So, if I run a website, or a service, and there are people who abuse my service, and I can't take actions to protect myself and my other paying customers...I should be forced to allow those malicious actors an account and do what?
This hypothetical glosses over an essential missing element. The site owner is in control of gating who enters into a transactional relationship with their site or service.
Offering a false dichotomy between "be forced to allow those malicious actors an[d, sic] account" and "take actions to protect myself and my other paying customers" that have adverse impacts (many times with severe monetary damages) is externalizing the cost of poor gating control in the first place in the pursuit of pumping up subscriber numbers chasing the next funding round or quarterly call to brag upon. This is similar to financial services institutions flailing around "identity theft" to cover for gating control of their transactions implemented in pursuit of transaction liquidity over security.
Both take the externalized costs out of customer hides as both uncompensated time and monies spent to make good on unwinding transactions, and in making the aggregate customers pay for the direct costs of fixing the problematic transactions on the way, way back end. Both are a result of implementing poor security practices.
Both also will not scale to the coming era of hyper-converged global financial services. First mover advantage accrues to the one who fixes this challenge at the front end where they gate the transactions, cutting out the majority of the costs of fixing this on the back end after the transaction has been compiled and deployed into production so to speak, not coincidentally speeding up settlement, increasing liquidity, and grab the significant network effects that come with establishing such an infrastructure.
Not to mention that there's a significant difference between just some website and a trillion+ dollar company with significant monopoly power in multiple markets. Being banned from Google or Amazon is simply not equivalent to being banned from commenting on some travel blog.
You can ethically take blocking actions just fine if you allow for due process. The mere existence of bans is not what's being criticized. (Though I'd say bans generally shouldn't be lifetime either.)
I'm sure there will come a reckoning at some point that results in the bar being lifted... much like we can no longer run restaurants out of our houses with no oversight from a governing health and hygiene entity.
