curl-impersonate VS challenge-bypass-extension

> us[e] Akamai to block scraping

Would https://github.com/lwthiker/curl-impersonate help? Haven’t tried with Akamai, but did help with another widely used CDN that shall remain unnamed (but has successfully infused me with burning hate for their products after a couple of years’ worth of using an always-on VPN to bypass Internet censorship and/or a slightly unusual browser).

But before that, I had to create a development environment where I could do the coding. I used Docker and created a docker-compose.yml file on my local system to build a container. At first, I did that on an Arm based computer and the first problem appeared. Although RSS-Bridge was working fine, I couldn't get any data, and the reason was that Ko-Fi.com uses Cloudflare CDN. This is something that a lot of people had issues with in the past. RSS-Bridge solves that problem by using a special build of curl that can impersonate the four major browsers: Chrome, Edge, Safari & Firefox. But unfortunately, that library doesn't work well on Arm-based systems, so I had to move to my trusty Intel-based Linux computer.

Curl-Impersonate: https://github.com/lwthiker/curl-impersonate A special build of curl that can impersonate Chrome & Firefox

I haven’t seen a custom build of Wget, but for Curl there is curl-impersonate[1].

[1] https://github.com/lwthiker/curl-impersonate

If you're just trying to pull a file, the curl-impersonate could be a low-effort option.

I'd be fine if "ID for the web" was implemented with privacypass https://privacypass.github.io/

https://privacypass.github.io/ should help with Cloudflare verification. Works on Chrome and FireFox.

Cloudflare's Privacy Pass may help here: https://privacypass.github.io/

It should significantly reduce the amount of CAPTCHAs you see in a way that's not terrible for privacy.

For Safari, you can enable Private Access Tokens: https://blog.cloudflare.com/how-to-enable-private-access-tok...

Both of these mechanisms are similar to Google's web DRM proposal in that they rely on external issuers to generate tokens, but unlike Google's attempt they don't guarantee that ad blockers are disabled on pages that try to use tokens.

The author is referring to this standard: https://privacypass.github.io/

Apple uses it for its iCloud Private Relay service. The blind token is used so that Cloudflare can verify that a given device pays for iCloud Private Relay without revealing their identity.

Attestation is when such a blind token is proving the integrity of the software running on the device, not proving arbitrary properties. Privacy Pass could actually enable a fast, semi-decentralized system of anonymizing proxies.

If Apple exposed the “is System Integrity Protection enabled” bit to the web, then that amounts to attestation to me, and yes: Apple can do it whenever it wants, and people want Apple to do it.

Use Privacy Pass then if you don't want to use Chrome. https://privacypass.github.io/

Most hCaptcha and many Cloudflare -> https://privacypass.github.io/

That's weird, I haven't used it recently but will take a look. Looks like you're not the only one having issues though: https://github.com/privacypass/challenge-bypass-extension/issues/389

This wouldn't be at the network level, but there is this amazing extension at the browser level: https://privacypass.github.io/