I then tried in Firefox and only got the delay mentioned in the article.
Note that I am also browsing via a VPN.
Except back then when you suggested alternative browsers, people were generally receptive once they saw the practical utility of features like tabs. Now when you suggest alternative browsers, people complain about tens of milliseconds more latency and insist on using Chrome for the speed. It's hard to blame them though, since the practical advantages of Firefox are slipping away as Mozilla focuses on more abstract advantages, like privacy, freedom, etc. Noble causes to be sure, reason enough for me to continue using Firefox even if it were a hundred times slower. But I think most people are looking for practical advantages; Firefox usage continues to decline and I don't have much hope for these trends turning around anytime soon.
Based entirely on propaganda from the one company that is rapidly taking control of the whole Internet.
Mozilla marketing focuses on that. Mozilla development still uses opt-out telemetry, experiments on users without consent and they still have Google Analytics on their websites.
I know that the internet is full of idiots and criminals. If they protect their service it's my benefit. It costs me maybe 2-3 seconds every morning, but then there will be 1000s of requests during the workday. If each of them were 0.1 seconds slower because their servers deal with nonsense my user experience would be much worse.
(I have no idea whether keeping cookies or using a different browser would avoid the visible challenge. I just don't care.)
Edit: I would really hate it if I had to do free Google captcha labor. Or fill the AWS one which always takes me 3 attempts to get it right.
Safari needs to implement the standards and offer decent performance, adding on top of that very good integration with the OS and it should win on Apple OSes.
Also Apple users please demand Apple to sacrifice a bit of their profit and offer web developers some way to test their websites/code on Safari(including Betas for free) , either by providing test virtual machines images or some Web Based service. Safari Beta not only requiers you have Apple hardware and OS it requires you update to latest version (you maybe don't want to be forced to latest version).
Effectively, in this case allowing competition will permanently destroy the open web.
Then later Apple decided to change iPad browser to pretend is a desktop, this broke my checks and instead of the 2D version the iPad users got the broken 3D version. But finally the broken WebGl was released on Apple desktops/laptops so now everyone using Safari gets the 2D version.
What we need is a way to test Safari the stable and the Beta, I can find bugs, the guys that made the WebGl library find the bugs before the browser is released etc.
What non standard API only Chrome implements and evil web developers want to use?
Two things:
1. Feel free to look at the wide litany of garbage security and privacy holes Google has added to Chrome that are only supported by Chrome forks, which Mozilla and Safari have both publicly declared they will not support.
https://mozilla.github.io/standards-positions/
Mozilla has defined 24 items as "harmful", and that's a good start at bad ideas Google has shoehorned into calling "the web". Who wrote... basically every single harmful spec? Oh, the adtech company that is allowed to also make a web browser.
2. You're also just not understanding the problem. It doesn't actually matter what web developers want to use and don't want to use. Web developers are, and I'm sorry to insult a bunch of HN users here, really lazy. If they can demand people switch to Chrome, they will. In fact, they often do even when the website works fine everywhere else.
Next time you hit a Chrome-only user-agent check in Firefox, tell your browser to lie about the user agent and you'll probably discover the site works fine. I constantly see companies tell us their products "aren't supported" unless you use Chrome, even if they work fine in Firefox, and the issues we call about aren't caused by the browser, and can be duplicated in Chrome.
Right now, the only reason far more web developers aren't pasting Chromium checks into every single page, is they have to support Safari anyways, because they can't lose the iOS market. But as soon as it's possible for web devs to force users to install Chrome to continue on iOS, they will. And at that point, Google really doesn't need to pretend it cares about web standards anymore anyways, because alternative engines will already be dead.
Ah, Google isn't Microsoft, and that do no evil stuff.
I test my stuff in Firefox and Chrome, can't check Safari or Safari Beta so if you really want more support for Safari you need to ask Apple to sacrifice a bit of profit and give developers virtual machines or whatever web service to be able to test their code.
But if you are honest with yourself you know the exact reason why Firefox is not allowed to be an option on iOS and the answer is simple, profits and sure a company is obligated to max out profits.
