Skip to content Skip to footer
0 items - $0.00 0

Cloudflare asks browser devs to sign insane NDAs before fixing browser blocking by dmitrygr

Cloudflare asks browser devs to sign insane NDAs before fixing browser blocking by dmitrygr

11 Comments

  • Post Author
    twisteriffic
    Posted March 16, 2025 at 12:54 am

    Every interaction I've ever had with CloudFlare has left me feeling like I needed a bath. The vertical desperately needs some competition but I don't know how that could happen at this point.

  • Post Author
    pshc
    Posted March 16, 2025 at 1:04 am
  • Post Author
    donnachangstein
    Posted March 16, 2025 at 1:06 am

    It's difficult to empathize with all the histrionics here – including the editorialized title.

  • Post Author
    sabellito
    Posted March 16, 2025 at 1:08 am

    Hope someone from cloudflare chimes in. If even part of this is true I'll make sure to never do business with cloudflare, they sound like a massive liability.

  • Post Author
    do_not_redeem
    Posted March 16, 2025 at 1:11 am

    Since the title mentions the NDA, I have to say that sending an NDA in this situation does not sound malicious to me, it's just bureaucratic incompetence from the legal department. It's the Cloudflare engineers that are being malicious.

  • Post Author
    brian-armstrong
    Posted March 16, 2025 at 1:14 am

    This feels like email all over again. In the early days of email, everyone had their own IMAP server, and it was good. Then spam happened. Slowly it got harder and harder to jump through all the hoops needed to ensure your email was delivered to users of gmail and other large email hosts. Even if you were willing to filter all the spam out from your own inbox, it became practically impossible to get delivered to most other users.

    I wonder if we will see something similar happen with browsers now. Cloudflare and other proxies will rely on increasing levels of fingerprinting to sift out scrapers and bots. Already it's not uncommon to get false positives on Linux+Firefox. Maybe if our overlords are feeling particularly benevolent, Firefox might make the cut for browsers allowed to access the vast majority of sites behind CF, but anything smaller will be blocked. Effectively this will kill rolling your own browser.

  • Post Author
    johnklos
    Posted March 16, 2025 at 1:19 am

    Pretty much every story posted to Hacker News related to Cloudflare has some people making excuses for Cloudflare – how they couldn't possibly have the development resources to test, much less "fix" access for less popular browsers, how the supposed good they do outweighs the bad, and therefore the marginalized people should just accept things, et cetera.

    It's easy to handwave about how costly / difficult a thing is when you're ignorant, and you're preaching to others who are also ignorant about the subject matter, but people who actually understand programming can read the bug reports, the read about debugging methods and results, about the tests, et cetera, and can deduce when an action really can't be anything but monumental ignorance or, more likely, deliberately chosen. The ignorance of the apologists isn't equal to the actual experience of the people doing the work.

    "triggering script hang/out-of-memory issues through what seems to be deliberate behaviour when the script does not pass a collection of Web API checks (since the same behaviour was observed on their "officially supported browsers" as well if the user-agent was spoofed to Pale Moon!)"

    I'd love to see how those people try to spin this.

    Also, this is a perfect example of how large companies can both try to create the illusion of being open – several high profile Cloudflare people post on this site regularly – yet there's no way to actually communicate with a human who can do more than copy and paste from a script, unless you're a paying customer. No company should get to operate as a gatekeeper for much of the world yet have zero methods of communication unless you pay them.

  • Post Author
    koakuma-chan
    Posted March 16, 2025 at 1:21 am

    Are they blaming Cloudflare’s code for triggering a situation that they did not account for thereby causing the browser to crash? Sounds like a browser problem.

  • Post Author
    derf_
    Posted March 16, 2025 at 1:31 am

    One of the things I really appreciated when I worked for Mozilla was their legal department's policy that Mozilla employees not sign over-reaching NDAs [0]. Some of the points they insisted on:

    * It has to be limited in scope. It cannot just be "everything we give or tell you is confidential information."

    * Confidential information has to be clearly marked or indicated.

    * It has to be limited in duration. Not, "You are required to take this information to your grave."

    If your project does not have lawyers backing you up, you might not know to ask for these things, or might not think you have the negotiating leverage to get them. But I think they make a real difference to a developer working on an open-source project, and I encourage anyone presented with an NDA to insist on them.

    [0] https://wiki.mozilla.org/Legal/Confidential_Information

  • Post Author
    donnachangstein
    Posted March 16, 2025 at 1:35 am

    > Consequentially, our project is currently losing daily active users, and we're being damaged with our traffic-based income being undermined as a result.

    I'd like to know more about this "traffic based income". Does PaleMoon show ads? Or are they saying this somehow affects traffic to their download site?

  • Post Author
    imcritic
    Posted March 16, 2025 at 2:06 am

    CloudFlare sucks ass, they are the cancer of the modern internet. They block users for no good reasons with their captchas. There's no way to get any feedback. Fuck them. I started to stop visiting the sites that have this idiotic gatekeeping bullshit.

    CloudFlare, eat shit and die.

Leave a comment

In the Shadows of Innovation”

© 2025 HackTech.info. All Rights Reserved.

Sign Up to Our Newsletter

Be the first to know the latest updates

Whoops, you're not connected to Mailchimp. You need to enter a valid Mailchimp API key.