[gruez]

Cloudflare isn't unilaterally inserting themselves between the website and you. They're contracted by the website owner to provide website security, just like how ticketmaster is contracted by the venue owner to provide ticketing. I don't see what the difference is.

[AyyEye]

"Security" in the real world doesn't get to profile people. Profiling is Cloudflare's entire business model.

[umbra07]

What do you think club bouncers are doing?

[gruez]

>"Security" in the real world doesn't get to profile people

1. yes they do. have you ever been to vegas? there's cameras and facial recognition everywhere. outside of vegas, some bars and clubs also use ID scanning systems to enforce blacklists, and in most cases that system is outsourced to an external vendor. finally, ticketmaster requires an account to use, and to create an account you need to provide them your billing information. that's arguably more intrusive than whatever cloudflare is doing, which is at least pseudonymous.

2. "profiling people" might be objectionable for other reasons, but it's not a relevant factor in whether something is a "protection" racket or not. There's plenty of reasons to hate cloudflare, but it's laughable to describe them as a criminal enterprise.

[AyyEye]

1. A blacklist isn't profiling. Known problem causing entities is entirely different than 'he looks suspicious', because the latter is often... Misused (to be polite).

2. Of course it is relevant. Because the more false positives they have the more money they can extort. They have negative incentive for their system to work properly.

P.S. ticketmaster is absolutely criminal, too.

[gruez]

>2. Of course it is relevant. Because the more false positives they have the more money they can extort. They have negative incentive for their system to work properly.

What are the "false positives" in this context? It's specifically for blocking bots, and enrollment into the program to get unblocked is designed for bot owners. It's obviously not designed to extract money from regular users. I doubt there's even a straightforward way for regular users to pay to get unblocked via this channel. As the people who are running blocks and are blocked, I don't see what the issue is. Isn't it working as intended by definition?

[AyyEye]

> It's specifically for blocking bots

Define "bots" in a way computers can understand.

> What are the "false positives" in this context?

Regular users that cloudflare (profiles) accuses of being bots. God help you if you want to block trackers or something else that's not regular.

> I doubt there's even a straightforward way for regular users to pay to get unblocked via this channel

This is part of the problem. But hey, at least they are only a process change away from charging normies too.

[gruez]

>Define "bots" in a way computers can understand.

How is having a specific definition relevant to this conversation? An approximate definition of "a human using a browser to visit a site" probably suffices, without having to get into weird edge cases like "but what if they programmed lynx to visit your site at 3am when they're asleep?".

>Regular users that cloudflare (profiles) accuses of being bots. God help you if you want to block trackers or something else that's not regular.

I use ublock, resistfingerpnting, and a VPN. That probably puts me in the 95+ percentile in terms of suspiciousness. Yet the most hassle I get from cloudflare is the turnstile challenges can be solved by clicking a checkbox. Suggesting that this sort of a hurdle constitutes some sort of "criminal enterprise" is laughable.

I do occasionally get outright blocked, but I suspect that's due to the site operator blocking VPN/datacenter ASNs rather than something on cloudflare's part.

>This is part of the problem. But hey, at least they are only a process change away from charging normies too.

So they're damned if they do, damned if they do? God forbid that site operators have agency over what visitors they allow on their sites!