Discussion
ChatGPT Won't Let You Type Until Cloudflare Reads Your React State. I Decrypted the Program That Does It.
beering: So are you able to get free inference now that you decrypted this?
superkuh: It doesn't look like it in the full sense of "free". But part of how one pays these services is by running a permissive modern browser which allows the corporation to spy on you even when you already paid in currency. In a sense by depriving them of that information they demand they be able to collect and sell this is closer to "free".
simonw: Presumably this is all because OpenAI offers free ChatGPT to logged out users and don't want that being abused as a free API endpoint.
ripbozo: and chatgpt was then used to write this article. at least try to clean it up a bit
petcat: > These properties only exist if the ChatGPT React application has fully rendered and hydrated. A headless browser that loads the HTML but doesn't execute the JavaScript bundle won't have them. A bot framework that stubs out browser APIs but doesn't actually run React won't have them.> This is bot detection at the application layer, not the browser layer.I kind of just assumed that all sophisticated bot-detectors and adblock-detectors do this? Is there something revealing about the finding that ChatGPT/CloudFlare's bot detector triggers on "javascript didn't execute"?
Chance-Device: Perhaps the author should have made it clearer why we should care about any of this. OpenAI want you to use their real react app. That’s… ok? I skimmed the article looking for the punchline and there doesn’t seem to be one.
voxic11: But isn't ChatGPT access free through the browser? What do you mean already paid in currency?
natdempk: Does anyone know how this is integrated on the Cloudflare side and across the app? Is this beyond standard turnstile? Is this custom/enterprise functionality? Something else?
hx8: Ah yes, the timeless hallmark of web blogs: a draft so messy even a language model would ask for a second pass.
lxgr: It's absurd how unusable Cloudflare is making the web when using a browser or IP address they consider "suspicious". I've lately been drowning in captchas for the crime of using Firefox. All in the interest of "bot protection", of course.
EGreg: Well, that's for the public internet.I'm building Safebox and Safecloud, where this won't be the case anymore. Not only will you have a decentralized hosting network that can sideload resources (e.g. via a browser extension that looks at your "integrity" attribute on websites) but also the websites will require you to be logged in with a HMAC-signed session ID (which means they don't need to do any I/O to reject your requests, and can do so quickly)... so the whole thing comes down to having a logged in account.https://github.com/Safebots/SafecloudAs far as server-to-server requests, they'll be coming from a growing network of cryptographically attested TPMs (Nitro in AWS, also available in GCP, IBM, Azure, Oracle etc.) so they'll just reject based on attestations also.In short... the cryptographically attested web of trust will mean you won't need cloudflare. What you will need, however, to prevent sybil attacks, is age verification of accounts (e.g. Telegram ID is a proxy for that if you use Telegram for authentication).
blinkbat: Ok... so... ?
onion2k: Is that because botnets spoof being Firefox? It's not really fair to blame Cloudflare it is. That's on the bots.
londons_explore: I just don't understand why bot owners can't just run a complete windows 11 VM running Google Chrome complete with graphics acceleration.You can probably run 50 of those simultaneously if you use memory page deduplication, and with a decent CPU+GPU you ought to be able to render 50 pages a second. That's 1 cent per thousand page loads on AWS. Damn cheap.
poly2it: If you know of a simple way to run a Windows 11 VM with good graphics acceleration (no GPU passthrough), please contact me.
aslihana: I mean, I can easily get them to behaving defensively for not being abused. But MBP with M5 here, my chatgpt tab always get stucked when I hit some prompt.Really really bad user experience, wondering about when they will leave this approach.
heliumtera: I am shocked openai collects data about it's users before users have the opportunity to send the same data to openai servers!
