cross-posted from: https://lemmy.ml/post/47972724
i encountered this for the first time today while attempting to read something on archive.today.
i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.
the old type of captcha remains available too, for now:
your pin, cvv and expiry date too, which confirms you are actually human
I once saw fake captcha scam that reuired scaning QR code to infect device. It looks exactly like that.
I once made QR code stickers that placed people on a website warning them to stop trusting QR codes.
I spent a year traveling and everywhere I saw a QR code my sticker QR code went over it.
You target the right locations and spoof the website and you can get credit card, phone, email, address. Svan this QR code for 20% off blah blah blah.
Do use them.
Noticed parking meters here have prominent labels now stating they do not use QR codes. I’m sure that’s just providing the spot to put the scam QR code, but it’s better than nothing.
Sign: “Scan here for a trail map”
lemmylump: “I better vandalize this. Guys I’m tooootally helping people.”
LOL, fuck off. How about instead I move on to somewhere less hostile toward the user instead?
People without a mobile device are fucked out of being able to pass a captcha
As if this isn’t a way for them to associate multiple sessions on multiple specific devices with one another, this is just another avenue for data collection, period. Hidden under the guise of “more secure.”
I imagine scammers are already thinking of ways to use this for phishing too
Captcha has been one of the greatest google acquisitions ever.
They acquired it under the guise of improving OCR and have since morphed it into an AI data farm (how else is google lens gonna know what objects are what?) and now total insight into a users every single action from desktop to mobile, tying it all together into a surveillance nightmare.
I can guess the permissions that the recaptcha app needs now. Probably something akin to root access with all datapoints and considerations you could think of.
I used to always add one incorrect tile and skip one correct tile.(It would still pass)
I thiught I was such a rebel lol
Then I figured, they’d be stupid if they didn’t show the same image to multiple people…
How would that teach Lens to recognise anything other than motorcycles and traffic lights really well?
I’ve had many, many not traffic light and motorcycle/bicycle recaptchas. They’re probably leaning a bit into self driving learning the past few years.
Lens has a lot more data points nowadays after everyone’s google photos was used for training for what, 10+ years at this point?
Google harvested all human typed words 15 years ago with the google library project. They’ve been hoarding and processing data for models forever.
I was being at least partly facetious because I rarely get anything but motorcycles and traffic lights and even then it’ll most likely ask me about buses or bridges. Not disagreeing that they’re hoarding data :)
It really should be illegal to build systems that require a user’s access to any unrelated technology. You shouldn’t be forced to have a phone to pay a parking fee or to get on the bus. You shouldn’t need an app to charge your car. You shouldn’t need to use proprietary software from one spesific company to pass a captcha on a random site.
I mostly use my phone (Pixel with GrapheneOS) as a dumb phone + calendar. But by far the biggest number of apps I have to have on it are the fucking car charger apps.
You don’t have to drink a verification can, but you do need to buy a verification phone.
The point with captchas is not really that bots can’t pass them, more that its too expensive to pass them consistently with a hurtfully large enough volume of bots.
I’d heard of this strategy, like making it perform some kind of costly encryption that’s irrelevant to a human user but restrictively expensive for a bot army.
But does decoding a QR code apply? I never really thought about it. I guess it’s an image, it’s at least a little big by comparison… but it’s also in a restricted, easy to capture spot and maybe could be minimized to a fairly small pixel set? Idk how many key pixels you need to parse a QR code… I guess I could Google
*typo bit --> bot and bit --> big… I’m full of bit
Since a QR code is just made of squares, it can be very, very tiny
1 square = 1 pixel
Out of curiosity:
I don’t know much about this new captcha system, but I feel like the challenge wouldn’t really be in the scanning of the qr code itself but more so on making the device you’re scanning with seem legitimate. They could check usage patterns, what apps are installed, how many accounts are added and are they actively used, location and sensor data, are the hardware specifications really unusual, are they constantly trying to complete random captchas… Stuff like that to tell apart a real user’s device from a bot or sandbox. The QR Code is probably just a random ID for which captcha instance the user is trying to pass.
Also I just realised this but this is probably inconvenient as hell. Like I do NOT want to constantly be picking up my phone to scan QR codes when I’m trying to go around the Internet. What if my phone is on the other side of the house? I don’t want to get up and walk all the way over there! If this gets fully rolled out there may actually be a small dip on the amount of desktop users of websites because they just leave when they are hit wth this captcha instead of bothering to scan a code.
