Executive TL;DR
- Cloudflare Turnstile requires fingerprintable WebGL, raising privacy concerns.
- Some users are experiencing issues with non-Chrome browsers due to Turnstile’s fingerprinting methods.
- There are calls for more flexible solutions, such as falling back to proof-of-work instead of blocking users.
The Buzz Score
The Internet’s Verdict: 70% Hyped, 30% Skeptical
Forum Voices
Users are discussing the implications of Cloudflare Turnstile’s fingerprinting methods.
Cloudflare is known to use fingerprinting to detect scrapers For example, they use JA3 fingerprints and match them against the UA to block stuff like cURL while allowing OkHttp (Android clients) – but this can be easily be spoofed with packages such as CycleTLS.
Others are concerned about the impact on non-Chrome browsers.
If they know you’re spoofing, you’re not spoofing hard enough. This stupid ‘war against bots’ is going to lead to the downfall of the Internet and effectively turn it into another walled garden where only ‘approved’ (anti-)user agents are allowed.
Conclusion
The debate surrounding Cloudflare Turnstile highlights the need for a balance between security and user privacy.
Focus Keyword: Cloudflare Turnstile
