They get shit on a lot here. Why? What do they do and how is that different from other companies that offer similar services?

What I know of them: they offer DDS brute force/spam protection for websites.

  • @Limonene
    link
    2611 months ago

    Cloudflare seems to incorrectly classify my Internet connection, which is a residential Internet connection going to my house, as a datacenter connection or VPN or something.

    Many websites that use Cloudflare give me endless captcha forms. As soon as I solve one, it demands another, and never lets me access the website.

    Sometimes I solve one captcha, and then it says I’m blocked forever for sending automated queries, even though I filled it out correctly. The error message is: “You are blocked.”

    Sometimes it lets me in after one captcha, but I still resent having to enable Javascript for these assholes just to access a site that doesn’t otherwise require Javascript.

    Sometimes Cloudflare adds extra security to certain pages, just for me. The developers of the website didn’t program it to handle this extra security, so the site fails for just me, and the site developers don’t believe me, telling me I have a browser problem (in three different browsers, which I can fix by using a proxy). For example, when the site’s javascript has my browser to do a CORS operation, the first step is the browser sending an OPTIONS request. However, the extra security of the proxy introduced by Cloudflare responds slightly differently from the actual website, so the site breaks.

    Cloudflare uses a holistic approach to deciding whether you are a legitimate user or a bot. In other words, they use every single possible piece of data they can get on you, including tracking your visits across other Cloudflare sites. They do discriminate against certain user-agent strings.

    Cloudflare completely blocks many Tor users, even from having read-only access to a site.

    When you ask Cloudflare why your IP address is blocked, they falsely claim that it’s a setting created by the website admins. I strongly suspect that this setting is something like “use Cloudflare™ Adaptive Security™” and probably doesn’t explain to the site admin that they’re blocking large quantities of innocent users.

    Cloudflare has previously used Google Recaptcha, which has a ton of problems (tracking, accessibility, training AIs that will make my life worse).