You would sau “what the problem to disable randomization?”, am I right? So the problem is that Cloudflare acts as MITM, so you cannot disable randomization for only Cloudflare. You can disable it for whole domain. That’s what causes concerns: if I disable canvas protection for certain website, it means it’s admins will spy on me too.
Also, this shitty approach ruins RFP/FPP and Arkenfox configs in Firefox that cannot be “disable” only for one domain.
So I hate Cloudflare and wish it never existed. Why it should be users problem, that website want to protect from bots? Just hire human mods or shut down business!
No problem on Tor or Mullvad—which I assume protect you from fingerprinting better than whatever setup is breaking Cloudflare. You could try those browsers or an anti-detect browser like GitHub - zhom/donutbrowser: Simple Yet Powerful Anti-Detect Browser 🍩 · GitHub . Might have better luck against fingerprinting as well as not being harassed by captchas.
Although I don’t like the centralized nature of Cloudflare, other than that I couldn’t ask for a better company to run half the web. They support free speech, allow tor users, and don’t make you train Waymos and suck away millions of hours from humanity like Google’s captcha does. They also offer generous free plans for website hosters.
Why should Cloudfare—or any “gatekeeping” web service with so much power — be trusted?
When you visit a Cloudflare protected site, your HTTPS connection ends at Cloudflare’s server. Cloudflare then decrypts your transmitted data, inspects it, then re-encrypts it and forwards it to the actual website.
Cloudflare holds the TLS certificate and is able to read everything as plaintext, including your passwords, form fields, etc.
After Snowden brought NSA’s PRISM to light, it would be surprising if the NSA is not harvesting the traffic passing through Cloudflare’s servers and have placed them under a gag order, like they have previously done with Google, Apple, Microaoft, etc.
For everyday users, escaping State-sponsored surveillance and maintaining security against State actors is next to impossible at this point, which is why I’m getting close to giving up the various Inconveniences that come with using GOS, and just switching to an iPhone with lockdown mode as my daily driver.
No problem on Tor Browser on https://1337x.to, which has under attack mode on.
I prefer Cloudflare on Tor over reCaptcha, because there are no visual challenges and it always lets you in. Both don’t work without JS so not a good option for Tor focused websites.
If website owners want to block Tor, it’s not Cloudflare’s fault.
