They also went out of their way to automatically treat them as more questionable by default. Unless the website operator explicitly whitelists tor, tor users are given a worse experience.
This probably isn't really correct. Their blog says that 94% of the traffic they were getting over Tor was malicious, and since they probably automatically put IPs where a lot of malicious traffic comes from on the CAPTCHA list, my guess is all the Tor nodes got flagged automagically.
What they went out of their way to do, was explicitly make it less painful for legitimate users to use Tor, despite the amount of malicious content they get from Tor. I'd argue for most companies, if 94% of the traffic from somewhere is malicious, the answer is "block it and be done with it", but clearly, Cloudflare actually values Tor and what it stands for enough to come up with a workaround.
"They also went out of their way to automatically treat them as more questionable by default."
nope, you're spreading un-sourced/unconfirmed FUD. Provide a source, or this is just FUD. Tor IPs are treated like any other IP by default, not "more questionable by default".
Perhaps they've changed it since last time I looked a few years ago. You're right, I can't find the tor-specific anything anymore. I ditched Cloudflare years ago and haven't checked back in a while. I rather distinctly remember a default setting that explicitly talked about how it treated Tor users. I don't see that setting anymore.
EDIT: Maybe not anymore? See replies