GitHub

Cloudflare Turnstile requiring fingerprinting WebGL

For about a week now, Cloudflare Turnstile (their “Verify You’re Human”

checking the device) runs indefinitely in my

Browser based on webkit-gtk.

Prevent access to a very small number of websites (previously, but it has gotten even worse recently).

Turns out it's because Cloudflare wants to have a fingerprint of your

device via WebGL, the only reason for this would be tracking.

Their pro-tracking non-justification copied here just in case:

Turnstile uses browser fingerprinting to verify that you are human. Privacy tools that block or randomize fingerprints make your browser look like a robot trying to hide its identity. Temporarily allowing fingerprinting for this site will resolve the issue.

Such things are blocked in WebKit, and have been for years.

This means that the tracking is so horrible that even Apple would block it,

and as far as I know, that's not the kind of privacy protection

you can easily disable it.

So Cloudflare just banned all WebKitGTK browsers, because I guess they

put an exception for Safari.

By the way, if you're wondering, Mozilla Firefox screwed up its WebGL fingerprinting protection: Bugzilla#1916271: Gecko reveals sanitized GPU specs; webkit and Blink return hardcoded strings for all users

More privacy.resist fingerprints

is not even activated

by selecting “Strict” “Enhanced Privacy Protection” in the settings,

great work Mozilla.

But I suppose once enabled, privacy-conscious Firefox users might

will not be able to pass Cloudflare's device verification in the future.