| ▲ | bramhaag 6 hours ago |
| The requirements for the mobile devices are listed here: https://support.google.com/recaptcha/answer/16609652 So it seems that you will need a modern Android device with Google Play Services installed or a modern iPhone/iPad to be allowed to browse the web in the future. No mention of device integrity verification yet, but the writing is on the wall. |
|
| ▲ | NotPractical 5 hours ago | parent | next [-] |
| > No mention of device integrity verification yet If Google Play services is listed as a requirement, that implies that a "certified Android" device capable of Play Integrity attestation is required, since that's the only officially supported way to obtain Google Play services. On consumer-facing support articles like this, they don't tend to get into the nitty gritty details like what APIs are being used. If MEETS_DEVICE_INTEGRITY is required, that would probably not be explicitly listed here. E.g. the consumer documentation for Google Pay just says you need a "certified" Android device and a screen lock set up: https://support.google.com/wallet/answer/12200245 (Yes, if you go deep into the FAQ at the end it eventually states that if you rooted your phone, you can't use tap to pay, but that requirement is implied by the certification requirement [1].) In Google's eyes, and in the eyes of the law due to trademarks filed by Google, Android == Google Android. This feature would make little sense if it's not using device attestation because otherwise it would be easy to spoof. I expect that it will initially not use it, and they will start A/B testing device attestation in the coming years. [1] Expand "What to do if you see device is not certified" -> "Reset device to fix issue" https://support.google.com/android/answer/7165974 |
| |
| ▲ | charcircuit 4 hours ago | parent [-] | | >that implies that a "certified Android" device capable of Play Integrity attestation is required No, it doesn't. It implies that the app for handling the deeplink lives within GMS as opposed to needing to manually install a separate app like you do on iOS. GMS does not have a hard dependency on device integrity APIs being supported. | | |
| ▲ | blueg3 2 hours ago | parent [-] | | They said "capable of Play Integrity attestation". It's a weasel statement. If you have GMS, you're capable of performing PIA attestation, you just might fail. So it's strictly true, but doesn't tell us anything about whether it requires PIA. |
|
|
|
| ▲ | hellojesus 6 hours ago | parent | prev | next [-] |
| This is going to make my grapheneos journey a bit more exciting. How wild to force users through an official google identification for web browsing. Does the iPhone recaptcha app force you to login with a Google account? Seems we didn't need ID verification for the web to lose all anonymity. |
| |
| ▲ | lucb1e 4 hours ago | parent [-] | | I'd rather have to do ID verification at a government site that gives out blindable RSA signatures to browse the web with using open source software, than this overseas tech company needing to lock down the whole device and tech stack and not have to 'show ID' at all. One of these two holds elections... Music/movie corporations and game developers must look forward to an age where people can't access the cache files or hook up a debugger to their apps anymore | | |
| ▲ | userbinator 3 minutes ago | parent | next [-] | | I'd rather have no ID verification at all. Give them an inch and they'll take a mile. | |
| ▲ | LorenPechtel 2 hours ago | parent | prev [-] | | One of them pretends to hold elections. | | |
| ▲ | lesuorac 7 minutes ago | parent | next [-] | | Which public corporation do you think doesn't hold elections? | |
| ▲ | xp84 2 hours ago | parent | prev [-] | | Does it only count as an election if one’s favorite side wins? | | |
| ▲ | an hour ago | parent | next [-] | | [deleted] | |
| ▲ | achierius 2 hours ago | parent | prev [-] | | What if neither side represents your interests? What "election" is there in that case? | | |
| ▲ | lucb1e an hour ago | parent | next [-] | | There's more than two sides here. None of the 14 parties with >1 seat in parliament fully represents my best understanding of how to improve the country and world on any time scale (long or short), but quite a few of them come reasonably close and I would vote for them without much hesitation (Heck, I wish there were fewer parties, like if five single-topic good parties (bij1 against racism, pirate party for internet freedoms, volt for international collaboration, party animals for environmental welfare, etc., plus greenworkersparty as the current overarching big boy) would band together, it'd be a much easier choice!) That not every country is so lucky (not all of them have free elections, or elections at all) is a shame indeed, but at least for countries like mine I'd be much happier to have a government arrange a system than a tech corporation and foreign laws. Presuming that the 2-party system you speak of is the USA's, at least both corps are governed by your own laws, that's something! | |
| ▲ | UqWBcuFx6NV4r an hour ago | parent | prev | next [-] | | Simply live somewhere that doesn’t have a broken electoral system. | |
| ▲ | g-b-r an hour ago | parent | prev [-] | | Can you candidate yourself in that election? |
