The simplicity of it is logic defying. It used to be that you had to find crosswalks or move puzzle pieces or type blurred letters and numbers, but NOW all the sudden I can just click a box and HEY!, I’m human?

That’s hardly the Turing Test I’d expected.

  • @[email protected]
    link
    fedilink
    243 months ago

    Cloudflare knows almost everything done from your IP address because they’re used by the majority of websites. And some websites are using a cloudflare signed TLS certificate so if cloudflare wants, can see the content of the communication instead of an encrypted package

    So they know if you have a human behavior (visiting many different websites at human speed and having rests during sleeping time) or if you have a bot behavior (sending millions of requests to the same endpoint at superhuman speeds)

    • @[email protected]
      link
      fedilink
      Deutsch
      43 months ago

      I’d argue that the certificate authority does not have the ability to decrypt your communication because of the nature of private and public key mechanism during the whole TLS certificate procedure. You do not send your web servers private key to cloudflare when requesting a certificate.

      That would actually be pretty wild…

      Other then that you’re probably right.

      • @[email protected]
        link
        fedilink
        23 months ago

        There’s a default setting that allows unencrypted communication between the server and cloudflare. So they receive unencrypted data, sign with their certificate. Or send with self signed certificate, they decrypt and reencrypt. Or for some reason can download and import on the server their own internal use certificate.

        • @[email protected]
          link
          fedilink
          Deutsch
          23 months ago

          You’re right, forgot that you can just not encrypt on your servers end and use cloudflare to do that for you, especially when used as CDN