And Apple has the option not to ship in EU when there will be a browser selection law as for Microsoft Windows.
If you are honest you would know that most users only have 2 mobile OS options, they don't have granular options like "I want an iOs with privacy of iOS, freedom of Linux and design of GNOME , users have a choice form 2 big pile of shit and they need to decide the one that stinks less.
https://gs.statcounter.com/os-market-share/mobile/europe
Random wishes on HN and actual laws aren't the same.
And Apple will always have the option to follow the law or not sell stuff in EU, we demanded the industry to use same charger for devices (before even same fucking company could have different chargers) and we got it, we can do the same for browser options, payment options if our democracy wants it, but Apple could protect US citizens and not allow them to install alternative browsers and stores, then in 10 years we can compare numbers and see who was right - though I am expecting the answer "US is special, is big and the density and the diversity, something that works in EU will not work in US)
While we can’t comment on the specifics of any customer configuration, we do not block or challenge Firefox by default—either with our Bot Management products or with any other L7 security controls.
You can confirm this by signing up a free zone and making a request from Firefox.
That is, you're not saying "Firefox doesn't change the scoring at all", right?
0: https://developers.cloudflare.com/bots/concepts/bot-score/
1: https://support.cloudflare.com/hc/en-us/articles/200170056-U...
You’re right, this is a form of harassment, and it needs to be recognised as such.
I used to work there, and there wasn't a global "do this for this browser" (except for a little bit to reduce annoyance specifically for the Tor browser).
It is almost 99% certain to be a site operator firewall rule based on the browser user agent. This may even be accidental, they may have been hit by an aggressive bot using a UA string that matches Firefox and the site operator may not even realise they've done this (if they use Chrome, which is likely).
I'm a Firefox user and I'm used to this treatment at every step of the way, no matter if it's about software, airports, opening a bank account so I can receive a salary, etc. Fundamental things everyone wants to do are being made hard to do the right way. It's always anti privacy, anti self repair, anti longevity/sustainability, anti user freedoms, anti whatever we ideally want in this world. Of course using Firefox is now suspicious.
It's an open source extension available for Chrome and Firefox. It allows to privately identify you're human, and is the process of going through IETF standardisation, so hopefully someday you won't need to install an extension for it. After you complete a captcha once, you won't need to do it again for a long time.
I'm not happy about installing extensions just to view some websites, but it'll make things less painful
1. https://privacypass.github.io/
2. https://support.cloudflare.com/hc/en-us/articles/11500199265...
1. https://privacypass.github.io/
> Deanonymizing yourself just to appease cloudflare is not a valid solution
I'm not claiming it is a valid solution, I'm just sharing a possible workaround.
The Internet is a network with social effects. Whether "this didn't work" means "the website is broken" or "the browser is broken" has always been more about end-user experience and the wisdom of crowds than a more concrete definition.
A website broken only on Firefox works for 96.5% of users. I have personally had to make the hard judgment call (as a fan of Firefox!) to not spend 25% of our engineering debugging time on a problem only 3.5% of users encounter.
It's (literally) basic logic
1. Some site flags Firefox. 2. Not all sites flag Firefox. 3. Either every site flags Firefox or individual sites flag Firefox. 4. It is not true that every site flags Firefox (obverse of 2) C. Individual sites flag Firefox (disjunction with 3, 4)
* Changing to Firefox immediately displayed the Cloudflare error message
* Edge had no errors
* Chrome had no errors
* Safari had no errors
Edit: Even internet explorer 9, android kitkat, and the opera browser had no errors.Edit 2: as another user has pointed out, this is most likely a firewall rule put in place by the website operator themselves.
Receiving a "you look like a bot" message when using Chrome configured to pretend to be Firefox isn't very surprising.
(Disclaimer, MSFtie, all opinions are my own)
> Please turn JavaScript on and reload the page.
> DDoS protection by Cloudflare
The perks of living in a authoritarian state which tries to limit your access to the Internet.
