news.volyx.in

ChatGPT won't let you type until Cloudflare reads your React state (buchodi.com)

986 points by alberto-m · 108 days ago · 614 comments on HN

Article summary

ChatGPT uses Cloudflare's Turnstile program to verify that users are running a real browser with a fully rendered and hydrated React application. The program collects 55 properties from the browser, Cloudflare network, and ChatGPT application state. The author decrypted the Turnstile bytecode and found that it uses a custom VM with 28 opcodes and randomized float register addresses. The program's purpose is to detect and prevent bot abuse of the ChatGPT API.

Main themes

  • Cloudflare Turnstile
  • Bot detection
  • React application state
  • Browser fingerprinting
  • Anti-bot protection
  • AI-powered services

What commenters say

  • The article's findings are not particularly surprising or scandalous, and the author's framing of the issue is misleading.
  • The use of Cloudflare Turnstile is a legitimate measure to prevent bot abuse and protect the ChatGPT API.
  • The article provides valuable technical insights into the workings of Cloudflare Turnstile and its use in anti-bot protection.
  • The author's use of AI-generated content is problematic and detracts from the value of the article.
  • The article's focus on the technical details of Turnstile is more interesting than its attempted framing as a consumer protection issue.
  • The use of Turnstile is not unique to OpenAI and is a common practice in the industry to prevent bot abuse.
  • The article's findings have implications for the use of AI-powered services and the trade-offs between security and user privacy.
  • The tone and style of the article are not engaging or well-suited to conveying the technical information presented.