No. Imma kick this fuckers ass.
Evolving Together: Redefining Mozilla in the AI Era
Conversation
Notices
-
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:24:56 JST 
`Da Elf
-
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:24:54 JST 
feld
@kajer @elfin
> But, because cloudflare blocks waterfox as a bot browser...
How are they fingerprinting it? Isn't it just the user agent? I don't understand why these Firefox forks use a different user agent. It provides zero value if websites don't need to serve you different content to render correctly -
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:24:55 JST 
kajer
@elfin Lol, the press release even has a big quote from the article interrupting it's own article.... useless.
Fucking AI and ADs... Just... no.
But, because cloudflare blocks waterfox as a bot browser... what are you going to do about it consumer? That's right nothing. 🖕
-
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:35:25 JST
feld
@elfin @kajer I don't believe Firefox implemented the new mechanism that Safari has (Private Access Tokens // Privacy Pass)
https://blog.mozilla.org/en/privacy-security/captcha-successor-privacy-pass-has-no-easy-answers-for-online-abuse/
CloudFlare has supported this in Firefox and Chrome via an extension since 2017. I wonder if installing that in your browser is enough to make the problem go away?
https://privacypass.github.io -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:35:26 JST
`Da Elf
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:35:27 JST
kajer
IIRC WaterFox, PaleMoon, and some others just don't support some of the "features" that cloudflare was using to fingerprint. There was a HackerNews thread on it a while ago.
Cloudflare just went "oopsiewhoopsie" and basically said to pound sand since nobody uses those browsers anyway. (heavy paraphrasing, and witnessing their actions)
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:35:27 JST
kajer
@feld @elfin
this seems like the thread I remember... https://news.ycombinator.com/item?id=31317886They "fix" it then block everything a week later anyway...
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:36:36 JST
kajer
@mkljczk @feld @elfin Fully agree, but the browser print should not be a factor in a place like cloudflare blocking traffic because it "might be a bot"
-
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:36:36 JST
feld
@kajer @mkljczk @elfin I want to agree with you in pricipal but it's not matching reality.
User agents are still one of the best ways to stop lazy abusers dead in their tracks. -
Embed this notice
Marcin Mikołajczak (mkljczk@pl.fediverse.pl)'s status on Tuesday, 25-Feb-2025 08:36:37 JST 
Marcin Mikołajczak
@feld @kajer @elfin and the user agent makes the fingerprints of 'private' forks users more unique… -
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:41:43 JST
feld
@kajer @elfin @mkljczk that only works for simpler systems than Cloudflare; it's also very easy to fingerprint the TCP handshake and TLS behavior to figure out if it's curl/wget as well as every OS/kernel and TLS library does it slightly differently -
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:41:44 JST
kajer
@feld @elfin @mkljczk Right, so I'll just replace my wget script's agent with safari/chrome and bypass the whole charade, making the user agent field a farce
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:51:48 JST
kajer
@feld @elfin @mkljczk Point being, just because I choose to use WaterFox, doesn't mean Cloudflare determines how much of the internet I get to see.
-
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:51:48 JST
feld
@kajer @elfin @mkljczk Cloudflare literally exists to make sure that they only serve requests to blessed clients. Anything that appears slightly abnormal is denied for security reasons.
We can agree all day about the morality of this and how it is an affront to the design of the internet and a direct assault on free software and freedom of choice for users, but that doesn't move the needle.
The bad actors ruined this for us all and Cloudflare fulfills an important role for many businesses. These businesses are not going to lose any more money than what amounts to a rounding error because some people using a Firefox fork couldn't visit the website.
Unfortunately a lot of the internet that has no business case to use Cloudflare other than their DDoS protection get caught up in this. I would say we need to educate them to stop using Cloudflare but what are the realistic alternatives?
Look at what happened to Codeberg recently -- tried to not use Cloudflare as an ethical choice and got taken down by a pretty small attack.
On the modern internet you better have more bandwidth than your attackers or a good DDoS protection service.Johnny Peligro likes this. -
Embed this notice
Pissed Hippo (sun@shitposter.world)'s status on Tuesday, 25-Feb-2025 08:53:28 JST 
Pissed Hippo
@feld @kajer @elfin @mkljczk I hate it too but cloudflare's policies probably match reality closer than my desires. at the end of the day cloudflare was created in response to real problems even if I hate the "solution" feld and Johnny Peligro like this. -
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 08:54:22 JST
kajer
feld likes this. -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:56:12 JST
`Da Elf
IRC
feld likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 08:56:35 JST
feld
@elfin @kajer @mkljczk I'm papering over the excellent (horiffic) role they play for 3 letter agencies in capturing encrypted traffic of like half the entire US internet as well haha -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 08:56:36 JST
`Da Elf
Oh fuck.
We gonna play this?
-
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 09:13:48 JST
feld
@elfin @kajer @mkljczk wow you hacked the bell back in the day to erase billing charges? haha
man that's such a great story, props to you for living out my Hackers fantasies -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:13:49 JST
`Da Elf
BBS died.
I learned to hack SysV and trashed AT&T to keep my mom from getting thousand dollar bills.
Walking back isn't possible.
My friend David passed
He wrote this series (I'm two hundred meters where he used to be CTO .. crunchy)
-
Embed this notice
kajer (kajer@infosec.exchange)'s status on Tuesday, 25-Feb-2025 09:13:50 JST
kajer
@elfin @feld @mkljczk EFNET is dead. I have been idle in the neg9 room for years, only ever seeing chanfix do it's thing. :(
-
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:24:53 JST
`Da Elf
* " invented free Wi-Fi this is my gift to folk.
Cloud storage, invented that as well.
I have my moments.
feld likes this. -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:24:58 JST
`Da Elf
@feld @kajer @mkljczk
Ma Bell can kiss my skinny white ass.SS7
feld likes this. -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:30:28 JST
`Da Elf
Not exceptional.
Look.
Taking a line is Easy Peasy.
Frustration is that shit fucks can't understand that they're exposed.
This is the world I live in.
Crap, that.
Wanna talk about China or NorK or everything else I gotta fight with?
I don't get paid for this.
I like to fight.
Wallow with a pig, you get dirty and the pig likes it.
feld likes this. -
Embed this notice
feld (feld@friedcheese.us)'s status on Tuesday, 25-Feb-2025 09:34:14 JST
feld
@elfin @kajer @mkljczk I'm too lazy to do the captions, but in this photo you're the one digging and we're all just watching in amusement -
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 09:34:16 JST
`Da Elf
@feld @kajer @mkljczk
My ex wants me to dig up half of California.Joy
I'll do it because it amuses me.
-
Embed this notice
`Da Elf (elfin@mstdn.social)'s status on Tuesday, 25-Feb-2025 10:07:52 JST
`Da Elf
feld likes this.
-
Embed this notice
All GNU social JP content and data are available under the