[lcampbell]

If you're given a button to click, your browser has successfully passed the environment integrity checks and you have not been flagged as a bot.

You'll be flagged as a bot if your browser configuration has something "weird" (e.g. webrtc is disabled to reduce your attack surface) and you will be completely unable to access any site behind cloudflare with the anti-bot options turned on. You'll get an infinite redirect loop, not a button to click.

[immibis]

Note that Google's version of this was determined to be checking whether you had a 9-day-old tracking cookie.

The researcher who discovered this was able to generate 60,000 "I am not a bot" cookies per day, and use them up about 15 times each in a bot before it started getting captchas.

That was in 2016 though.

[rixed]

Couldn't the content of that cookie be used to validate its actual age? Like, just signing the date of generation?

[immibis]

That's probably what it was. So they accessed some page over and over, pretending to not have the cookie yet, got a bunch of cookies, and 9 days later, used them to bypass captchas.

[gruez]

...or generate a bunch and wait 9 days?