Why Cloudflare CAPTCHAs to even see the forum??

[jj 5117]

@operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.

That's not what I read. Midnight Lizard Web-Extension Privacy Policy https://midnight-lizard.org/extension-privacy

Midnight Lizard web-extension does not collect any of your personal information, browsing history, IP addresses, etc.

Also it does not sell or transfer your personal information to advertisers or other third-parties.

Hi siamhie,

I thought the extension sounded great and gave it a quick assessment for myself. I guess that my brain weighted this part of that page:
"Midnight Lizard web-extension has links to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies."

I translated the legalese without any intentional deliberation. Depending on the Type of links and sites, it could be OK, I suppose.

Your correction is correct, but the way it automatically registered in my head may also be correct. :)

Thanks.

[jj 5117]

@operadude
@Eadwine Rose

Hi Folks:
Just a friendly mention.
The https://midnight-lizard.org/ site does say that there is 3rd party data collection with the add-on.
Thanks all.

Thanks for the heads-up

Just wondering: Would it help that I have a VPN running?

You're certainly welcome. You might see my above reply to siamhie for clarification.
A VPN (set properly) should hide your IP Address from everyone, hide your connections from your ISP, and encrypt all traffic to/from your device.
But to break anonymity, only about 5 or 6 seemingly obscure data points are needed... If someone (like an AI program) were looking to do so. So don't be too confident in a VPN... or anything else... :-)

[siamhie]

Hi siamhie,

I thought the extension sounded great and gave it a quick assessment for myself. I guess that my brain weighted this part of that page:
"Midnight Lizard web-extension has links to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies."

The Midnight Lizard web page and extension does not collect information on you but when you open the settings window for ML, there are several links to their social media pages (Facebook, X, ect.) at the bottom left corner.
That is what they mean by "external sites".

[FullScale4Me]

I noticed that Dark Reader had stopped working over the weekend along with most everyone else. I've simply changed my Dark Reader settings for the forum from "Dynamic" to either "Filter", "FIlter+", or "Static". All continue to operate as expected and redraw the pages of the forum in a dark mode without needing any extra effort on my part.

Maybe I'm having an old guy brain lapse but in Firefox I'm having difficulty locating these settings. In Add-ins Manager for Dark Reader I have: "Details", "Permissions", and "Release Notes" tabs. Nothing to click on there.

Firefox 131.0.2 on MX 23 KDE.

[DukeComposed]

Maybe I'm having an old guy brain lapse but in Firefox I'm having difficulty locating these settings. In Add-ins Manager for Dark Reader I have: "Details", "Permissions", and "Release Notes" tabs. Nothing to click on there.

Select your language of choice from https://darkreader.org/help/ . "Toobar Icon" explains how to access the Dark Reader settings and beneath that you'll eventually get to the section about the "More Tab" where it will go into more detail about picking a theme.

[/df]

Some diagnostics for SeaMonkey:. I managed, eventually, to get it to load the MX site.

Relevant basic settings:

• accept cookies for session, do not allow third-party cookies (SM Privacy and Security>Cookies)
• user tracking prevention enabled (SM Privacy and Security)
• JS disabled, except whitelist (NoScript)

Let's add these:

• enable JS for mxlinux.org, challenges.cloudflare.com (NoScript)
• permit (Allow since Allow for Session seems to fail) Set Cookies for https://challenges.cloudflare.com (SM DataManager>Permissions)

When the challenge has first loaded you see a page like this:

Code: Select all

[Icon]mxlinux.org
Verify you are human by completing the action below.
[whitespace]
mxlinux.org needs to review the security of your connection before proceeding.
Ray ID: [whatever]
Performance & security by Cloudflare

Now, if you disable site styles, an <iframe> is shown that contains the "Verify you are human" widget, with the checkbox that can be clicked, as shown in FireFox. Notes:

• the network traffic is that the original GET request gets 403, followed by several GET/POST requests to the site and challenges.cloudflare.com; then, as promised in the console log, the challenge provokes 401
• if you leave it for a minute or so, the page refreshes itself, with the same network traffic; you then need to enable and disable styles to show the widget
• the iframe is not shown in the browser dev tools Inspect tab, but can be seen in the DOM Inspector
• the widget has an error block with a (non-clickable) link, but that may just be revealed by the absence of site styles.

After clicking the checkbox, the challenge is sent and the page says that it's redirecting to the MX site. You may then get the challenge page back as if it had refreshed, and need to repeat the process, possibly a few times.

On success, the cf_clearance cookie is set in the POST to MX.

Some people might derive consolation by rigging the "Verify you are human" checkbox to something that can be operated by their cat, dog, parrot, or whatever.

[aika]

... Now, if you disable site styles, an <iframe> is shown that contains the "Verify you are human" widget, with the checkbox that can be clicked ...

... the iframe is not shown in the browser dev tools Inspect tab, but can be seen in the DOM Inspector
... the widget has an error block with a (non-clickable) link, but that may just be revealed by the absence of site styles.

How I can disable site style in Seamonkey-2.53.19 ?

Cloudflare sloppiness or bad iframe-HTML? ... Iframes are deprecated, please do not use iframes for interactive content ...

...
Addendum:
I researched deeper and found that iframe was not the source of the error. I tested the simple Cloudflare CAPTCHA variant on my static homepage:

Code: Select all

...
<script type="text/javascript" src="https://challenges.cloudflare.com/turnstile/v0/api.js" defer></script>

</head>
<body>
<div class="cf-turnstile" align="center" data-sitekey="0x4xxxxxxxx679Ch5iQqioki" data-callback="javascriptCallback"></div>
...

With this code, Seamonkey displays a white area without content as a CAPTCHA-symbol. That's not really any better, is it? I haven't tested all Cloudflare configuration-options.
=> https://www.avoris-media.com/howtocaptchaen.html

[i_ri]

aika. seamonkey Menu Bar >View >Use Style

[aika]

... seamonkey Menu Bar >View >Use Style

Thank you. Now I can see the CAPTCHA and click them. But the forwarding doesn't work, a loop is created.

---

Addendum:
At this point I would like to warn against private debugging experiments with this Cloudflare CAPTCHA. After some tests with my Seamonkey browser, I now had to request deletion from the Spamhaus blacklist.

[Eadwine Rose]

Thank you. Now I can see the CAPTCHA and click them. But the forwarding doesn't work, a loop is created.

If this is an issue still, try clearing your forum cookies.