That's up to the site owner.

For example I configured my osdev wiki (mediawiki based) so that the history and other special pages get the Cloudflare test but just viewing a page doesn't trigger it. OpenAI and other bots were generating way too much traffic to pages they don't need.

Blame the bots that are DDOS'ing sites for the captchas.

Not a lawyer, I'm guessing here. I'd assume the intention matters a lot. Scrape bots don't intend to cause trouble, they intend to get your data (for free). Same way as when some famous person tells people on Twitter to visit a website or when some poor blog gets the hug of death from HN. The intention wasn't to bring down the site.

Aside from that: is DDosing actually illegal (under US law)?

Right. Pretty sure it's illegal under EU law(s), and people were already condemned for it (but yes, in case ill intent was proven) - why wouldn't it be illegal under US law - it's basically akin to vandalism ?

(In other news, the Internet Archive got DDoSed today :(

At least they moved away from Google Captchas, which really hates disabling of 3rd party cookies and other privacy-protection measures.

I haven't had a problem with Cloudflare and their new Captcha system since their changed, but I still suffer whenever I see another website using Google Captcha :(

Ironically its now easier for robots to solve Google Captchas than it is for humans, as evident by the browser extensions that solve them that exists.

I used to have a lot of bot spam, but then I mostly foiled them with the world's silliest captcha. Looks like a math problem, but the solution isn't what's required to proceed.

AFAIK most of those just pay a human in a low income country.

Even better, you can get a captcha before you're allowed to see 404 Not Found.

The other side of the coin is lizards trying to literally end the internet era with their irresponsible behavior, and hell, making a nice living in the process

And god forbid you use a VPN and try to do anything on a Cloudflare site

Cloudflare dropped captchas back in 2022 [0], now it's just a checkbox that you check and it lets you it (or does not).

And this mean that my ancient android tablets can no longer visit many cloudflare-enabled sites.. I have a very mixed feelings about this:

I hate that my tablets are no longer usable so I want less Cloudflare;

but also when I visit websites (on modern computers) which provide traditional captchas where you click on picture of hydrants, I hate this even more and think: move to Cloudflare already, so I can stop doing this nonsense!

[0] https://news.ycombinator.com/item?id=33007370

The checkboxes are also captchas.

but there are more user-friendly captchas than the hydrants, which on average could be better that a total block on the tablets?

total block on _old_ tablets - Android 4.4 specifically, and I am sure many people on HN would be horrified to see those anywhere close to internet. New tablets are fine.

As for "more user-friendly captchas" - I have seen some of those (like AliExpress' slider) but I doubt they will work as well as hydrants. And with new AI startups (1) slurping all the data on the web and (2) writing realistic-looking spam messages, I am sure anti-bot measures would be more important than ever.