Privacy

48829 readers

1175 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

413

"Scan to Verify You're Human": Google's reCAPTCHA is trialing a new "experimental challenge type" which requires desktop users to use an Android or iOS device to be able to pass it (lemmy.ml)

submitted 1 day ago by cypherpunks@lemmy.ml to c/privacy@lemmy.ml

156 comments fedilink hide all child comments

cross-posted from: https://lemmy.ml/post/47972724

i encountered this for the first time today while attempting to read something on archive.today.

i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.

the old type of captcha remains available too, for now:

you are viewing a single comment's thread
view the rest of the comments

[–] HeHoXa@lemmy.zip 11 points 1 day ago (1 children)

Bots don't have trouble scanning QR codes nor emulating Android

[–] MrKoyun@lemmy.world 2 points 1 day ago (1 children)

The point with captchas is not really that bots can't pass them, more that its too expensive to pass them consistently with a hurtfully large enough volume of bots.

[–] HeHoXa@lemmy.zip 1 points 22 hours ago* (last edited 21 hours ago) (2 children)

I'd heard of this strategy, like making it perform some kind of costly encryption that's irrelevant to a human user but restrictively expensive for a bot army.

But does decoding a QR code apply? I never really thought about it. I guess it's an image, it's at least a little bif by comparison... but it's also in a restricted, easy to capture exclusivity, spot and maybe could be minimized to a fairly small pixel set? Idk how many key pixels you need to parse a QR code... I guess I could Google

*typo bit --> bot

[–] Axolotl_cpp@feddit.it 1 points 18 hours ago

Since a QR code is just made of squares, it can be very, very tiny

1 square = 1 pixel

[–] MrKoyun@lemmy.world 1 points 19 hours ago

I don't know much about this new captcha system, but I feel like the challenge wouldn't really be in the scanning of the qr code itself but more so on making the device you're scanning with seem legitimate. They could check usage patterns, what apps are installed, how many accounts are added and are they actively used, location and sensor data, are the hardware specifications really unusual, are they constantly trying to complete random captchas... Stuff like that to tell apart a real user's device from a bot or sandbox. The QR Code is probably just a random ID for which captcha instance the user is trying to pass.

Also I just realised this but this is probably inconvenient as hell. Like I do NOT want to constantly be picking up my phone to scan QR codes when I'm trying to go around the Internet. What if my phone is on the other side of the house? I don't want to get up and walk all the way over there! If this gets fully rolled out there may actually be a small dip on the amount of desktop users of websites because they just leave when they are hit wth this captcha instead of bothering to scan a code.