They do sell to people that are outside of the US. They just sell via freight forwarders. In Central America (and probably all over) there are many businesses that exist entirely to service customers. The biggest bank in the country I'm in now (Guatemala) gives people credit cards and a Miami address specifically marketed to buy stuff off Amazon.
You'd think with all that money spent, they'd have recognized this. FWIW, they eventually fixed it, a week or two (or so) after several poorly-written emails I sent them. So I think it is more likely to be the result of bad thinking, or just being unaware of the situation.
Furthermore, if their anti-hacking defense relies on a captcha or not being able to easily download their app, they're beyond screwed. I don't think they are that incompetent, it might have been, at best, oversight.
Probably the fault is at least partially on Cloudflare, though. Trump's read-only campaign website throws up a captcha at least to Guatemala. And GT isn't known as a centre of any hackers, to say the least. So if they have high profile sites like that which are misconfigured, perhaps they don't do enough review or customer education.
The captchas serve to stop bot nets and DDoS attackers who are all over the world. It is why many sites throw those up. It is not a miss configuration. It is a smart move.
It is 100% the wrong thing to do. On a static page like Trump's website, it is absolutely unacceptable that it ever shows a captcha to obtain readonly information. They are already handling the TCP connection, they are sending back the static assets (custom error page). They just don't send the main content.
Unless it's under a current attack, and even then it should go by IP or something. Visiting from an IP never used before should now throw up a captcha. Nor should it continue to do so on repeated visits.
It's broken, full stop.
Edit: I mention Trump's site because it's a reasonably high profile, static, site that I've seen CF blocking on. Also, FWIW, after I sent several emails to Jet, they seemed to reverse course and their app and site are available. Seems like an oversight/not knowing to me. CF's defaults are not very good so they probably didn't change them. CF should review their customers and suggest better defaults, at least to high end clients.
You'd think with all that money spent, they'd have recognized this. FWIW, they eventually fixed it, a week or two (or so) after several poorly-written emails I sent them. So I think it is more likely to be the result of bad thinking, or just being unaware of the situation.
Furthermore, if their anti-hacking defense relies on a captcha or not being able to easily download their app, they're beyond screwed. I don't think they are that incompetent, it might have been, at best, oversight.
Probably the fault is at least partially on Cloudflare, though. Trump's read-only campaign website throws up a captcha at least to Guatemala. And GT isn't known as a centre of any hackers, to say the least. So if they have high profile sites like that which are misconfigured, perhaps they don't do enough review or customer education.