I don't know the author or his reputation, but his suggestions that you linked a...

superkuh · on Sept 20, 2022

I guess like ctrl.blog you can't grasp the significance of the issue until it happens to you. My firefox fork is definitely blocked by his algorithmic "bot" detector. Just because your browser isn't doesn't mean it only blocks bots.

False positives happen. They happen a lot more than you think. And they are a serious problem. Even more serious when it's cloudflare, but arguing for everyone to implement these algorithmic blocks "that won’t inconvenience users" individually, taken to it's logical end, does the same.

ldoughty · on Sept 20, 2022

I don't see the reason for the personal attack.

The blog post also calls out that you should not block based on user agent.

If a form post didn't respect the action property having a #, that name/email HTML names might be reversed (whole the type is correct, and the user displayed values are correct), or include hidden HTML form fields that have been standard since ~97? Back when I made my first few websites, I certainly would agree that they are likely bots.

Again, apparently this person has some hateful following, but I don't appreciate you limping me into this hatred for agreeing with his statements on this one particular issue.

superkuh · on Sept 20, 2022

You said, "And the suggestions really only impact malicious actors accessing your website from a script." and that was false. Since you didn't have experience being blocked you couldn't know. Not till it happens to you. I don't think pointing this out is a personal attack. It's just the way people work. People don't believe things are a problem until they become a problem for them.

You and others can keep quoting the legit and clever ways to mitigate bot spam but if you ignore the false positives the other checks create it kind of defeats the point.