> saw this coming from miles away. Computers are better at solving CAPTCHAs than people are

good point... it's interesting how Captcha was initially popularized as a reverse Turing test, but it's just variants of Proof of Work today.

And it seemed clever at the time for Google to leverage this for improvement of their OCR models (it was!), and makes you wonder what utility is derived from the proven "work" today.

I personally think its easier to detect llm controlled browser sessions, the people deploying them are far more naive and inexperienced than traditional scrapers/crawlers.

insert You wouldn't bring a 40 Petabyte Zip Bomb to School, would you? meme

Turns out RMS has always been right. How surprising.

Last time this happened we got a bunch of Google employees downplaying the impact of WEI and calling it a nothingburger, that people were being hysterical. I just checked, and everyone I saw defending it has since left the company. I'm sure another wave of Google managers, keen to appeal to the higher-ups, will be here to defend this new initiative any minute now.

> rapidly becoming

Always has been.

Google was creating cartels like the "Open Handset Alliance" literally decades ago.

Via their control of Chrome and Search which are both monopolies, Google holds absolute authority on how websites are rendered and if websites can be found.

Don't you see it closing all around you?

It's not just Google. It's governments, corporations, all around the world, simultaneously. The noose is being tightened gradually, then all at once. And it's coming for all of us:

https://community.qbix.com/t/increasing-state-of-surveillanc...

The threats above interlock by design or convergence: Identity layer (1-5) creates the prerequisite for the others. Once identity is established at SIM/account/device level, the carve-outs that make surveillance politically viable become possible (powerful users get exemptions; ordinary users get watched).

Device layer (10-12, 16-19) creates the surveillance endpoint. Once content is scanned on the device before encryption, the cryptographic protections at the communications layer become irrelevant.

Communications layer (6-9) is the most-defended. Mass scanning has been defeated repeatedly. This is the layer where the resistance has the best track record.

Reporting layer (13-15) is nascent. Direct OS-to-government reporting hooks haven't been built yet at scale. The UK's December 2025 proposal is the leading edge.

Platform control (20-24) determines whether alternatives can exist. Browser diversity, app distribution diversity, and engine diversity are the structural protections. All three are narrowing.

A society with all five layers complete has the technical infrastructure for total surveillance with elite carve-outs. We are roughly 40% of the way there. Whether that infrastructure becomes a dystopia depends on political choices, not technical ones.

HN as a whole is surprisingly oblivious to the noose tightening, because many here are super against decentralized distributed things, if they involve any sort of token. You can complain all you want, but downvoting and burying the decentralized alternatives just for groupthink makes you somewhat complicit in the erosion of our privacy and liberties. Even if you might disagree with a project, all the work that goes into it might be a good reason to upvote it instead, considering that without this work, we're basically doomed.

I'm amused at how thoroughly Google adopted Microsoft's playbook. Chrome supplanted Internet Explorer by embracing the open web. But then Google immediately started on extensions, and now they're trying to extinguish the open web with nonsense like Cloud Fraud Defense. All very smoothly done. I mean, people are actually _asking_ for this junk. I'm impressed.

what alternative to WEI do you propose? it solves a bajillion Internet-existential problems. it is definitely a crisis. the bot problem is at least as serious as facebook, gmail serving without https.

the fact that this kind of comment gets downvoted proves my point. so what if you personally don't like WEI? it doesn't mean the problems aren't real...

that aside, i don't know how people say stuff like "malicious force" and then you go and use a bajillion Google-authored, completely free as in beer and often free as in freedom technologies that nobody obligates you to use at all. It's not like Apple, where their software is so shitty (Messages, Apple Photos, etc.) that the only reason people use it is because it is locked down and forced upon you. it's interesting to me that @dang worries about the tenor of conversation changing - he longs for that 2009 world of university-level math people hanging out and writing comments about LISP or whatever - when the real deficit is not intelligence about math but, at the very least, seeing that things are nuanced, to see more sides to a problem besides the most emotionally powerful and the most mathematically neutral ones.

Yeah, same. It is hard; we start to need a collective boycott.

We can all do our part, by using their products as little as possible, contribute to open alternatives (OpenStreetMap, Fediverse, Linux, Nextcloud...) and by stimulating our (non-techie!) friends and family.

But it is a lot of work :(

But remember: once again, don't simply get angry at Google the institution. Get angry at Page and Brin personally. They have the power to prevent this, a power they were careful to preserve when they gave Google its IPO. They are fully responsible for Google's choices here. But, partly because they aren't constantly jumping up and down drawing attention to themselves on social media, they've tended to escape the same personal scrutiny given to eg. Elon Musk. That needs to end.

On that topic, I would highly recommend you to switch to Kagi!

Search is still their workhorse for ad revenue. Less search, less users, in addition to users now just asking chatgpt and co, will hurt them well

The problem is this type of controlling move, that will be used to benefit their company, is one among many things a company like Google can do that is unethical. They won’t stop. They are too powerful and can get away with it repeatedly. Even if this one thing is stopped, there will always be another dark pattern or another privacy violation or another anti-competitive thing.

We really need brand new legislation that makes it much easier to break up companies that are too big, and also to tax mega corporations at a much higher rate than all other companies. Then we can have fair competition and the power of choice. But the existing laws end up with no real consequence for these companies, and even if there’s some slap on the wrist, it takes years in court. New laws must make it very fast and low cost for society to take action.

Last time they tried this they laundered it though an employee's personal github to distance it from google itself, then framed the proposal in the most disingenuous manner possible, as if it was something that users wanted rather than another mechanism for google to exercise control

They have blinders on made out of money.

