A security researcher reverse-engineered Cloudflare's Turnstile system used by ChatGPT, revealing it collects 55 browser, network, and React state properties to verify legitimate users. The encrypted bytecode was decrypted to expose embedded XOR keys, showing it goes beyond standard fingerprinting to ensure the React app is fully loaded. This raises privacy and anti-bot technique concerns due to extensive data collection.
Background
Cloudflare Turnstile is a common CAPTCHA alternative that verifies human users without challenges, often used by websites like ChatGPT. React is a popular JavaScript framework for building interactive web applications.
- Source
- Lobsters
- Published
- Mar 30, 2026 at 01:41 PM
- Score
- 8.0 / 10