The constant extension of warrantless FISA is incredibly corrupt.
When the Democrats are in power, they want to keep it to spy and when the Republicans are in power, they want to keep it to spy on their enemies.
Trump advocated for ending it when he was out of power because he alleged it was used unfairly on him, and now that he's back in power he asked for a clean extension.
Shame on any politician that has voted in favor of it at any time.
Google I would say yes, but what does Cloudflare gain? They don't run an ad network. Generally I'd say Cloudflare is pretty good to have as a guardian of the web compared to other options.
They protect free speech and allow Tor users. Ever tried completing a reCaptcha on Tor?
Nowadays, somebody can just ask claude to build them a scraper/bot that hooks into a proxy network and all of a sudden they can easily send 20k+ reqs/min from hundreds or thousands of IPs cycling them as they get rate limited or banned. In my work, the scrapers have gotten way more aggressive in the last 2 years or so. Frankly, I'm happy there is a solution.
There may be things to criticize Cloudflare for, but the problem of bots and scrapers destroying the open web was getting worse no matter what.
CAPTCHAs are great. Exploiters get around them with proprietary anti-detect browsers and unethical residential proxies, while privacy browsers and affordable privacy VPNs get blocked and shadowbanned to death.
Fingerprint.com, while not a CAPTCHA, gives you +3 suspicious score just for using privacy settings like adblock on your browser. This makes it harder to sign up for any sites that use fingerprint.com.
https://github.com/CloakHQ/CloakBrowser is a good anti-detect browser as well as CAPTCHA bypass which is honestly fun to use coming from privacy browsers because every site just works and captchas get solved.
Exploiters might get around them in isolation but they are easily caught at scale due to the opportunity cost being less than the cost of creating unique behaviour over many containers.
Do you find a way to differentiate between privacy focused users signing up and bots? Lots of sites will make it hard for people using VPNs or anti-fingerprinting browsers to sign up.
Thanks! We don't penalise privacy browsers or VPN by default. We score JS signals browser side in constantly rotating obfuscated code. This avoids us having to send up the actual data whilst making it difficult to fake the dynamic challenges. Static ones are obviously much easier.
Serious bot activity (e.g. ticket scalping) requires polling with many headless browsers and waiting for tickets to become available. Bot behaviour repeats at scale and so we can get them based on that. A privacy focused user will just be one request in amongst many and pass through.
However, its ultimately the decision of the client how strict we are. A lot of abusive traffic comes from VPN IPs. We don't enable these blocks by default but sometimes you need to, especially if there is a direct monetary gain to be made by faking your country.
I don't think consumers care about their cars being connected. Personally, I would just rather use my phone for whatever connected features you would want in a car.
reply