Their design approach wasn’t particularly unusual, so I’m not sure what that sentence means.
I do miss the days when technical reports were clear and concise. This one has some interesting information, but it’s buried under a mountain of empty AI-written bloat.
I remember back I think around 2011, CF was new and I was testing it on some vbulletin forum, all the email communication were with the cofounder if I recall correctly, the UI had only the dns settings back then. Now they make a whole article on some text redesign, time flies.
That's why I say most AI content isn't just slop—it's fundamentally about deception. It's about tricking someone into believing that a text was written by a human, or that a photo or video is a true recording of a real event.
Like this, its purpose is to fly under the radar unless your figurative ears are pricked up and primed to detect the telltale signs. Fuck this shit.
Am I reading it right, the widget is seen 5B times per day, and they recruited 8 people for testing to make sure their “redesign would work for everyone”…?
The process described in the article is literally just checking the boxes blindly for what passes for a design process these days. The guru's say interview customers so they have done just that without really understanding why. Given it's AI it's also possible the whole thing is entirely made up and someone just tweaked the design over an afternoon and shipped it.
As a user of an unsigned Firefox fork, Turnstile has ruined a moderate portion of the Internet for me. The way Cloudflare doesn’t think twice about eroding user freedoms, for the sake of a gate that can be trivially bypassed with solvarr or similar, is deeply disturbing. They are no longer a force for good on the web.
As bad as cloudflare is there is a reason people use it.
If you try and run a site that has content that LLMs want or expensive calls that require a lot of compute and can exhaust resources if they are over used the attack is relentless. It can be a full time job trying to stop people who are dedicated to scrapping the shit out of your site.
Even CF doesnt even really stop it any more. The agent run browsers seem to bypass it with relative ease.
I see people saying that a lot, but I use Zen which is a fork of Firefox and I don't think I've ever had an issue with Turnstile, at least not noticeably more than I had on mobile Chrome.
Isn't it the opposite? They allow you to still use it when it would almost certainly be better for cloudflare and the website behind then to just block you.
Will this also be accompanied by a global Turnstile outage like all the other Cloudflare services that get touched? If they end up vibeslopping the redesign like they did with this article, it may just happen.
Honestly the entire "redesign" just feels uninspired and poorly executed.
Another problem I have with it - they state that the red text was such a huge problem, but then their solution is to... Keep only using red? Why not, for example, make certain non-failure notifications yellow or some other color? Surely using other colors should at least be tested as a solution, right? The whole process seems bizarre to me
"Our Turnstile widget and Challenge Pages are served 7.67 billion times every single day. That's not a typo. Billions. This might just be the most-seen user interface on the Internet."
Or it might not
The majority of the traffic on the internet is from so-called "bots"
If a "bot" hits this "interface" does that count as being "seen"
The web's failing, its inability (unwillingness) to accept non-interactive use (no good for advertising), is Cloudflare's success
A strange thing to celebrate. MITM'ing the majority of the web for "security". Could there be a better way
Another source of amusement is the "You've been blocked" Cloudflare page showing the user's IP address and suggesting contacting the site operator might solve the problem
The truth is that sending an acceptable user-agent header value solves the problem
"You" are not being blocked (Cloudflare does not who "you" are), your IP address is not being blocked, the _request_ you sent was blocked because of crude heuristics
If a site operator wants a certain header value (why) then it should publish the list of acceptable values
Send another request with an acceptable header value and the requests succeeds. It appears "you" are not blocked, same IP address, same living, breathing, thinking person sending the request
I'm not to fire people usually but this long report shows that there are probably too many persons too well paid with nothing to do at Cloud flare.
Because that is a lot of energy spent too have done advance research for an UI that is basic (just a checkbox), not particularly great and common before and after cloudflare...
And a personal rant, I don't understand how they can be proud of themselves when you see the wasted time and energy supported by users to browse the pages that are being Cloudflare.
Imagine this billions of "click-wait" uselessely done by users everyday worldwide
We needed a new account on $MAJORSITE and we just could not get trough the captcha - I know, it's getting insane - In the end, we gave up, and just told $AI to make the account for us.
Something is going seriously wrong on the internet.
If this truly was written with AI it's really quite poor. Some of the employees at Cloudflare seem to be negligent tbh based off the fact they've been down so many times recently
I'm very vastly in a minority here, but I can't help but feel uncomfortable that the general internet is converging towards explicity verifying humanity and addressing everyone as human. I liked it a lot better when everything was agnostic - I'd verify "I'm not a robot", I'd interact with other "users", etc... "On the Internet, nobody knows you're a ribbon dog."
Now, websites ask me to verify "I'm human", networks and services are starting to address their users as specifically "humans", and discourse is almost always about whether something or other is written by a "human" instead of just not slop.
I get that reality is what it is, but it just feels icky.
