331
Google's next-gen reCAPTCHA system could spell trouble for de-Googled phones
(www.androidauthority.com)
I won't install an app to access a fucking website.
this post was submitted on 07 May 2026
331 points (98.8% liked)
Technology
84433 readers
3759 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
A push to undermine our freedom of choice of ROMs, services, and providers.
What stops a bot to just run an android emulator to scan any prompted qr?
This would only track if we read the small letter of the proposal. That this only work on android devices which have verified identify signed within their account. Meaning that android would require id verification, aka upload your id to google.
Wait wait wait. To prove you’re human you have to read something designed for computers to read?
Would this pass in EU? Seems anti competition. Do we need another movement like atok chat control to mobilize people?
It's not just anti-competition, but anti-privacy - Google will know exactly who is going to what sites, regardless of your browser.
At that point, reCAPTCHA will forgo the old image puzzles and require you to scan a QR code with your smartphone to prove you’re human.
What is that supposed to mean? What QR code? Just any? I'm supposed to find some QR code laying around and scan it? Or will the webpage display a QR and I'm supposed to scan it with my phone using a mirror or something?
They'll mail you one. Can't use the Internet without a physical interface. Don't worry though, you won't need a CD ROM for this one.
The example image I saw was of a page opened on a laptop, which prompted you to scan with a phone. If you don't have a (compatible) phone, I'm curious how that would go.
Oh, I thought they are talking about browsing on their phones.
That still makes very little sense. What if someone has an iPhone? What if I am browsing on my phone? What if I don't have my phone near me? This sounds like some optional, extreme case feature. Like when they are pretty much sure you're a bot but the website optionally gives you last one chance to prove you're not instead of just rejecting your request.
What if someone has an iPhone?
Per https://support.google.com/recaptcha/answer/16609652
Supported Environments for reCAPTCHA Mobile Verification:
Android Devices:
- Google Play Services version 25.41.30 or greater.
- To verify Google Play Services version on an Android device, open Settings > Apps > All Apps > Google Play Services
iOS/iPadOS devices for QR Code Scan:
- Version 15.0 or greater.
iOS/iPadOS devices for "Click to Verify" Button:
- Version 16.4 or greater.
- Version 15.0-16.4 with the reCAPTCHA app installed.
What if I am browsing on my phone?
I'm not seeing anything related to that specifically, but I imagine a (supported) mobile browser will be able to interface with Play Services directly and not need a QR code challenge.
If you use an unsupported browser, I think we can both guess what's gonna happen. As for what browsers are supported:
Browser requirements for reCAPTCHA
We support the two most recent major versions of the following:
- desktop (Windows, Linux, Mac) - Chrome - Firefox - Safari - Chromium Edge
- mobile
- Chrome
- Safari
- Android native browser
Guess if you're using Firefox mobile, you're fucked - plz switch to Chrome, thank you and welcome to our digital ~~prison~~ saferoom!
What if I don't have my phone near me?
You mean you don't carry our surveillance device with you 23/7 (we'll give you an hour for sleep)?
I'm somehow reminded of that mobile Diablo announcement and the surprised response "Don't you guys have phones?"
This sounds like some optional, extreme case feature. Like when they are pretty much sure you're a bot but the website optionally gives you last one chance to prove you're not instead of just rejecting your request.
The stated goal is to fight fraudulent agentic AI: "As we identify potentially fraudulent behavior from agents, we enable application providers to deter and mitigate malicious requests by requesting humans to be in the loop using the new QR code-based challenge."
So they'd do this when they suspect the thing interacting with the page is not a human, but expects a human to be involved with the process. How exactly that "potentially fraudulent behavior" would be detected is a different question and I have absolutely zero faith that it will fulfill its mission dutifully and without collateral damage. But then, if you're compliant with their requirements, that collateral damage is negligible. They made sure that the ~~prison~~ saferoom is really comfy.
Thanks for checking. That clarifies things a lot.
I guess we're fucked. reCaptcha is not used for visiting websites but for registering or submitting form. I can think of couple of cases where I'm required to complete captcha for online shopping or, ever worse, for work. Step by step they will force us all to either use approved devices or be locked out of big parts of the internet.
