Yes, it's unfortunate that a network service provider whose primary business model is checks notes preventing network abuse would try to detect and prevent abuse via various heuristics such as captchas.
I also agree that Cloudflare should get all the blame here, since none of their customers voluntarily chose to use them, and Cloudflare doesn't give their customers a huge variety of options for bot detection sensitivity.
Matt Prince personally kidnaps CTOs and waterboards them until they agree to use Cloudflare, and the thousands of configuration options and rule combinations on the WAF are just for show - customers can't actually use them.
I also agree that Cloudflare should get all the blame here, since none of their customers voluntarily chose to use them, and Cloudflare doesn't give their customers a huge variety of options for bot detection sensitivity.
Matt Prince personally kidnaps CTOs and waterboards them until they agree to use Cloudflare, and the thousands of configuration options and rule combinations on the WAF are just for show - customers can't actually use them.
What an evil, evil company.