> No, I'm saying "'your solution sucks' isn't constructive criticism".
I don't think privacy advocates are trying to be constructive, we're trying to tell Cloudflare that their solution is bad. We're not offering them advice about how to write a novel and this isn't a support group for their developers; we're telling people who are refusing to prioritize privacy that we're not going to prioritize their needs either if they're not willing to care about ours.
> It's not Cloudflare's responsibility to do anything, really. They could just as well not have released this.
Great, I'm on board, let's do it :D
> If someone can find a privacy-preserving solution to distinguishing legitimate users and bots, amazing, but, until then, users will have to choose between the existing solutions and not accessing my service at all.
I don't see what this has to do with Cloudflare independently offering an attestation service. Again, you're jumping right to the assumption that it's our responsibility to solve your problem. It's not.
If you can come up with a privacy-preserving solution to distinguish legitimate users and bots, fantastic. But until then, you'll have to choose between not releasing your service or dealing with bots. We don't want to change the nature of the Internet to accommodate you. If that means you can't launch your service, I do have sympathy but... what are the alternatives? Privacy advocates aren't just going to be OK with having their privacy violated just because it makes it easier for business owners. We built a system around user agency and autonomy, and if you want to make changes to that system, if that existing system as it is today doesn't work for you then it's your job to figure out how to make the changes you need without breaking everything.
> and complaining about Cloudflare's implementation of a CAPTCHA doesn't do anything constructive, as far as I can see
It discourages Cloudflare from launching the service.
> The problem still remains, and no amount of "your solution isn't good, do better" is helping.
Again, I would flip this back on you. Complaining that existing CAPTCHAs aren't effective enough doesn't change anything about the privacy problems and restrictive nature of attestation, and no amount of "but how will we block bots otherwise" is going to help move that conversation forward. It's not any more constructive than telling business owners that they'll have to tolerate bots.
I feel a bit like: I'm sorry, but I don't know what you want me to say. I'm sorry that existing CAPTCHA methods today aren't good enough for you, but it doesn't sound like you have a suggestion about how to improve them without putting people's privacy at risk, and that's kind of a nonstarter. Let us know if you come up with an idea, but I don't know what to tell you in the meantime; you're the one who's saying that audio/image CAPTCHAs that exist today aren't suitable for businesses.
I don't think privacy advocates are trying to be constructive, we're trying to tell Cloudflare that their solution is bad. We're not offering them advice about how to write a novel and this isn't a support group for their developers; we're telling people who are refusing to prioritize privacy that we're not going to prioritize their needs either if they're not willing to care about ours.
> It's not Cloudflare's responsibility to do anything, really. They could just as well not have released this.
Great, I'm on board, let's do it :D
> If someone can find a privacy-preserving solution to distinguishing legitimate users and bots, amazing, but, until then, users will have to choose between the existing solutions and not accessing my service at all.
I don't see what this has to do with Cloudflare independently offering an attestation service. Again, you're jumping right to the assumption that it's our responsibility to solve your problem. It's not.
If you can come up with a privacy-preserving solution to distinguish legitimate users and bots, fantastic. But until then, you'll have to choose between not releasing your service or dealing with bots. We don't want to change the nature of the Internet to accommodate you. If that means you can't launch your service, I do have sympathy but... what are the alternatives? Privacy advocates aren't just going to be OK with having their privacy violated just because it makes it easier for business owners. We built a system around user agency and autonomy, and if you want to make changes to that system, if that existing system as it is today doesn't work for you then it's your job to figure out how to make the changes you need without breaking everything.
> and complaining about Cloudflare's implementation of a CAPTCHA doesn't do anything constructive, as far as I can see
It discourages Cloudflare from launching the service.
> The problem still remains, and no amount of "your solution isn't good, do better" is helping.
Again, I would flip this back on you. Complaining that existing CAPTCHAs aren't effective enough doesn't change anything about the privacy problems and restrictive nature of attestation, and no amount of "but how will we block bots otherwise" is going to help move that conversation forward. It's not any more constructive than telling business owners that they'll have to tolerate bots.
I feel a bit like: I'm sorry, but I don't know what you want me to say. I'm sorry that existing CAPTCHA methods today aren't good enough for you, but it doesn't sound like you have a suggestion about how to improve them without putting people's privacy at risk, and that's kind of a nonstarter. Let us know if you come up with an idea, but I don't know what to tell you in the meantime; you're the one who's saying that audio/image CAPTCHAs that exist today aren't suitable for businesses.