logoalt Hacker News

alightsoultoday at 3:08 AM3 repliesview on HN

From my understanding this is also how cloudflare bot protection has worked for a long time, and then they look for entropy in user input to confirm the user is human. Also how recaptcha without images works.


Replies

jazzyjacksontoday at 8:26 AM

Google and Cloudflare both are not just looking at entropy of mouse movements, that was cracked years ago, they are fingerprinting you and correlating your session with all your activity cross domains to score your botlike behavior.

show 2 replies
fc417fc802today at 11:21 AM

Supposedly, but not really. I regularly encounter sites where cloudflare serves me with an ambiguous ban notice rather than a proof of work. What's worse is that these apparent IP bans take effect even if I already had a valid active session (ie previously passed the check).

Yes, a VPN involved. That doesn't make it okay and notice that anubis by default works without issue (though possibly with a more difficult challenge) in the exact same scenario.

show 1 reply
Rebelgeckotoday at 2:25 PM

Cloudflare often just straight up blocks me or makes me do a captcha. IMO those are both much worse than Anubis