Re: Captchas on Cloudflare-Proxied Sites

[Josh Reynolds via NANOG <nanog () lists nanog org>]

If bots aren't  a problem why are all of these companies spending money to
prevent bots?

Hmmmmmmmmmmmmmm

Josh Reynolds
Chief Technology Officer | SPITwSPOTS

On Tue, Jul 1, 2025, 10:22 PM Constantine A. Murenin <mureninc () gmail com>
wrote:

> But the bots are not a problem if you're doing proper caching and
> throttling.
>
> I mean, if your site has more bots than actual users, maybe you're
> doing it wrong.
>
> If what looks like a static page requires a captcha, you're doing
> something wrong.
>
> If it takes you $1 to generate a page, so you have to make sure all
> your visitors waste $1 of their time to view it, you're doing
> something wrong.
>
> Yes, captchas are a symptom, but it's a symptom of incompetence, not of
> bots.
>
> Bots don't cause captchas, poor engineering does.
>
> Bots aren't a problem, captchas are.
>
> C.
>
> On Tue, 1 Jul 2025 at 21:16, Josh Reynolds <joshr () spitwspots com> wrote:
> > The problem is the bots.
> >
> > The captchas are just a symptom.
> >
> > Josh Reynolds
> > Chief Technology Officer | SPITwSPOTS
> >
> > On Tue, Jul 1, 2025, 9:04 PM Constantine A. Murenin via NANOG <
> nanog () lists nanog org> wrote:
> > > On Tue, 1 Jul 2025 at 09:15, Brandon Butterworth via NANOG
> > > <nanog () lists nanog org> wrote:
> > > > On 01/07/2025 15:05:16, "Johannes Müller Aguilar via NANOG"
> > > > <nanog () lists nanog org> wrote:
> > > > > For about a month, users behind IP addresses we announce have been
> prompted to solve captchas when accessing Cloudflare-proxied sites.
> > > > I've seen that increase and now regularly get it on home
> > > > broadband services, others have reported this too. I suspect
> > > > many are getting it and assumed this is the new normal.
> > >
> > > I'm seeing this on StackOverflow / StackExchange on my home broadband
> as well.
> > > Having to wait half a minute to glance at a search result completely
> > > ruins the use-case for said result.  If your time is worth $120/h,
> > > that's a $1 for each StackOverflow visit just to open the page,
> > > obviously it's cheaper to use AI at that point, so, no idea what
> > > they're thinking killing their own market.
> > >
> > > I wish Google Search would let people blacklist StackOverflow as long
> > > as they're a Cloudflare user; or, heck, anything with these captchas.
> > > It's effectively just search spam with all those captchas.
> > >
> > > But the "best" part about the security industry, is that because I do
> > > close the window in less than a second, Cloudflare probably reports my
> > > visit attempt as saving StackOverflow from yet another bot!  "Look how
> > > many bots we've saved you from!"
> > >
> > > I'd like to see the metrics from Cloudflare and the other captcha
> > > vendors on how they justify wasting billions of dollars in lost
> > > productivity.  It probably costs way-way-way-way less than $0.01 to
> > > serve a page for which the legitimate users must now waste $1 in lost
> > > income.  There's probably a 10000x amplification factor for real users
> > > wasting resources compared to how much resources are saved from the
> > > most basic bots that can't get through, bravo!  All for what?
> > >
> > > Did anyone think of the environment, how much computing resources are
> > > wasted by everyone proving that they're not a bot?
> > >
> > > C.
> > > _______________________________________________
> > > NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/ROWRSJDJKROFAH54DJ3ATVMTG4JTQGFL/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/T5KQUGFVE3H3UEYQ7CEII3Q3WQEWYCI7/