Why does Briar Press no longer work with Firefox Browser?

OK… I found the problem: Briar Press’s servers will not connect to Firefox if you have your browser set to NEVER REMEMBER HISTORY, OR if it’s set to delete the history when you close your browser.

According to the various messages that pop up, and the Internet, the Briar Press security provider “Cloudflare” won’t allow folks log-on or see the various discussions unless they can see your browsing history…. which feels like an invasion of privacy to me.

What a shame that they’ve chosen to go that route.

prob a layer of protection from scammers and spammers. doesn’t seem to be as much of that here as other places.

I can confirm that setting firefox to not remember history causes problems here, either error 521, or the page will load after several attempts, but is very slow. Maybe someone with webtech knowledge can explain why?
Also 404 errors have been fairly common with briarpress, even with firefox saving history

I did a lot of testing and research about this issue yesterday and today…. and the consensus of opinion among the IT guys that I’ve talked to is the “official reason” is to help them prevent hacker-bots from accessing the system. Unfortunately, that is probably not the real reason. The more probable real purpose is so that Cloudflare can access your web history and sell it data brokers.

Now… not being a computer whiz, I don’t know… but I tend to trust my IT friends since they work on this stuff all the time.

That being the case I won’t be visiting in the future…. at least until the problem is corrected.

Im about 90% there is a configuration error on briarpress

I took a look under the hood on whats going on with the traffic to the server. I think, they are using your referrer and some cookie magic to make cloud flare trust your cookies.

In normal mode, firefox sends an Alt_used code of briarpress.org:443

And a whole slew of cookies related to cloud-flares’ CDN cache

When you run it in the no history mode, it only sends 3 of the 9 cookies from the other mode and , does not send an ALT_USED code and sends a Do not Track flag

From watching the traffic, it seems like cloudflare can’t identify your session or briarpress can’t and the connection is getting dropped.

What i can say for sure, is this is not some evil plot by clouldflare i’m pretty sure, its just a minor config issue in briarpress.

PS
Running your browser in the don’t remember history mode is not really a use case the internet is built for.

Software developers don’t test for that scenario and you are pretty much on your own when you encounter issues.

“What i can say for sure, is this is not some evil plot by clouldflare i’m pretty sure….”
“Running your browser in the don’t remember history mode is not really a use case the internet is built for. “

Well….. I hate to be disagreeable, but I disagree, and so does my professional IT guy.

Given that the “do not remember history” function has been part of Firefox since the browser originated, and no other website fails to function when it is enabled, it is obvious that this is not a case outside the normal parameters of the Internet…. and up until very recently was not one of the parameters for accessing Briar Press. I’ve used that mode for quite a few years now.

“…not really a use case the internet is built for” is a bogus statement, and I find it to be a rather offensive platitude. I would quote what my IT guy told me, but I don’t want to be crude.

He tells me that this appears to be a case where Cloudflare is attempting to narrow the parameters to facilitate additional data-gathering.

If it IS a configuration error, and I doubt that it is, then it is incumbent on Briar Press / Cloudflare to fix it. Disallowing private mode browsing is simply a step too far in the wrong direction.

It may be a configuration problem, the BP web guy needs to figure it out.
Idk if this has anything to do with it, but here is part of a response header I got when trying it with private browing mode from firefox. Note, i was eventually able sometimes to connect and get the whole page to load, but also a lot of 521 errors. There is an expiration date of 1970 here:

HTTP/2 521 No Reason Phrase
date: Wed, 04 Mar 2020 02:17:55 GMT
set-cookie: cf_ob_info=521:56e81a8abd91e09e:IAD; path=/; expires=Wed, 04-Mar-20 02:18:25 GMT
set-cookie: cf_use_ob=443; path=/; expires=Wed, 04-Mar-20 02:18:25 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
cf-ray: 56e81a8abd91e09e-IAD
server: cloudflare
X-Firefox-Spdy: h2

Good catch Scott yet another issue with the headers in private mode.

Winking cat….. can you please ask your it friend what secret mechanism cloud flare is using to steal your browser history?

And besides cloud flare controls significant parts of the cdn game and thus the Internet. If they wanted to know where your going they could with or without your browser history.

You know that little warning that pops up saying the browser won’t remember your history but your isp and law enforcement could. Guess what buddy boy, cloud flare is your isps’ isp.

Also ask him given the tens if not hundreds of thousands of websites cloud flare provides CDN services to, why have they decided to draw the line at briar press?

This professional it guy is not saying that you should or should not run in private mode, I’m just pointing out that no website owner has an obligation to test their site in that mode. And if it breaks that’s honestly your problem.

As far as I know cloud flare cdn services work fine in private mode.

As far as I know cloud flare is happy swimming in cash from their frankly quite amazing cdn services. Do they sell data, probably, is private browsing mode gonna protect you from them no.