> We recruited 8 participants across 8 different countries, deliberately seeking diversity in age, digital savviness, and cultural background.
> 5 out of 8 points versus just 3 for "I am human." For the verifying state, it was even more dramatic — 7.5 versus 0.5.
n × p >= 5? (Sample size and margins of errors. Is 5:3 even meaningful or is this rather random personal preference?) Apparent splitting of missing or inconclusive data points? (7.5 vs. 0.5 out of a total of 8 subjects.) What kind of (social) research is this supposed to be?
Starlevel004|2 days ago
I'm not reading this.
thorum|2 days ago
I do miss the days when technical reports were clear and concise. This one has some interesting information, but it’s buried under a mountain of empty AI-written bloat.
cocoa19|2 days ago
If I want AI slop, I'll gladly have a chat with my paid $20 bucks Gemini account.
tamimio|2 days ago
andrepd|2 days ago
Like this, its purpose is to fly under the radar unless your figurative ears are pricked up and primed to detect the telltale signs. Fuck this shit.
upmind|2 days ago
JadedBlueEyes|2 days ago
[0]: https://news.ycombinator.com/item?id=46781516
christina97|2 days ago
kingkongjaffa|2 days ago
mock-possum|2 days ago
KolmogorovComp|2 days ago
noplacelikehome|2 days ago
tempest_|2 days ago
If you try and run a site that has content that LLMs want or expensive calls that require a lot of compute and can exhaust resources if they are over used the attack is relentless. It can be a full time job trying to stop people who are dedicated to scrapping the shit out of your site.
Even CF doesnt even really stop it any more. The agent run browsers seem to bypass it with relative ease.
flexagoon|2 days ago
tick_tock_tick|2 days ago
sebzim4500|2 days ago
diath|2 days ago
Retr0id|2 days ago
bitpush|2 days ago
It doesnt .. look very new?
connorshinn|2 days ago
Another problem I have with it - they state that the red text was such a huge problem, but then their solution is to... Keep only using red? Why not, for example, make certain non-failure notifications yellow or some other color? Surely using other colors should at least be tested as a solution, right? The whole process seems bizarre to me
1vuio0pswjnm7|2 days ago
Or it might not
The majority of the traffic on the internet is from so-called "bots"
If a "bot" hits this "interface" does that count as being "seen"
The web's failing, its inability (unwillingness) to accept non-interactive use (no good for advertising), is Cloudflare's success
A strange thing to celebrate. MITM'ing the majority of the web for "security". Could there be a better way
Another source of amusement is the "You've been blocked" Cloudflare page showing the user's IP address and suggesting contacting the site operator might solve the problem
The truth is that sending an acceptable user-agent header value solves the problem
"You" are not being blocked (Cloudflare does not who "you" are), your IP address is not being blocked, the _request_ you sent was blocked because of crude heuristics
If a site operator wants a certain header value (why) then it should publish the list of acceptable values
Send another request with an acceptable header value and the requests succeeds. It appears "you" are not blocked, same IP address, same living, breathing, thinking person sending the request
greatgib|2 days ago
Because that is a lot of energy spent too have done advance research for an UI that is basic (just a checkbox), not particularly great and common before and after cloudflare...
And a personal rant, I don't understand how they can be proud of themselves when you see the wasted time and energy supported by users to browse the pages that are being Cloudflare.
Imagine this billions of "click-wait" uselessely done by users everyday worldwide
jiehong|2 days ago
jdprgm|2 days ago
hyperman1|2 days ago
We needed a new account on $MAJORSITE and we just could not get trough the captcha - I know, it's getting insane - In the end, we gave up, and just told $AI to make the account for us.
Something is going seriously wrong on the internet.
stevebmark|2 days ago
upmind|2 days ago
mock-possum|2 days ago
DavidVoid|2 days ago
swills|2 days ago
furyofantares|2 days ago
altern8|2 days ago
I can't be the only one.
It's slow and annoying, AI overview is good enough for me most of the times so that added time I bet makes websites lose a lot of visits.
hsbauauvhabzb|2 days ago
LoganDark|2 days ago
Now, websites ask me to verify "I'm human", networks and services are starting to address their users as specifically "humans", and discourse is almost always about whether something or other is written by a "human" instead of just not slop.
I get that reality is what it is, but it just feels icky.
masswerk|2 days ago
> 5 out of 8 points versus just 3 for "I am human." For the verifying state, it was even more dramatic — 7.5 versus 0.5.
n × p >= 5? (Sample size and margins of errors. Is 5:3 even meaningful or is this rather random personal preference?) Apparent splitting of missing or inconclusive data points? (7.5 vs. 0.5 out of a total of 8 subjects.) What kind of (social) research is this supposed to be?
cyanureworld|2 days ago
fleroviumna|2 days ago
[deleted]