I got "radicalized" about these filter measures at my last job, where we operated a popular public-facing website, and we apparently adopted some third-party solution to reject otherwise valid logins based on some heuristics, with an intentionally vague "try again later"-style error message. Throughout a few months, I noticed a steady trickle of coworkers talking on the internal chat about being unable to log into the site citing that exact error, with varying degrees of urgency (eg. for myself, I noticed I couldn't log in using a private browsing window, but didn't worry too much because my long-lived session cookies were still fine). I like to think all of them were eventually pointed in the direction of the team working on the integration so that these false positives could be worked around, but definitely not everybody initially realized what was happening to them.

If even people within the same company fell victim to these filters, what chance would the wider public have? On the other side of my tenuous work/life balance, multiple friends that were long-time users of our product were also getting locked out of the site, and of course they had no means of understanding that they were false positives of a fraud detection heuristic, much less of getting individualized support. I know those people and that they were genuine good-faith users, but naturally, while I could pass on word of their struggle, I couldn't offer any actual help since that would disclose details about those heuristics that we were apparently paying good money for and wouldn't want the public to know anything about. I also saw social media discussions where other affected users were helplessly telling each other to try different browsers or reinstall Windows.

Of course, I understand the need to combat abuse of services (and I applaud this employer for many other measures taken in that effort), but it definitely did a number on my loyalty to the company and excitement to be part of the industry to realize that my friends and I would be readily sacrificed if push came to shove.

6 hours later, case in point...

I'm blocked logging into Slack due to an invisible captcha: https://snipboard.io/h1E86S.jpg

I was surprised I was failing to type this code over from my email but no, that wasn't the issue. In the developer tools, the server fesses up I'm detected as "bot" again. As it's an invisible process, there's nothing I can do about it. This is a clean browser because it's for pentesting websites at work. No add-ons installed, no uBlock, no noscript, no corporate configuration, nothing

Agreed, it seems like my (fixed) IP address is triggering Google and CF for some reason. I don't run any scrapers or so from home but do use NoScript, am I a bot for using NoScript? Perhaps.

Yeah, I have rather aggressive blocking on with uBlock Origin. Google started blocking me about a month ago, I have to solve captcha for literally every query. I know it's uBlock as things are back to normal when I disable it. Well, this helps me to learn new muscle memory to rely on DuckDuckGo and Brave Search instead.