Now to be fair second tier trackers based outside cdn land will most definitely be slowed down in tracking via private browsing mode.

Your IT friend sounds paranoid you should take him out for a nice dinner and talk about printing presses and simpler times

This issue really needs to be resolved by briar press

Mr Miller…. regardless of your very patronizing opinion, I have full confidence in my IT guy. My company (not related to printing) does considerable business with the DoD and DoD Contactors in eight countries…. and he handles the IT work for not only me, but for a number of international companies. He is among the best in the world, and speaks regularly at IT conferences. I have full confidence in him.

You? I have zero confidence in your rhetoric. The long and short of the situation is that Cloudfare is disallowing connections to Briar Press for browsers using Private Mode / Do Not Remember History. Their motives / reasons for this are open to debate, but the fact remains the same.

Your attempts to shift the blame to the end user; defend their policy; badmouth one of the best IT persons in the business; and put out a “you have to live with their tracking” line of BS really makes me doubt your intent, your professionalism, and your character.

I do agree however that the problem needs to be solved by Briar Press and/or Cloudflare. I’ve sent a message to the owners of Briar Press, asking them to look into the problem. So far I’ve not gotten a response, but I’m sure they will ask their IT guy to correct it. (Hopefully the IT guy is not you. If it turns out that you are the guy tasked with fixing the problem, I’ll simply delete my account. Given your attitudes toward end-user privacy, there is no way I’d trust any site you are affiliated with. )

Or maybe you could each donate some money to the BriarPress folks, who are paying out of their own pockets to run this site (and are probably thankful for any donations that come their way). The internet is not free, support the sites you value.

Hi everyone, Eric here. Elizabeth (my 80-yo mother!) and I are the only people behind Briar Press — and unfortunately neither of us is the IT guy.

Very informative discussion; we both appreciate the insight and support. I was able to replicate Winking’s issue with Firefox, and likewise have no idea why Cloudflare is configured to return an error when browser history preferences are slightly more restrictive. I’ve reviewed our CloudFlare settings but haven’t yet identified the cause of this behavior.

Briar Press is 25 years old this year, and the current version of the site has been around for 13 of those years — it’s basically ancient in web terms. We would love to upgrade to a more modern platform, and have been promising such a move for years now. We are making slow progress toward that goal, but the project remains, for us, a monumental undertaking.

Until a new website is completed, some of the problematic aspects of the current site are likely to remain beyond our ability to solve. For that we can only apologize, especially to those members of the community who are prevented from sticking with us as a result.

Eric, BP is one of the most remarkable websites I know and you have done a fantastic job with it. It seems to me that there must be a good IT person among the thousands of users who can help you both create and maintain this fabulous resource, and that person should step forward now, while both you and your mother (I’m her age so I can identify! :-) are able to participate. Elizabeth’s vision and your programming have made the go-to website for printers what it is, and that needs to continue with broader support and help.

Bob

I agree with that- BP has become the go to place for info and classifieds, a great success. Perhaps someone who knows IT will come forward to clear up the configuration or whatever.
I can say that no cdn provider -ie cloudfare- should have any business with my search history.

>>Perhaps someone who knows IT will come forward …

Well, I am running typography community websites for almost 20 years. Should this site ever become unmanageable, here is my standing offer to take over and maintain it, modernize it and make it secure.
To me, it would only make sense with a change of ownership though. I couldn’t with good conscience help out with the existing platform, since as mentioned, it is very outdated and as such, very insecure.

I hope somebody does take on the task and fix the privacy / log-on problem….. so I resume posting here. As it is now, I can only visit using someone else’s computer.

Well, for those who are interested, I tried the Firefox/TOR browser on my Fedora Linux machine. Got handshake errors up the Wazoo. Life is rough I guess.

I guess if I were concerned about privacy I would create a bogus account somewhere and use that persona on the web. An attacker might possibly find my ISP, and just maybe the wireless waypoint over on the side of the barn, but that’s about as far as he/she would get absent willingness to do a physical assault on my home… which is not something most black hats would want to do. It just would not have a harmonious ending for ‘em.

As it is, nobody would want to steal my identity. If I wanted to be somebody else, it wouldn’t be me. I got zero credit, no money and nothing anybody would want.

Emails trying to sell me stuff are easily gotten rid of by the touch of a key… if they somehow manage to get past Google’s filters. The only ones clever enough to do that though seem to be “ladies of the evening” for some reason. Clever girls, I guess. Maybe they should apply their talents to other enterprises than what they do. Some day I’m gonna respond to one and see what happens. ;)

I’m still using FF (up-to-date) for this site without any problems, so I kinda wonder why other people are. As for “security”… the only thing BP knows about me is an email address, a junk password that’s only used for BP, and the postings. I’m not worried about it.