What I will talk about in this blog is something a lot of people have been talking about on forums other than Codeforces, so I was a bit surprised that it has not been brought up on Codeforces in a visible manner yet (or the people being affected are themselves being cut off from Codeforces, so it is perhaps the perfect form of censorship).
Anyway, here are a few blogs that try to address this problem but to no avail — 1 and 2. Pretty sure that this blog will not help this cause much either.
This started out a couple of years ago — or at least long enough that I have forgotten how long it has been. The Codeforces main website, during contests, is never accessible to a few people due to Cloudflare blocking their access.
The users are completely helpless — you keep getting Cloudflare captchas on an infinite loop, without good reason. For others, it is a dead end asking people to "update their browsers because they are out of date" even when their mainstream browsers are up to date with the bleeding edge version, demonstrating a clear disrespect for certain browsers, or even just users that have ad-blocking plugins turned on. This is also sometimes a geo-blocking issue and/or an IP blocking issue.
This is not a one-off occurrence — people around the world face these issues with Cloudflare, enough that it has been branded evil by a ton of people for gatekeeping the internet.
Quoting one of the arguments against using Cloudflare in the comments:
I can be sure that they won't inject ads into my HTML pages.
But they will harass your visitors with captchas for no good reason. I also sometimes run into Cloudflare's "this website is using a protection service" with no way around; it turns out it's a geoblock because it does load just fine when I use a VPN through Germany. The internet was meant to be decentralized. The IP addresses were meant to be used for routing and for routing only, and otherwise treated equally.
A few days ago, this became much worse. What used to happen only during contests is now happening all the time. People have completely lost access to their CF accounts by virtue of not being able to access the website.
Why Codeforces has Cloudflare
The only reason I can think of is to protect itself against DDoS attacks. However, upon discussion with people who are well-versed in the internet security domain, it seems that even Cloudflare has some options that make this stuff more lenient while protecting the website sufficiently against abuse, and that the Codeforces configuration of its Cloudflare protection is just messed up.
Arguments against this nuisance
While I agree that security measures are crucial for the functionality of a website, the way they are implemented clearly makes the website unusable or frustrating for a ton of people (I estimate this number to be a sizeable chunk of all active CF users).
Here are some concrete reasons:
- Accessibility: With the initial measures in place, some people stopped doing contests altogether. One can only imagine the effect of this measure on the traffic of this website (which is something I am certain that the administrators care about).
- Uneven lag in contests: People report that Cloudflare sometimes keeps on loading for tens of minutes before they are able to even start working on the problems. This creates an unfair environment for some people.
- The purpose of an API is defeated: even the API endpoints are restricted, which does not make sense at all. All bots (Discord, competitive programming-specific IDE functionality) that help people (for example in training by choosing problems for them, or by making fetching samples more convenient) are now useless.
- Codeforces randomly lags a lot. I had been assuming that this is a server problem, but from talking to some people it seems like this is an issue with differential treatment of who is accessing CF.
What should be done
Either disable Cloudflare, or configure it properly. Earlier CF used to use a supercookie to track usage (still does), which was already pretty shady, so it is not like CF does not have a history of doing weird things.
Apart from that, I would like to invite the community to discuss other possible abuse-prevention measures that would help protect CF without all this clownery that has made it unusable. It is not unreasonable to ask for accountability when CF has become the de-facto competitive programming community website.
Tagging MikeMirzayanov for more visibility.
