to solve more CAPTCHAs. The extension generates 30 tokens for each CAPTCHA solution and thus can be used to reduce CAPTCHA pages for each user by a similar factor.

[1] https://support.cloudflare.com/hc/en-us/articles/11500199265...

discuss

skrebbel|6 years ago

So wait, "we shipped a bug, so we made a browser extension that lets you circumvent the bug". That's cloudflare's answer? I'm not impressed.

EDIT: people seem to be confused as to what bug cloudflare shipped. The bug is not having people solve captchas because their IP has a bad reputation. It's having them solve it over and over again.

You can put it however you want it, but if my app's UX is fine without cloudflare and it's shit with cloudflare, for a small but significant percentage of my users, then CF has a bug.

sjwright|6 years ago

Thwarting denial of service attacks isn’t a bug.

You seem to be confused about what your rights are around website availability. Hint: you have no rights. Absent specific coercion by government, the owner of the website had all the rights. If she wants to require you to solve a Where’s Waldo first, that’s her prerogative. Your choice is to accept the terms or go elsewhere.

lilyball|6 years ago

You calling this a "bug" makes it sound like you expect Cloudflare to violate your privacy by tracking which websites you've visited in order to determine that you're not a threat. It sounds like the point of Privacy Pass is the only information it gives Cloudflare is that you've solved a Captcha recently but otherwise provides no information about where you did it (beyond the fact that it's a Cloudflare property).

Given the fact that they've resorted to providing an extension to do this, this suggests that they've deliberately engineered their services to not have access to that data internally, and that's a good thing.

unityByFreedom|6 years ago

If captchas are a bug, try running your own popular web service, and good luck keeping away the spam.

An extension is easy to install and is a reasonable way for the CDN to verify that you're not a spammer without requiring you to repeatedly prove it whenever your IP changes.

tfha|6 years ago

Should we be building the internet such that a single website can make it effectively unusable for any user at their arbitrary whim?

pjkundert|6 years ago

You mean, the internet that allows web property owners to elect to protect themselves from vandalism?

That sounds like a powerful use of personal choice to me -- allowed by an internet that (still) allows individuals to make choices in their own best interests.

unknown|6 years ago

[deleted]

unityByFreedom|6 years ago

> a single website can make it effectively unusable for any user at their arbitrary whim

CF is a free service. Websites can choose to use it or not, and it certainly does not dictate the nature of the internet.

faitswulff|6 years ago

The author runs an ISP. Is this extension for the end user or can it be used at the ISP level for all affected IP addresses?

auslander|6 years ago

> .. to generate 'anonymous' tokens

Yeah, right. I think double quotes is more appropriate here.