A device fingerprint is being created.
The captcha itself is superfluous - a pretense that some human interaction is needed. But none is.
So there's a new fingerprint, but to be any use it must be compared to something - some collection of previous fingerprints or known attributes or something. So there's a database somewhere. And there must be a comparative analysis - so there's an algo running to determine next action.
I'm 99% sure of the above. What I don't know is:
- what is happening to the newly-created fingerprint? Is it deleted (I doubt it)? Is it being added to a database somewhere?
- If added to a database, who controls it, what other PII attributes does it contain, and who has access to it.
- where did the original database come from? Did cloudflare start from zero and build their own? If not, who provided it, what PII attributes does it contain, and who had access to it?
Whatever the answers to the above, I assume the database is kept forever and, with a simple request from a suitably powerful or politically connected agency - can be used to match device fingerprints in other databases, providing at least a partial record of sites a specific individual visited using a #vpn
quotingI would like to know what is actually, technically going on behind the scenes when #cloudflare throws a captcha just because I'm using a #VPN, claims it has detected "suspicious activity," and needs to "verify I am human."
nevent1q…9l35
I'm 90%+ sure neither of these stated justifications is honest and do not represent what's really happening.
It is much more likely, IMO, cloudflare is making some attempt at identifying me in order to sell marketing data - probably some pattern match of device profile to a known identity database. But I don't really know and would like to.
#askNostr