Arthur Besse
Privacycross-posted from: https://lemmy.ml/post/47972724
i encountered this for the first time today while attempting to read something on archive.today.
i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.
the old type of captcha remains available too, for now:
This is going to work just amazingly well with AI moderation, faceborg style.
If you haven’t already divested from Google and its related services then now is the time.
There's no way this is ADA compliant.
With the way the Trump admin is going I'm surprised they haven't totallt dismantled the ADA already.
Without a google account there will be many sites I can't visit. I'll look at such sites the same way as I look at paywalled sites.
-
People without a mobile device are fucked out of being able to pass a captcha
-
As if this isn't a way for them to associate multiple sessions on multiple specific devices with one another, this is just another avenue for data collection, period. Hidden under the guise of "more secure."
Captcha has been one of the greatest google acquisitions ever.
They acquired it under the guise of improving OCR and have since morphed it into an AI data farm (how else is google lens gonna know what objects are what?) and now total insight into a users every single action from desktop to mobile, tying it all together into a surveillance nightmare.
I can guess the permissions that the recaptcha app needs now. Probably something akin to root access with all datapoints and considerations you could think of.
I imagine scammers are already thinking of ways to use this for phishing too
You don't have to drink a verification can, but you do need to buy a verification phone.
i have one. but it isn't android, or ios, or 'smart' in any way. it doesn't even text. it's just a telephone that fits in my pocket and connects to the cellular networks. it's all i want. it's all i use. it's all i've needed ever since i got my first one about 25 years ago.
Many humans don't have smart phones
So those humans will go buy the cheapest they can find which is, surprise, Android + Google Play Services.
If you don't have a smartphone are you truly human? ^/s^
Nice captcha. Would be a shame if someone intentionally injected malicious code that had users scan a QR code under the guise of security.
Oh boy! Another way to fingerprint your devices! Scammer are sleeping good tonight with these new verifications
Looks like a very good way to shoo actual humans off of your website.
Sorry, my faith in users is basically zero. These dummies will go to websites that tell them to copy code and run it with win+r. They're morons and will do anything if a website promises them something.
what do the Visual 👁 and Audio 🎧 options look like?
The visual option is the normal reCAPTCHA (eg) and the audio option is the (quite difficult) thing they've been subjecting blind people to for years. Presumably they will keep offering desktop users these options (at least in many/most cases) for a long time still; this new phone-required extra-invasive CAPTCHA is just a hint of where they're heading. (But already it is apparently actually required for Android users in some cases: https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users ...)
if the old ways are still available, the bad guys can use 'em too.. so this new thing is just to get people 'used to' the idea of an anal probe for verification before actually forcing it on everyone.
One more reason to not use google anything
This will be used on sites like Experian, Chase, IRS, DMV, etc. It's a way to track and deanonymize everyone.
A good way to force the user to use by Google controlled devices and to download Google services for more control by Google. Also a good way that the user show the middle finger to Google, using alternatives.
I hate that it's my responsibility to protect your system from infiltration.
So Linux users are fucked?
No; they said you can use Android.
Android ≠ Linux
Android is based on a modified version of Linux, and owned by Google. Linux is independent.
Android is Linux. Not all Linux systems are Android, but all Android systems are Linux.
It’s not necessarily helpful to those on desktop Linux, but it is Linux if someone wants to be a purist about which operating systems run on their hardware.
So, throw an android image into a virtual machine?
It needs Google play services on a play integrity passing device
don't forget to sign-in to the google account you want the 'protected' web site visit logged to.
Seems a little round-about. But if you want, I guess you could do that for some reason.
Is an android emulator able to bypass this? Just curious - I haven't started the degoogle process.
I would guess not, given the other recent news about degoogled Android devices also being unable to pass reCAPTCHA.
Yeah, it requires a phone that Google can positively identify and connect to a real name / google account somehow.
Graphene OS won't work, so this is a non starter for me. Any website using this will simply cease to exist in my eyes.
Any website using this will simply cease to exist in my eyes.
as i wrote in another recent thread on this topic:
for some reCaptcha-using websites there actually aren’t alternatives. eg many governments, healthcare providers, public utilities, etc are using it :(
In that case I am blind for government purposes. They have to accomodate me somehow.
@cypherpunks the mere idea of requiring a device to use another is absurd. This should be illegal
No.
Who owns the implementation of this? Is this something that websites opt into and add to their own site? Or is this something that Google injects when you're clicking a search result on Google?
Is this something that websites opt into and add to their own site?
Yes.
reCAPTCHA is google's "anti-abuse" service which many websites use to ~~prevent~~ slightly increase the cost of operating automated crawlers (which somewhat ironically google operates one of the largest of itself, for their search engine).
Before neural networks could solve CAPTCHAs reliably, spammers were solving them with human labor; solving services like anti-captcha.com (intentionally not a clickable link...) today use a mixture of automated and human solvers.
In the future google is apparently building, solving services will need farms of able-to-run-a-recent-android-release mobile devices with some kind of trusted computing hardware, each one of which they'll have to use sparingly enough to keep usage of its unique ID under some plausibly-human threshold.
And even if you do have a phone and are willing to identify yourself with it, if it is too old to run a recent enough Android you also will sometimes be denied services for being unable to pass a robots' "human" test.
🤮
The word you're looking for is .. abomination.
