The 16‑kilobyte curtain. How Russia’s new data‑capping censorship is throttling Cloudflare
Technology
31
Beiträge
17
Kommentatoren
267
Aufrufe
-
A new form of state-level internet filtering that restricts data flow is disrupting access to large portions of the global web for Russian citizens. Cloudflare, the world leader in DDoS protection and high-traffic load management, is being targeted by these new data caps, which appear designed to push users toward Russian-controlled services. Meanwhile, the move leaves Russian businesses dangerously exposed.
-
A new form of state-level internet filtering that restricts data flow is disrupting access to large portions of the global web for Russian citizens. Cloudflare, the world leader in DDoS protection and high-traffic load management, is being targeted by these new data caps, which appear designed to push users toward Russian-controlled services. Meanwhile, the move leaves Russian businesses dangerously exposed.
According to technical experts, internet service providers across the country have begun implementing a rule that limits data transfers from sites using Cloudflare to just the first 16 kilobytes. This technique is relatively subtle but effective: very lightweight, basic websites can still load, creating a façade of normal internet function, while modern, media-rich sites are effectively broken.
16 KB per website? What part of the normal internet is that small? What part of the indie web is that small?
e.g. look at the smallest sites on https://512kb.club/
Or is this just 16kb per request, which would make more sense with the following explanation:
Analysts report that similar throttling is also being applied to other major western hosting providers popular with Russian users, including Germany’s Hetzner and the US-headquartered DigitalOcean... [they] are widely used by Russians to host private VPN servers, which allow them to bypass the Kremlin’s ever-widening blocklists.
AFAIK, VPNs maintain a long-standing connection that would definitely use more than 16kb at a time.
-
A new form of state-level internet filtering that restricts data flow is disrupting access to large portions of the global web for Russian citizens. Cloudflare, the world leader in DDoS protection and high-traffic load management, is being targeted by these new data caps, which appear designed to push users toward Russian-controlled services. Meanwhile, the move leaves Russian businesses dangerously exposed.
Its an endless arms race. Next will be chunking vpns that chunk requests down to 16kb packets and reassemble on the other end. There is nothing stopping a custom protocol from working around this limitation, in a safe secure manner.
Just a matter of time.
-
Its an endless arms race. Next will be chunking vpns that chunk requests down to 16kb packets and reassemble on the other end. There is nothing stopping a custom protocol from working around this limitation, in a safe secure manner.
Just a matter of time.
You could probably do it with http if the server properly supports the content range headers.
-
A new form of state-level internet filtering that restricts data flow is disrupting access to large portions of the global web for Russian citizens. Cloudflare, the world leader in DDoS protection and high-traffic load management, is being targeted by these new data caps, which appear designed to push users toward Russian-controlled services. Meanwhile, the move leaves Russian businesses dangerously exposed.
Cloudflare and Russia are both bad, take each other down pls
-
Cloudflare and Russia are both bad, take each other down pls
Why is cloudflare bad?
-
Why is cloudflare bad?
-
Why is this bad
-
Why is this bad
Wasting time on useless obstacles is bad
-
Care to expand on that? Why are captchas bad?
-
Wasting time on useless obstacles is bad
They're meant to prevent bot traffic to sites and protect from DDOS attacks
-
They're meant to prevent bot traffic to sites and protect from DDOS attacks
they also often prevent legitimate traffic from poorer countries, and aggressively so
-
they also often prevent legitimate traffic from poorer countries, and aggressively so
Well thems the breaks!
-
they also often prevent legitimate traffic from poorer countries, and aggressively so
I do not believe they limit it themselves, they just follow setting set by others. You can choose to block all traffic from certain counties of you want. Or not.
-
They're meant to prevent bot traffic to sites and protect from DDOS attacks
What the other commenter said and also accessibility issues, aand overall this is a problem which shouldn't face the end user at all. Just browsing has become just a nuisance after a nuisance nowadays. Just like cookie modals not adhering to browser settings or hiding the reject all behind extra steps.
-
Care to expand on that? Why are captchas bad?
Sorry, I assumed this was already common knowledge. There's another thread fork from a comment.
Tl;dr they're not good at their purpose and cause unneeded annoyance to users.
-
What the other commenter said and also accessibility issues, aand overall this is a problem which shouldn't face the end user at all. Just browsing has become just a nuisance after a nuisance nowadays. Just like cookie modals not adhering to browser settings or hiding the reject all behind extra steps.
Yeah would be sick if LLMs and bots just disappeared overnight
-
Yeah would be sick if LLMs and bots just disappeared overnight
Captchas ain't stopping them anyway
-
I do not believe they limit it themselves, they just follow setting set by others. You can choose to block all traffic from certain counties of you want. Or not.
i meant other types of captchas as well, but yes, cloudflare is fairly configurable. I also know other captchas can be more aggressive. And of course captchas can also block or harass "high privacy" configuration browsers and clients, and there's also the strategy of infinite delay, where a captcha is never quite sure you're really a human, so you have to work through 12 phases of it only to have to do the exact same thing again the next time you're on the site. Recaptcha V3 with its "automatic" background captcha is also in a surprising amount of places you'd never know about unless you're infected with some kind of The-Mainstream-Internet-Hates-You disease. Captchas discriminating against poor countries isn't some big secret though, as far as I'm aware it's fairly well known.
-
Sorry, I assumed this was already common knowledge. There's another thread fork from a comment.
Tl;dr they're not good at their purpose and cause unneeded annoyance to users.
And the cloudflare ones are broken as fuck. It varies but I often just can't pass them. Answer it, wheel goes round and then back to having to tick it and start again. Beep boop.
If I see a cloudflare check I often just don't bother loading the site at all.
