IdeaWell

Project ideas from Hacker News discussions.

ChatGPT won't let you type until Cloudflare reads your React state

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

5Prevalent Themes in the Discussion

# Theme Supporting Quote
1 Bot detection & privacy‑focused fingerprinting “It doesn't look like it in the full sense of 'free'. But part of how one pays these services is by running a permissive modern browser which allows the corporation to spy on you even when you already paid in currency.” – superkuh
2 Free / logged‑out access is a target for abuse prevention “We also keep a very close eye on the user impact… My team’s goal is to help make sure the limited GPU resources are going to real users.” – MyNameIsNickT
3 Client‑side React/JS checks are used to verify human use “My best guess is -- ChatGPT is running something in your browser to try to determine the best things to send down to the model API.” – gruez
4 Bot‑mitigation definitions keep expanding, creating more friction “The real frustrating part is that Cloudflare's 'definition' of suspicious keeps changing and expanding.” – gruez
5 Users experience noticeable slowdown & extra steps (CAPTCHAs, typing lag) “I can get out of it by solving 20 CAPTCHAs.” – cogman10

These five themes capture the core concerns voiced across the Hacker News thread: heightened privacy scrutiny, the economics of free access, technical methods used to distinguish humans from bots, the ever‑shifting criteria for “suspicious” traffic, and the tangible performance hit for everyday users.

🚀 Project Ideas

HumanProof –Zero‑Knowledge Human Attestation Layer

Summary

  • Provides cryptographic, zero‑knowledge proof that a user is human without fingerprinting or intrusive browser checks.
  • Eliminates CAPTCHAs and Turnstile challenges for services like OpenAI while preserving anonymity.

Details| Key | Value |

|-----|-------| | Target Audience | Privacy‑focused users, developers of free‑tier AI services, security‑conscious HN readers | | Core Feature | ZKP‑based attestation that a request originates from a live human, verifiable server‑side | | Tech Stack | Rust (zk‑SNARK libraries), Solidity (Ethereum‑compatible attestation contract), Web Crypto API, Next.js backend | | Difficulty | Medium | | Monetization | Revenue-ready: subscription: $7/mo |

Notes

  • HN commenters repeatedly lamented “invasive fingerprinting” (e.g., “They spy on my computer setup”) – this solves that directly.
  • Could be adopted by OpenAI to keep free access open while stopping bot abuse, aligning with Nick’s “keep free access” goal.

VeilCheck – Selective Verification Browser Extension

Summary

  • Allows users to run a separate, isolated “verification container” that performs required anti‑bot checks, leaving the main browser untouched.
  • Users keep their privacy‑focused settings (RFP, VPN, no‑tracking) while still accessing services that demand checks.

Details

Key Value
Target Audience Power users who employ privacy extensions, Tor/Firefox users, developers testing bot detection
Core Feature Isolates Cloudflare/Turnstile verification in a sandboxed extension window that can be toggled per site
Tech Stack WebExtensions API, Iframe sandbox, Electron‑based sidecar for logic, Chrome/Walnut runtime
Difficulty Low
Monetization Hobby

Notes- Directly addresses beering’s complaint: “part of how one pays these services is by running a permissive modern browser which allows the corporation to spy on you”. VeilCheck removes that spying surface.

  • HN users like gruez noted “I can’t tell whether you’re serious … but this is bot detection at the application layer, not the browser layer.” This tool moves detection to a controllable layer.

OpenAPI Proxy – Anonymous LLM Access Gateway

Summary

  • A hosted proxy that authenticates users on the server side, letting anyone query OpenAI, Claude, or Gemini via a simple HTTP endpoint without needing client‑side checks.
  • Provides “free API” access by handling all bot detection internally.

Details

Key Value
Target Audience Developers, hobbyists, researchers who want unrestricted LLM access without login or CAPTCHAs
Core Feature Server‑side request validation, rate limiting, and bot detection; returns model output over a clean API
Tech Stack Node.js (Express), Docker, Redis for rate limiting, OpenAI API wrapper, Auth0 for optional paid tier
Difficulty Medium
Monetization Revenue-ready: pay-per-request: $0.001 per call

Notes

  • Echoes gruez’s observation that “ChatGPT is running something in your browser to try to determine the best things to send down to the model API”. This removes that client burden.
  • Aligns with superkuh’s desire for “free inference” without “spying on your computer setup”.

AttestMe – WebAuthn‑Based Humanity Proof Service#Summary

  • Leverages WebAuthn hardware attestations (e.g., built‑in platform authenticators) to issue unlinkable “humanity certificates” that services can verify without fingerprinting.
  • Provides a privacy‑preserving way to prove a live human is behind a request.

Details

Key Value
Target Audience Users with hardware security keys, privacy‑centric web services, HN participants concerned about “spying”
Core Feature Issue a temporary, revocable attestation token tied to a hardware authenticator; service validates token without learning identity
Tech Stack WebAuthn API, TypeScript, Express, PostgreSQL for token revocation, JWT for proof
Difficulty High
Monetization Hobby

Notes- Directly answers gruez’s question about “Why not just require a logged‑in account?” – this gives a cryptographic proof without a full account.

  • Users like elladmin noted “ChatGPT app also checks Play Integrity on Android”. AttestMe could replace such invasive checks with a hardware‑backed assurance.

StealthBot – Open‑Source Bot‑Evasion Browser Profile Manager

Summary

  • A modular browser profile manager that auto‑generates realistic, constantly rotating fingerprint footprints (GPU, fonts, user‑agent, canvas, WebGL) to bypass sophisticated bot detectors while staying privacy‑friendly.
  • Enables seamless, script‑driven interactions with services like ChatGPT without triggering Turnstile.

Details

Key Value
Target Audience Researchers, scrapers, power users who need to automate access to AI services without being blocked
Core Feature Dynamic fingerprint synthesis, container isolation, API for headless automation, built‑in CAPTCHA solver fallback
Tech Stack Electron, Puppeteer, Chrome DevTools Protocol, Rust for fingerprint engine, Docker for container isolation
Difficulty High
Monetization Revenue-ready: premium features: $4.99/mo

Notes

  • Solves gruez’s frustration that “there’s no way this is worth it unless the models are absolutely tiny” by providing a viable, full‑featured browser environment that passes checks.
  • Resonates with ldDickman’s comment about needing “two browsers” – StealthBot consolidates the need into a single, manageable profile set.

Read Later