You think you're using ChatGPT, but before you even type the first word, Cloudflare has already read your page. Someone reverse-engineered the ChatGPT web client and discovered a mechanism: every time a user opens the page, the system silently scans 55 pieces of data—your GPU model, screen resolution, fonts, city, IP address, and even the internal state of the React app on the current page. Only after everything checks out does the input box unlock, allowing you to type. This entire process happens silently, with no indication on the interface. This technical breakdown was posted on Hacker News, where many engineers confirmed the details. The debate isn’t just about “what Cloudflare is doing,” but also: does this count as collecting client-side data without the user’s knowledge? Where is the reasonable boundary for CAPTCHA verification? OpenAI’s choice to use this method for anti-bot verification isn’t illegal in itself. But probably no one who has used the ChatGPT web version realized this was happening.