Apple has device attestation deployed like one year before Google even proposed it: https://httptoolkit.com/blog/apple-private-access-tokens-att...

The claim is that an iPad/iPhone will also work. Not that that makes it acceptable; if anything, it's worse, because if it were Google Play only it'd be more obvious how unacceptable it is, whereas catering to the duopoly makes it less obvious how much it excludes people and builds a reliance on proprietary systems.

iPhone users will have to install the "reCAPTCHA" app. https://apps.apple.com/us/app/recaptcha/id6746882749

This is detailed at https://support.google.com/recaptcha/answer/16609652

iPhones have attestation too: https://developer.apple.com/documentation/devicecheck/establ...

It'll just be more clunky because you have to install their app.

Are you genuinely asking? To pay your taxes, order items online, access your bank account, log into your favorite AI service, there are very often CAPTCHAs involved. Try going a month with CAPTCHAs blocked in uBlock Origin, and you will find yourself unable to do many basic things.

Even besides services you might need to access, as pointed out in another response (e.g., banks, shops), how are you going to check the veracity and understand the context of the information you seek without going to the (possibly hallucinated!) sources? But I guess a lot of people who are into using AI like that just don't care.

Where do you think the AI gets this information?

They also need to browse the web, and are more likely to be blocked by these measures than humans

This API also works on the desktop. In fact, you can't use this system without a phone if your browser isn't Google enough.

We are going to see sooooo many scams out there. No wonder Google is locking down third party Android apps outside of their control, getting a user to install "device verification.apk" will become super trivial after people have clicked through these popups a couple times.

And also don't install apps? What's left then?

That war was lost in the 2010s, around the same time as the vertical video war.

Phone is small computer

well that just seems counterproductive and unreasonable but it's Friday so what do I care

-- sent from Chrome on Android

I'm seeing this stance a lot "this is obviously AI generated"

Why? What's LLM generated? How can you tell?

To me what's obvious is that our trust system is already breaking down. Commenters accusing each other of being AIs is also another example of this.

>We see the fundamental forces of capitalism at work: To justify valuation, Google needs to grow.

You’re confusing markets with capitalism.

Market Socialism (the only reasonable kind) would have these same issues. If Google was owned by the workers instead of capitalists, it would still have incentive to grow. The worker owners would have the exact same incentives as current owners. The only difference would be who the owners are.

Capitalism is not actually “the final boss” that internet leftists make it out to be. Socialism is not the panacea that leftists make it out to be. Surveillance is not a “capitalist only” thing.

Their product page is full of info about how this works with "agentic" cruft. They're still permitting your regular old scrapers and bots for as long as they like you. Hope you're not thinking of running an independent system instead of a large cloud platform!

> Do you seriously think that if Google sees the same hardware identifier 1000s of times a day they are not going to consider that usage to be fraud?

Phones are very cheap, especially refurbished phones. Just have the phones mimic real life sleep/wake cycles and take occasional breaks. Use 25% more devices to account for the loss in uptime.

Besides, some people (often unemployed or disabled, and possibly with sleep disorders or mania) actually don’t do anything other than scroll on their phone all day and night. So you can’t rely on this as a good signal without creating even more blowback. And you really don’t want too much blowback from troubled people who have infinite free time.

It is particularly funny because this is content marketing for a computational proof of work "captcha". Those are pure snakeoil, with economics that are probably at least four orders of magnitude more favorable to the abusers than this attestation would be.

I'm pretty sure that the Ai copied the $30 number from my hacker news comments. However in the USA it is true. https://www.walmart.com/ip/Straight-Talk-Motorola-Moto-g-202... (carrier locks don't matter for this usecase.) I am not sure that that storing unique device identifiers is legal in the EU.

Wrong link. https://news.ycombinator.com/item?id=48039362

They shouldn't just be ashamed. They should be shunned at the very least.

There's a good chance they're on HN FWIW. If you are and you're reading this: Fuck you. Reconsider which side you want to be on!

So many in hn already downvoted you. That says the SV nature and opinions in tech sector.

Water use and mass displacement of labor get all the attention but there are so many other more subtle reasons like this that AI is going to be bad for society.

I disagree that this kind of scheme is inevitable. We can "evit" it through thoughtful discussion, foresight, alternative mitigations, and even regulation. Certainly, Google can choose to avoid it. On the other hand, the AI bubble will inevitably burst, since compute is not free. I look forward to post-bubble AI.

Yes, fewer services and infinite fraud is substantially better to me than the web being controlled by Google even more than it already is.

> Given all the negative comments here - what is anyone's alternate solution for AI-driven fraudulent activity?

A combination of "regulate AI" and "The optimal amount of fraud is not zero". https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...

Why do you continue to extend the benefit of the doubt to your former employer when they have shown themselves to be untrustworthy again and again?

This doesn’t even solve the problem thanks to device farms. There’s not really a solution for this short of aiming a camera at someone’s retina 24/7 plus a fully locked down hardware path. And even that would surely be compromised given enough incentives.

People are just going to have to find a new way to monetize. Maybe more things will become paywalled, or sponsored long-term like old TV shows. Again, there’s no good way to solve this, and the “solutions” on offer just contribute to the surveillance state without solving the problem.

I don't know which activity you're referring to, but why are you trying to discriminate between humans and bots? Because bots don't pay? So demand payment.. Demand like payment per account creation, then set appropriate rate limits per account.

Captchas were never effective. It’s an arms race to the bottom.