cross-posted from: https://lemmy.ml/post/47972724
i encountered this for the first time today while attempting to read something on archive.today.
i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.
the old type of captcha remains available too, for now:
…just use a different website?
As easy as eating cake.
to prove you’re human, enter your credit card number
I got one of these. They had accessibility options so I just did the auditory one. It says a couple words, you write them out, and you’re done. Like hell am I using a Phone for this shit.
I still won’t order online from a store that won’t show me shipping cost without a full address and phone number. I’ll give them the zip code, that’s all they need, that’s all they get before I decide.
Nah. Block all fingerprinting. You don’t need any of this crap.
Just another reason to not use Google.
LOL, fuck off. How about instead I move on to somewhere less hostile toward the user instead?
We are making side loading harder because scammers are using “these” tactics to install malware on your devices.
It’s totally fine when we use the same tactics to install malware on your device.
malware is bytecode Google didn’t approve of. when google spies on you, that’s just “legitimate interest”
FWIW I’ve found passing it through my local SearxNG usually gives me a clean path to the content. But it’s seriously worrying that some of the blocked content is publically available science (e.g. PMC Bioinformatics). But that should not be necessary, at this point a search engine should be a public resource. Fuck Google.
Verifying you have a phone doesn’t verify that you’re human.
How so?
Android emulators exist and are usable by bots.
So they SS the QR code, scan it and continue?
May have to stream a video of the screen into a scanner app, but shouldn’t be difficult anyway.
One of the forms of digital ID in use in my country now has a new way to use it, which the government websites use now. You always needed a mobile device for this one anyway (phone holds the private keys and you have to enter the PIN 1 or PIN 2 depending on whether you’re authenticating or authorizing something), but it used to be that you could enter your ID code and get prompted for the PIN (with a verification number to make sure you’re responding to the prompt you think you’re responding to), now it’s either on-device from the default browser to the app, OR on desktop you have to scan a QR code that’s a moving target, it changes a couple of times a second so you couldn’t send a screenshot to someone else to scan. This is meant to prevent scams where someone gets you to just enter your PIN over a phone call.
I don’t know if the google thing is similar though or if it’s a static QR there.
-
Hype up AI.
-
Everyone starts scraping the internet to obtain training data for their AI.
-
To block the scrapers, countless sites implement stricter bot detection tools.
-
The owners of the bot detection tools now effectively hold all of the internet by its throat, deciding who can access what and extorting more and more data from you to verify you’re human.
Fucking genius.
- Crypto comes out of nowhere with a steel chair and now we have to pay websites for access.
You can always build more bot detection tools, right? Or am I wrong?
-
-
People without a mobile device are fucked out of being able to pass a captcha
-
As if this isn’t a way for them to associate multiple sessions on multiple specific devices with one another, this is just another avenue for data collection, period. Hidden under the guise of “more secure.”
It really should be illegal to build systems that require a user’s access to any unrelated technology. You shouldn’t be forced to have a phone to pay a parking fee or to get on the bus. You shouldn’t need an app to charge your car. You shouldn’t need to use proprietary software from one spesific company to pass a captcha on a random site.
Great, another shill for banknote technology. /s
I mostly use my phone (Pixel with GrapheneOS) as a dumb phone + calendar. But by far the biggest number of apps I have to have on it are the fucking car charger apps.
I imagine scammers are already thinking of ways to use this for phishing too
notably, this kills any alternative to android.
not if you kill google first
that’s plan A
🟩 🧑🔧 🪠
You don’t have to drink a verification can, but you do need to buy a verification phone.
i have one. but it isn’t android, or ios, or ‘smart’ in any way. it doesn’t even text. it’s just a telephone that fits in my pocket and connects to the cellular networks. it’s all i want. it’s all i use. it’s all i’ve needed ever since i got my first one about 25 years ago.
Don’t worry you’re included. Simply visit one of our Accessibility Centers between 8am-9am on odd Wednesdays, with a valid birth certificate, filled-out form from here, and a notarized Charizard.
Same! Except mine does do SMS text and has the other flip phone stuff like alarms, timer, calendar.
-
Fuck absolutely everything about this.
No malicious site would ever fake this kind of flow in order to get someone to scan a dangerous QR code. Nope, that would never happen.
It’s already happening. They tell you to scan a QR code that links to a website where they ask you to log in with your Google account (but it’s just a phishing page).
Good job Google!
Any website that chooses to use this service will simply not get my traffic. If enough people feel the same, those websites will lose clicks and eventually tell Google to pound sand.
Imagine the utter hubris on these fuckers to think that people will get a google device just to access a website.
Or to think that an average user sitting at home would run to another room to grab their phone so they can verify themselves on the desktop just to visit blackcougar.com
1 year later
Government website you have to use to pay your water bill: “Confirm you are a human…”
I either use my banking website or go into city hall clerks office to pay it in person. I’ve never once had to go to the actual government website. It’s an option, but not mandatory.
You want me to scan a QR code to log onto your fuckin’ website?!
I was wondering how long it would take for someone to get the reference. Its a pretty old episode.
