It appears that you may have made some modifications to your user agent string. If you revert your user agent to the one provided by default by your browser vendor everything will be fine.
It really hits home the point of how shitty the web has become. Ad companies and malware distributors come up with bad and worse ways to interfere with my browsing, and the “good guys” need to match with increasingly invasive and fragile anti measures.
Sort of like having to take of your shoes when you board a plane. If that’s what it takes, isn’t it just better to stay home?
Honestly what is the point of user-agent at all if it needs to be set to some changing, magical incantation in order for a browser (or any other agent) to be functional?
I hate the direction the internet and tech is going, and I hate even more that I'm seemingly powerless to do anything about it
Pure conjecture: The "security solution" probably wanted to ban the user for a reason unrelated to the UA string, and was only able to (i.e., the user was only identifiable uniquely enough) because of the odd UA string. Switching to the standard UA string places the user into a state sufficiently non-unique as to be unidentifiable and thus unblockable.
If omit the user-agent string or, even better, the user-agent header itself, everything will be fine, too.
Tested with Cloudflare and many, many other servers over many years.
On the whole, taking the entire web into account, it is rare for a user-agent string to be required.
However, it has become common for servers to make many assumptions based on user-agent strings.
I would guess there are many tech workers whose entire job rests on the assumption that user-agent strings are always present, rarely manipulated^1 and accurately represent the user's hardware and software.
1. For example, changed using "Developer Tools" in the major browsers. Google's browser has some user-agent presets for "testing" in DevTools (Ctrl-Shift I, Ctrl-Shift P, Drawer Show Network Conditions). Those should be safe to use for logins to Google websites. Try them out, e.g., when logging into Gmail and watch how the user can request vastly different web page styles based only on user-agent string.
It appears that setting it to the same as Chromes does indeed work!
for context this is what I had set (and, for quite some time it was working): "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecho/20100101 Firefox/57.0"
Ironically I set this so that I could continue logging in to google. Since I had been unable to log in to google-apps without setting this user agent string.
It's the severely-outdated Firefox version number. Spambots and crawlers sometimes have user-agent strings corresponding to very old browsers, because they were set once when the bot was created and then never updated. On an unrelated site that I run, we get a lot of traffic with user agent strings corresponding to implausibly-old browsers, and it's ~100% bots.
Two full years for an evergreen web browser, which contains probably the largest surface area for software exploits of anything on the machine? I’d argue absolutely yes.
As others have echoed, this is probably a huge marker for malicious bots to Cloudflare.
The evergreen browser is a thing, but the idea that everyone can trivially upgrade those browsers is promulgated as true when it's a bit of a myth.
It is sometimes expensive for people to upgrade browsers, called evergreen by developers so they can avoid annoying support expenses for a few percent of people.
I had a phone running a Mozilla browser, which received updates until it didn't any more.
Then the only way to upgrade browser was to purchase a new smartphone.
Unfortunately it was a superb device with no newer replacement, so to upgrade browser I had to downgrade my smartphone for other uses, and pay the cost of an expensive new smartphone despite not really wanting one. But sites saw it as "you are running an old Firefox, you obviously can trivially upgrade".
I still have a perfectly great old Android tablet running an old version of Chrome which cannot be updated. Other than website compatibility, everything on it that it is used for is still working flawlessly. Perfect screen, sound, wifi, memory, battery.
For now, enough sites work on it that I still use it. That can be replaced easily with another tablet, but it is disappointing to have to spend cash and throw away a working product to e-waste, just to replace it with a functionally identical device because of the way the software treadmill works. (It doesn't have to work like that, it's a choice made by developers collectively.)
Yes, plus one of FF's upgrade slipped in the change that ignored your setting on "allow unsigned extensions" which broke a vital UX app I had been maintaining after it got abandoned (pentadactyl: I had gotten so used to clicking links from the keyboard that it was really frustrating when I suddenly couldn't; fortunately there have been similar projects since that carried the torch).
I mean, they said they gave long notice for the change, but I didn't think that a browser that "empowered users" and "gave them control of their machines" would ever do that. I mean, if every change has to be approved by Mozilla, why not just shrink wrap the browser and make me get it from Microsoft at Best Buy?
Between the huge and complex attack surface and being exposed to a huge number of untrusted websites, running a browser without security updates is pretty risky. So I'd call any unsupported browser "severely outdated".
Long term support (ESR) Firefox releases are supported for about 15 months from release. And even that means using a major version that old, not a point version that old. Firefox 57 wasn't even an ESR, so it went out of support a couple of months after release.
Having a Chrome UA is a MUST on webkit based browsers if you want Google's taxing services such as Earth/Maps/Gmail and so on being faster and smoother than ever. Seriously.
Once you open Street View on luakit/vimb with a Chrome UA, the diff is night and day.
I used straight firefox and was still banned just fine. It didn't start in 2019 either. Chrome is their cash cow, if you don't use it, you're a liability.
> It’s the same thing, recognizing that the MITM is neither male, nor human at all.
I don't see why this is important for a technical term. People hear the term as a slug, a group of words, not as discrete ones. No one actually pictures a man or anything else in the middle upon hearing the term. The difference is that the purpose of language is to communicate with others, and everyone understands man in the middle. I look up the "alternative" and get more results for "Henry the Hugglemonster" than I do for network traffic interception.
I can see both sides of the argument here, but don't really have an opinion. Perhaps if I weren't a middle-aged, middle-class, white male in a Western country, I'd feel more strongly about it. As it is, I do feel a bit of "social justice fatigue" on issues like this.
