Cloudflare Turnstile WebGL Check Blocks Privacy-Focused Browsers
Haelwenn Monnier, developer of the BadWolf browser, reported that Cloudflare Turnstile's authentication enters an infinite loop on WebKitGTK-based browsers when WebGL fingerprinting is blocked. Turnstile uses WebGL renderer data as a signal to distinguish humans from bots, but browsers that generalize or hide that data for privacy reasons are flagged as suspicious, causing a conflict between privacy protection and bot detection.