alt Hacker NewsI think the problem is this: how do they distinguish between those with a legitimate interest (contributors, users, bounty programs, etc.) and those who want to sell the bug on the black market?
Since there's no real solution, they'll implement some "trick" that as a side effect will randomly block other people's work.
The classifier operates on surface features: file operations at scale, cookie manipulation, concurrent requests. Not intent.
The two failure modes are different. Task refusal is recoverable. What ivankra described (account termination for building Node and V8 to investigate crashes) isn’t. No diagnostic output, no visible appeal path. Standard debugging workflow but with permanent consequences.
This is a reliability characteristic you have to design around, not a policy question. Any workflow that touches the classifier’s surface features needs a fallback. Most people find out they need one after the fact.