this post was submitted on 27 Jan 2025

201 points (95.5% liked)

Digital Fiefdom (aka walled-garden) Required

56 readers

2 users here now

This community collects stories, cases and situations where people are forced into a walled-garden to carry out a public transaction or essential task of some kind. As governments impose a digital transformation policy with no analog refuge, people are forced into becoming serfs in a technofeudal system that is subservient to lords (Microsoft, Cloudflare, Google, etc).

Well-known walled gardens include (but are not limited to):

Cloudflare
Microsoft LinkedIn
Microsoft Github¹
Facebook
Twitter
Paypal
Google
Amazon
iOS

(note I do not say X or Meta above because I do not recognize or promote obnoxious and detrimental trademarks)

¹It’s somewhat unlikely that a gov would impose Github, but it is listed as an example because some govs do have git services. E.g. the EU has a public-facing self-hosted git instance.

Somewhat related communities:

founded 1 month ago

MODERATORS

[email protected]

201

US Department Of Government Efficiency (doge.gov) uses Cloudflare to block Tor (LOL at the hypocrisy) (cyberplace.social)

submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

Love the irony and simultaneous foreshadowed embarrassment of Elon denying availability and service as a way to be more efficient.

The irony

Cloudflare enables web admins to be extremely bloated. Admins of Cloudflared websites have no incentive to produce lean or efficient websites because Cloudflare does the heavy lifting for free (but at the cost of reduced availability to marginalized communities like Tor, VPNs, CGNAT, etc). So they litter their website with images and take little care to choose lean file formats or appropriate resolutions. Cloudflare is the #1 cause of web inefficiency.

Cloudflare also pushes countless graphical CAPTCHAs with reckless disregard which needlessly wastes resources and substantially increases traffic bloat -- all to attack bots (and by side-effect text-based users) who do not fetch images and thus are the most lean consumers of web content.

The embarrassment

This is a perfect foreshadowing of what we will see from this department. “Efficiency” will be achieved by killing off service and reducing availability. Certain demographics of people will lose service in the name of “efficiency”.

It’s worth noting that DOGE is not using Cloudflare’s default configuration. They have outright proactively blacklisted Tor IPs to ensure hard-and-fast fully denied service to that demographic of people. Perhaps their PR person would try to spin this as CAPTCHA avoidance is efficient :)

The other embarrassment is that they are using Cloudflare for just a single tiny image. They don’t even have enough competency to avoid CF in the normal state & switch it on demand at peak traffic moments.

The microblog discussion

Microblog chatter here.

top 25 comments

sorted by: hot top controversial new old

[–] [email protected] 43 points 1 week ago (1 children)

You say all this like they should be embarrassed, but they don't care about any of that. Establishing authority is all they care about right now

[–] [email protected] 5 points 1 week ago* (last edited 1 week ago)

“Should be” embarrassed and “caring” are two different things. Indeed they do not care about the embarrassment as this shitshow rolls out. If they cared, they would make corrections.

Just like Trump is an embarrassment to the country. He is too oblivious and cannot step outside himself to even know of the embarrassment he brings to the country.

In the case of DOGE, the embarrassment is only visible to the small segment of informed digital rights proponents. We should of course express the embarrassment to spread awareness.

[–] [email protected] 12 points 1 week ago (1 children)

When did Congress create this department? And xelon can't work there when/if they do until he divests his companies.

[–] [email protected] 19 points 1 week ago (1 children)

The department wasn't "created" really. It was just an older Obama department renamed.

[–] [email protected] 4 points 1 week ago (2 children)

What's the older name?

[–] [email protected] 18 points 1 week ago

The Digital Service was created by President Barack Obama in 2014 to modernize the government’s approach to technology. Its chief original mission was to fix the many glitches and digital problems that plagued the rollout of HealthCare.gov, the site associated with Obama’s signature health care law, which Trump has spent most of his political career bashing.

Source: https://apnews.com/article/doge-government-trump-executive-order-1a2fb7235b9d6f178c764cf6c78d3317

[–] [email protected] 9 points 1 week ago* (last edited 1 week ago)

The United States Digital Service

Note: the purposes and scope are completely different so it is like a new department

[–] [email protected] 8 points 1 week ago (1 children)

Russia and other authoritarian regimes block Tor endpoints too.

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago)

I wonder how that can best be expressed without overly cluttering the forum. The purpose of the forum is to track that, so it would be useful if someone would post lists of signficant or essential public resources that are in walled gardens. Maybe one thread for all of North Korea and a thread for Russia, .. Venezuala, etc. But note as well if Tor is blocked but not in a fiefdom (walled garden), then [email protected] is the best place to post them.

[–] [email protected] 8 points 1 week ago (1 children)

Cloudfllare sites don't work with CGNAT?

I'm behind a CGNAT and I have never encountered any issues? And when I think about it I don't believe I have noticed any issues with using VPN either.

IMO I greatly prefer Cloudfllare captchas over Google's.

[–] [email protected] 3 points 1 week ago* (last edited 1 week ago) (1 children)

I’m behind a CGNAT and I have never encountered any issues? And when I think about it I don’t believe I have noticed any issues with using VPN either.

All shared IPs have a propensity to face Cloudflare’s preemptive attack on them. Some people on VPNs and CGNAT face chronic CAPTCHAs and hostile treatment just like Tor users do. And some get lucky and escape the collective punishment. It’s a game of chance. If you happen to be on a subnet or IP range without any significant or notable bad actors, it’s quite possible that you don’t get targeted by Cloudflare. I’ve even seen public libraries that get harsh treatment by Cloudflare, likely because a bad actor used the library and ruined the library’s IP reputation.

