cross-posted from: https://lemmy.ml/post/47972724
i encountered this for the first time today while attempting to read something on archive.today.
i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.
the old type of captcha remains available too, for now:
On the bright side, this means they are really worried that privacy practices such as those popular among the Lemmy crowd can make their surveillance expensive or maybe even impractical at scale, rather than profitable. I’m never sure if it’s working, with firmware and all. Almost a good sign? Am I deluded?
Many humans don’t have smart phones
Yup, and they are being cut out of society everyday. Just losing your phone or even breaking it can be a figurative death sentence. Want to check your email from another device? Did you set up 2 factor with your phone?
Yeah sorry, can’t access your email.
I’m at the point where I’m fine with it. If you want to cut me out for such a silly reason, I don’t want to be included in your dumb thing. I’ll find an alternative that treats me with respect.
If you don’t have a smartphone are you truly human? /s
So those humans will go buy the cheapest they can find which is, surprise, Android + Google Play Services.
So those humans will go buy the cheapest they can find
Hell no I won’t.
No. More likely those people just won’t visit that website and will very easily get the information that they were looking for from the next link down on the search results.
Google are fucking idiots if they think otherwise.
the next link down on the search results
Assuming we’ll have that at all or just AI summaries replacing the results.
There are several superior search engines to Google.
I kind of doubt that even when it comes to English, and for smaller languages i’m sure that there’s still no serious competition to Google.
No.
Oh boy! Another way to fingerprint your devices! Scammer are sleeping good tonight with these new verifications
More importantly, to link multiple device fingerprints to a single identity.
-
People without a mobile device are fucked out of being able to pass a captcha
-
As if this isn’t a way for them to associate multiple sessions on multiple specific devices with one another, this is just another avenue for data collection, period. Hidden under the guise of “more secure.”
You don’t have to drink a verification can, but you do need to buy a verification phone.
I imagine scammers are already thinking of ways to use this for phishing too
Captcha has been one of the greatest google acquisitions ever.
They acquired it under the guise of improving OCR and have since morphed it into an AI data farm (how else is google lens gonna know what objects are what?) and now total insight into a users every single action from desktop to mobile, tying it all together into a surveillance nightmare.
I can guess the permissions that the recaptcha app needs now. Probably something akin to root access with all datapoints and considerations you could think of.
I used to always add one incorrect tile and skip one correct tile.(It would still pass)
I thiught I was such a rebel lol
Then I figured, they’d be stupid if they didn’t show the same image to multiple people…
How would that teach Lens to recognise anything other than motorcycles and traffic lights really well?
I’ve had many, many not traffic light and motorcycle/bicycle recaptchas. They’re probably leaning a bit into self driving learning the past few years.
Lens has a lot more data points nowadays after everyone’s google photos was used for training for what, 10+ years at this point?
Google harvested all human typed words 15 years ago with the google library project. They’ve been hoarding and processing data for models forever.
i have one. but it isn’t android, or ios, or ‘smart’ in any way. it doesn’t even text. it’s just a telephone that fits in my pocket and connects to the cellular networks. it’s all i want. it’s all i use. it’s all i’ve needed ever since i got my first one about 25 years ago.
Same! Except mine does do SMS text and has the other flip phone stuff like alarms, timer, calendar.
Don’t worry you’re included. Simply visit one of our Accessibility Centers between 8am-9am on odd Wednesdays, with a valid birth certificate, filled-out form from here, and a notarized Charizard.
It really should be illegal to build systems that require a user’s access to any unrelated technology. You shouldn’t be forced to have a phone to pay a parking fee or to get on the bus. You shouldn’t need an app to charge your car. You shouldn’t need to use proprietary software from one spesific company to pass a captcha on a random site.
I mostly use my phone (Pixel with GrapheneOS) as a dumb phone + calendar. But by far the biggest number of apps I have to have on it are the fucking car charger apps.
The point with captchas is not really that bots can’t pass them, more that its too expensive to pass them consistently with a hurtfully large enough volume of bots.
I’d heard of this strategy, like making it perform some kind of costly encryption that’s irrelevant to a human user but restrictively expensive for a bot army.
But does decoding a QR code apply? I never really thought about it. I guess it’s an image, it’s at least a little big by comparison… but it’s also in a restricted, easy to capture spot and maybe could be minimized to a fairly small pixel set? Idk how many key pixels you need to parse a QR code… I guess I could Google
*typo bit --> bot and bit --> big… I’m full of bit
Since a QR code is just made of squares, it can be very, very tiny
1 square = 1 pixel
I don’t know much about this new captcha system, but I feel like the challenge wouldn’t really be in the scanning of the qr code itself but more so on making the device you’re scanning with seem legitimate. They could check usage patterns, what apps are installed, how many accounts are added and are they actively used, location and sensor data, are the hardware specifications really unusual, are they constantly trying to complete random captchas… Stuff like that to tell apart a real user’s device from a bot or sandbox. The QR Code is probably just a random ID for which captcha instance the user is trying to pass.
Also I just realised this but this is probably inconvenient as hell. Like I do NOT want to constantly be picking up my phone to scan QR codes when I’m trying to go around the Internet. What if my phone is on the other side of the house? I don’t want to get up and walk all the way over there! If this gets fully rolled out there may actually be a small dip on the amount of desktop users of websites because they just leave when they are hit wth this captcha instead of bothering to scan a code.
notably, this kills any alternative to android.
not if you kill google first
🟩 🧑🔧 🪠
that’s plan A
-
The word you’re looking for is … abomination.
A good way to force the user to use by Google controlled devices and to download Google services for more control by Google. Also a good way that the user show the middle finger to Google, using alternatives.
If you haven’t already divested from Google and its related services then now is the time.
problem is their captchas are used outside their shitty ecosystem too
Not if this abuse finally succeeds in driving away other peoples’ customers. Captcha losing people money makes captcha go bye bye
i have a feeling normies will begrundingly accept it, and retroactively justify it with some security bullshit google puts out.
There’s no way this is ADA compliant.
Clicking the headphone icon to hear the audio option is the way to bypass this if you get one.
For now, yes.
Although having tried to use the audio recaptca before, it felt like a psychotic episode.
Yes, I don’t use them regularly but the audio captchas don’t have a good reputation among blind users.
Be prepared for an audio qr code that requires a special app to decode
With the way the Trump admin is going I’m surprised they haven’t totally dismantled the ADA already.
This is going to work just amazingly well with AI moderation, faceborg style.
Without a google account there will be many sites I can’t visit. I’ll look at such sites the same way as I look at paywalled sites.
It is a paywall, you just pay with your data. Except Google gets the revenue and not the website so maybe a second paywall will be “necessary”
what do the Visual 👁 and Audio 🎧 options look like?
The visual option is the normal reCAPTCHA (eg) and the audio option is the (quite difficult) thing they’ve been subjecting blind people to for years. Presumably they will keep offering desktop users these options (at least in many/most cases) for a long time still; this new phone-required extra-invasive CAPTCHA is just a hint of where they’re heading. (But already it is apparently actually required for Android users in some cases: https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users …)
I bet this will be removed soon.
if the old ways are still available, the bad guys can use 'em too… so this new thing is just to get people ‘used to’ the idea of an anal probe for verification before actually forcing it on everyone.
This is step one.
Step two is id verification via play services before you’re even allowed to scan the QR code.
This is going to erode privacy as we know it on the internet and I can’t see any feasible escape.
Everyone needs to fail the test over and over again until they fall back to their non-we want to fuck everyone over even more world.