NotPractical: But don't they do this regardless of whether you're logged in or not?I noticed the ChatGPT app also checks Play Integrity on Android, probably for similar reasons. (Thanks to GrapheneOS for snitching on apps when they do anti-user things.) Claude's app doesn't do this.
themafia: My theory is that "AI" doesn't really have any long term paying customers and the majority of the "users" are people who have cooked up some clever hack to effectively siphon computing power from these providers in an effort to crank out the lowest effort ad supported slop imaginable.Every provider seems to have been plauged by these freeloaders to such an extent that they've had to develop extreme and onerous countermeasures just to avoid losing their shirts.What's the word? Schadenfreude?
lucasfin000: The real frustrating part is that Cloudflare's "definition" of suspicious keeps changing and expanding. VPN users, privacy-first browsers, uncommon IP ranges, they all get flagged. The people most likely to get caught by these systems are exactly the ones who care most about their privacy, and not the bots that they are apparently targeting.
ale42: This was sarcasm, right?
MarioMan: I assume your concern with GPU passthrough is that each VM needs a whole GPU? You can use GPU-PV to split your GPU between VM instances. Then the main bottleneck becomes how thin you split out your VRAM.More info here:https://web.archive.org/web/20231107182321/https://mu0.cc/20...https://youtu.be/XLLcc29EZ_8?t=570https://github.com/jamesstringer90/Easy-GPU-PV
refulgentis: If you have AI write a blog post for ya, when you think it's set, check word count (can c+p to google docs if AI can't pull it off with built in tools), and ask it to identify repetitions if it's over 1000.Also, you can have it spotcheck colors: light orange on light background is unreadable, ask it to find the L*[1] of colors and dark/lighten as necessary if gap < 40 (that's minimum gap for yuge header text on background, 50 for text on background, these have gap of 25)I haven't tried this yet, but, maybe have it count word count-per-header too. It's got 11 headers for 1000 words currently, makes reading feel really stacatto and you gotta evaluate "is this a real transition or vibetransition"(as in L*a*b*, not L in Oklab)
conradkay: Not really, there's camoufox but the vast majority use modified chrome/chromium
danielheath: Maybe check your network isn't sending web traffic you're not aware of?I'm running firefox and seeing the normal amount.
jychang: Most people are on a CGNAT these days, drowning in captchas is the new normal. You’re at the mercy of one of your neighbors not hosting a botnet from their home computer.
doctaj: In what way would that not be fair? Their product giving false positives (unnecessary challenges for a normal browser humans commonly use) to real people is definitely their fault.
gruez: >Their product giving false positives (unnecessary challenges for a normal browser humans commonly use) to real people is definitely their fault.Is it TSA's "fault" that non-terrorists have to go through screening?
dheera: Exactly. For the most part all this bot protection is only protecting these websites against humans.I don't do free work. I'm not going to label 50 images of crosswalks and motorcycles for free.
cogman10: Every so often, usually after a firefox update, CF will get into a "I'm convinced your a bot" mode with me. I can get out of it by solving 20 CAPTCHAs.
appreciatorBus: Yup.Coincidentally about an hour ago, I wanted to look something up in ChatGPT and I happened to be in a browser window I don’t normally use, with no logged in accounts. I assumed it wouldn’t work, but to my surprise with no account, no cookies of any kind it took my query and gave me an answer.
aziaziazi: I used to mostly use chatgpt in an incognito tab, logged out. Until I notice it seems to have some context of my logged in session, and of the logged out as well. It may be paranoia or prompt deduction as well but that felt strange.
gruez: >I assumed it wouldn’t work, but to my surprise with no account, no cookies of any kind it took my query and gave me an answer.They allowed anonymous requests for months now, maybe even a year.
