The 16‑kilobyte curtain. How Russia’s new data‑capping censorship is throttling Cloudflare

The 16‑kilobyte curtain. How Russia’s new data‑capping censorship is throttling Cloudflare (zona.media)
from Pro@programming.dev to technology@lemmy.world on 19 Jun 12:06
https://programming.dev/post/32494035

A new form of state-level internet filtering that restricts data flow is disrupting access to large portions of the global web for Russian citizens. Cloudflare, the world leader in DDoS protection and high-traffic load management, is being targeted by these new data caps, which appear designed to push users toward Russian-controlled services. Meanwhile, the move leaves Russian businesses dangerously exposed.

#technology

threaded - newest

LWD@lemm.ee on 19 Jun 12:28 next collapse

According to technical experts, internet service providers across the country have begun implementing a rule that limits data transfers from sites using Cloudflare to just the first 16 kilobytes. This technique is relatively subtle but effective: very lightweight, basic websites can still load, creating a façade of normal internet function, while modern, media-rich sites are effectively broken.

16 KB per website? What part of the normal internet is that small? What part of the indie web is that small?

e.g. look at the smallest sites on 512kb.club

Or is this just 16kb per request, which would make more sense with the following explanation:

Analysts report that similar throttling is also being applied to other major western hosting providers popular with Russian users, including Germany’s Hetzner and the US-headquartered DigitalOcean… [they] are widely used by Russians to host private VPN servers, which allow them to bypass the Kremlin’s ever-widening blocklists.

AFAIK, VPNs maintain a long-standing connection that would definitely use more than 16kb at a time.

CEbbinghaus@lemmy.world on 19 Jun 12:45 next collapse

Its an endless arms race. Next will be chunking vpns that chunk requests down to 16kb packets and reassemble on the other end. There is nothing stopping a custom protocol from working around this limitation, in a safe secure manner.

Just a matter of time.

Ghoelian@lemmy.dbzer0.com on 19 Jun 20:48 collapse

You could probably do it with http if the server properly supports the content range headers.

greenbit@lemmy.zip on 20 Jun 10:48 next collapse

Cloudflare and Russia are both bad, take each other down pls

NotProLemmy@lemmy.ml on 20 Jun 12:57 collapse

Why is cloudflare bad?

greenbit@lemmy.zip on 20 Jun 13:46 collapse

anachrohack@lemmy.world on 20 Jun 13:49 next collapse

Why is this bad

greenbit@lemmy.zip on 20 Jun 13:53 collapse

Wasting time on useless obstacles is bad

anachrohack@lemmy.world on 20 Jun 14:06 next collapse

They’re meant to prevent bot traffic to sites and protect from DDOS attacks

baguettefish@discuss.tchncs.de on 20 Jun 14:22 next collapse

they also often prevent legitimate traffic from poorer countries, and aggressively so

anachrohack@lemmy.world on 20 Jun 14:24 next collapse

Well thems the breaks!

nexguy@lemmy.world on 20 Jun 14:32 collapse

I do not believe they limit it themselves, they just follow setting set by others. You can choose to block all traffic from certain counties of you want. Or not.

baguettefish@discuss.tchncs.de on 20 Jun 18:01 collapse

i meant other types of captchas as well, but yes, cloudflare is fairly configurable. I also know other captchas can be more aggressive. And of course captchas can also block or harass “high privacy” configuration browsers and clients, and there’s also the strategy of infinite delay, where a captcha is never quite sure you’re really a human, so you have to work through 12 phases of it only to have to do the exact same thing again the next time you’re on the site. Recaptcha V3 with its “automatic” background captcha is also in a surprising amount of places you’d never know about unless you’re infected with some kind of The-Mainstream-Internet-Hates-You disease. Captchas discriminating against poor countries isn’t some big secret though, as far as I’m aware it’s fairly well known.

greenbit@lemmy.zip on 20 Jun 15:25 next collapse

What the other commenter said and also accessibility issues, aand overall this is a problem which shouldn’t face the end user at all. Just browsing has become just a nuisance after a nuisance nowadays. Just like cookie modals not adhering to browser settings or hiding the reject all behind extra steps.

anachrohack@lemmy.world on 20 Jun 17:25 collapse

Yeah would be sick if LLMs and bots just disappeared overnight

greenbit@lemmy.zip on 20 Jun 17:35 collapse

Captchas ain’t stopping them anyway

mic_check_one_two@lemmy.dbzer0.com on 21 Jun 00:13 collapse

Except that bots already have a higher pass rate than humans, so the captcha isn’t even good at preventing bots.

underwire212@lemm.ee on 21 Jun 06:43 collapse

The obstacles serve a specific purpose though. Do you believe this purpose is unimportant?

greenbit@lemmy.zip on 21 Jun 06:54 collapse

As usual, the purpose doesn’t justify the means. The goal could and should be achieved without this nonsense

underwire212@lemm.ee on 21 Jun 06:56 collapse

How so?

greenbit@lemmy.zip on 21 Jun 07:59 collapse

These active captchas instead of methods not visible to the user are worse at hindering nefarious use than regular human use

underwire212@lemm.ee on 22 Jun 01:54 collapse

What’s regular?

CybranM@feddit.nu on 20 Jun 13:57 collapse

Care to expand on that? Why are captchas bad?

greenbit@lemmy.zip on 20 Jun 15:28 next collapse

Sorry, I assumed this was already common knowledge. There’s another thread fork from a comment.

Tl;dr they’re not good at their purpose and cause unneeded annoyance to users.

Korhaka@sopuli.xyz on 20 Jun 20:06 next collapse

And the cloudflare ones are broken as fuck. It varies but I often just can’t pass them. Answer it, wheel goes round and then back to having to tick it and start again. Beep boop.

If I see a cloudflare check I often just don’t bother loading the site at all.

greenbit@lemmy.zip on 21 Jun 03:42 collapse

Yeah cloudflare gets a similar reaction as a paywall. Fuck this site, I’ll go somewhere else

cevn@lemmy.world on 21 Jun 00:50 next collapse

Agree

Redex68@lemmy.world on 21 Jun 10:20 collapse

Idk man, I’ve seen hundreds of examples showcasing how they significantly reduce bot traffic. The point isn’t to make it impossible for a bot to get past it, it’s to make it so expensive per request that it’s not worth it.

greenbit@lemmy.zip on 21 Jun 11:30 collapse

I’m not saying the effect on bot traffic is none

chunes@lemmy.world on 21 Jun 08:37 collapse

Because they are anti-vpn and thus anti-privacy.

GreenKnight23@lemmy.world on 21 Jun 09:04 collapse

it’s about time someone fuckin did it.

it’s a shame it’s Russia though.

phoenixz@lemmy.ca on 21 Jun 17:38 collapse

What are you even talking about?

GreenKnight23@lemmy.world on 21 Jun 18:37 collapse

cloudflare is a symptom of the corporatization of the internet.

they goals are counter to the goals of the internet to be a distributed repository of communities and information.

CF not only unifies all the communications through their services, which can cause worldwide outages (happens literally every year), but collects and tracks users across all other network requests.

CF is anti-privacy and pro-corporate interests.

phoenixz@lemmy.ca on 21 Jun 20:30 collapse

That clarifies it, thanks