this post was submitted on 19 Sep 2024
-3 points (28.6% liked)

Perchance - Create a Random Text Generator

463 readers
13 users here now

⚄︎ Perchance

This is a Lemmy Community for perchance.org, a platform for sharing and creating random text generators.

Feel free to ask for help, share your generators, and start friendly discussions at your leisure :)

This community is mainly for discussions between those who are building generators. For discussions about using generators, especially the popular AI ones, the community-led Casual Perchance forum is likely a more appropriate venue.

See this post for the Complete Guide to Posting Here on the Community!

Rules

1. Please follow the Lemmy.World instance rules.

2. Be kind and friendly.

  • Please be kind to others on this community (and also in general), and remember that for many people Perchance is their first experience with coding. We have members for whom English is not their first language, so please be take that into account too :)

3. Be thankful to those who try to help you.

  • If you ask a question and someone has made a effort to help you out, please remember to be thankful! Even if they don't manage to help you solve your problem - remember that they're spending time out of their day to try to help a stranger :)

4. Only post about stuff related to perchance.

  • Please only post about perchance related stuff like generators on it, bugs, and the site.

5. Refrain from requesting Prompts for the AI Tools.

  • We would like to ask to refrain from posting here needing help specifically with prompting/achieving certain results with the AI plugins (text-to-image-plugin and ai-text-plugin) e.g. "What is the good prompt for X?", "How to achieve X with Y generator?"
  • See Perchance AI FAQ for FAQ about the AI tools.
  • You can ask for help with prompting at the 'sister' community Casual Perchance, which is for more casual discussions.
  • We will still be helping/answering questions about the plugins as long as it is related to building generators with them.

6. Search through the Community Before Posting.

  • Please Search through the Community Posts here (and on Reddit) before posting to see if what you will post has similar post/already been posted.

founded 1 year ago
MODERATORS
 

Dear Perchance Administrator(s),

I've been trying to reach you over admin(at)perchance.org, which is listed as your contact email in your privacy policy, but the mail was eventually undelivered. I couldn't find any other contact information on the site, so I'm going to post this complaint here. But yes, I have a complaint against the usage of browser fingerprinting on your website. I noticed someone (hopefully an official account) posting under the name @perchance on this "sublemmy", so I am addressing this to you directly, because I believe that you are the person responsible for this situation. If you are not that person, then please have this message forwarded to whoever is.

The complaint is against Cloudflare (or more specifically, its bot detection mechanism) that is being used by perchance.org and causing access problems on some pages. Since I like my online privacy very much, I tend to modify the browser settings to harden it for improved security, configure it against online tracking, and protect it against malware. Unfortunately, Cloudflare often has a problem with this and croaks. It's often the case that when someone tries to change or customize their browser (i.e. by messing with some security settings or by installing a security addon), then they will likely get flagged as an anomaly. It is wrongful to expect visitors to keep their web browsers in vanilla state in order to appease some online bot detection scripts. I will thus put some of the blame on Cloudflare for providing these faulty services, but that is only half of the story. I realize that Cloudflare is by itself just a service, so it cannot take the full blame here. While it does offer these functions, it does not automatically apply them to random websites. No, the websites don't automatically pop up behind Cloudflare, there is another factor present here. Someone has to decide to put their website behind Cloudflare in the first place. Someone like you. Therefore, the other half of the blame lies with you or whoever decided to use Cloudflare on perchance.org.

Up until now you may still be wondering what exactly am I talking about. Well, I did some poking around the website javascript source code to try and identify the problem, and I managed to come up with a name. Does the name "Turnstile" ring a bell? Yes, it is the main problem here. It is a script that is using a technique called Browser Fingerprinting to uniquely identify users of your image generation service. These fingerprinting scripts often use some heavy-duty and extremely invasive probing to collect sensitive information about your visitor's devices including, but not limited to: device operating system, screen resolution, color depth, timezone, language/locale, installed fonts, list of browser plugins, device CPU and memory, audio card fingerprint, canvas fingerprint, WebGL (graphics card) fingerprint, list of connected devices like cameras and microphones, etc. Browser fingerprinting is a form of tracking far worse than cookies because it does not need to store any information on the user device, and it can even work cross-website. Clearing cookies or browser history won't help at all. It's like a DNA fingerprint of your device that is extremely difficult, if not impossible to change.

