RE: https://mstdn.social/@jschauma/116610268796045193
Any site that implements Google's QR reCAPTCHA goes on my PERMANENT block list.
Don't care what site it is...
Replies:
24
Boosts:
6
@catsalad does not share your details with this website or app... And what about sharing details with Google? Weird it omits what it shares with Google.
For me to scan it with my "mobile device" means downloading and decrypting on the device I'm on, which may well not work, because it doesn't share enough/the right data with Google.
Es ist wirklich erstaunlich, auf was für perverse Ideen diese TechBros kommen.
@catsalad
i want to agree.
but for some important sites, i need to use workarounds.
if the site is not crucial, avoid or boycott it.
@zetabeta Personally, I am way past the post of compromise, and will even switch banks if I must.
Worse case, I'll use my sole Google enabled phone, but anything short of life dependency can sod off. 💢
@catsalad Very easy to fake to get mindless rubes to scan your QR codes and load malicious code I would think. This is such a bad idea I don't even know if the people who designed this even thought this through, consequences and all.
@david_chisnall @flamecat Oh dang! You're right
@catsalad How on earth can scanning a QR code with an Android (sic!) phone not be done by a robot?
The web is large. I have already walked away from yahoo, facebook, twitter, whatsapp, reddit, digg, and several others. I have never even been tempted to return to any of them.
I was an adult when the web got going. I don't need to know what people I grew up with are doing. I don't need to know the next dance craze. I don't care what is popular. I will not prove anything to your site.
If your site is not frictionless, I'm not interested.
@catsalad just need a "remixer" app that shares the QR code in real time for strangers to scan and verify - make any data that's collected this way useless.
@catsalad since "scan" is the operative word that determines proof...
Step 1: buy a burner
Step 2: burninate
Step 3: humanity restored
Warning: may not be as effective without a bonfire
@catsalad well, of course, because a bot couldn’t possibly read a QR code and then access the resulting URL to prove it/they are human. That would be very difficult.
@catsalad
Fuck that....report the site as spambot
"...does not share your details with this website or app." But what about with Google?
It is another scam to obtain your identity.
@FransVeldman Yep, and to locked out modded Android phones like @GrapheneOS or @iode
@catsalad wait how does this even prove something is human? Machines read QRs better than humans do...?
@urig @catsalad
I would suppose that qr code would open up a link, and the website you land on would use JavaScript to look at your operating system among other things. That’s my theory, **I AM PROBABLY WRONG**. (Sorry for the shouting, I’m just not risking spreading theory as fact here, even surrounded by tech literate people)
@neutronstar @urig This only verifies Google approved devices
https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Little do they know, "my hardware is unsupported" means the reverse is also true.
I guess their portal isn't supported. 😉
@catsalad@infosec.exchange @neutronstar@infosec.exchange @urig@mastodon.online this page says GrapheneOS can pass reCaptcha checks if Play Services is installed:
https://eylenburg.github.io/android_comparison.htm
I think this only really affects Android devices that use microG.
https://github.com/microg/GmsCore/issues/3455
@catsalad @neutronstar oh wow thanks. That's terrible.
I wonder howo it works? The Google website invokes client-side APIs that involve cryptographic proof that Play Services are installed?
![unlofl [Promoted Toot]](https://media.mstdn.social/accounts/avatars/109/139/379/925/966/320/original/e28a291a31f5844b.png "unlofl [Promoted Toot]")
@catsalad Its fucking evil, and they're working with apple, and various "high security" companies like financial stuff.
The web will be closed to anyone who doesn't have a verified android or ios device, you won't be able to use online banking without a verified android or ios device, your verified android or ios device will be your dystopian "multi-pass"
