We can sit here and argue all day around this and we still won't reach an agreement.
On one hand, as a website operator, I want to prevent DDOS, spam etc... for my website. I can implement these solutions myself and do a bad job, or I can use Cloudflare that solves most of then. It's probably going to rule out some of the users as yourself - which is a shame. But until there's a better way to know that a visitor from the internet is not trying to attack the website, I'd have to use something like Cloudflare.
On the other hand, it's not like it's that hard to leave Cloudflare for me - so if there's a better alternative without causing legitimate users pain, I'd be happy to jump on board.
I don't think anyone is arguing that preventing DDoS attacks is desirable.
It's about cutting off access to a small segment of users just because it is easier that way.
I think that, similar to wheelchair access, we will continue to push for access to all devices and users as much as possible.
This attitude of "it's just 1%" or "it's just 0.1%" will become just as unacceptable as saying "well, there are only 3 people who need access ramps out of 30, so they need to suck it up and deal with it."
I'm just a happy Cloudflare customer.