370
OpenAI’s ChatGPT Agent casually clicks through “I am not a robot” verification test
(arstechnica.com)
this post was submitted on 29 Jul 2025
370 points (97.9% liked)
Technology
73567 readers
3261 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Ah yes, cloudflare's captcha that just tracks how many hits you've done in a timeframe on a site recently.
Same shit different pile.
From the screenshot in the article, the bot is bypassing Cloudflare's Turnstile which is not just tracking hits.
I work in bot detection. You and anyone else reading this should understand that, behind the scenes, proof-of-work, proof-of-space, and other tests are being run to verify if the device is what it says it is. Typically, a bot is run with a tool like Playwright or Puppeteer. These frameworks are detectable with the right tests. Bots will also attempt to spoof another device's fingerprints to blend in. These changes are also detectable if you know what to test for.
We implement tools like Turnstile and other CAPTCHAless CAPTCHA because bots are pretty good at passing CAPTCHA while humans, rightfully, hate verifying they they're human. Humans also struggle at passing CAPTCHA.
The general population has zero idea the massive volume of bot traffic that is being generated right now. These tools are implemented for a reason. So the fact that a bot just breezes past this test is a problem for us all.
Definitely not "same shit different pile", friend.
Thanks for the write up, but I was blocked from logging in on a cloudflare website because I opened too many windows once and their tracking cookie flagged that browser as a bot.
Meanwhile the bot I built to track mod updates to my modlist for Rimworld and Mw5 on nexus? Never ran into any issues.
So when I refer to Cloudflare's bot detection as shit, that is a highly personal and professional opinion.
No problem, thanks for reading. I don't work for Cloudflare, but I worry it's a little too easy to call something shit when you don't fully understand it.
There are numerous factors at play here even outside of frameworks and browsers. I haven't worked with Cloudflare's tools but where I work we allow each customer to fine tune detections. One site's detections might be too aggressive for another site. Believe it or not, some customers are ok with bot traffic so long as it's not overly aggressive. That said, detections can trigger based on behavior, such as high volumes of requests, as well as IP reputation.
Even with the bypasses that are available, or instances when you are able to use a bot and not be challenged, it doesn't diminish how well these tools work. There are reasons people are implementing these types of antibot solutions across the web.