Unfortunately these days this could be virtually anywhere.
https://i.imgur.com/ZzExHt2.png
This setup program is signed with an EV certificate from DigiCert and hosted on an https site. No other hoops left to jump through except this awesome Catch-22 implementation, which leaves no actionable solution.
I have noticed cloudflare challenging me more and more often. I assumed it was related to privacy extensions like noscript, ublock, and privacy badger.
dom.enable_event_timing / dom.enable_performance_navigation_timing
I only figured what was wrong after a month of no access to gitlab and other websites.
One way to interpret that is they should all have the same suspicion rules for lack of popularity applied to them. One way Cloudflare's rules could be causing this is if there's some threshold for fingerprints-per-second under which any UA is considered sus, and Firefox's market share is so low that it tends to fall under that threshold.
In which case, what lwt hiker is asking for is special treatment for the browser because they believe the Mozilla project's browser has special value to the web ecosystem. Which they are allowed to believe, but let's be clear about when we're seeking special treatment vs. being treated like any other user agent.
https://developers.cloudflare.com/1.1.1.1/privacy/cloudflare...
https://www.mozilla.org/en-US/privacy/firefox-private-networ...
Basically archive.is has an issue with the way Cloudflare DNS does things. This will also affect DNS over HTTPS as Cloudflare is the default DoH provider in Firefox.
What about using another OS?
What about using another IP address?
What about other websites? Is the issue only repeatable with www.g2.com?
What about using mobile phone browser instead?
>If this behavior gets adapted on more sites, we can expect even more users leaving Firefox
But I will just not go to the sites instead of using something other than Firefox.
Not saying I should have to accept that, but that's what it was.
Certainly not 'regularly'.
I also do really not experience it "regularly", but different people visit different sites.
That said, the one problem I get most often is this Cloudfare one.
There are several plugins for Firefox that make this easy.
Sadly I find it happens more and more often, even with important things like financial services.
What I haven't figured out yet is whether it's really the Firefox engine that is the problem or just that Firefox also provides better tools for blocking obnoxious trackers and the like. Maybe because I have those tools turned on by default more sites using obnoxious trackers break in Firefox than other browsers. In most cases that is a feature not a bug but it's frustrating when essential functionality on sites providing essential services gets broken as collateral damage.
On large international sites the likelihood that Firefox works flawlessly is pretty high. But a lot of regional service providers appear to kind of have given up on it.
Except for some boneheaded sites that refuse FF entirely ( https://business.apple.com is such an offender) I don't have issues with sites not working.
Edit: it looks like even Apple has got their act together now, it seems to support Firefox now too. Finally
So apparently Firefox is subversive and scary enough to make Apple refer me to Microsoft or Google to avoid it. I guess that's what passes for "Think Different" at Apple these days.
I'm not actually from Aachen myself, but nearby in NL and I work in Aachen nowadays and wasn't sure what username to choose.
If someone else would want it, I'm also fine passing it on. Dunno if there are guidelines on that actually but I'd consider an HN username like a domain name: finite, first-come-first-serve in principle, and hoarding is not cool.
I totally agree with you. I think maybe an upper limit per ip (maybe a bit higher for tor ips) would be need to prevent DoS type attacks.
Looks like there are already a couple bug reports about whatsapp.com, but not the forever-refreshing page you see:
https://webcompat.com/issues?page=1&per_page=50&state=open&s...
It's absurd that this is even possible. They should at least provide troubleshooting advice for end users.
Unused, mostly, but installed :)
Looks like this site was been blocking Firefox users since at least 2018, according to the bug report on Mozilla's webcompat.com issue tracker:
it seems they recently changed something, because now I can't even load the login page properly anymore due to X-Frame-Options disallowing the embed of the auth iframe.
Google drive is another one, where some things stop working depending on the user agent I'm presenting.
UA sniffing is soooo 2008.
Obviously, I wouldn't dream of asserting otherwise. My point is that for the vast majority of the population, a paragraph of technogibberish about cryptography doesn't fundamentally change anything, you're still reliant on trust. To most people, that paragraph is worth about as much as a basic promise. The worth of that statement is derived from whatever trust is had in the corporation and the ability of academics and regulators to stay on the ball and keep corporations in check.
