Re: Captchas on Cloudflare-Proxied Sites

["Constantine A. Murenin via NANOG" <nanog () lists nanog org>]

On Thu, 3 Jul 2025 at 04:39, niels=nanog--- via NANOG
<nanog () lists nanog org> wrote:
> * Constantine A. Murenin [Thu 03 Jul 2025, 00:46 CEST]:
> > Why is the simple act of placing an item in a shopping cart a
> > resource-driven event?
>
> Tell me you don't know how modern e-commerce works without saying
> you don't know how modern e-commerce works.

Sometimes it takes an outsider to see the inefficiency in the process.

The bottom line is that there's absolutely no justification for having
captchas everywhere, and especially on ecommerce and other cacheable
things.

And as the quote goes:

'It is difficult to get a man to understand something, when his salary
depends on his not understanding it.'

> Say you're a modern seller. You have widgets you're looking to sell.
> You have a certain number on hand and will need to order more in time
> to satisfy future demand.
>
> The moment somebody places a widget in their shopping basket you make
> a reservation in the backend system so you know you're soon running
> out. People leaving shopping baskets just sitting around are an active
> drag on the JIT delivery process.
>
> That's why some e-commerce websites will send you emails with discount
> coupons to incentivise you to make up your mind and order if you leave
> items in your shopping basket for too long.

That absolutely does make sense, but then why are you complaining
about the bots placing the things in the cart?

You can't have it both ways.

* If it's expensive to place items in the cart, maybe make it cheaper?

* If the cost is actually justified, how is it a problem that bots do it, too?

Also, BTW, I kind of fail to see the business logic behind needing
this info to re-order to avoid running out:

* If people place items in the cart and buy right away, why would you
need to reorder anything before anyone actually pays for something?
How does it make any difference to reorder something a few minutes
earlier than otherwise?

* If people/bots place items in the cart, and never buy, how exactly
is it justified to bother anyone with anything before they're able to
do such a simple task, if the sale doesn't happen anyways, and no
reordering is needed in the first place?

Sorry, but something just doesn't add up!

And how exactly do we get to a point that any captchas are required at
any point?  Either users order, or they don't.  Why did you make it
expensive for yourself to handle the case when they don't order?  How
exactly do the captchas help here?  What makes you think actual real
human users don't mind spending $1+ to solve each captcha?

This is a classic example of the lack of ownership on all levels,
where business requirements are misinterpreted and non-existing
problems are subsequently created that now suddenly need to be
urgently solved, without any sight of the original business statement
that's being solved, and at a cost that is misrepresented to the owner
of the store.  (How exactly do you value the user having to waste 30
seconds to solve a captcha for each page at least once a day?  I value
it at $1 per each solve; BTW, I'm pretty certain the cost of this to
bots is far LOWER than $1, with the $1 being the cost to actual, real
users, in lost productivity.)

Captchas are the biggest nuisance by far, and probably the biggest
modern contributor to the global warming and lost productivity for
everyone.

C.
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/BOMPSJRBUGBUGN5M5JN6TEGFQ43XFR7G/