MyNameIsNickT: Hey! I'm Nick, and I work on Integrity at OpenAI. These checks are part of how we protect our first-party products from abuse like bots, scraping, fraud, and other attempts to misuse the platform.A big reason we invest in this is because we want to keep free and logged-out access available for more users. My team’s goal is to help make sure the limited GPU resources are going to real users.We also keep a very close eye on the user impact. We monitor things like page load time, time to first token and payload size, with a focus on reducing the overhead of these protections. For the majority of people, the impact is negligible, and only a very small percentage may see a slight delay from extra checks. We also continuously evaluate precision so we can minimize false positives while still making abuse meaningfully harder.
hansvm: It's probably just a higher rate of autonomous vehicles needing stop signs and buses identified at that moment, and cognitive bias causes you to only remember when that happens when you recently performed an update.
cogman10: My assumption is that CF has something like a SVM that it's feeding a bunch of datapoints into for bot detection. Go over some threshold and you end up in the CAPTCHA jail.I'm certain the User-Agent is part of it. I know that for certain because a very reliable way I can trigger the CF stuff is this plugin with the wrong browser selected [1].[1] https://addons.mozilla.org/en-US/firefox/addon/uaswitcher/
gruez: >It's probably just a higher rate of autonomous vehicles needing stop signs and buses identified at that momentI can't tell whether you're serious but in case you are, this theory immediately falls apart when you realize waymo operates at night but there aren't any night photos.
g-b-r: Maybe you allow tracking and cookies?
Eji1700: I don't, and I rarely have issues with firefox. Private + blockers + VPN causes, expected, issues but otherwise i'm usually fine?
gruez: >The real frustrating part is that Cloudflare's "definition" of suspicious keeps changing and expanding.That's... exactly expected? It's a cat and mouse game. People running botnets or AI scrapers aren't diligently setting the evil bit on their packets.
gruez: >My best guess is -- ChatGPT is running something in your browser to try to determine the best things to send down to the model APIThere's no way this is worth it unless the models are absolutely tiny, in which case any benefits from offloading to the client is marginal and probably isn't worth the engineering effort.
halflife: Don’t know if it’s related to the article, but the chats ui performance becomes absolutely horrendous in long chats.Typing the chat box is slow, rendering lags and sometimes gets stuck altogether.I have a research chat that I have to think twice before messaging because the performance is so bad.Running on iPhone 16 safari, and MacBook Pro m3 chrome.
stacktraceyo: Same. It’s wild how bad it can get with just like a normal longer running conversation
amatecha: These days I just close sites that show that "checking if you're a bot" shit. If this is how the web is going to be now, I don't care, I'll just not use it. I didn't need to see that article or post that badly anyways. I'm tired of paying the price for the sociopathic, greedy actions of others. It's especially bad for anyone who uses an open source OS like Linux or *BSD (to the extent many sites just block me automatically with a 403 Forbidden simply for using OpenBSD + Firefox, completely free pass if I try the same site from a Windows or Linux computer).
andrepd: > These checks are part of how we protect products from abuse like bots, scraping, and other attempts to misuse the platform.This would be fucking HILARIOUS if it wasn't so tragic.
Chance-Device: It can be both
noosphr: >These checks are part of how we protect our first-party products from abuse like bots, scraping, fraud, and other attempts to misuse the platform.Can you share these mitigations so we can mitigate against you?
everdrive: It's getting to the point where a user needs at minimum two browsers. One to allow all this horrendous client checking so that crucial services work, and another browser to attempt to prevent tracking users across the web.Nick, I understand the practical realities regarding why you'd need to try to tamp down on some bot traffic, but do you see a world where users are not forced to choose between privacy and functionality?
CorneredCoroner: > A headless browser that loads the HTML but doesn't execute the JavaScript bundle won't have them.this is meaningless btw. A browser headless or not does execute javascript.
tripdout: AI-written article?
avazhi: Yep. I flag these as spam at this point.
