[remram]

Cloudflare's bot blocking uses CAPTCHA... By your own admission, the only reason you don't have a CAPTCHA is that you haven't needed one yet.

[weird-eye-issue]

Again, we have rate limits and usage limits in place. You know that you can pay to have Captchas automatically solved, right? It's not the solution to all problems. Obviously if a targeted DDOS happens then some changes would be required.

Also, that is no longer the case that Cloudflare uses Captchas for bot blocking. That's the legacy mode

[remram]

The fact that you can pay for both doesn't make them equivalent. To have a similar cost for spammers, you would need to request a challenge that takes many minutes to solve, which you just can't do. There is a strict limit on how long a user will wait for your security check and you can't pretend otherwise.

Let's stop pretending that all things are in the same bucket because "you can pay to have it solved". That's such a weird claim. For the right price you can have someone rob a bank for you, that doesn't mean it's as safe as your $2 padlock.

[weird-eye-issue]

Way to completely miss the point

At this point you are just arguing for the sake of it. What is it you are even trying to debate at this point?

[remram]

The point is way upthread, it's literally the top comment on this submission. I don't know where you got lost on the way.

[weird-eye-issue]

We already do rate limiting. We don't need a captcha that can be automated away for that.