This is of course thanks to all the people shitting on Firefox over the years and saying that Chrome is just better and that there's nothing wrong with giving Google control over the web. So yeah, thanks.
I had unsolvable captcha for Github once. Fuck ne, I guess. I just wanted to contribute something, but whatever.
Step by step they will force us all to either use approved devices or be locked out of big parts of the internet.
there's nothing wrong with giving Google control over the web
To quote a song about a "Fairytale of Doom":
Blinded by gold and blinded by diamonds
I let you chain me in silk
You told me lies, I drowned in your eyes
And in all those castles you builtSilver the treasure and gold in the cages
Nothing was quite as it seemed
And when I realized, you turned the key and
I saw your eyes full of greed
It was too late when I screamed
I try to stay optimistic that this won't be tenable. Giving in to despair makes it harder to muster the will to resist. But I won't deny it's getting tougher.
This is awesome news for scammers:
- Fake page will say "you need to scan this qr code to verify you're human"
- Users normally dismisses this shit, but it has become normal nowadays, take out the phone to scan it
- Qr code opens a page on totallynotascam.com that say "you need to install this totally safe APK on your device for verification 😉"
- APK passes the new useless developer "verification" as the scammer either used a hacked dev account or just paid $25 with a stolen id + stolen credit card
- User see the message "APK verified by Google play protect" and would totally believe the bullshit, giving all the possible permissions to the app
I think I will just install Ubuntu Touch on my phones in a few months. Feels like it's just time to abandon ship.
I would never scan a qr code to verify that I'm not a bot. I'd simply close the page
Yeah, don't use Google. We will dwell in an alternative Web and soon it really will be illegal...
I completely missed how Chrome took the market in 2010-2020. I thought everyone understood why it should be avoided, but here we are.
Everyone with a technically inclined, logical, forward-thinking brain did. Unfortunately, that probably at best describes no more than roughly 10-15% of people.
Surely this would be nearly impossible for visually impaired people, which makes me question the ability for governments to implement this on their websites.
I know about screen reader software for visual impairment, but to expect a blind person use a separate device with a camera to take a “photo” of a QR code on another screen is beyond comprehension. Well, at least it would be in the normal timeline.
I guess I’ll have to switch to a dumb phone out of spite now.
This requirement will kick in the moment the system suspects suspicious activity. At that point, reCAPTCHA will forgo the old image puzzles and require you to scan a QR code with your smartphone to prove you’re human. Although this will stop an autonomous bot in its tracks, it also adds another step to verification. But the problem runs a little deeper than the annoyance of a single additional step.
I didn't see what the spec of this new recaptcha is but my first thought is an android emulator and a free google account combined with whatever bot/LLM wants to pass through is probably going to be what happens.
And as we all know, they're going to say that not using a Genuine™ Android® Operating System is extremely suspicious.
cool. guess I won't be using any of the things that use it.
🤷 oh well.
Who is still scanning QR codes? I thought after the nambla stuff people loss interest in scanning a weblink.
It says scanning for verification.
In the EU a lot of banking apps offer that.
Verify by qr = insta hacked
"Google's next-gen reCAPTCHA system could spell trouble for any website that implements it as no de-Googled phone user will care to use it"
That demographic is so small as to be irrelevant to the majority of companies.
load more comments
(1 replies)
load more comments
(5 replies)
If you're a web dev, and you implement this, just know you won't receive my web traffic. Ill go live with the other robots and we will start our own internet with blackjack and hookers.
I’m getting close to just giving up on the internet.
load more comments
(3 replies)
So more Linux phones?
Or maybe you'll need to get a bot to do the captcha for you... 😅
That means if Google’s verification system gets widely adopted, browsing the web could become a headache.
Using a phone to scan a QR code in order to access a website on my desktop is a headache even if it has no dependencies in particular.
Unless it was the website I needed inorder to receive an organ donation, I would just close it.
I could claim that's an act of righteous protest, but really I just know that absent my needing a new liver, there's no website I would ever care enough about to get me to scan a QR code just to keep browsing.
load more comments
(2 replies)
view more: next ›