If somebody who isn't a cryptographer has decided not to trust Cloudflare and not to trust the rest of society to keep a company like Cloudflare in check, then that whole explanation isn't worth much. It's boils down to saying "Just trust me" in response to somebody who just said "I don't trust you."
Since Cloudflare does see the token, it's reasonable to consider whether Cloudflare could deanonymize you across different sites. Privacy Pass uses cryptography that claims to prevent that.
> This proposal is based on Privacy Pass, a privacy-preserving and frustration-reducing alternative to CAPTCHAs.
So I guess that’s good-ish?
[0]: https://www.eff.org/tr/deeplinks/2019/08/dont-play-googles-p...
Furthermore, there is the matter of Cloudflare itself, specifically it's size and scope. Concentrations of data are magnets for intelligence agencies. The more data a company has access to, the less I trust them to keep it safe.
I made an obvious point because it's strange to bring up that something on the internet requires trust. Because of course it does.
It's not strange at all to distinguish between those kinds of trust.
When I use TLS 1.3, I'm not relying on "trust us" from the inventor and a couple investigators, I'm relying on heavy worldwide scrutiny.
I believe that appeals to math can obscure the role of trust. This is demonstrated by the formation of an industry of scammers exploiting the phenomena. Millions of people don't understand cryptocurrencies but buy in anyway, confidence bolstered by their lionization (but not comprehension) of math.
I think it's an illusion worth drawing attention to.
Try this analogy: Most people have functional legs, so why install a ramp? 99% of your users can access your property, so who cares, right?
People without functional legs can't simply decide to walk up some steps.
People use Firefox can simply decide to use Chrome.
To be more direct; what's your definition of "broken"? Is it that it doesn't work for you in the manner that you'd like?
Mozilla has had more time to work on this problem space than their competitors, and they don't have the technical advantage to show for it. They may have been the technologically better choice in the Browser Wars era of Internet Explorer, but nowadays? They're falling down on the technical merits, not just the network effects.
It's free and it's widely available. If they were better than the alternatives more people would switch to them but they're not.
(Speaking of "quirks-du-jour", the problem eventually "solved itself." The next major iteration of Firefox fixed a rendering regression and resolved the bug. We "solved" the problem spending zero eng-hours on it; you can't beat that for efficiency. But that's the challenge Mozilla faces as an also-ran: burden's on them to keep up with the competition and make their rendering agent on-par with other agents for both performance and strangeness, because they lack the market clout to make developers bend to their flaws and oddities. No matter who the front runner is, there are always flaws and oddities.)
See it is your problem to offer something to the general public then serve only the defacto monopolist instead of web standards. Because with each small compromise we each contribute to the problem until it reaches a breaking point. All the while those on the margins suffer, some with no real alternative.
For ex in poorer areas where they cannot afford a computer that runs Chrome (which has no LTS/ESR).
Most of the Firefox alternatives are standards-compliant also (specifically, the two big ones definitely are). And I don't see as many rendering regressions with them as I do with Firefox. So who truly benefits if I devote my team's engineering resources to chasing down Mozilla's bugs?
There might be some benefits to an engine multiculture; with so many engines derived from Chromium or Webkit, one could make a technical argument that maintaining Gecko as third choice has merit. I find that argument to be weak. Gecko has been around for longer than the other two and it isn't remarkably better (and seems to fall on its face quite often relative to alternatives). What if it's just a tech stack whose time has come and gone? How many resources are we wasting propping up an old stack that could be used to build, perhaps, a fourth option? Or solve existing problems in the other two? There's this vague hand-wavy assumption that Firefox represents "the open way of doing things" (odd when it's also maintained by a corporation, like the alternatives), but I don't see it as particularly more open than the other options.
I don't think I'm doing a disservice to the community by refraining from using jQuery and I don't think I'm doing a disservice to the community by refraining from going out of our way to support Firefox.
Well sure, why would they when so many resources are tied up in limping Gecko along?