Great! Let's add it to the list of obstacles to accessing content for us savages in small, poor, out-of-sight-out-of-mind countries:<p>- Harrassment with an extra verification step every <i>god damn</i> time you log in into a website you've been a paying customer at for years because some rando risk model thinks you're a bad guy<p>- Harrassment by reCAPTCHA to respond to US-centric image challenges when it decides it's up for some sadistic fun (Mark all images with a store front or street light? Sure, let me just Google how they are "supposed" to look, because I sure as hell ain't seeing any I'm familiar with here.)<p>- Blanket IP range bans which serve you a default 503 error page and call it a day, with ripple effects throghout tons of unrelated websites. I always know when my ISP's IP range is added to some new blacklist.<p>- Harrassment by Cloudflare "verifying my browser", presumably burning my CPU cycles so they can be sure that my browser, which has been hitting their IP ranges for years with not as much as a cookie wipe, has not suddenly turned into a bot<p>- "Your name is invalid": no, your regex is<p>- "Our fetishism for credit prevents us from accepting your debit card payment unless you submit a scan of your passport signed in blood"<p>- (NEW) CloudFlare's anti-bot measures which will surely not misfire because no one thought to test their shiny new model on the traffic patterns of some culture with < 50 million Internet users<p>Apologize for the off-topic rant, but you wouldn't believe how using the Internet for basic things has gotten difficult in the past few years over here (and from what I hear, in many other "forgotten" geographies). No one cares. Long live colonialism!
> Our bot detection breaks down into four large components:<p>> - Identification of well known legitimate bots;<p>What about non-well-known legitimate bots? If I run my own web crawler, am I at risk of falling into the tarpit (and having my IP address reported)?
>Another trend we have seen is the increase of the combination of bots with botnets, particularly in the world of inventory hoarding bots. The motivation and willingness to spend for these bot operators is quite high.<p>>The targets are goods of generally of limited supply and high in demand and in value. Think sneakers, concert tickets, airline seats, and popular short run Broadway musicals. Bot operators who are able to purchase those items at retail can charge massive premiums in aftermarket sales. When the operator identifies a target site, such as an ecommerce retailer, and a specific item, such as a new pair of sneakers going on sale, they can purchase time on the new Residential Proxy as a Service market to gain access to end user machines and (relatively) clean IPs from which to launch their attack.<p>They then go on to spout some economic nonsense about how such bots are harmful. Actually, resellers make the market more efficient, and cloudflare is doing a disservice by lumping legitimate bots in with malicious ones like their credential stuffing example.
I've toyed with the idea of a tarpit service for badly behaved crawlers which just don't get other hints.<p>I'm glad to see that if my services are behind cloudflare, I could just turn something on and let _them_ deal with it.
If any cloudflare staff happen to see this... is Cloudflare Warp coming soon? I was pretty excited to give that a try (and it seemed like something I would be willing to pay for)
I'm not very familiar with the concept of tarpitting. How do they get the bot to run CPU intensive code? By passing in extra Javascript? Can this affect a bot that doesn't run any JS?
This is Claudfare saying that now that they arbitrated X and everybody said "OK" they are moving from infrastructure into infra and arbitration.<p>My question is, what if you are starting an alternative search engine or something legit?<p>Edit: my point is, the rules than make a legit or not bot, crawler, scrapper etc. are not clear at all.
Cloudflare, as a service, has it all.<p>Nice UX, fast, free. Nice domain service if you transfer to them. Fast DNS management. DOS/bot mitigation. Caching. Quick SSL, and affordable upgrade options. 2FA via TOTP.<p>With all the networking/domain stuff momentum build, it would be nice to be able to spin up servers for apps/db.<p>Main language at cloudflare is golang? Rust? Any python over there?<p>Request: Allow changing the super administrator for cloudflare account more easily. At least for early-stage accounts.
> for Bandwidth Alliance partners, we’re going to hand the IP of the bot to the partner and get the bot kicked offline;<p>What's that mean, 'kicked offline'?<p>Isn't scraping 'legal'?