So the stable state here is all humans eventually being locked out? (Bots are getting better every day; I doubt the same is true for all humans, including those with weird browsers or networks unwilling to install some dystopian Cloudflare "Internet passport".)

But hey, at least some bots are also not making it past Cloudflare!

> So the stable state here is all humans eventually being locked out?

Yep. The most easy to implement stable state for any system where you're aiming to prevent misuse is to just prevent use

The inevitability is that these kinds of services just won't be offered without identifying yourself.

Claude's free tier requires a phone number just to try it.

PRISM as a Service.

Or else a player too big to be blocked moves into the space with a service that provides some/all of the privacy benefits, but declines to offer the other undesirable aspects of VPN (e.g. location shifting to circumvent local restrictions)

i.e. iCloud private relay is the future

I’ve already had a few services lock me out with iCloud Private Relay.

To the contrary, people running botnets or AI scrapers are likely going out of their way to mimic ordinary web traffic from consumer devices. Ultimately, these measures will only affect users who are trying to protect their privacy and security, and will be ineffective at stopping bots.

That’s obviously because they’re not being “evil”