| > and make a conscientious choice about whether they want to allow their browser to pass a challenge. I don't know how to vocalize this exactly, but this wording really gets under my skin. It shifts the entire responsibility of being blocked over to the user; it's not Cloudflare blocking privacy configs from browsers, it's not Cloudflare circumventing the notion that user agents have agency to present how they want, it's not Cloudflare blocking people from changing their user-agents: no, it's the user who just decided that they don't want their browser to pass the challenge. It also trivializes the impact, there's something about this phrasing that's like: "oh, it's no big deal, some users have just decided they don't want to allow their browser to pass a challenge." I am not the person who decides whether or not my browser passes a check that Cloudflare invented. Phrasing it this way has some real, "everyone has a choice whether to give me their wallet, but people also have the freedom to decide whether or not they're going to allow me let them go without shooting them" vibes. Bullcrap. And this is a huge deviation away from the idea of purely clientside checks like Privacy Pass (not that those methods are perfect, but they were at least headed somewhat in the right direction). Cloudflare is basically admitting that they are going to focus on verifying hardware and restricting software configurations, and they want to phrase it like a good thing. It's soft DRM because they can't go all-in on hardware attestation yet, Cloudflare is openly saying, "we're going to restrict hardware categories and software from accessing the Open Internet." Oh sorry, I should rephrase that. They're going to give users the power to decide whether or not they want their devices they own to be allowed by Cloudflare to access the Open web. |