news.volyx.in

Cloudflare Turnstile requiring fingerprintable WebGL (hacktivis.me)

787 points by HypnoticOcelot · 43 days ago · 481 comments on HN

Article summary

Cloudflare's Turnstile device verification has been looping indefinitely for users of webkit-gtk based browsers, due to its requirement for WebGL fingerprinting, which is blocked in WebKit for privacy reasons. This has prevented access to several websites. The author argues that this is a form of tracking and that Cloudflare has effectively banned all WebKitGTK browsers. The issue highlights the tension between privacy and bot rejection measures.

Main themes

  • Browser Fingerprinting
  • Cloudflare Turnstile
  • Web Privacy
  • Bot Rejection
  • Tracking and Surveillance

What commenters say

  • Cloudflare's use of WebGL fingerprinting for device verification is a form of tracking that infringes on user privacy.
  • The requirement for fingerprinting may drive users to alternative browsers or solutions that prioritize privacy.
  • There is no effective solution for keeping out bots while preserving human privacy, and current methods are flawed.
  • Some commenters argue that banning fingerprinting will only lead to the development of new tracking methods, while others propose alternative solutions such as IP reputation or code scanning.
  • The use of fingerprinting for bot rejection may be unnecessary and overly restrictive, particularly for tech-literate users who use non-standard browsers.
  • Government-issued IDs may be required to access certain online services in the future, which could further erode online privacy.
  • Some users believe that Cloudflare's methods are overly aggressive and may be used to gather data for malicious purposes.
  • Alternative methods for preventing bot purchases, such as tying tickets to buyer identity or using Dutch auctions, may be more effective and less invasive than fingerprinting.