In case of Perchance, I found out that some AI generator pages like https://perchance.org/pretty-ai will attempt to load several iframe's after the "generate" button is clicked. These will then link to https://image-generation.perchance.org/embed, which then initiates the image generation process. But, before that happens, the iframe tries to contact https://challenges.cloudflare.com to fetch this javascript:

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8c26a3a49b285b4e&lang=auto

This is a heavily obfuscated javascript that does some very shady things. Script obfuscation like this is often employed by malware to hide what the code is doing from reverse-engineering and anti-virus programs. Fortunatly, my browser detects this and blocks the script as potentially malicious. The result is that the iframe complains about challenges.cloudflare.com being blocked or that verification failed, and then enters an endless verification loop while never displaying the requested AI-generated content. Yes, I tried to bypass the verifiation process by modifying the page javascript code to skip the verification process and go directly to the image generation step. Unfortunately, the image generator server will not accept any requests without a proper user key, which is generated by that obfuscated turnstile script bloat. I do not condone having such scripts run in my browser, so I will not unblock the script. And since there is no obvious way to opt out of this invasive fingerprinting, I am thus reduced to begging website administrators to remove these scripts from their websites. Thus....

Please remove Cloudflare Turnstile browser fingerprinter from your website and make it accessible again to users that wish to protect their online privacy.

Thank you.

you are viewing a single comment's thread
view the rest of the comments
[–] perchance 4 points 2 months ago* (last edited 2 months ago) (3 children)

Nope, it's not malware or "shady" - it's a very widely used bot-prevention service by Cloudflare, a reputable company, and it's specifically designed to be privacy-preserving: https://blog.cloudflare.com/turnstile-private-captcha-alternative/

An example of the (scary sounding) "fingerprinting" you mention is checking whether the browser viewport is actually being rendered into pixels (as opposed to it being a "headless" machine with no actual rendering, which is a sign of a bot). These sorts of checks are harmless, and they make things like Perchance's AI plugins possible when they otherwise wouldn't be.

The modern internet is built upon bot and fraud prevention mechanisms. The economics of the internet wouldn't work at all without them. You're free to block scripts on your machine of course, but "begging website administrators to remove these scripts from their websites" is plainly naive, and wastes the time of said admins. (Edit: This sentence came out a bit harsh in hindsight, sorry about that. I'll leave it here for accountability.)

I'm not adding paid features to Perchance. It'll always be completely free. This means bot prevention checks are required for generators that import ad supported plugins (i.e. AI plugins). You have very specific requirements, so you should use a paid service instead of Perchance. (Though note, to get through the checkout of said paid service, Stripe will run a bot/fraud check against your browser and your IP, let alone getting your credit card number which is obviously tied directly to you. Maybe find one that accepts crypto - or even better, support open source by joining the local ML community: reddit.com/r/LocalLLaMA)

[–] Cocell 1 points 2 months ago (2 children)

I have a question. 🙋‍♂️

If I use Puppeteer even in non-headless mode, why does Perchance's UI... How do I say, well, the best way I can describe it is "they retract," well sort of.

Well let's run node perchance.js and open it using Puppeteer.

Now it opens this.

-# !!! Light mod warning

As you can see there is no default UI, but they are still there.

That is when I run app.goToEditMode().

Which opens the normal edit menu.

And then even if I close the edit menu, the default UI is still present.

So this has been bugging me a while, why must it be that way? Is it because because of the Perchance screenshot API?

[–] perchance 2 points 2 months ago (1 children)

Yep you guessed right - it's for the screenshot API. I'm sure there is a smarter way (maybe load with param in URL or something), but it was a quick solution

[–] Cocell 1 points 1 month ago

What about checking for user agent? I am sure something silly like Perchance screenshot agent would do the trick. :)