This is it, what they’ve been wanting all along. You will no longer be able to access vast swathes of the internet unless you have a Google approved device, that is a Google-certified Android device with Google Play Services (aka Google Play Spyware) or an app on iOS. Use GrapheneOS or a Linux phone? No internet for you.
What I’d like to know is, what if you’re already accessing a site from your phone? And what if you genuinely don’t have another device? I’m assuming the answer to the second is you’re SOL.
Scan a Google tracking QR code, nope. Not to mnention how easy would it be to hide a malicious URL in a QR code. Nope, nope, nope.
Phishing campaign authors will love this. It normalizes users scanning barcodes they can’t read to go to unknown locations on a device where it’s harder to see the URL and there’s no IT watching for phishing activity.
Exactly my thoughts, too. QR codes are a great tool, but also an incredibly valuable and opaque vector for scams.
The was one recently where they put scam QR stickers over parking payment signs, so users gave their credit card details to scammers. How are you supposed to catch that, as the end user? It’s not like you know the URL you’re supposed to be going to.
Normalizing scanning QR codes just to access a website is going to be abused by scammers in no time.
Awesome. Something to keep me away from big wrbsites and on the small web.
They say it’s a QR code challenge, resistant to bots, but what does it to? How does it work?
I looked for info and didn’t find anything.
Obviously you could decode the code on the device that’s showing it, so why not also provide a link?
I have to assume that it’s because the mobile device must be one where they can check that you’re only running google approved software (play integrity or whatever it’s called these days, maybe the apple equivalent).
the qr itself is just a link to a recaptcha web page with a unique identifier in the url.
the magic is all hidden in the required app that’s linked to your google account and device, and the interactions that take place between it and google’s servers once it sees that code or link.
So how do I get through one of these without a working camera?
There are no doubt countless programs to scan QR codes on a desktop computer, and I know similar exists for phones. A camera is not needed.
At the same time though, that begs the question of what, exactly, is going to prevent an AI from doing the same goddamn thing? So it’s still shit.
Google is the biggest creator of bot traffic on the internet with its crawlers, not to mention what they do to train their AI. I bet this won’t block Google’s own bots.
I expected something awful, but this is beyond my already low expectations.
