In the world of digital giveaways and contests, "random" is a loaded word. To a user, picking a name out of a hat feels random. But to a computer, generating a truly random number is an incredibly complex engineering challenge. In fact, for a purely logical machine, being "unpredictable" is almost impossible without external help.
The "Math.random()" Trap
If you open your browser console right now and type Math.random(), you get a decimal
between 0 and 1.
Do it again, and you get another. It looks random. But it isn't.
This is a Pseudo-Random Number Generator (PRNG). It is "Pseudo" because it is determined by a mathematical formula. If you know the formula and the starting number (the seed), you can predict the entire sequence forever. Ideally, a hacker knowing the server time when a contest started could reverse-engineer the "random" pick.
Why PRNG is dangerous for money
In 2010, the "Software Security" group proved they could predict Texas Hold'em shuffles on a major poker site because the site used a simple timestamp-seeded PRNG. Millions of dollars were at risk.
What is Entropy?
True randomness requires Entropy—essentially, "noise" from the physical world that machines cannot predict. Servers and browsers harvest this noise from chaotic sources:
-
🌡️
Thermal Noise The microscopic vibrations of electrons in your CPU due to heat.
-
🖱️
User Interrupts The exact millisecond you clicked your mouse or pressed a key.
-
📻
Atmospheric Noise Static from lightning strikes and solar radiation (used by Random.org).
The Web Crypto API Solution
Modern browsers introduced the Web Crypto API to solve the PRNG problem for good.
When you use Cypherpia's tools, we call window.crypto.getRandomValues().
This command asks your Operating System (Mac, Windows, iOS) for its "entropy pool"—a collection of accumulated random noise collected since you turned the device on.
Why Client-Side Verification Matters
Many "secure" contest tools still generate the winner on their server. This is a "Black Box". You have to trust that:
- Their server is not hacked.
- Their admin code doesn't favor certain users.
- They aren't just picking the winner with the most followers to boost hype.
Client-Side Execution (what we do) runs the code in your browser. You can inspect the Network tab in Developer Tools and verify that no secret data is being sent to us. The winner is determined by your CPU's entropy at that exact moment.
Case Study: The Lava Lamps
Cloudflare, one of the biggest security companies in the world, famously protects a portion of the internet using a wall of 100 lava lamps in their San Francisco lobby. A camera films the lamps bubbling. The video feed is converted into code. Because the shape of wax bubbles is governed by fluid dynamics, it is physically impossible to predict. This is the extreme end of Hardware RNG.
While you don't need a lava lamp wall to pick an Instagram winner, you do need a tool that respects the laws of physics.
Frequently Asked Questions
Is Cypherpia's Wheel truly random? ▼
Yes. We solely use CSPRNG methods. We never fallback to Math.random(), even on
older devices.
Can I rig the wheel to pick a specific winner? ▼
No. Our source code is minified for performance but the logic remains: it is pure chance. There are no "admin keys".