It appears that Cloudflare’s Turnstile captcha product has decided Linux users are no longer considered “human” and therefore locked out of websites using this product. While the usual explanation is that there may be a compromised device on the network, I can pass these challenges myself using my Mac, but not on Linux on the very same network. This is from a residential ISP in India, and as you can see in the screen recording, I’m using an incognito window with all extensions disabled, so it’s unlikely that the IP address or the browser configuration are at fault here. * Mac: https://drive.google.com/file/d/1glfS_9OkV5mw5ysU3ASZCwR5c5eCeRT3/view?usp=sharing * Linux: https://drive.google.com/file/d/1WnNRUlikqfmqdELfcohu7SBfjJr9aNzZ/view?usp=sharing At a societal level, it is scary how things seem to resemble RMS’ “Right To Read” with one corporation deciding to unilaterally deciding what browser should have access, as I’ve said elsewhere. At a technical level, I speculate the issues are because Cloudflare is unable to properly distinguish between headless and regular Chrome because of changes in Chromium[1] as well as because of TLS ClientHello permutations[2]. [1] https://antoinevastel.com/bot%20detection/2023/02/19/new-headless-chrome.html [2] https://www.fastly.com/blog/a-first-look-at-chromes-tls-clienthello-permutation-in-the-wild
Story Published at: June 5, 2023 at 04:15PM
Story Published at: June 5, 2023 at 04:15PM