In what way would that not be fair? Their product giving false positives (unnecessary challenges for a normal browser humans commonly use) to real people is definitely their fault.

That sounds like it is working as intended, not a false positive. A false positive would mean it blocked you whereas a challenge means more information is needed. You aren't noticing all of the times it correctly decides you are human, only the times when it needs to "inconvenience" you for more information because you prioritize privacy, a key similarity with some bots.

I also like privacy. I use GrapheneOS. I compartmentalize my credit cards, emails, and phone numbers. I don't use Google products, and the list continues, but I don't complain about Cloudflare because it is painless and I understand the price I pay for privacy.

I also have home services accessible via my home website, running on my home server(s). I chose to have cloudflare to host my domain specifically for the easy bot blocking, and it blocks more than 2000 bots/day that otherwise would be trying to find vulnerabilities on my servers, which contain a lot of sensitive things. I've never had an issue personally accessing my services through cloudflare. Sometimes I have to do captchas to access my own things, and that's barely an inconvenience (I am aware the domain isn't necessary to access services, but it makes more sense for my setup and intents)

>Their product giving false positives (unnecessary challenges for a normal browser humans commonly use) to real people is definitely their fault.

Is it TSA's "fault" that non-terrorists are subject to screening?

No, but it's entirely within TSA's hands to make that process as frictionless as possible.

(It's a different question whether zero friction is actually desired, or whether some security theater is actually part of the service being provided, but that's a different question.)

We're discussing the quality of screening here, not the act/necessity of screening itself.

>We're discussing the quality of screening here

The "quality" of TSA's screening seems be pretty bad too given how many people have to go through secondary screening vs how many terrorist they catch (0?)

they caught 11 million by now (just as arbitrary as your 0 but probably more accurate since we haven’t had a large terrorist attack since they got the gig to serve and protect and before we lost thousands of lives…)

>they caught 11 million by now (just as arbitrary as your 0 but probably more accurate

Nice try but I used "caught", not "stopped", which requires they actually apprehended someone, not just prevented some hypothetical attack.

>since they got the gig to serve and protect and before we lost thousands of lives…)

You could easily reuse this argument for cloudflare: "if it wasn't for such invasive browser fingerprinting openai would be drowning in bajillion req/s from bots."

> “if it wasn't for such invasive browser fingerprinting openai would be drowning in bajillion req/s from bots."

of course they would be drowning! I have no issues with what CF is doing. too funny that people use tools like chatgpt and expect privacy?!

They are failing to meet there quotas of shooting innocent people in the face, so ICE is helping out.

No, using a stupid authentication/verification method with lots of false positives is always on whoever deploys it.

Imagine an apartment building with a flimsy front door lock that breaks all the time, and the landlord only telling you that that can't be helped because of all the burglars.

If it's just as easy to spoof being Chrome as it is to spoof being Firefox, then it is indeed fair to blame Cloudflare if they give Firefox users more CAPTCHAs than Chrome users.

Not really, there's camoufox but the vast majority use modified chrome/chromium