| ▲ | tardedmeme 5 hours ago |
| If you run a website, it seems trivial to forward the attestation to someone else by putting the same code up on your website, and getting their device banned from google instead of your own. |
|
| ▲ | coppsilgold 3 hours ago | parent | next [-] |
| Realistically, what Google will do in such a scenario is collect data about the illicit service, enumerate the devices the farm uses and what other activities the devices participate in. What you suggested has far less control over the devices that generate the attestations and it will show. Also, if the implementation is competently done the phone will show the website for which you scanned the QR code. A user would be able to see whether or not that matches the site where they observed the QR code and proceed accordingly. In time Google will probably integrate it into the Chrome browser where a proxied QR code cannot even be shown. |
|
| ▲ | ChadNauseam 3 hours ago | parent | prev [-] |
| The domain in the attestation would be yours, so that wouldn't work |
| |
| ▲ | Groxx 3 hours ago | parent | next [-] | | Some people will notice, some will not | |
| ▲ | chadgpt2 3 hours ago | parent | prev [-] | | How would the phone camera know the domain name of the website displaying the QR code it's scanning? | | |
| ▲ | gruez an hour ago | parent | next [-] | | After you scan the code, the verification app asks you "do you want to verify for example.com?" | | |
| ▲ | tardedmeme a minute ago | parent [-] | | If you don't verify for example.com you won't be allowed to view example2.com. So do you want to or not? |
| |
| ▲ | eddythompson80 3 hours ago | parent | prev [-] | | The camera isn't the part doing that verification. The google service serving that "reCAPTCHA" is what's doing that validation. Unless you're using a custom browser that is reporting a different domain to google than the one requesting the reCAPTCHA, google's service will know which domain is which. | | |
| ▲ | tardedmeme 3 hours ago | parent [-] | | How does the verification app on your phone know what's in the URL bar on your desktop? | | |
| ▲ | ranger_danger 3 hours ago | parent [-] | | The QR code/URL would be generated/requested by the javascript running on the website you're viewing, which knows what's in your address bar. | | |
| ▲ | tardedmeme 2 hours ago | parent [-] | | It would be generated by some other website like Amazon. Because I own, say, Meta, I copy these Amazon-generated codes over to Meta, make people scan them on their phones to sign into Meta and then pass the solution back to Amazon so my bots can sign into Amazon. | | |
| ▲ | ranger_danger 2 hours ago | parent [-] | | We don't yet know how the client side works, perhaps there will be a decompilation posted soon. It's possible this scenario is acceptable to them because it means they can still tie your access to something that's easier to ban without requiring a full account login. | | |
| ▲ | tardedmeme 16 minutes ago | parent [-] | | They're tying my access to random users of a completely different service, and a different random user each time. |
|
|
|
|
|
|
|
