cyberMonk
/
liberethos_paradigm
2
0
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

CloudFlare discriminates against people with impairments

This commit is contained in:
cyberMonk 2021-02-18 22:09:54 -05:00
parent 3f35c05e82
commit 6402192352
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
rap_sheets/cloudflare.md
View File

@ -23,17 +23,19 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
1. CloudFlare also discriminates against people with impairments and disabilities (details in the human rights section)
1. CloudFlare's detriment to **human rights**
1. CAPTCHAs put humans to work for machines when it is machines who should be working for humans. The labor violates the 13th amendment of the US Constitution due to involuntary servitude. The most perverse manifestation is when a citizen attempts to access a government service such as voter registration, and they're forced to solve a puzzle, the labor of which compensates CloudFlare instead of the laborer.
1. CF discriminates against people with impairments and disabilities by imposing a proprietary "hCAPTCHA," which violates several [WCAG 2.0 principles](https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines):
| ***WCAG Principle*** | ***How the Principle is Violated*** |
|---|---|
| *1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.* | hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.|
| *1.2: Time-based media: Provide alternatives for time-based media.* | hCAPTCHA has an invisible timer that the user cannot control.|
| *1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.*| When a user attempts to use `lynx`, `w3m`, `wget`, `cURL`, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible.|
| *2.1: Make all functionality available from a keyboard.* | The hCAPTCHA does not accept answers from the keyboard. |
| *2.2: Provide users enough time to read and use content.* | If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit. |
| *3.1: Make text content readable and understandable.* | When the CAPTCHA says "select all images with parking meters", how is someone in Ireland supposed to know what a parking meter in the USA looks like? When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.|
| *3.2: Make web pages appear and operate in predictable ways.* | It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.|
| *4.1.: Maximize compatibility with current and future user agents, including assistive technologies.* | When a user attempts to use `lynx`, `w3m`, `wget`, `cURL` or any other text-based tool, the blockade imposes tooling limitations on the user. |
1. CF discriminates against people with impairments and disabilities
1. CF attacks robots that help provide an alternative user interface for users that are impaired or handicapped.
1. CF imposes a proprietary "hCAPTCHA," which violates several [WCAG 2.0 principles](https://en.wikipedia.org/wiki/Web_Content_Accessibility_Guidelines):
| ***WCAG Principle*** | ***How the Principle is Violated*** |
|---|---|
| *1.1: Provide text alternatives for any non-text content so that it can be changed into other forms people need, such as large print, braille, speech, symbols or simpler language.* | hCAPTCHA wholly relies on graphical images. There is no option for a text or audible puzzle.|
| *1.2: Time-based media: Provide alternatives for time-based media.* | hCAPTCHA has an invisible timer that the user cannot control.|
| *1.3: Create content that can be presented in different ways (for example simpler layout) without losing information or structure.*| When a user attempts to use `lynx`, `w3m`, `wget`, `cURL`, or any other text-based tool, the CAPTCHA is inaccessible and thus unsolvable. The website's content is thus also inaccessible.|
| *2.1: Make all functionality available from a keyboard.* | The hCAPTCHA does not accept answers from the keyboard. |
| *2.2: Provide users enough time to read and use content.* | If you don't solve the hCAPTCHA puzzle fast enough, the puzzle is removed and the user must start over. Some puzzles are vague and need time to ponder that exceeds the time limit. |
| *3.1: Make text content readable and understandable.* | When the CAPTCHA says "select all images with parking meters", how is someone in Ireland supposed to know what a parking meter in the USA looks like? When the CAPTCHA says "click on all squares with a motorcycle" and shows an image of an apparent motorcycle instrument panel, it's unclear if that qualifies (it could be a moped). Another image showed a scooter with a faring that resembled a sports bike. Some people would consider it a motorcycle. When the CAPTCHA said "click on all squares with a train", some of the images were the interior of a subway train or tram. Some people consider a subway to be a train underground, while others don't equate the two. The instructions are also sometimes given in a language the user doesn't understand.|
| *3.2: Make web pages appear and operate in predictable ways.* | It's unpredictable whether the IP reputation assessment will invoke a CAPTCHA and also unpredictable whether a CAPTCHA solution will be accepted. The time you have to solve the puzzle is also unpredictable.|
| *4.1.: Maximize compatibility with current and future user agents, including assistive technologies.* | When a user attempts to use `lynx`, `w3m`, `wget`, `cURL` or any other text-based tool, the blockade imposes tooling limitations on the user. |
5. CloudFlare inflicts customers and web users with excessive **vulnerabilty** to exploits.
1. CloudFlare's immense centralization becomes catastrophic when a single bug emerges. The degree of damage is acutely heightened when over 10% of the web is subject to vulnerabilities on CloudFlare. The enticement for malicious hackers to find a zero-day is also greatly heightened as a result of the widespread scale of impact. *Cloudbleed* was a vulnerability that had serious widespread consequences. Even a simple accident at CloudFlare like a one-line erroneous regular expression brought down a huge segment of the web on July 17th, 2020. August 11-12: "Cloudflare went down and took over Discord [and some game program](https://nitter.net/RVWssb/status/1293371696418889730#m) (which proxies packets through Cloudflare)."
1. A *tragedy of the commons* has manifested. Website owners are baited to act independantly in their own self interest by using CloudFlare at no charge-- but each website that becomes part of CloudFlare shrinks the ethical decentralized web while incrementing the size of the centralized walled-garden which inflicts harm to everyone collectively. Each website owner only perceives CloudFlare as solving their problem but unwittingly they create a host of new problems for everyone else. It's a selfish move that occurs on a much larger scale than the quantity of selfish personalities because most of CloudFlare's patrons are kept in the dark as to the harm they're contributing to.
@ -83,7 +85,7 @@ CloudFlare is a vigilante extremist organization that takes the decentralized we
1. CF forces transmission of copious bandwidth-wasting images in order to supply CAPTCHAs.
1. hCAPTCHA uses 4 levels of nested javascript. So users with j/s disabled are often forced to reload the CAPTCHA page 4 times just to see the puzzle.
1. Even with all javascript loaded and executed to the extent needed to support the CAPTCHA, the CAPTCHA server itself often refuses to serve a puzzle due to a blown traffic threshold for an IP address. When the CAPTCHA fails to render or when a human user fails to solve the CAPTCHA, all the energy spent reaching the point of denial is to a total loss. Whether the user continues to reattempt or they give up, the energy waste is a loss for all parties and a detriment to the environment ultimately for no benefit.
1. CloudFlare stifles innovation and culture. Robots are a crucial component to innovation. CF's attack on robots means people can't even use wget to download files. As a consequence, mp3 files (for example) can only be downloaded one at a time by manually clicking on each file.
1. CloudFlare **stifles innovation** and culture. Robots are a crucial component to innovation. CF's attack on robots means people can't even use wget to download files. As a consequence, mp3 files (for example) can only be downloaded one at a time by manually clicking on each file. An immeasurably broad range of innovations depend on robots to provide capabilities that are not economically viable with manual labor. Many robotic innovations are created for the sole purpose of improving the usability of user interfaces that are either poorly designed for all users or the design overlooks the needs of some users.
1. **False statements, deceptive practices, and poor character of CloudFlare**
1. No transparency: as Cloudflare performs a DoS attack on Tor users they obviously do not inform web owners. Web owners are usually unaware that legitimate patrons are being blocked from accessing their site. These businesses are all damaged so that one business can profit.
1. False errors are displayed when j/s is disabled.