[yjftsjthsd-h]

Cloudflare: "Cloudflare has a long track record of investing in user privacy, which we will continue with Turnstile."

Also Cloudflare: Tracks and fingerprints everyone, and blocks anyone who hardens their browser ("First we run a series of small non-interactive JavaScript challenges gathering more signals about the visitor/browser environment. Those challenges include proof-of-work, proof-of-space, probing for web APIs, and various other challenges for detecting browser-quirks and human behavior. As a result, we can fine-tune the difficulty of the challenge to the specific request.").

[mwcampbell]

There are no perfect solutions. In the arms race to protect against abuse, I'll take the solution that's more accessible, particularly to people that are discriminated against by CAPTCHAs, such as deafblind people.

[mdaniel]

> to protect against abuse

I would actually be on-board with such things if this were against abuse but it's not -- it's preemptively assigning blame, since my copy of Firefox is not modified in any way except uBO but CF loves to captcha it. The other stories in every one of these captcha threads, and the majority of the CloudFlare announcements at all, demonstrate this isn't isolated to "oops, our bad" but a systemic problem

If I were DDoS-ing some site, I deserve every ban I get, but just browsing via the provided navigation links on the site shouldn't "pardon our interruption" or gatekeep

[byteduck]

Interesting. I wonder what other factors you might have going against you causing CF to captcha you - I have my Firefox loaded up with almost every ad-blocking, privacy, and anti-fingerprinting extension I could think of, but I rarely get CAPTCHAs.

[mdaniel]

> I wonder what other factors

Yes, and that's my point: it's not action that the user can take to resolve accusations, and it's not because of abusive behavior it's just `response.status(200 if random.randbool() else 403)`

[yjftsjthsd-h]

Possibly IP address; Cloudflare doesn't like cgnat/shared addresses, or even if you just happen to be in a subnet they don't like.

[boltzmann-brain]

> Cloudflare doesn't like

and theeeeeeeeeere's your problem.

[ectopod]

I block cookies and js. Cloudflare doesn't like that.

[yjftsjthsd-h]

Ah yes, the classic "we care about security and privacy so much that we're going to force you to enable the biggest exploit vectors" move; classic Cloudflare:)

[snotrockets]

It's not a race when you arm both sides, as cloudflare did by hosting known abusers for years, working hard to shield them from the consequences of their actions.