Hacking ChatRoulette’s “Report”


While the media coverage for ChatRoulette has largely died out, I was curious to see how the site had evolved in the past few months. After browsing through the site for a few minutes, I quickly discovered that not much has changed: there are still a lot of naked guys gratifying themselves. With as much emphasis the site puts on reporting people, I was surprised that there wasn’t more communal effort to cleanse the site and make it look less like a gay porn. Curious, I set about testing the mechanics of the report button.

  • Find 1: The report button relies solely on client-side flash storage

    The flash webcam viewer on ChatRoulette uses Flash’s Local Shared Objects to uniquely identify the anonymous user so user ban reports can be tracked. The only problem with this is that you can reset the storage. I didn’t dive in to inspecting the data that ChatRoulette’s flash webcam viewer actually stores, but my best educated guess is that they generate a random identifier and send it back to their servers to identify you. Someone could decompile the player and see what is actually being stored to really reverse-engineer it, but that doesn’t really matter in the grand scheme of things – all a banned user needs to do is reset the local storage and they can proceed to using the site in whatever manner originally got them banned. Adobe has a nifty tool to do this yourself.

    Adobe Local Stored Object Manager

  • Find 2: It took me over 6 minutes and 80 people to get banned

    I used a program called ManyCam to broadcast an image asking for people to report and ban me. Much to my surprise, it took over 80 people to next me before I got banned for 10 minutes. Though, thanks to Find #1, that wouldn’t stop anyone from hopping back on and trying again.

    ChatRoulette - Please Report Me

    Even after asking people to ban me, it took over 6 minutes for enough people to press report so my account would be disabled. Users of the site press “Next” out of habit and seemingly can’t bare the thought of moving the mouse slightly to the right or pressing a different key. Someone nude gratifying themselves would likely receive bans more quickly, but the number of people using the site for this purpose leads me to believe that users press “Next” instead of “Report” almost universally (or a bunch of people already know about Find #1).

  • Find 3: Of the first 80 people I looked through, more than 10 were advertisements to adult websites

    Competing adult cam websites view ChatRoulette as a gateway drug to their services and have (probably intelligently) catered their marketing to the many potential users using ChatRoulette. I have seen ads for (not linked because they’re all nsfw) webcamclub.com, chatroulettestrip.com (a fake front-end for the Zwinky virtual-world / spyware toolbar), chatroulettehalloffame.com, girlschat.org and bunny-chat.com (fake front-ends for Cams.com), AdultFriendFinder, chathopper.com, and streamate.com. There’s certainly no shortage of solutions for someone not finding that special someone on ChatRoulette itself. However, it’s detrimental if the site is to be taken seriously.

My intention with this post is not to belittle the service – I very much want to support other young entrepreneurs. I was disappointed to find that It was so easy to bypass the banning feature of the site (I think a server-side solution could fix this). I was also disappointed to find that the mechanics and audience of the site render the Report functionality useless. I would love nothing more than to have a service which truly allows you to have spontaneous conversation with anyone around the world, but as the site currently exists it is next to impossible. Maybe all of this says something about us as people, but that might be reading in to it too hard.

Creative Commons License All original content is licensed under the Creative Commons Attribution 3.0 U.S. License except that which is quoted or attributed to others. You may reproduce or modify this content, but you must provide proper attribution.