The issue is scummy companies like cloudflare which are causing these issues. If your software is blocking legitimate users then your software is shit at its job. It's not the users fault.
Agreed, but I think the point was that the user has a workaround. Use a standard browser for the like five minutes it might take to unsubscribe from these mailing lists, a one-time operation per business, done.
If on the other hand unsubscribing from mailing lists is not the true use case and we are actually being asked to help a bot bypass safeguards… then Cloudflare is doing a great job here.
>The issue is scummy companies like cloudflare which are causing these issues. If your software is blocking legitimate users then your software is shit at its job. It's not the users fault.
But if you're going out of your way to look suspicious (ie. "I use a heavily customized Firefox config on Linux"), surely you'd agree at some point it goes from "your software is shit at its job" to "it's your fault for looking suspicious"? If you walk into bank wearing a balaclava and get stopped by security, it's not really "security is shit at its job".
>Everyone should only be allowed to use windows and a chrome browser variant with no ad blocking. Cloudflare 100% should be allowed to arbitrarily block anyone not using this set up because they are suspicious.
Seems like a slippery slope argument, but isn't reflective of reality. They still allow Tor browser to pass, of all things.
>I was using it to show the ridiculousness of blaming a user for the shortcomings of cloudflare.
That doesn't advance the conversation, or show that cloudflare should be always as fault, as you seem to imply. Even if people are pro privacy/freedom, I think most wouldn't give the individual (as opposed to the security provider) unlimited leeway, as seen in the bank example.
Mobile operating systems with remote attestation (that's both Android and iOS) aren't far off from that with regard to native apps. It doesn't affect the web yet, but Google did propose adding an attestation mechanism to Chrome.
I vaguely remember this from this last year though I can't remember all the details. That's a scary slippery slope.
Of course it'll be presented as a security feature, because users are dumb, whilst also allowing vendors to lock you into their ecosystem; similar to how passkeys are currently being push by these same companies.
If on the other hand unsubscribing from mailing lists is not the true use case and we are actually being asked to help a bot bypass safeguards… then Cloudflare is doing a great job here.