[cnst]

And the problem is worse because, apparently, even solving the captchas repeatedly from a given IP address doesn't make it whitelisted, either. So, it fits the very definition of discrimination against a whole wider group, where the individual actions of any individual actors don't matter.

[dfcowell]

I’ve lived in Vietnam for the past 5 years and experienced these issues first hand. I’m also part of the team responsible for maintaining a relatively aggressive set of Cloudflare WAF rules at my current employer.

In these developing countries, great swathes of users are accessing the internet behind carrier-grade NAT.

This makes it increasingly likely that any individual user is sharing a public-facing IP with one or more bad actors.

In my experience, I’ve never had to solve more than one CAPTCHA per domain, and frankly clicking a checkbox isn’t that hard.

As far as discrimination goes, this is a much friendlier solution than just immediately rejecting connection requests from certain CIDRs, which is what would otherwise be happening.

[yjftsjthsd-h]

> In my experience, I’ve never had to solve more than one CAPTCHA per domain, and frankly clicking a checkbox isn’t that hard.

If it were that easy, there would be little complaint; the complaints seem to be that people get stuck on capchas indefinitely.

[bogomipz]

>"In these developing countries, great swathes of users are accessing the internet behind carrier-grade NAT."

Do you have any citations that CGN is any more prevalent in developing counties than in say Western Europe or the US? The last report from RIPE that I read indicates CGN usage in substantial in both the RIPE and APNIC regions.[1] How would IPv4 resource exhaustion be an economic issue?

>"In my experience, I’ve never had to solve more than one CAPTCHA per domain, and frankly clicking a checkbox isn’t that hard"

I imagine if you are personally "responsible for maintaining a relatively aggressive set of Cloudflare WAF rules" as you stated, you've probably become quite proficient at solving CAPTCHAs. I think people that don't mind jumping through hoops are a minority. Also just even if something isn't hard does not mean its any less annoying and degrading of the user experience. Those things are not mutually exclusive.

[1] https://ripe73.ripe.net/presentations/21-ripe73_cgn_richter....

[Thorrez]

>1.The IP address you are on has shown problematic activity online recently in one of our data sources. If you would like to look your IP up, then please look your IP up at Project Honeypot. If the IP address shows data for malicious activity, you can see why there. You can also attempt to whitelist your IP directly on that page by connecting from that IP. If no bad activity is seen from the IP address after a two-week period, then the challenge behavior will stop against that IP address.

https://support.cloudflare.com/hc/en-us/articles/203366080-W...

[Aeolun]

Probably because those IP’s cycle, or get shared between a number of people. If you know that the IP has switched between illegitimate and legitimate 10 times before, you can’t just assume that it’s now valid after one captcha.