1. 5
    1. 14

      You should. It’s terrible for Tor users, making them complete a couple of annoying CAPTCHAs every 5 minutes.

      1. 5

        Oof, yes, and quite often the reCAPTCHA submission just doesn’t work at all, making the site impossible to enter over Tor even by well-meaning humans.

        1. 3

          I’ve never managed to complete the reCAPTCHA through tor.

          1. 1

            You might need to disable your ad blocker.

            1. 2

              I’m not sure that is the problem. Disabling javascript is the most likely culprit. But you have to be insane to enable Javascript on tor.

              1. 2

                But you have to be insane to enable Javascript on tor.

                Because of WebRTC reporting the local IP? This demo doesn’t work with Firefox using Tor as a SOCKS v5 proxy: https://diafygi.github.io/webrtc-ips/

                Neither does http://ip-api.com/

              2. 2

                This is coming quite late, but I’ve found myself unable to get reCAPTCHA to acknowledge my completion of the task even with JavaScript enabled over Tor.

      2. 4

        IIRC it’s possible to configure it to not do that. But the awful defaults are there and very few people change them.

        Also, “they are making the whole internet more centralized” is a concern.

        1. 2

          IIRC it’s possible to configure it to not do that. But the awful defaults are there and very few people change them.

          It is, for Cloudflare customers: https://support.cloudflare.com/hc/en-us/articles/203306930-Does-Cloudflare-block-Tor-

          But the fundamental problem is that they don’t differentiate between IPs used by many users (VPNs, Tor exit nodes, etc.) and they rely on profoundly broken algorithms to decide which IP needs to be hindered. They’ve been doing that for years, so maybe it’s time for a large scale boycott.

          1. 3

            It’s much worse than that. I have the same static IP in a datacentre for years, and they block me from many sites, completely ignoring the fact that noone from my IP has ever scraped or attacked them, and I’ve solved a countless number of their captchas over the years, too.

            Also, their captcha relies not just on JavaScript, but on User-Agent string, so, it never works for me. So 1999 to still be using UA strings to determine capabilities or access!

            Some of CloudFlare competitors are even worse, though — Staples.com is 100% down for me, for example.

            But what annoys me most about these companies is that not only do they block my legitimate access to the content of their clients, but they then lie to their clients that my attempt to access the site must have been a bot that they’ve successfully blocked — such an invaluable service!

      3. 2

        Not only for Tor but also for most VPN users. Besides that reCAPTCHA is not working reliably, you sometimes get prompted with bizarre captchas, e.g. draw a border around some object (try to do that with a poor touchpad).

    2. 9

      Why do people think that CDN infrastructure should be radically neutral? Access to the internet does seem increasingly equivalent to free speech, but does that equate to a right to access other people’s syndication systems?

      EFF quote: “Because Internet intermediaries, especially those with few competitors, control so much online speech” – eh? No one is stopping anyone from hosting their own content, and it’s not even hard. You don’t need a CDN to exercise speech. You need a CDN to reach a broad consumer audience. Granted I’d feel a little different if their ISP pulled the plug on them, but that’s not what we’re talking about.

      1. 3

        I’m actually way more concerned about the fact that DNS (which is a government-operated system) is gated behind the arbitrary control of private registrars, who have recently used that control to censor people. The ideal solution is to switch away from centralized DNS (a la namecoin), but until then there should be rules preventing denial of access to this public system.

        1. 1

          there should be rules

          Enforced by whom? How would the trans-national procedures look?

    3. 6

      The author decided to stay with Cloudflare because the CEO arbitrary decided to kick a neo-nazi website off one morning.

    4. 0

      I think there’s a line to draw. There’s lots of different opinions out there we can protect. A tiny, tiny, tiny slice of them is in favor of enslaving or murdering other people. Both of those actions are illegal under U.S. law with one specifically banned by an Amendment to the Constitution. So, we start with saying service providers might censor a site promoting illegal or harmful activity. Your mention of Cloudfare sounds like this is a new thing but it’s been going on forever in other areas (esp copyright).

      From there, we might wonder about where to draw the line for censorship of illegal activities. Many laws might be considered unjust down the line after we’ve reformed them. A certain amount of lawbreaking or civil disobedience often happens to cause those reforms. At the least, people encouraging resistance to those laws or change might be protected. We can still draw the line here between advocating illegal acts that are obviously harmful (i.e. white supremacists dominating or killing other races) or that are debatable in cost-benefit (eg healthcare policies, affirmative action). We censor the first since there’s no such thing in being neutral if their movement just needs the spread of information to grow. If you’re spreading it, you’re supporting them indirectly. I’m not for legal liability for telecoms on that or anything but certainly let them cut off those advocating hate if they choose not to spread it.

      1. 6

        Legality is not a good standard on which to base moral judgments like “which opinions are acceptable”. You should absolutely be able to express opinions in favor of things that are illegal, or else it would be impossible to argue against an unjust law. It’s critically important that people are free to endorse murdering people (cf Against Murderism) or whatever other crazy opinion they have that would violate the law if followed through with. Being gay used to be illegal, black people and women voting used to be illegal, etc. etc. You can’t predict a priori what people are going to think should become legal in the future.

        1. 1

          I said that already. I just made an exception for people promoting things that almost everyone considers harmful with no benefit. They can always run their own server on the network if the greedy ISP’s or Tier 1’s will have them. They can broadcast over the radio. They can do demonstrations. They have plenty of freedoms.

          I just think private providers should be able to censor them if their message is only hate and harm. Ironically, directed at many of the same kinds of people working to develop or run the very devices and services they’re using to spread their hateful message. Also, the same kinds of people who would be negatively impacted by people acting on that message ranging from unemployment to slavery to death. I mean, we really expect Cloudfare workers to help people try to fire, deport, or kill them? I wouldn’t.

      2. 4

        Also keep in mind that we’re talking about businesses, not the government. The 1st amendment does not apply to businesses. Just because the gov’t can’t jail a person for advocating for ethnic cleansing doesn’t mean that businesses can’t refuse service to that person. Free speech doesn’t mean freedom from consequences.

        1. 1

          This is true, but I wish people on the left consistently applied this standard, such as when the issue was baking wedding cakes for gay weddings rather than providing access to critical public infrastructure.

          The moral notion of free speech is also separate from the specific legal protections on free speech present in the US. I believe that businesses should abstain from political censorship, but I don’t think they should be legally required to do so.