0x3f: Meet me in a cafe and I will sign a JWT saying you're not a bot. You can submit this to whoever will accept it.
jagged-chisel: Sounds like we’re bringing back the PGP key signing parties
__MatrixMan__: The sooner we do the better.
jagged-chisel: That’s obviously because they’re not being “evil”
whatisthiseven: Which VPNs are people using that actually care about the user's privacy? Most of them don't, sell their home IP to buyers, sell their DNS history to others, etc. Worse, some of them could require invasive MITM cert stuff most users will just click yes through.I have yet to see a use case for VPNs for the casual internet audience, and for a tech savvy user, their better off renting through some datacenter or something, which at that point is hardly a VPN and more home IP obfuscation. All the same downsides, and at least you get real privacy.
traceroute66: > Which VPNs are people using that actually care about the user's privacy?Mullvad.It has been proven in a court of law that when Mullvad says "no logging", they mean it.They also regularly have security audits and publish the results[2][3][1]https://mullvad.net/en/blog/mullvad-vpn-was-subject-to-a-sea... [2]https://mullvad.net/en/blog/new-security-audit-of-account-an... [3]https://mullvad.net/en/blog/successful-security-assessment-o...
SV_BubbleTime: Firefox multicontainers are pretty cool. But it’s an advanced process that most people wouldn’t do or do correctly.
Imustaskforhelp: The possibilities with Firefox multi containers and automation scripts as well are truly endless.It's also possible to make Firefox route each container through a different proxy which could be running locally even which then can connect to multiple different VPN's. I haven't tried doing that but its certainly possible.It's sort of possible to run different browsers with completely new identities and sometimes IP within the convenience of one. It's really underrated. I don't use the IP part of this that I have mentioned but I use multi containers quite a lot on zen and they are kind of core part of how I browse the web and there are many cool things which can be done/have been done with them.
dev1ycan: "abuse like bots, scraping, fraud, and other attempts to misuse the platform"This has to be a joke, right?
jgalt212: We use Cloudflare to protect our content, but at the same time our machines mostly run Linux / Firefox so it really is quite a frustrating relationship. It really bums me out how much of Turnstile boils down to these two questions:is it Linux (or similar)?is it Firefox?If yes, to one or both, you're blocked! Clearly millions of dollars of engineering talent and petabytes of data collection should be able to come up with something more nuanced than this.
darepublic: I imagine to stop web automation from getting free API like use of the model
evilduck: Using any popular datacenter's IP range for a personal VPN is likely to be outright blocked.
Imustaskforhelp: Also you only get 1 IP so its not really anonymous and you definitely would have a fingerprint.
thisisnow: you just rotate it?
quotemstr: We really need ZKPs of humanity
dawnerd: I’ve been getting it in safari too. It’s ridiculous frankly. My residential ip must have been flagged or something. The part that’s really annoying is its trivial for bots to bypass.
magicseth: If apple approves it, ive got a solution: A keyboardthat attests to your humanity https://typed.by/magicseth/2451#2NyGLfAQxmqRiAOTlaX7ma3G4d1o...
scoofy: Somewhere there is someone 3D printing a keyboard cover that an llm can type with.
ctoth: No, we really don't. We don't need worldcoin, we don't need papers, please. We just don't."Prove your humanity/age/other properties" with this mechanism quickly goes places you do not want it to go.
myHNAccount123: Can you fix the resizing text box issue on Safari when a new line is inserted? When your question wraps to a newline Safari locks up for a few seconds and it's really annoying. You can test by pasting text too.
girvo: Surprising really, because I'm a Firefox + Ublock Origin die hard and I never get Cloudflare captchas. Wonder what the difference is? I have CGNAT turned off, if that matters at all (probably not).
moffkalast: Yeah just had this earlier today, I had to write my response in vscode and paste it in, there were literal seconds of lag for typing each character. Typical bloated React.
pera: I really can't tell for sure (new user posting a ridiculously hypocritical corporate message on a Sunday) but if GP actually works for OpenAI the lack of self-awareness is seriously striking
mzajc: Brilliant! Just the thing we want: more hardware attestation, more deanonymization, less user control, all diligently orchestrated in a repository where the only contributor is Anthropic Claude [0]. Comes complete with a misaligned ASCII diagram in the README to show how much effort the humans behind it put in!Yes, even their "humanifesto" is LLM output, and is written almost exclusively in the "it's not X <emdash> it's Y" style.[0]: https://github.com/magicseth/keywitness/graphs/contributors
