Here's what I suspect is happening when cloudflare puts up a 5- to 7-second delay with a spin screen and a simple captcha to "verify you are human":
A device fingerprint is being created.
The captcha itself is superfluous - a pretense that some human interaction is needed. But none is.
So there's a new fingerprint, but to be any use it must be compared to something - some collection of previous fingerprints or known attributes or something. So there's a database somewhere. And there must be a comparative analysis - so there's an algo running to determine next action.
I'm 99% sure of the above. What I don't know is:
- what is happening to the newly-created fingerprint? Is it deleted (I doubt it)? Is it being added to a database somewhere?
- If added to a database, who controls it, what other PII attributes does it contain, and who has access to it.
- where did the original database come from? Did cloudflare start from zero and build their own? If not, who provided it, what PII attributes does it contain, and who had access to it?
Whatever the answers to the above, I assume the database is kept forever and, with a simple request from a suitably powerful or politically connected agency - can be used to match device fingerprints in other databases, providing at least a partial record of sites a specific individual visited using a #vpn
We cannot have too much legit, non-stupid information about #privacy on #nostr (or anywhere else for that matter.) I am not someone who expects a lot from the general public but, holy $hit, it seems like some sort of universal contest going on for dumbest privacy belief/comment.
There is an endless need for legitimate, non-stupid #privacy information - in the nostrverse and everywhere else. For reasons I do not quite grasp, it seems much too common for social users to hold child-like, naive views about what privacy is, why we don't have any, how to get some back, and the level of effort required to maintain it. Also about the level of sophistication of those on the other side.
Good luck and Godspeed.
I'm not saying the explanation you propose is impossible. It isn't. It's just highly improbable. Why dont you elaborate on why you think a $1.2 Billion company with 20 years of R&D in threat identification, which was founded on the idea of identifying (email) spam, and was one of the first (maybe the originator of) "firewall in the cloud" services lacks the technical sophistication to identify legitimate connections from known VPN sources without imposing a captcha delay - a method which is, at best, of limited value in identifying bots.
"It's too complicated for them" is just not sufficient.
At the simplest level, imposing a captcha delay on VPN-originated connections may just be punitive - a penalty for attempts to opt out of surveillance marketing systems.
But it isn't much of a reach to suspect more detailed analysis occurs, with ongoing attempts at individual user identification to pierce VPN pseudonymity.
It is easy enough to identify legit IP addresses for known VPNs - just like it's easy to identify known IP addresses for major email list providers such as mailChimp or Amazon SES.
Your suggestion may well be another excuse they offer, but it's not a technically valid reason.
I would like to know what is actually, technically going on behind the scenes when #cloudflare throws a captcha just because I'm using a #VPN, claims it has detected "suspicious activity," and needs to "verify I am human."
I'm 90%+ sure neither of these stated justifications is honest and do not represent what's really happening.
It is much more likely, IMO, cloudflare is making some attempt at identifying me in order to sell marketing data - probably some pattern match of device profile to a known identity database. But I don't really know and would like to.
#askNostr
🤣
Startup Alarmed When Its AI Starts Rickrolling Clients
"Literally f*cking Rickrolling our customers."
https://futurism.com/the-byte/ai-startup-rickrolling
#breakthestate #anarchy #clownworld #rickroll
Never gonna give up on clownish AI assistants.
I didn't join #nostr with any intent to stop using [insert centralized social platform here]. I'm here on an exploration, not a crusade. Nevertheless, I've quickly found myself spending more time on nostr than any other - even though I have several fairly large Twitter/X lists following people (almost none on nostr) in certain niches where I like to stay up to date.
Now that's quite probably due to the newness and exploratory nature of my experience. But I see great potential here - even with the "Beta test" nature of it all.
Relays should be as easy to deploy as WordPress instances. Ditto for media servers. Being able to spin one up via relay.tools is a good start, as is being able to buy your own preconfigured hardware/software node from an umbrel or Start9.
I'd like to be able to deploy one on the VPS I already have, located in a data center I like, run by people I know. Unless there is some technical barrier I've missed, any decent VPS ought to be able to run it.
Hopefully that day will come soon .
Greatly appreciated!
I do not trust AI to tell me about history, law, science or other topics where I cannot easily and quickly verify its outputs, as I generally have no idea about its inputs, nor about its parameters for analysis. But I do use it quite a bit to analyze bits of code and help me change and customize stuff.
For instance, I do not really know CSS, HTML, PHP, RegEx, twig, yaml, XML, etc.I'm not even particularly good with the Linux command line. But I can feed some code snippet to an AI, tell it what I want to accomplish, and have it analyze the snippet and give me suggested changes. I can then test the changes and verify the results.
I used this technique to #selfhost my NIP-05 address and avatar so I don't have to rely on a third-party service. Trivial tasks really, but useful for me.
My preferred AI for this type of work is currently perplexity.AI for two reasons:
- I don't have to login if I don't want to
- perplexity links to multiple sources for its reply so I can dig in further if needed
nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug, I un-/reinstalled Amethyst from F-Droid today and the standard "like" symbols are missing/replaced by rocketship, googly eyes, etc. Is this intentional change or something else?
FWIW, there is no share modal avail when I choose either "Database export" or "OPML export" in AntennaPod. There is only a local file save option. I look forward to the update.
Thank you! I will give it a third try.
I had an existing .htaccess. it already had a line in it to allow access to /.well-known while restricting access to everything else. However, the line was different. I had to ask perplexity.ai for assistance in analyzing the .htaccess file to discover that I had caused an error by adding a redundant line.
You will see it in the part of the app description which states the "Requirements" at the google play store. Users of the Aurora Store interface to Google Play may see it listed under the app name.
nostr:nprofile1qqs9cy8dqeugq52k6w00rmmdgcgslc08ukg2upycdn853wsjn8948cspz9mhxue69uhkummnw3ezuamfdejj75xtcva, this is a test. Can you reply to this please.
#askNostr #nostrDevs
What I meant to ask is whether any nostrDevs are working on packaging up the necessary code to install a relay on a hosted VPS, similar to how WordPress, Lime Survey, MediaWiki or other server-side software can be installed via Softaculous?
Any #nostrDevs working on to/from content publishing with the #grav cms? #askNostr