cross-posted from: https://lemmy.ml/post/47972724
i encountered this for the first time today while attempting to read something on archive.today.
i confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.
the old type of captcha remains available too, for now:
I still won’t order online from a store that won’t show me shipping cost without a full address and phone number. I’ll give them the zip code, that’s all they need, that’s all they get before I decide.
FWIW I’ve found passing it through my local SearxNG usually gives me a clean path to the content. But it’s seriously worrying that some of the blocked content is publically available science (e.g. PMC Bioinformatics). But that should not be necessary, at this point a search engine should be a public resource. Fuck Google.
This is the only way to stop it. We must refuse to use it. All they watch is the numbers.
I bought a thing from Walmart using pickup for the first time, because the thing was “low stock”, and I didn’t want to drive there if they didn’t have it. I get the email that it’s ready, and they want me to download their stupid app to confirm. Fuck that, I went to the store, knowing I had a backup option, and found the last one of the thing on the shelf and bought that instead. Although, apparently the sign at the parking spot has a phone number you can call to let them know you’ve arrived–no mention of that option in the email.
LOL, fuck off. How about instead I move on to somewhere less hostile toward the user instead?
We are making side loading harder because scammers are using “these” tactics to install malware on your devices.
It’s totally fine when we use the same tactics to install malware on your device.
malware is bytecode Google didn’t approve of. when google spies on you, that’s just “legitimate interest”
I once saw fake captcha scam that reuired scaning QR code to infect device. It looks exactly like that.
I once made QR code stickers that placed people on a website warning them to stop trusting QR codes.
I spent a year traveling and everywhere I saw a QR code my sticker QR code went over it.
You target the right locations and spoof the website and you can get credit card, phone, email, address. Svan this QR code for 20% off blah blah blah.
Do use them.
Sign: “Scan here for a trail map”
lemmylump: “I better vandalize this. Guys I’m tooootally helping people.”
Noticed parking meters here have prominent labels now stating they do not use QR codes. I’m sure that’s just providing the spot to put the scam QR code, but it’s better than nothing.
Verifying you have a phone doesn’t verify that you’re human.
Just like Recaptchas haven’t been a challenge to bots for a long time. Still, we had to deal with this shit. Makes you wonder if it’s just a stupid fucking pretext… 🤔
Used to be, yeah. But this part of computer vision has been a solved problem for a while now. Captchas still remained for the sole purpose of annoying the living fuck out of people like you and me. Well, until Google figured out Captchas could be weaponised for (gestures) whatever this is.
Something like that. Emulators also give the ability to emulate cameras using pictures or video feeds.
They just need to set up a Google play equipped emulator, set the picture as simulated camera input and put in the inputs to the emulator (also automatable)
May have to stream a video of the screen into a scanner app, but shouldn’t be difficult anyway.
One of the forms of digital ID in use in my country now has a new way to use it, which the government websites use now. You always needed a mobile device for this one anyway (phone holds the private keys and you have to enter the PIN 1 or PIN 2 depending on whether you’re authenticating or authorizing something), but it used to be that you could enter your ID code and get prompted for the PIN (with a verification number to make sure you’re responding to the prompt you think you’re responding to), now it’s either on-device from the default browser to the app, OR on desktop you have to scan a QR code that’s a moving target, it changes a couple of times a second so you couldn’t send a screenshot to someone else to scan. This is meant to prevent scams where someone gets you to just enter your PIN over a phone call.
I don’t know if the google thing is similar though or if it’s a static QR there.
My cat once jumped on keybard and wrote “ghfhghgghhfjgfhf” on Discord chat. The first non-human with acces to computer.
Discord?! Computers are a lot older than Discord! Cats have been jumping on keyboards since forever.
On the bright side, this means they are really worried that privacy practices such as those popular among the Lemmy crowd can make their surveillance expensive or maybe even impractical at scale, rather than profitable. I’m never sure if it’s working, with firmware and all. Almost a good sign? Am I deluded?
Hype up AI.
Everyone starts scraping the internet to obtain training data for their AI.
To block the scrapers, countless sites implement stricter bot detection tools.
The owners of the bot detection tools now effectively hold all of the internet by its throat, deciding who can access what and extorting more and more data from you to verify you’re human.
Fucking genius.
You can always build more bot detection tools, right? Or am I wrong?
No malicious site would ever fake this kind of flow in order to get someone to scan a dangerous QR code. Nope, that would never happen.
It’s already happening. They tell you to scan a QR code that links to a website where they ask you to log in with your Google account (but it’s just a phishing page).
Good job Google!
That’s it. JavaScript was a mistake. Time to go back to HTML only pages
I meanf you can do this flow without JavaScript: The server renders a QR code and sends it in a static web page and on Android, you register a URL handler to do the rest of the flow.
How soon before reCAPTCHA-encumbered sites are blocked on desktops entirely unless you’re on ChromeOS or the upcoming AluminumOS?