|
|
|
|
|
|
| ▲ | Velocifyer 3 hours ago | parent | prev | next [-] |
| I will be unable to solve the phone verification because I use LineageOS for microG, but any fraudster can just buy a bunch of $30 android phones. Many people have trouble using a smartphone, so they use dumbphones, but they will be locked out. Many people just don't have any mobile phone because they don't think that it is useful. |
| |
| ▲ | blueg3 2 hours ago | parent [-] | | Google is mostly interested in abuse that happens beyond the scale of how many $30 phones you can buy. | | |
| ▲ | 2ndorderthought an hour ago | parent [-] | | Google is interested in, like other tech companies, identifying users by tying them to their phones. Other ai defense companies are trying to get photos and IDs. This is just another take on the same subversive activity. |
|
|
|
| ▲ | snailmailman 2 hours ago | parent | prev | next [-] |
| I’m already sick and tired of seeing cloudflares “making sure you aren’t a bot” checkbox everywhere. Sometimes it locks me out entirely and decides I don’t get to view pages. I see recaptcha less frequently but it’s much more annoying, with all the clicking of crosswalks, or busses, or whatever. I am not looking forward to a web where google can not only lock me out of my email, but also large sections of the previously public internet. Occasionally google decides I don’t get to do searches, and that’s not too much of an inconvenience, there are other search engines. |
| |
| ▲ | Gander5739 2 hours ago | parent | next [-] | | But what's the alternative? Sites need a way to prevent bots overwhelming them, and there's no perfect way to distinguish real users from bots. | | |
| ▲ | 2ndorderthought an hour ago | parent | next [-] | | Maybe ai companies should have invested any of those billions of dollars into safe and equitable ways of rolling out their new surveillance machines. Oh right that was never the point and this only serves to further that. Got it. | |
| ▲ | andrepd 2 hours ago | parent | prev | next [-] | | You're right, we need big tech to protect us from the problems big tech created. In the olden 20th century, we had a term for that... | | |
| ▲ | 2ndorderthought an hour ago | parent [-] | | You know that protection racket where the mobster came to my corner store and says if I don't pay him he will come later and rough me up? This is a worse deal than that. | | |
| |
| ▲ | anonym29 2 hours ago | parent | prev | next [-] | | mCaptcha, ALTCHA, Cap, Friendly Captcha, Private Captcha, Procaptcha, Anubis... there are literally dozens of open source alternatives that aren't feeding the Do Be Evil company... not to mention all of the commercial alternatives - if for whatever reason, you do feel like paying for a service that costs nothing to offer | | |
| ▲ | UqWBcuFx6NV4r an hour ago | parent [-] | | Gen off it. Fraud detection is nontrivial and requires ongoing effort. It’s reasonable for people to be compensated for that. |
| |
| ▲ | sieabahlpark 2 hours ago | parent | prev [-] | | [dead] |
| |
| ▲ | negura 13 minutes ago | parent | prev [-] | | reminder that any company which has a legal obligation towards you (GDPR requests, refunds, filling a complaint etc) can be contacted directly and forced to do it manually if you cannot use their web interface due to being blocked by Cloudflare & other captchas |
|
|
| ▲ | nerdsniper 5 hours ago | parent | prev | next [-] |
| I believe you'll also need bluetooth enabled on both devices. At least you do for those "scan this QR code displayed on your computer to authenticate using the passkey on your phone" feature, which this seems analogous to. Bluetooth is used to ensure that the two devices are actually physically co-located. |
| |
| ▲ | hellojesus an hour ago | parent | next [-] | | My desktop doesn't have Bluetooth. Does this mean I'd be doomed even if I had a compatible mobile device? | | |
| ▲ | 2ndorderthought an hour ago | parent | next [-] | | We might need to redo this whole Internet thing because this is insanity. | |
| ▲ | ai-x an hour ago | parent | prev [-] | | In a free market, the content provider is free to put whatever guardrails they feel appropriate. Loginwall, Paywall, CaptchaWall. If you don't like that provider, you are free to pick another. | | |
| ▲ | Eisenstein 8 minutes ago | parent [-] | | 1. Free markets do not exist 2. If free markets did exist they would not conform to the theory that people are using when they think of what free markets are, since people do behave rationally, power dynamics are real, and no consumer can have all of the information needed to make rational decisions even if that information were available 3. The market is providing solutions to its own failures without fixing the underlying failures because it is more profitable this way. Is buying something from a company that mitigates a problem created by the same company actually a free market, or is it just extraction? |
|
| |
| ▲ | g-b-r an hour ago | parent | prev [-] | | In passkeys the bluetooth is used for the actual authentication protocol... |
|
|
| ▲ | Hizonner 6 hours ago | parent | prev | next [-] |
| ... or you'll need to stop using reCAPTCHA if you want to get any traffic on your Web site. I know, people will slavishly knuckle under, but let me dream for a few minutes. |
