RE: https://mstdn.social/@jschauma/116610268796045193
Any site that implements Google's QR reCAPTCHA goes on my PERMANENT block list.
Don't care what site it is...
Replies:
19
Boosts:
4
@catsalad
i want to agree.
but for some important sites, i need to use workarounds.
if the site is not crucial, avoid or boycott it.
@catsalad Very easy to fake to get mindless rubes to scan your QR codes and load malicious code I would think. This is such a bad idea I don't even know if the people who designed this even thought this through, consequences and all.
@catsalad How on earth can scanning a QR code with an Android (sic!) phone not be done by a robot?
The web is large. I have already walked away from yahoo, facebook, twitter, whatsapp, reddit, digg, and several others. I have never even been tempted to return to any of them.
I was an adult when the web got going. I don't need to know what people I grew up with are doing. I don't need to know the next dance craze. I don't care what is popular. I will not prove anything to your site.
If your site is not frictionless, I'm not interested.
@catsalad just need a "remixer" app that shares the QR code in real time for strangers to scan and verify - make any data that's collected this way useless.
@catsalad since "scan" is the operative word that determines proof...
Step 1: buy a burner
Step 2: burninate
Step 3: humanity restored
Warning: may not be as effective without a bonfire
@catsalad well, of course, because a bot couldn’t possibly read a QR code and then access the resulting URL to prove it/they are human. That would be very difficult.
@catsalad
Fuck that....report the site as spambot
"...does not share your details with this website or app." But what about with Google?
It is another scam to obtain your identity.
@FransVeldman Yep, and to locked out modded Android phones like @GrapheneOS or @iode
@catsalad wait how does this even prove something is human? Machines read QRs better than humans do...?
@urig @catsalad
I would suppose that qr code would open up a link, and the website you land on would use JavaScript to look at your operating system among other things. That’s my theory, **I AM PROBABLY WRONG**. (Sorry for the shouting, I’m just not risking spreading theory as fact here, even surrounded by tech literate people)
@neutronstar @urig This only verifies Google approved devices
https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Little do they know, "my hardware is unsupported" means the reverse is also true.
I guess their portal isn't supported. 😉
@catsalad@infosec.exchange @neutronstar@infosec.exchange @urig@mastodon.online this page says GrapheneOS can pass reCaptcha checks if Play Services is installed:
https://eylenburg.github.io/android_comparison.htm
I think this only really affects Android devices that use microG.
https://github.com/microg/GmsCore/issues/3455
@catsalad @neutronstar oh wow thanks. That's terrible.
I wonder howo it works? The Google website invokes client-side APIs that involve cryptographic proof that Play Services are installed?
![unlofl [Promoted Toot]](https://media.mstdn.social/accounts/avatars/109/139/379/925/966/320/original/e28a291a31f5844b.png "unlofl [Promoted Toot]")
@catsalad Its fucking evil, and they're working with apple, and various "high security" companies like financial stuff.
The web will be closed to anyone who doesn't have a verified android or ios device, you won't be able to use online banking without a verified android or ios device, your verified android or ios device will be your dystopian "multi-pass"
