top | item 45966374

(no title)

marticode | 3 months ago

As a user I do care, because I waste so much time on Cloudflare's "prove you are human" blocking-page (why do I have to prove it over and over again?), and frequently run on websites blocking me entirely based on some bad IP-blacklist used along with Cloudflare.

discuss

tempest_|3 months ago

Unfortunately the internet sucks in 2025.

If you have a site with valuable content the LLM crawlers hound you to no end. CF is basically a protection racket at this point for many sites. It doesnt even stop the more determined ones but it keeps some away.

seniorThrowaway|3 months ago

Yep for anyone unaware of how awful things truly are, look up what a "residential proxy" is. Back in my day we called that a botnet.

collinmanderson|3 months ago

> If you have a site with valuable content the LLM crawlers hound you to no end.

The site doesn't even need to have valuable content. Any content at all.

hollerith|3 months ago

CF would be a protection racket only if CF is the cause of the problem CF is charging money to solve.

j2kun|3 months ago

And yet half the HN front page every day is promoting LLM stuff.

"The internet sucks", yes, but we're doing it to ourselves.

woooooo|3 months ago

I just realized, why don't they have some "definitely human" third party cookie that caches your humanness for 24h or so? I'm sure there's a reason, I've heard third party cookies were less respected now, but can someone chime in on why this doesn't work and save a ton of compute?

acureau|3 months ago

Because people will solve the challenge once, and then use the cookie in automation tools. It already happens with shorter expiration cookies.

basilikum|3 months ago

https://developers.cloudflare.com/waf/tools/privacy-pass/

octoberfranklin|3 months ago

Yes, there are several, and the good one (linked below) lets you use the "humanness" token across different websites without them being able to use it as a tracking signal / supercookie. It's very clever.

https://github.com/ietf-wg-privacypass/base-drafts

https://privacypass.github.io/

lotsofpulp|3 months ago

I assume that will be for Apple (and eventually Alphabet) to implement via digital IDs linked to real world IDs.

https://www.apple.com/newsroom/2025/11/apple-introduces-digi...

crazygringo|3 months ago

But that's not a problem caused by Cloudflare.

That's a problem caused by bots and spammers and DDoSers, that Cloudflare is trying to alleviate.

And you generally don't have to prove it over and over again unless there's a high-risk signal associated with you, like you're using a VPN or have cookies disabled, etc. Which are great for protecting your privacy, but then obviously privacy means you do have to keep demonstrating you're not a bot.

BarryMilo|3 months ago

You might say the problem CloudFlare is causing is lesser than the ones it's solving, but you can't say they're not causing a new, separate problem.

That they're trying counts for brownie points, it's not an excuse to be satisfied with something that still bothers a lot of people. Do better, CloudFlare.

foresto|3 months ago

"We have decided to endlessly punish you for using what few tools you have to avoid being exploited online, because it makes our multi-billion dollar business easier. Sucks to be you."

edm0nd|3 months ago

Congrats, you now know what it's like to be a daily Tor user trying to hit normie sites from exit node IPs xD

replwoacause|3 months ago

Why would anyone be a daily Tor user and trying to hit clear-net sites on top of that? This sounds like a bizarre usecase.

jakub_g|3 months ago

I hate it as much (and the challenge time seems to be getting longer, 10s lately for me, what the hell?)

But we can all say thank you to all the AI crawlers who hammer websites with impossible traffic.

pixl97|3 months ago

I mean, it was a problem before AI crawlers with just bots and attacks in general.