Heard. We have a QR 2auth system for one of my work domains, and I let out an exasperated sigh every time I realize I have to get my phone out
i have one. but it isn’t android, or ios, or ‘smart’ in any way. it doesn’t even text. it’s just a telephone that fits in my pocket and connects to the cellular networks. it’s all i want. it’s all i use. it’s all i’ve needed ever since i got my first one about 25 years ago.
Same! Except mine does do SMS text and has the other flip phone stuff like alarms, timer, calendar.
Don’t worry you’re included. Simply visit one of our Accessibility Centers between 8am-9am on odd Wednesdays, with a valid birth certificate, filled-out form from here, and a notarized Charizard.
Verifying you have a phone doesn’t verify that you’re human.
Just like Recaptchas haven’t been a challenge to bots for a long time. Still, we had to deal with this shit. Makes you wonder if it’s just a stupid fucking pretext… 🤔
Used to be, yeah. But this part of computer vision has been a solved problem for a while now. Captchas still remained for the sole purpose of annoying the living fuck out of people like you and me. Well, until Google figured out Captchas could be weaponised for (gestures) whatever this is.
Something like that. Emulators also give the ability to emulate cameras using pictures or video feeds.
They just need to set up a Google play equipped emulator, set the picture as simulated camera input and put in the inputs to the emulator (also automatable)
May have to stream a video of the screen into a scanner app, but shouldn’t be difficult anyway.
One of the forms of digital ID in use in my country now has a new way to use it, which the government websites use now. You always needed a mobile device for this one anyway (phone holds the private keys and you have to enter the PIN 1 or PIN 2 depending on whether you’re authenticating or authorizing something), but it used to be that you could enter your ID code and get prompted for the PIN (with a verification number to make sure you’re responding to the prompt you think you’re responding to), now it’s either on-device from the default browser to the app, OR on desktop you have to scan a QR code that’s a moving target, it changes a couple of times a second so you couldn’t send a screenshot to someone else to scan. This is meant to prevent scams where someone gets you to just enter your PIN over a phone call.
I don’t know if the google thing is similar though or if it’s a static QR there.
My cat once jumped on keybard and wrote “ghfhghgghhfjgfhf” on Discord chat. The first non-human with acces to computer.
Discord?! Computers are a lot older than Discord! Cats have been jumping on keyboards since forever.
We are making side loading harder because scammers are using “these” tactics to install malware on your devices.
It’s totally fine when we use the same tactics to install malware on your device.
malware is bytecode Google didn’t approve of. when google spies on you, that’s just “legitimate interest”
This is the only way to stop it. We must refuse to use it. All they watch is the numbers.
I bought a thing from Walmart using pickup for the first time, because the thing was “low stock”, and I didn’t want to drive there if they didn’t have it. I get the email that it’s ready, and they want me to download their stupid app to confirm. Fuck that, I went to the store, knowing I had a backup option, and found the last one of the thing on the shelf and bought that instead. Although, apparently the sign at the parking spot has a phone number you can call to let them know you’ve arrived–no mention of that option in the email.
Walmart’s curbside pickup workflow can be done entirely within the mobile site, even the arrival/parking step (w/o having to call the number).
Hype up AI.
Everyone starts scraping the internet to obtain training data for their AI.
To block the scrapers, countless sites implement stricter bot detection tools.
The owners of the bot detection tools now effectively hold all of the internet by its throat, deciding who can access what and extorting more and more data from you to verify you’re human.
Fucking genius.
You can always build more bot detection tools, right? Or am I wrong?
Everyone needs to fail the test over and over again until they fall back to their non-we want to fuck everyone over even more world.
I got one of these. They had accessibility options so I just did the auditory one. It says a couple words, you write them out, and you’re done. Like hell am I using a Phone for this shit.
Sorry, my faith in users is basically zero. These dummies will go to websites that tell them to copy code and run it with win+r. They’re morons and will do anything if a website promises them something.
Nice captcha. Would be a shame if someone intentionally injected malicious code that had users scan a QR code under the guise of security.
And had the qr code rickroll them, because that’s really a good song and dude got pipes
