alt Hacker NewsIt is academically very interesting to think about this in light of their long-standing dispute with Cloudflare (https://community.cloudflare.com/t/archive-is-error-1001/182...) over EDNS, which could have privacy implications attached.
I think no matter how you slice it though, it's unethical and reprehensible to coordinate (even a shoddy) DDoS leveraging your visitors as middlemen. This is effectively coordinating a botnet, and we shouldn't condone this behavior as a community.
It's definitely interesting to see this roll around since the only individuals that see the CAPCHA page mentioned, are users of Cloudflare's DNS services (knowingly or not).
P.S. Shout-out to dang for dropping the flags. I have a small suspicion that their may be some foul play, given the contents...