Aug 30, 2024 13:00:00

A group was technically using a million checkboxes to send secret messages

Nolen Royalty, creator of One Million Checkboxes , a site that allows users from all over the world to click one million checkboxes at the same time, posted on his blog that he had discovered young people using One Million Checkboxes for creative play.

The secret inside One Million Checkboxes | eieio.games

https://eieio.games/essays/the-secret-in-one-million-checkboxes/

As the name suggests, One Million Checkboxes is a site that has one million checkboxes, and when someone turns a checkbox on or off, the change is instantly reflected for everyone viewing the site. You can see how it works in the article below.

A man who created 1 million checkboxes that anyone can enter in real time has appeared - GIGAZINE

The data for the checkboxes was stored as 1 bit per checkbox, and since 1 byte is 8 bits, 1 million bits were stored in 125 KB. The data was stored in a database called Redis and was base64 encoded and sent to the client.

Royalty likes to create games that people can interact with, but he was worried that some kind of harassment might occur. So in One Million Checkboxes, the number of checkboxes displayed in one row changes depending on the browser window size, so that even if you write a message, the message will only be transmitted to people who have the site open in a window of exactly the same size.

One Million Checkboxes proved much more popular than Royalty expected, with half a million people clicking the checkboxes more than 650 million times during the two weeks the site was live.

Royalty was trying to rewrite the backend to deal with the load, but while working on it, he discovered the following URL when he output the state of the database checkbox to a file. When Royalty first noticed this URL, he thought, 'Oh no! I've been hacked.'

However, no matter how much Royalty analyzed it, he found no signs of hacking, and when he looked at the checkboxes corresponding to the URL, he found that the characters were represented using eight checkboxes.

In the

ASCII character code, various characters are assigned to numbers that can be expressed in 8 bits, for example, '01101000' represents the letter 'h'. Royalty said that the server was not hacked directly, but that someone was sending messages through the checkbox.

Even if the checkbox in the message section was changed, it was immediately restored to its original state by 'someone.'

When the URL in the message was accessed, it turned out to be an invitation link for a Discord server called 'Checking Boxes.'

When Royalty joined, there were already more than 10 members there, and when she told them she was the creator of One Million Checkboxes, she was warmly welcomed.

The members of 'Checking Boxes' treated one million checkboxes as a 1000x1000 display, displaying various images, QR codes and links to Discord servers.

People who understood the message started joining 'Checking Boxes', and the number of members eventually grew to more than 60. As the server's rate limiting algorithm was reverse engineered, the display as a 1000x1000 display also became more sophisticated, allowing huge images to be drawn, as shown below.

When Royalty shut down the site, he sent a message on Discord saying that he was lifting all rate limits. Some members were able to draw not only images but also short videos.

Royalty commented on the incident, 'What Discord came up with was so cool, surprising, and creative. It meant so much to me to be able to see it firsthand, encourage the members, and respond with praise and pride rather than anger.' 'I'm proud that these Discord members were able to create something that they decided was worth playing, and I'm even prouder of what they did with One Million Checkboxes.' She praised the members' creativity, concluding her blog by saying, 'I can't wait to see what they create next.'