Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Cloudfare wants me to solve a capcha to access the site (firefox). Amazingly, if I turn off ublock origin, the capcha solves itself.


It's regrettable that this is current state. Google equates a login and recent activity with them as being a "legit person". Anything short of that means you're a malicious bot. The traffic dominance of Cloudflare and Google deserves some real independent scrutiny.


That's an interesting thought: If Cloudflare didn't exclusively use Google to determine if you're a human, I wouldn't mind them nearly as much.


they don’t. they also have their own cloudflare “token” thing. can’t remember the name of it right now.

found it: privacy pass


Being asked to install arbitrary code to run in browser extension privileged context is perhaps one of the only things they could have done worse than google's captcha.


For what it's worth, the extension is open source: https://github.com/privacypass/challenge-bypass-extension


And does not work almost always.


Is it more important to actually stop bots or to deter kiddies by showing them captchas?


I'm getting the same thing (residential IP on a major home ISP, no weird VPN or Tor exit node / SMTP relay / any reason to have poor IP reputation). I have recently logged in to Google, so it's not that. I checked the console and noticed a warning about a cross-site request to a 3rd party Google attempting to set a cookie and that this behavior would be dropped in future versions of Chrome. I wonder if this is uBO blocking 3rd party cookies.


Chrome + uBlock Origin + uMatrix here, and no captcha.

The third-party cookie warning in the console is just a deprecation warning, it's not blocking them yet.

You can enable the flags to block thrid-party cookies right now in chrome://flags by searching for "cookie".


Are you on cgnat by any chance?


No.


Firefox + ublock origin here, no captcha.


Same here. Firefox (RFP enabled) + ublock origin + VPN + Cookie autodelete (so no google cookies) and no captcha. I suspect it's mostly based on IP reputation.


Are you logged into Google, or have been recently?


Yes I have an active google login. It's a sad state of affairs if that's the deciding factor.


I'm not logged in to google (I only logged in to google on chrome and use firefox for personal browsing) but I do have Privacy Pass extension installed. I haven't see cloudflare captcha for a long time ever since I installed Privacy Pass.


I have an active google login also.

I wonder if it was the fact that I'm running firefox on FreeBSD.


Chrome on FreeBSD here (I got the captcha as well); could be some kind of user agent test that trips on anything that isn't the big 3.


That was the case for me 2 weeks ago. I didn’t even get a captcha.

https://news.ycombinator.com/item?id=22109969




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: