it slowly crept in with all the Google accout shit where you log in on every website with the same account and corporations kinda realized they can call you a spambot if you dont identify yourself.

I need to stop the habit of logging into websites, using phone 2FA and crap like that, but I'm really too lazy, I'll probably make a completely new Linux install for that and see how it works out.

>>108772622
>How did this come to be accepted as the norm?
People kept trying to fuck with others websites and so someone needed to come up with a way to prevent that from happening. And cloudflare is one solution.

>>108772622
>>108772919
>>108772978
How does left clicking a box verify that I am human? Are you telling me a spam bot can't defeat left clicking a box?

>>108772622
>How did this come to be accepted as the norm?
when the third world joined the internet with mobile phones and bots. ban all ip addresses originating from china, russia, india & africa, the internet wouldn't need kikeflare.

>>108773008
It's tracking your mouse movement towards the box to validate that you're human AFAIK

>>108773049
What if the user is disabled?

>>108773068
How'd that change anything

>>108773008
It doesn't.
It only verifies that it is running in a browser. You can have a userscript click on the box and it's fine.
The click is only necessary because js initiated by the user has more permissions.

The cloudflare captcha is not
>verify that you are a human
but
>verify that this is running in a browser

>>108773008
It doesn't verify jack shit bro, you need to be like Neo and see past The Matrix

>>108773049
The mouse-tracking-theory is a myth as old as recaptcha. People kept claiming that over 10 years ago already. And it was always wrong.

it's about this here:
https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/User_activation
They simply can run more shit to fingerprint you if you are clicking a box.
It's weird how in over a decade, this is still not common knowledge. Almost as if those myths are intentionally spread....

>>108772622
>clicking in the box is a dystopian tragedy

>>108773372
you need some finesse for ad absurdum

>>108773392
Oh, I'm sorry I don't have your homosexual "finesse".

>>108773203
cant bots just run a headless brower then?

>>108773631
Bots have a different fingerprint than normal users.
The box is really tracking details of your browser, like what browser it is, what OS you are running, your viewport (resolution), JavaScript version, etc, these make up what's known as a fingerprint.
Normal users have a predictable fingerprint
Bots, crawlers and spammers usually try to obfuscate these details or use something other than a browser where this fingerprint data cannot be obtained or is clearly unusual.

>>108773646
why though? Why not just use the same info as real users for their bot browser instances

>>108773646
this feels incredibly evil

>>108773631
That's exactly what the two most popular cloudflare solvers do.
It's relatively expensive computationally and wastes a lot of time just waiting for the response, effectively preventing non-stop mass scraping but stil allowing targeted automation.

>>108773668
Software outside of a browser is usually pretty bad at being identified as a browser.
It gets a lot more granular and there is LOTS more data that can be extracted from a browser, more than what can easily be simulated.
It's not impossible to fool cloudflare but it's hard enough where bot farms are just straight up using thousands of phones for "authentic" fingerprints.

>>108773810
>Software outside of a browser is usually pretty bad at being identified as a browser.
But I'm saying just use a browser (headless) with your bot, like compile chromium and prebake what OS you are running, your viewport (resolution), JavaScript version, etc

>>108773721
kinda like yt-dlp needing to use a js solver with youtube nowadays

>>108773631
Of course.
How do you think do AI scrapers work?

>>108773646
>Bots, crawlers and spammers usually try to obfuscate these details or use something other than a browser where this fingerprint data cannot be obtained or is clearly unusual.
Bots can get through the cloudflare challenge just fine.
If a headless browser doesn't do it... how about a browser with a head? They can run a proper browser, its no issue.
The couldflare challenge does fuck-all against AI scrapers that everybody has issues with.

The only difference is that it takes more power to do it. Running a proper browser is of course more CPU intensive and slower than just hammering 1000 requests per second through a python script.

https://camoufox.com/stealth/
Look at it make natural mouse moves. Cloudflare is pointless other than free DDOS mitigation.

>>108773810
>It's not impossible to fool cloudflare but it's hard enough where bot farms are just straight up using thousands of phones for "authentic" fingerprints.
The phone bot farms, you are talking about, are like-farms that like shit on facebook / reddit / tiktok / twitter / youtube (none of those uses cloudflare).
They have the purpose to run a native app.

You don't need a phone for the cloudflare challenge because you don't need a phone app for that. A browser runs on any platform, the facebook app only on phones.
Of course you can still like videos on youtube in a desktop browser, but if your video has 99% of likes from desktop while the average is only 40%, youtube will just remove your likes, because it is obviously botted.

Bot farms have no issue getting past the cloudflare challenge.
Those 4chan-proxy websites have no issue getting through the cloudflare challenge.
Scrapers have no issues getting past.
Like-farms can do so as well.
The cloudflare challenge stops absolutely noone. Not a single website solved a bot problem by enabling the cloudlare challenge.

>>108774017
What's the point of those cloudflare screens then?

File: neutral-pepe-normal-mirro(...).png (434 KB, 651x720)

434 KB PNG

>>108774125
Cloudflare is currently at the same stage Google reCaptcha was a few years ago.
Everybody could pass it. There are services where they solve 10.000 for 1 $, Bots get through it... but we still keep pretending that it would be useful.

It took multiple years of reCaptcha being completely worthless, until platforms switched away.
Actually, nobody ever admitted that the reCaptcha was useless, they just all silently moved away.

>>108774212
Time wasters unironically. Most bots would rather drop a site and scrape another thousand in the time it takes to solve one cloudflare challenge.

It's just Hyrum's law in action.

File: vlcsnap-2026-05-07-20h59m07s.png (763 KB, 2038x1115)

763 KB PNG

>>108774212
There is none.
They got scammed.
They got promised bot protection, and what they got was a shitty ass rate-limit, that they could easily implement themselves with a PoW challenge.
Now they watch their websites getting flooded by bots and DDoSed by AI scrapers, while all cloudflare protections are turned on, and are in denial about it and think:
>but if we wouldn't have cloudflare, it would be much worse!

>>108774238
Since everybody uses the Cloudflare Challenge, the bot has to know how to solve it anyway.
Using the same thing that everybody else is using, is what is killing you here.

>>108774305
Depending on protection level solving it can take over 30 seconds (for a "cold boot") and hundreds of megabytes of RAM for a 10-15 minute session.
If a bot wants to get specific data from a specific site it will do it.
If a bot wants to crawl the entire internet with no exact goal it will skip protected sites and move on.
t. use byparr daily in a couple personal automation projects

>>108772622
>people stopped hosting their own shit
>the big players all do it because all the other cool kids are doing it
Doesn't take a genius to see how we ended up here but you faggots are still in denial in the year of our LORD $currentYear

>>108773035
But geolocation spoofing is a thing.

>>108773008
it doesn't
amongst other things cloudflare can analyse your websurfing to see if it looks organic

>>108772622
>prevents any alternative from Chrome or Firefox from existing
>man in the middles the whole Internet
>despite that, you still have click the fucking box separately for every site you visit
humiliation ritual

I use Cloudflare DNS on my router and these boxes click themselves and take less time. I sure fucking still see them though.

>>108774398
Use anti-detect browsers like dolphin-anty, that run multiple profiles and come with some scripting capabilities already.
There are so many solutions for this "problem".
Or pay one of those captcha-solving services that all also offer cloudflare challenge solving.

>>108774708
Replying to wrong post?
Byparr is the thing that lets unattended headless bots crawl protected sites, not solves captchas for users in manned browser sessions. It works perfectly for my use case of completing a challenge once a day on four sites on a schedule.

check out who is (((invested))) with cloudflare and it will probably make sense.