| |
| ▲ | tardedmeme 6 hours ago | parent | next [-] | | 99.999% of people don't give a shit and don't even know what this means. They'll follow the instructions. These are the same 99.999% of people who press win+R ctrl+V enter when the captcha prompts them to. Because do this to see the dancing bunnies. | | |
| ▲ | KellyCriterion 4 hours ago | parent | next [-] | | > press win+R ctrl+V LOL is this real? I guess yes, because yesterday ReCaptcha asked me to screenshot a QR-code with the mobilephone :-D | | |
| ▲ | snailmailman 2 hours ago | parent | next [-] | | It’s a common thing for malware. But people are going to be more likely to fall for it when mainstream sites ask you to complete weird tasks with your phone to verify your identity. | |
| ▲ | EvanAnderson 3 hours ago | parent | prev [-] | | It is. There are fake Cloudflare CAPTCHAs on pwned Wordpress sites that instruct users to run Powershell scripts. |
| |
| ▲ | mrguyorama 6 hours ago | parent | prev | next [-] | | They will do exactly as it says while also ceaselessly complaining, completely unable to connect their choice to use a website with the pain of using that website. There's some sort of serious issue with learned helplessness or something | | |
| ▲ | gowld 4 hours ago | parent [-] | | It's almost like some people aren't IT hobbyists. | | |
| ▲ | Hizonner 3 hours ago | parent [-] | | I'm not a heart surgery hobbyist, therefore I don't chop people's chests open, no matter who suggests it. |
|
| |
| ▲ | ronsor 5 hours ago | parent | prev [-] | | Yeah, this is going to turn into another malware vector, isn't it? | | |
| ▲ | tardedmeme 5 hours ago | parent [-] | | Discord has a feature where you can log into your account on your PC by scanning a code on your phone. So does Binance. | | |
| ▲ | xp84 2 hours ago | parent | next [-] | | Those are good things though? They’re about logging in, on purpose. Not about attesting to Google that you have a proper smartphone as a proxy for your humanity, like this thing. | |
| ▲ | EmbarrassedHelp 3 hours ago | parent | prev | next [-] | | But none of those options are requirements to access the service. | |
| ▲ | mystraline 4 hours ago | parent | prev [-] | | So does Signal. | | |
|
|
| |
| ▲ | nonamesleft 4 hours ago | parent | prev | next [-] | | I have blocked it for years with ublock origin, if a site doesn't work, ctrl-w.
Nowadays i cannot even use google search because of this, any search will trigger a captcha, hilarious (atleast on chromium-based browsers, firefox lets me get a page or two). | | |
| ▲ | Leonard_of_Q 4 hours ago | parent [-] | | Ditch Google Search as well then, use something like SearXNG or another meta-search engine. You'll get more representative results, no tracking and no captchas. Sometimes some of the engines may return captchas but they're kept from the search results, i.e. those engines don't get used for the query. You can run your own instance of SearXNG or one of the alternatives or use one of the available public instances, your choice. The fewer direct interactions with the likes of Google/Apple/Microsoft/etc. the better. |
| |
| ▲ | conradfr 4 hours ago | parent | prev [-] | | The thing is even a contact form without something like reCaptcha is doomed on today's web: spam all day. |
|
|
| ▲ | crazygringo 2 hours ago | parent | prev | next [-] |
| Do you have an alternate solution? When we hear so many stories from HN'ers of their websites being hammered by out-of-control crawling and fetching and new levels of AI slop spam? This is something site owners choose to implement or not. They're the ones paying the extra hosting fees to handle potentially unwanted traffic, and dealing with spam that traditional CAPTCHA's are no longer effective against. Google's not forcing this on anyone else. |
|
| ▲ | 4 hours ago | parent | prev | next [-] |
| [deleted] |
|
| ▲ | varispeed 4 hours ago | parent | prev | next [-] |
| > but the writing is on the wall. Only if politicians are still corrupt and law enforcement doesn't work. Which means the writing is on the wall. |
|
| ▲ | throwaway613746 2 hours ago | parent | prev | next [-] |
| [dead] |
|
| ▲ | everdrive 6 hours ago | parent | prev [-] |
| I've been saying for years that it does not make sense to browse the web on a smartphone. Eventually things will get bad enough that people will agree with me. |
| |
| ▲ | UqWBcuFx6NV4r an hour ago | parent | next [-] | | “On an infinite timescale, I’m eventually right, so it never makes sense to not heed my advice” is silly. We’re all going to die eventually so it’s not worth browsing the web on any device. | |
| ▲ | fsflover 4 hours ago | parent | prev [-] | | Smartphone is just a small computer. I don't see hiw what you say makes sense. | | |
| ▲ | everdrive 4 hours ago | parent [-] | | It's a small computer that I don't really control with a horrible UI, horrible privacy, and nothing but perverse incentives. ("download the app!") | | |
| ▲ | Forgeties79 2 hours ago | parent | next [-] | | There’s no going back unfortunately. There’s no world where smartphones go away barring a new tech as significant and useful as a smartphone. | |
| ▲ | esseph 4 hours ago | parent | prev [-] | | Sounds like Windows | | |
|
|
|
