[adammartinetti]

Would you be willing to share a rayID you see during one of these looping challenges? I'm the PM for Cloudflare's challenge platform, and we'd love to look into this. RayIDs contain no PII so you can share publicly, or feel free to drop me an email at amartinetti at cloudflare.

We'll also release a reporting mechanism soon, so in the future you can let us know when you see these issues and we can react to them quickly.

[lopkeny12ko]

Such a classic and incredibly annoying SaaS PM move. Pinky-promise that you mean well, pretend to be invested in the issue, ask customers to supply evidence and say you'll look into it, followed by radio silence and no follow up whatsoever.

Incidentally, another Cloudflare PM for Pages asked me to do the same thing--I shared my account ID, the request, the problem, timestamps, etc...never heard back ever, request went straight into the void.

[sockaddr]

Yup. It's all show.

A service has injected itself between you and your goal, it's going to periodically impede you from reaching that goal and then lie to you about why, all while making money off of the arrangement.

[tick_tock_tick]

It's it more the like the owner of the website has intentionally gone out of their way to add a service between you and the website to solve issues the website owner feels are more important then you?

[itscrush]

Here's some loop samples;

- Gitlab; Ray ID: 7f3961b4ec46c443

- Zabbix; Ray ID: 7f39624d982bc32e

- NameMC; Ray ID: 7f3962e68d251871

- Camelcamelcamel; Ray ID: 7f3962eb9cbb421f

Easily can recreate at least the never ending loop by flipping on ublock origin's 3rd party scripts and 3rd party frame blocking, which matches their recommended medium settings.

[adammartinetti]

Thanks so much to you and everyone else who's supplied these. I'm collecting them now, and the team is looking into this.

[executesorder66]

It would be nice, once the investigation is concluded, if you guys posted the findings on the cloudflare blog. Otherwise it would just feel like a "your call is very important to us, please hold" kind of situation.

[adammartinetti]

I think this is fair! I can promise a public blog update in the next 90 days that includes a progress update on the work we're doing now to reduce real humans being blocked and announcing the feedback form users can click on to easily let us know when there's a problem.

[adammartinetti]

Would you be able to clarify your comment about ublock origin? Cloudflare's challenge page (any captcha provider as well) is a third party script. If I enable these settings I don't see the challenge load as all. Are you enabling ublock origin before entering the challenge or sometime later?

[throwaway154]

https://gitlab.com/users/sign_in 7f3cc1d59acd31e5

https://steamdb.info/login/ 7f3cc161bf85dbd9

https://www.zabbix.com/forum/ works

https://casetext.com/ works

https://namemc.com/login 7f3cc182b8c20ccf

https://spinroot.com/spin/whatispin.html works

https://camelcamelcamel.com/ 7f3cc171f96d2b9b

[AegirLeet]

Here's a handful:

- 7f395b5ddfe43a54

- 7f395ca09bfa3a54

- 7f395d8afaf73a54

- 7f395f075e33690d

- 7f396102afef35fd

[adammartinetti]

Thanks for the examples! Would you be able to share browser and extension information with me? If you don't want to share publicly I've dropped my email in this thread.

[AegirLeet]

https://pastebin.com/79bBdBhX

[blocked-by-cf]

I also cannot access my VPS provider when using firefox.

ray id 7f3a169d4e630306

I previously had the same problem with ungoogled-chromium as well (regular chromium worked), but I guess it works now after 2-3 loops.

[adammartinetti]

Would you be able to drop me an email at amartinetti at cloudflare dot com with more information on your setup? Some of the signals we're getting from your browser don't seem to match what we'd expect to see. We'd love to better understand what's causing the mismatch so we can improve our logic.

[doctor_radium]

all from Opera Mini:

- https://gitlab.com/users/sign_in 7f3e45c3cebfb90f

- https://steamdb.info/login/ 7f3e4a04bf7a0e39

- https://www.zabbix.com/forum/ 7f3e4b681f8f1cc6

- https://casetext.com/

7f3e4cab4af40b05

- https://namemc.com/login 7f3e4debdf6cb7f1

- https://spinroot.com/ loads normally, no delay or blocking

- https://camelcamelcamel.com/ loads normally, no delay or blocking

Adammartinetti, I appreciate your interest in doing this, but would love to hear that CF maintains a giant white board in the developer area with the name of every TLS 1.3 web browser known to mankind (the same data on a Group Policy-enforced internal home page would be even better), to reinforce the idea that it takes more than Google to make the world go round.

Personally, I'll add myself to the list of people who think you've created a game you can never win, and thus shouldn't be playing.

[2Gkashmiri]

gitlab 7f39759e1abe1bce

casetext 7f39762f693733e4

steam 7f397694995aa3b7

all over firefox

[ta89313]

- Gitlab: 7f39707d0fa023af

- Zabbix: 7f3970eabe8ff196

- SteamDB: 7f396f534b0400d2

- Casetext: (works)

- NameMC: 7f3971a01a22d5a8

- Spinroot: (works)

- Camelcamelcamel: (works)

[adammartinetti]

I'd love to get more information from you on this. We don't see any suspicious signals from these attempts, and it looks like they were completed 100% successfully from our perspective. You can drop me an email at amartinetti at cloudflare dot com.