Someone in this thread reports hostile treatment when they use Opera GX, which is a VPN service.

This article covers some of the groups of people excluded by Cloudflare.

[–] [email protected] 1 points 1 week ago (1 children)

That's fair. I don't really think it's cloudflares fault though. Since it's a feature that websites use to protect against bad actors and robots. No one forces anyone to use cloudflare. Those websites would likely have gone with somebody else if cloudflare didn't provide that service

[–] [email protected] 1 points 1 week ago* (last edited 1 week ago) (1 children)

That’s fair. I don’t really think it’s cloudflares fault though.

First of all you have to separate Cloudflare’s pre-emptive attack on Tor from that of other targets (VPN, CGNAT). The difference is that the Cloudflare patron is given control over whether to block Tor but not the others.

Non-Tor blocks

Cloudflare is of course at fault. CF made the decision to recklessly block whole groups of people based on the crude criteria of IP reputation associated to a member of the whole group. It would be like if someone was spotted shoplifting as they were running out the door, and security only got a glimpse of red hair. And then the store would refuse service to all people with red hair to make sure the one baddy gets blocked. It’s discriminatory collective punishment as a consequence of sloppy analysis.

Since it’s a feature that websites use to protect against bad actors and robots.

It’s an anti-feature because it’s blunt tool cheaply created by a clumbsy tech giant who has the power to bully and write-off the disempowered who they marginalize as acceptible collateral damage.

Tor blocks

Cloudflare defaults to harrassing Tor visitors with CAPTCHAs which are usually broken (because the CAPTCHA service CF hires is itself tor-hostile, but CF is happy because CF profits from the uncompensated labor from the captcha solutions). The CF patron can whitelist Tor or blacklist Tor (in addition to default shit show). DOGE proactively chose to blacklist the Tor community.

Defaults are important. Read about “the power of defaults” and how Google paid billions to Mozilla just to be a default search engine in the browser. The money speaks to that importance. CF is 100% responsible for the default state of their sites. Cloudflare (and CF alone) decide what the default setting is.

No one forces anyone to use cloudflare.

Exactly why someone using Cloudflare rightfully gets the blame for their shitty choice to use CF. Most particularly when it is a tax-funded service. At least in the private sector we have the option of walking. I will not use a CF website (even if Tor is whitelisted) - so they lose my business. But when public money is spent on CF who denies demographics of people who are entitled to the gov service, it’s an injustice because you cannot boycott gov services (you cannot get a tax refund if you are excluded).

[–] [email protected] 1 points 1 week ago (1 children)

I didn't really consider tor since that is not something I use at all.

It’s an anti-feature because it’s blunt tool cheaply created by a clumbsy tech giant who has the power to bully and write-off the disempowered who they marginalize as acceptible collateral damage

No ddos protection and all that is absolutely a necessary feature for lots of sites.

[–] [email protected] 1 points 5 days ago* (last edited 5 days ago) (1 children)

Blocking Tor is useless for DDoS protection because there are not enough exit nodes to impact a US federal website more than a fly on the windscreen of a 16 wheel tracktor-trailor. Such an attempt will bring down Tor itself before the DOGE admins even notice.

[–] [email protected] 1 points 5 days ago

I didn't comment on the TOR part. I don't know anything about that. So I can't take any stance.

[–] [email protected] 7 points 1 week ago

How is this page even paid for? Congress hasn't approved a dime for this made up department.

[–] [email protected] 6 points 1 week ago

Not just Tor.

Opera GX on mobile is also blocked. Might just be because they are building it up atm?

[–] [email protected] 3 points 1 week ago (1 children)

It seems like they block all non us traffic as I'm blocked in Norway (I'd imagine that's due to gdpr, but the Whitehouse website is perfectly accessible)

[–] [email protected] 2 points 6 days ago (1 children)

Does your block screen look different than the attached snapshot?

[–] [email protected] 2 points 6 days ago

Nope. I think it's identical

[–] Shadow 2 points 1 week ago (1 children)

all to attack bots (and by side-effect text-based users) who do not fetch images and thus are the most lean consumers of web content.

You confuse bandwidth and resources. Bots are often the most impactful clients of any site, because serving an image costs virtually nothing. Generating a dynamic page is WAY more resource intensive.

[–] [email protected] 0 points 1 week ago* (last edited 1 week ago) (1 children)

You confuse bandwidth and resources.

Bandwidth is a resource. Citations needed for claims to the contrary.

Bots are often the most impactful clients of any site, because serving an image costs virtually nothing.

Nonsense. Text compresses extremely well. Images and media do not in the slightest approach the leanness of text.

Try using the web through a 2400 baud modem. Or try using a mobile connection with a small monthly quota of like 3gb and no other access. You will disable images your browser settings in no time.

Generating a dynamic page is WAY more resource intensive.

Bots and humans both trigger dynamic processing, but bots and humans of text-based clients to a lesser extent because the bandwidth-heavy media is usually not fetched as a consequence and JavaScript is not typically fetched and executed in the first place.

[–] Shadow 4 points 1 week ago* (last edited 1 week ago) (1 children)

I'm guessing you've never run infra for a popular site before.

Yes bandwidth is a resource, but unless you're hosting Flickr or haven't optimized your images, it's not the most in demand resource. It's also one of the cheapest parts, compared to paying for the ram / CPU / multiple machines required to support a large site.

I've debugged hundreds of customers who suddenly had their site fall over. Not a single one was due to their bandwidth being saturated, it's almost always bots hitting some poorly optimized code.

Trying to spin images as the primary resource consumer of running websites, just isn't true.

[–] [email protected] 2 points 1 week ago* (last edited 1 week ago)

This guy infras.