cross-posted from: https://lemmy.ml/post/47972724
i encountered this for the first time today while attempting to read something on archive.today.
i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.
the old type of captcha remains available too, for now:
You must log in or register to comment.
Just another reason to not use Google.
aaaaaand tab closed.
LOL, fuck off. How about instead I move on to somewhere less hostile toward the user instead?
We are making side loading harder because scammers are using “these” tactics to install malware on your devices.
It’s totally fine when we use the same tactics to install malware on your device.
I once saw fake captcha scam that reuired scaning QR code to infect device. It looks exactly like that.
On the bright side, this means they are really worried that privacy practices such as those popular among the Lemmy crowd can make their surveillance expensive or maybe even impractical at scale, rather than profitable
Verifying you have a phone doesn’t verify that you’re human.
Just like Recaptchas haven’t been a challenge to bots for a long time. Still, we had to deal with this shit. Makes you wonder if it’s just a stupid fucking pretext… 🤔
Isn’t it training for AI and automated cars?
How so?
Android emulators exist and are usable by bots.
So they SS the QR code, scan it and continue?
Something like that. Emulators also give the ability to emulate cameras using pictures or video feeds.
They just need to set up a Google play equipped emulator, set the picture as simulated camera input and put in the inputs to the emulator (also automatable)
Sheesh
May have to stream a video of the screen into a scanner app, but shouldn’t be difficult anyway.
One of the forms of digital ID in use in my country now has a new way to use it, which the government websites use now. You always needed a mobile device for this one anyway (phone holds the private keys and you have to enter the PIN 1 or PIN 2 depending on whether you’re authenticating or authorizing something), but it used to be that you could enter your ID code and get prompted for the PIN (with a verification number to make sure you’re responding to the prompt you think you’re responding to), now it’s either on-device from the default browser to the app, OR on desktop you have to scan a QR code that’s a moving target, it changes a couple of times a second so you couldn’t send a screenshot to someone else to scan. This is meant to prevent scams where someone gets you to just enter your PIN over a phone call.
I don’t know if the google thing is similar though or if it’s a static QR there.
My cat once jumped on keybard and wrote “ghfhghgghhfjgfhf” on Discord chat. The first non-human with acces to computer.
Well, I doubt your cat could scan QR codes
Discord?! Computers are a lot older than Discord! Cats have been jumping on keyboards since forever.
-
Hype up AI.
-
Everyone starts scraping the internet to obtain training data for their AI.
-
To block the scrapers, countless sites implement stricter bot detection tools.
-
The owners of the bot detection tools now effectively hold all of the internet by its throat, deciding who can access what and extorting more and more data from you to verify you’re human.
Fucking genius.
- Crypto comes out of nowhere with a steel chair and now we have to pay websites for access.
You can always build more bot detection tools, right? Or am I wrong?
-
Fuck absolutely everything about this.
No malicious site would ever fake this kind of flow in order to get someone to scan a dangerous QR code. Nope, that would never happen.
It’s already happening. They tell you to scan a QR code that links to a website where they ask you to log in with your Google account (but it’s just a phishing page).
Good job Google!
That’s it. JavaScript was a mistake. Time to go back to HTML only pages
obligatory NoScript advertisement
I meanf you can do this flow without JavaScript: The server renders a QR code and sends it in a static web page and on Android, you register a URL handler to do the rest of the flow.
This? This is the JavaScript straw that broke your back?
Are you implying that Spice Hoarder is a camel?
I can neither confirm nor deny these claims
Any website that chooses to use this service will simply not get my traffic. If enough people feel the same, those websites will lose clicks and eventually tell Google to pound sand.
Imagine the utter hubris on these fuckers to think that people will get a google device just to access a website.
Or to think that an average user sitting at home would run to another room to grab their phone so they can verify themselves on the desktop just to visit blackcougar.com
They’re using the fact that everyone else both already owns a Google or iOS device, and does everything on those devices, to punish desktop and alt mobile OS users.
The fact that this is going on right as AluminumOS is down the pipes, and right as rigged parts prices threaten to kill desktops as an option to begin with makes this especially sus.
The way things are going right now, I won’t be surprised if we see a computing future where you’re either on a Google or Apple-controlled device, or you’re on a thin client tied to a cloud subscription, and you won’t own your tech anymore.
Bezos’ ‘Give up your PC and rent from our cloud’ threat is sounding less and less like a threat and more and more likely to become reality.
Have you been paying attention to the open source community at all? We have made this future impossible.
Right now we can share a lot of infrastructure.
You want me to scan a QR code to log onto your fuckin’ website?!
I was wondering how long it would take for someone to get the reference. Its a pretty old episode.
How soon before reCAPTCHA-encumbered sites are blocked on desktops entirely unless you’re on ChromeOS or the upcoming AluminumOS?
I know it has been said already but how stupid is it to teach users the pattern of randomly scanning QR codes. So ironic given that reCaptcha is for security in some sense.
It’s the same with ID verification. For your safety you need to start giving random websites your drivers license or passport…
I had a site I was gunna buy stuff from ask me for a video selfie to “prove” I was over 21.
First if all, I wasn’t buying anything controlled, so thats ridiculous over-reach, and second of all LOL FUCK NO I’m not giving you, some random-ass e-commerce site, my fucking biometric data. That’s absolutely insane.
Needless to say, I blocked that site on my pihole, so it no longer exists to me as an option. Sent them a message letting them know they lost a rather substantial sale from that shit. I’ll do that for absolutely every one, same with ID or whatever else. I could just use the tricks kids use, but that still rewards them for this bullshit with money.
I’ll just stop using the internet if it becomes a thing everywhere. It’s not really worth being on anymore, for the most part, anyway.
I don’t blame you. Personally I get more satisfaction from using fake IDs or directing a video selfie thing to a video game character etc or finding some obscure bypass to whatever bullshit they throw at me. That way I still get what I want from the website and they get nothing of value from me, lmao.
It’s called the boiling frog effect.
It’s not for your security :(((
It’s the same with ID verification. For your safety, you need to start giving random websites your drivers license or passport…
