FilterHN

Google Cloud fraud defense, the next evolution of reCAPTCHA

29 points

by unforgivenpasta

1 hour ago

| past

| 6 comments

| cloud.google.com

| HN

▲

bramhaag

30 minutes ago

[-]

The requirements for the mobile devices are listed here: https://support.google.com/recaptcha/answer/16609652

So it seems that you will need a modern Android device with Google Play Services installed or a modern iPhone/iPad to be allowed to browse the web in the future.

No mention of device integrity verification yet, but the writing is on the wall.

▲

everdrive

17 minutes ago

[-]

I've been saying for years that it does not make sense to browse the web on a smartphone. Eventually things will get bad enough that people will agree with me.

▲

hellojesus

19 minutes ago

[-]

This is going to make my grapheneos journey a bit more exciting. How wild to force users through an official google identification for web browsing.

Does the iPhone recaptcha app force you to login with a Google account? Seems we didn't need ID verification for the web to lose all anonymity.

▲

Hizonner

26 minutes ago

[-]

... or you'll need to stop using reCAPTCHA if you want to get any traffic on your Web site.

I know, people will slavishly knuckle under, but let me dream for a few minutes.

▲

tardedmeme

20 minutes ago

[-]

99.999% of people don't give a shit and don't even know what this means. They'll follow the instructions. These are the same 99.999% of people who press win+R ctrl+V enter when the captcha prompts them to. Because do this to see the dancing bunnies.

▲

mrguyorama

1 minute ago

[-]

They will do exactly as it says while also ceaselessly complaining, completely unable to connect their choice to use a website with the pain of using that website.

There's some sort of serious issue with learned helplessness or something

▲

arian_

31 minutes ago

[-]

Google building harder walls against bots while simultaneously building AI agents that need to get through them is peak 2026.

▲

tardedmeme

19 minutes ago

[-]

They're expecting everyone to whitelist Google agents because Google has the market share for people to complain if Google agents don't work.

▲

mayama

39 minutes ago

[-]

The site doesn't mention this. But, are they locking down QR code auth for only safetynet authenticated devices and with mobile number verification?

▲

bobbiechen

32 minutes ago

[-]

Yeah, I had the same question myself. I think that's what you would want to do to make it airtight (plus some amount of rate limiting or flagging for devices that are part of dedicated device farms).

But even if not, there's still value in raising the barrier to entry. For example, you can buy 1000 reCaptcha solves for $1-2 from various captcha-solver services. And yet that $0.001-per-request fee does discourage mass-scale bot attacks.

▲

Hizonner

23 minutes ago

[-]

... You... think... it would be a good thing.

Don't you...

▲

xacky

40 minutes ago

[-]

The fact that mobile devices are now mandatory to prove "humanness" means that Google no longer trusts desktop/open platforms anymore.

▲

SoKamil

56 minutes ago

[-]

Google clearly wants only Google approved models to traverse the web.

▲

stupidgeek314

30 minutes ago

[-]

Why can't an AI scan the QR code? Just fire up an emulator if necessary

▲

tardedmeme

18 minutes ago

[-]

The app that scans the code talks to the TPM in your phone to prove that your phone is running an unmodified Google OS.

▲

hellojesus

15 minutes ago

[-]

I know that's the final destination, but I didn't see that listed in the requirements page linked above. Any proof of this affecting the current implementation?