I've just spent a couple of weeks in Taiwan - this verification happens every few minutes (iPhone) unless I constantly interact with this forum. Just stopping for a couple of minutes to read a post, or do something else, and the verification comes back.

Most of the time, after a few seconds, it verifies itself, but every few times it'll ask me to tick a box which somehow comprehensively proves I'm a real person.

Now I'm back in Europe, I'm getting this issue on my laptop (although I rarely need to tick the box). I don't understand why it can't be turned off for people logged in who have been members for a while, or at least whitelist an IP address for more than a few minutes.

The Cloudflare block/popup happens at the network infrastructure layer -- completely independently of what happens on the site. The two are in n:o way connected.

Well, it's still annoying 😁

It does not mean that you cannot pass a token, have Cloudflare verify it, and skip captcha if it's fine.

There is clearly a cloudflare configuration problem for Flyertalk. Currently in Germany, it is extremely intrusive unless I VPN to the UK or US. Consequently, I am accessing FT much less than usual. It’s completely frustrating. And where is the official feedback on our complaints? Is this forum just for venting or does FT even take note and attend to issues?

Does every Flyertalker get the Cloudflare check or is it only for the chosen few?
After a while of it automatically checking me out and letting me in I had to tick the box again this morning. Always use the same computer,browser IP Address.

Maybe cost cutting related on Cloudflare’s side?

https://www.reddit.com/r/Layoffs/s/0qSDNt75wM

Considering they've not fixed the "[ARG:6 UNDEFINED]" issue which started years ago, I would have to assume "no" answers your question. At least, it's not a priority.

The cloudflare is to protect FT and pretty much an existential issue. 'ARG undefined' shows up because the vb plugin used for the like function is outdated and needs to be replaced entirely.

The impacts of anything announced in the last few days wouldn't be having any operational impact to cloudflare services now.

Internet Brands have taken a pretty standard Cloudflare control against bots and other automated attacks and turned the paranoia dial up from the standard setting to somewhere close to maximum. I assume the same control applies to other IB fora as well. The software the fora are based on is pretty useless at defending itself, the authentication mechanism is built for a different decade.

Whilst we can all debate whether they have got the right balance between defence and service continuity, noting that the best security is invisible to the end user, there probably are some hard choices at play here between keep the fora up and running or suffering the consequences of denial of service and the possibility of personal information disclosure. We also remember that we use this service for "free", and whilst IB are not a charity and they get ad revenue from our clicks, the T&C's don't make much commitment to anyone wanting to use the service....

The difficulty is that any organisation who is defending itself against attacks has an extraordinary difficult position to make meaningful public statements to it's customers without disclosing useful information to attackers or litigants. So whilst an IB staffer has made some comments upthread, it's probably hard for them to say much morethan has already been said.