The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I'm human?

That's hardly the Turing Test I'd expected.

    • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
      ·
      4 months ago

      Bank and government website behind Cloudflare???

      Fuck, I just checked, my bank is also behind Cloudflare, what the fuck..
      I kind of assumed a bank wouldn't put another company with ability to view all transferred data between customers and themselves.

      How much of the internet is not behind CF?
      I should probably try blocking their IPs and see what will still work.

    • invertedspear@lemm.ee
      ·
      4 months ago

      It redirects, it doesn’t proxy. The workflow is: user navigates to URL->DNS sends it to cloudflare->cloudflare ensures request is allowed based on selected rules (human check, geo check, DDOS check, etc) and remembers->request is redirected to non-cloudflare address->server response goes direct from server to user browser->subsequent requests are redirected without the test as long as the cookie remembers. I don’t like cloudflare, every time I have an issue pop up out of nowhere, it’s usually cloudflare and some over eager netsec engineer that broke CORS, or decided css wasn’t important, or that machine to machine traffic was a DOS attack. But it’s not reading your statements or anything else the server sends back. It could conceivably read your username and password and any other data you send in your request, but it doesn’t have the TLS certificate. So even though it doesn’t even try, if CF decided to be nefarious, as long as your banks engineers are at least somewhat competent CF is only getting encrypted data that it can’t do anything with. Hate on CF all you want, but hate it for the right reasons.

    • ayaya@lemdro.id
      ·
      4 months ago

      Yeah at least Google will let you in after you solve 5 puzzles. It's shit but it's possible. With CloudFlare you are at the mercy of whatever hidden criteria they're using.

      If you change your user agent from Firefox to Chrome for instance, CloudFlare will never let you through.

  • isolatedscotch@discuss.tchncs.de
    ·
    4 months ago

    https://blog.cloudflare.com/turnstile-private-captcha-alternative/

    TL:DR cloudflare made a new recaptcha which does some complex math and other stuff on your browser, which done once has no noticable effect but if someone were to scrape websites at an absurd speed it slows everything down significantly.

    this is not only cool because you don't have to manually solve the captcha, but also because it allows for low-speed scraping to be feasible, with tools like flaresolverr

    • newerAccountWhoDis [they/them]
      ·
      4 months ago

      Thanks for being the only person in this thread who doesn't joke or talk out of their ass order-of-lenin

      Quite interesting really and a genius solution (it they don't lie about not stealing your data)

      • Treachery4524@lemmy.ml
        ·
        4 months ago

        Didn't the Soviets see geniuses and other intellectuals as a danger to society during the time this award was given out? Or are there incidents where this was given to scientists as well? I know you're probably joking, but when I suddenly encounter Lenin's head being used in a positive manner I have to look twice.

  • communism@lemmy.ml
    ·
    4 months ago

    I always fail Cloudflare captchas because I'm clicking it with Vimium-C lol. I hate captchas for making me reach for my mouse. It also seems like a genuine accessibility issue if people who cannot use a mouse can't pass a captcha.

    I've found that Google's reCAPTCHA has also started rejecting me no matter what I do. I think it might be because my IP address is a VPN, but that's pretty stupid; if I can pass the test by clicking the squares why not let me in?

    • LaGG_3 [he/him, comrade/them]
      ·
      4 months ago

      I think it might be because my IP address is a VPN, but that's pretty stupid; if I can pass the test by clicking the squares why not let me in?

      They want your tasty IP data

      • emberpunk@lemmy.ml
        ·
        4 months ago

        That's when I just use another search engine.

        Reddit blocks VPN and won't let me in. OK bye reddit too lazy to turn off VPN ffs

  • The_Walkening [none/use name]
    ·
    4 months ago

    The timing of the click captcha loading is randomized and it probably is looking for human-ish cursor movement? (Like you're probably moving your hand in imperceptibly small ways that are difficult to replicate). Clicking before it loads and doing it repeatedly probably triggers detection.

    • tetris11@lemmy.ml
      ·
      4 months ago

      I used to think it was timing based, but now leaning on the idea that it just performs more fingerprinting in the background: user agent per ip pool, canvas or puppeteer checks.

    • Paradachshund@lemmy.today
      ·
      4 months ago

      This is correct. Those captchas are tracking everything they can and comparing it to other results to try and figure this out. Mouse movement, delay before you click, everything.

  • wuphysics87@lemmy.ml
    ·
    4 months ago

    Humans have mouse movement that, on August 8, 2024, are very hard to reproduce. But just like regular captchas we are just teaching computers to do the same thing.

  • Magnetic_dud@discuss.tchncs.de
    ·
    4 months ago

    Cloudflare knows almost everything done from your IP address because they're used by the majority of websites. And some websites are using a cloudflare signed TLS certificate so if cloudflare wants, can see the content of the communication instead of an encrypted package

    So they know if you have a human behavior (visiting many different websites at human speed and having rests during sleeping time) or if you have a bot behavior (sending millions of requests to the same endpoint at superhuman speeds)

    • Melatonin@lemmy.dbzer0.com
      hexagon
      ·
      4 months ago

      Listening to me talk about that birding hat I want to buy, checking thru Amazon to see if it's on my wishlist.

    • keepcarrot [she/her]
      ·
      4 months ago

      If I was walking in a desert and saw a tortoise on its back, struggling to get up, and I was not helping it

  • davel [he/him]@lemmy.ml
    ·
    edit-2
    4 months ago

    01100011 01101100 01101111 01110101 01100100 01100110 01101100 01100001 01110010 01100101 00100000 01110000 01110101 01110100 01110011 00100000 01101101 01100101 00100000 01101001 01101110 00100000 01100001 01101110 00100000 01101001 01101110 01100110 01101001 01101110 01101001 01110100 01100101 00100000 01101100 01101111 01101111 01110000 00100000 01110011 01101111 01101101 01100101 01110100 01101001 01101101 01100101 01110011

    • Black_Mald_Futures [any]
      ·
      4 months ago

      They're literally using captchas to train AI, that's why you have to identify 50 ffucking bicycles and fire hydrants sometimes. I'm pissed off at all the fucking free work I've had to do just to log in to shit

      • keepcarrot [she/her]
        ·
        4 months ago

        Does this box with a sliver of bicycle handlebar count as containing a bicycle?

      • interdimensionalmeme@lemmy.ml
        ·
        4 months ago

        Which movie is that ? While waiting your reply I asked chatgpt

        Please write movie script where humans continue to evolve in an environment where their reproduction and evolution is mediated entirely by the solvibg of captchas. They have become one with machinegod, just a vestigial appendage so scratch an itch that the machine cannot satisfy any other way.

        https://chatgpt.com/share/fae8c7fc-df78-462e-9922-9d976a182bd8