"We did it, Patrick! We made a technological breakthrough!"
A place for all those who loathe AI to discuss things, post articles, and ridicule the AI hype. Proud supporter of working people. And proud booer of SXSW 2024.
Yup. I am tired of being accosted to prove myself human only to have that labor monetized into slop.
Well, that's recaptcha in a nutshell, but Cloudflare's isn't doing that, at least, not in a way that you are doing work. This Turnstile feature doesn't have you picking traffic lights out of photos.
And why can't CloudFlare offer some way for us lowly non-AI's to prove we're human, once, for our entire web experience, versus on. every. damned. website. one. at. a. time?
So like a tracking cookie? Not a great idea for privacy, we've been there before...
Also, the reason is that if that worked, then the scrapers would just need to use a human to pass turnstile once, and then let their scraper run wild for the rest of the day, defeating the entire purpose of it.
None of this would be issue if the AI scrapers would just actually follow robots.txt, but they won't, so here we are :(
What’s really fun is when it gets stuck in a “verify you’re human” loop.
This is becoming more prevalent because of AI bots, Cloudflares services anre actually one of the good guys with tools against bots.
People’s internet bandwidth has multiplied like crazy with all the AI companies stealing everything that goes online, and things like the turnstile do work to reduce that so people can still afford bandwidth.
This is the Dead Internet theory coming true. https://arstechnica.com/information-technology/2025/04/ai-bots-strain-wikimedia-as-bandwidth-surges-50/
Well, the problem is mainly the many Ai scrapers today. As well as ddos attacks happening from across the world which tons of unique ip addresses.
It's very hard to block such attacks or even scrapers. Since again the ddos attacks are coming from all countries, one request per ip. Seemly from legit house-hold IPs.
It's not just cloudflare. There are also open source projects like Anubis. Using proof of work.
Anyhow, I don't know if there is a better way. The best way is getting all those infected devices removed from the internet. And also cloud providers (AWS, GCP, alibaba etc.) should terminate accounts much faster when they are part of illegal ddos activities or illegal scrapers.
Cloudflare actually does have a way to avoid seeing these, using a zero-knowledge proof backed by a hardware security module (they call it Cloudflare Private Access Tokens). As far as I know, Apple is still the only one who's implemented it and it only works in Safari on iPhones, iPads, and M-series Macs. Maybe some day other vendors will add support too!
Of course, there are already scrapers that use arrays of real phones to do scraping/app automation, so widespread adoption of PATs would just push more traffic to be proxied through physical devices instead of headless browsers in AWS somewhere...
So that is 3 years old. Did it not actually happen? I hit CF Turnstile on ios as well.
When I run into this, I often just close the tab.
Fuck em.
There's nothing on the internet I need bad enough to deal with that bullshit, luckily. So businesses in particular can fuck right off, and I'll close the damn window
Type in credentials and click "are you human" then I get "pick all objects that fit in a basket" after that it's "please enter the code we just sent"
Cloudflare turnstile is just a checkbox, no “pick objects” tests
Is that new? Because I have had to pick many objects when browsing cloudflare protected sites in the past with a VPN.
Looks like 2022 is when they went completely no-CAPTCHA: https://blog.cloudflare.com/end-cloudflare-captcha/
Not sure, i haven’t seen it ever and I use a VPN on everything, Pi Hole at home, along with uBlock Origin and JShelter in Firefox on desktop, never been prompted with anything other than “click here”.
Fuck cloudfare. I mostly walk away.