The author was blocked from accessing a work website due to issues with Cloudflare’s browser integrity checks. Despite having credentials to prove his identity, an attempt to bypass the checks by disabling fingerprinting in Firefox resulted in Cloudflare blocking all access. He could still access the site on Chrome, showing the block was based on his browser configuration. This left the author unable to complete important work tasks and questioning how much control individuals really have over authentication in an increasingly centralized web ecosystem dependent on remote attestation. It highlights the need for transparency and user agency in how identity verification is implemented online.

  • tiwenty@jlai.lu
    link
    fedilink
    arrow-up
    25
    arrow-down
    1
    ·
    1 year ago

    I hate it when in selfhosted circles they recommend CF. Why in hell would you want to be tied to them when you are wary enough to selfhost ¯_(ツ)_/¯

    • redcalcium@lemmy.institute
      link
      fedilink
      arrow-up
      18
      ·
      edit-2
      1 year ago

      It’s popular because many people don’t have static IP, behind a CGNAT, or simply don’t want their residential IP address exposed, so their option is either use a vps as a tunnel (cost money) or use cloudlare tunnel (free). Obviously the free one get more use.

      • tiwenty@jlai.lu
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        I totally understand the appeal. But I don’t usually see people explaining the drawbacks and alternatives. Only a plain and simple “just use CF tunnel” for instance.

    • bob
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Who would you recommend as an alternative DNS provider?

      • tiwenty@jlai.lu
        link
        fedilink
        arrow-up
        7
        ·
        edit-2
        1 year ago

        Tbh I don’t think as a DNS provider they are too bad, it’s pretty simple and one or another will do the job. I was more thinking about the techs talked in the article, or features such as tunnels and all.

      • Scary le Poo@beehaw.org
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Use a pihole with unbound so that you become your own DNS. It’s waaaay better and it’s easy as hell to set up. You don’t even need a raspberry pi. It can be set up using in windows using wsl.

        https://github.com/DesktopECHO/Pi-Hole-for-WSL1

        If you have an old spare computer that can be left on all the time, you could set it up on that computer and point your router DNS at it so your entire network benefits from it.

    • upstream@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Someone I know who works in payments told me they had to go to CF because of the insane amount of DDoS attacks they were facing.

      While having three ISPs and mitigating a boatload of DDoS on their own infrastructure they were simply unable to cope with the persistence.

      They first tried another provider, but they handled less DDoS than their own internal systems.

      Cloudflare wasn’t even sure they wanted them as a customer.

      Some of the biggest attacks mitigated by Cloudflare last year (they wrote about it) was this client.

        • upstream@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Depends on what you mean by self-hosted. Because basically they are. No cloud providers meet their security requirements (required for their level of PCI certification).