> You're telling me cloudflare has to store something on my computer to let them know I passed a captcha?

Yes?

HTTP is stateless. It always has been and it always will be. If you want to pass state between page visits (like "I am logged in to account ..." or "My shopping cart contains ..." or "I solved a CAPTCHA at ..."), you need to be given, and return back to the server on subsequent requests, cookies that encapsulate that information, or encapsulate a reference to an identifier that the server can associate with that information.

This is nothing new. Like gruez said in a sibling comment; this is what session cookies do. Almost every website you ever visit will be giving you some form of session cookie.

Then don't visit the site. Cloudflare is in the loop because the owner of the site wanted to buy not build a solution to the problems that Cloudflare solves. This is well within their rights and a perfectly understandable reason for Cloudflare to be there. Just as you are perfectly within your rights to object and avoid the site.

What is not within your rights is to require the site owner to build their own solution to your specs to solve those problems or to require the site owner to just live with those problems because you want to view the content.

>You're telling me cloudflare has to store something on my computer to let them know I passed a captcha?

You realize this is the same as session cookies, which are used on nearly every site, even those where you're not logging in?

>This sounds like "we only save hashed minutiae of your biometrics"

A randomly generated identifier is nowhere close to "hashed minutiae of your biometrics".