Locked threads without a solution

Last month is ancient? Now I really feel old…

You’re right, it’s specific targeting. As you said, it’s not “web standards” or “ancient versions.” Your own post paints a very clear picture of Cloudflare’s targeting, yet you continue to defend them just as rabidly as we’re defending our browsers of choice.

First, hCaptcha has nothing to do with this and your bringing it up is disingenuous at best.

Second, I have NEVER had an issue solving hCaptcha with Pale Moon that wasn’t self-inflicted with an addon. Even reCaptcha works in a clean profile in Pale Moon. This latest “incompatibility” is SPECIFIC TARGETING of the Pale Moon browser or its render engine by Cloudflare. As you pointed out, all of those other “ancient” browsers pass while Pale Moon fails. If it’s not specific targeting of Pale Moon or its render engine specifically, please tell us what it is about that browser that makes it fail or get us in touch with someone who can.

We’re only here because of a lack of support by an unresponsive company that is currently engaged in what is effectively a man-in-the-middle denial-of-service attack on a large chunk of the internet. I would much rather be dealing with Cloudflare engineers in their support ticketing system where my issue could actually get resolved. Instead I’m here feeding a troll because I seem to have nothing better to do with my time.

An action is either accidental or purposeful. Cloudflare knows about this issue and has not corrected it, therefore it is purposeful. A purposeful action with a negative outcome is malicious. Therefore Cloudflare’s action is malicious. That is a statement of fact and stands as a fact until you (or someone else) can present clear evidence that Cloudflare either doesn’t know this is happening or is currently making a good faith effort to correct the issue.

I don’t believe Cloudflare has so far done anything that is actually criminal, regardless of how much we all wish what Cloudflare is doing actually was criminal. So, yes, I agree, “criminal” to too strong of a word at this point.

As you can see this is a genuine issue that is impacting lots of users, so let’s get the issue resolved then!

I was working with @cloonan , then you came in with your negativity and the thread devolved from there. You’ve so far made every attempt to derail this thread and absolutely no attempt whatsoever to constructively work toward a solution. (“Use a different browser” is NOT a solution.) I have asked repeatedly for contact information such that I could take this issue to a more appropriate place and have yet to receive it. (I would accept having said contact information handed to @moonchild so that he can modify the browser so it passes the checks, but that hasn’t happened either as far as I’m aware. I’d actually prefer that as everyone would benefit.) You have failed to respond to any section of my posts where I call out inconsistencies in your posts. (For example, you have yet to tell me how sending the native user agent, which makes no reference to Firefox, is “spoofing” the user agent. You have yet to tell me why Chromium including Safari in its user agent isn’t spoofing and why it’s allowed when Pale Moon including Firefox is not.)

Based on the preponderance of the evidence of various forum threads, Cloudflare is specifically targeting Pale Moon or the specific feature-level of the render engine it uses. You appear to be running interference for Cloudflare on this forum, possibly in an attempt to get a mod to close the thread. (Which would likely just get re-created by someone else now that there are a number of people watching it. Streisand Effect anyone?) I don’t know why all of this is happening, but it is. The only thing we want is for Cloudflare to stop attacking us, or, at the very least, tell us why we’re being attacked and what we did to justify such an attack.

So are all enterprises that provide deep packet inspection to any company. Being passive-aggressive in the community will only get further posts closed or ignored. Let’s move on.

No, it’s not.

The issue isn’t the user agent or Cloudflare targeting your browser. I can’t spot exactly what might be triggering the challenge; however, some websites didn’t seem to load correctly while using pale moon (while working fine in Mozilla, Chrome, and other vendors).
Some websites went as far as crashing the entire browser.

The odds are that something on Pale Moon is being flagged while solving the JS challenge. It could be anything, from the rendering engine to the JS engine.

The browser itself isn’t blocking anything nor seems to perform any spoofing that you’d expect could trigger this behavior; however, since its acts differently on many websites (either APIs that are not supported or just a different rendering engine); it’s likely triggering something on the JS Challenge.

The feature that causes errors isn’t the Browser Integrity challenge; this one passes just fine; the JS Challenge or CAPTCHA Challenge are causing issues.

Thus being said, I agree that the differences your engine has are not a valid reason for the browser not to pass the JS Challenge, the security team would have to evaluate why the browser is being challenge and determine how they want to solve the issue and whether if it imposes a security risk or not.

Thanks for looking into this.

Could you please provide a list of those websites? If nothing else @moonchild could use the list to improve compatibility. The browser crash should be addressed at the very least.

Huh. So there actually is a side-channel leak in the BIC fingerprinting. I always suspected the browser was passing the BIC due to how long each loop took based on changes to various things that would change the fingerprint. Passing caused a quick loop, failing caused a long delay between loops. Very minor information to be sure, but it’s not none as it should be. The loops should take the same amount of time regardless of pass or fail.

Its quite telling that Cloudflare community managers are closing that issues pretty soon. Nothing other than that to be expected from a company who is in partnership with Google and helps with their new anti-competitive and discriminating browser locks that Chrome is even more widely adopted and in return receiving tons of money from Google.

A symbiosis of utter evil with all alternative browsers who are affected by the devious Cloudflare web-standards/drafts feature detection as collateral-damage.

The right to decide which browsers are allowed to visit a page and which standards or drafts are required to watch a page properly has NOT to be decided by Cloudflare and ONLY by the web page owners in question. Anything other than that is straight forward abusive in an intentional way.

Wondering how many millions of Dollars Cloudflare receives for supporting this

and even more for advertising Google Chrome with monopolistic anti-competitive browser locks over this “integrity/security check”

Jesus tap dancing Christ… you two are such chuckleheads that after being interested in the underlying problem initially your decision to attack Cloudflare as though they somehow intentionally did this caused me to ignore the progression for days…… and now here we are.

This is a community forum you twits. Community as in volunteers trying to help. Not experts on everything under the sun, people trying to help and your choice is to go full raging moron. :slow clap:

Well done. I have tagged the product managers in a private communication to let them know there might be an issue and asked them to investigate. Please do the rest of us a favor and shut up now.


Thank you.

This kind of negative trolling is why, from the start, I was trying to get contact information for someone who actually works at Cloudflare. This forum is not the proper place for this issue, but Cloudflare has made it the only place I could report the outage.

Nothing would please me more than not having to use this troll-infested community forum. If someone would provide the contact information I’ve been begging for, or perhaps get Cloudflare support to actually respond to either of the tickets I submitted (#2441081 and #2441091), I’ll no longer have a need to visit this place. Everyone wins. :grinning:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.