Phishing campaign authors will love this. It normalizes users scanning barcodes they can’t read to go to unknown locations on a device where it’s harder to see the URL and there’s no IT watching for phishing activity.
Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog
Submitted 5 days ago by along_the_road@beehaw.org to technology@beehaw.org
Comments
i_am_not_a_robot@discuss.tchncs.de 5 days ago
definitemaybe@lemmy.ca 5 days ago
Exactly my thoughts, too. QR codes are a great tool, but also an incredibly valuable and opaque vector for scams.
The was one recently where they put scam QR stickers over parking payment signs, so users gave their credit card details to scammers. How are you supposed to catch that, as the end user? It’s not like you know the URL you’re supposed to be going to.
Normalizing scanning QR codes just to access a website is going to be abused by scammers in no time.
AbidingOhmsLaw@lemmy.ml 5 days ago
Scan a Google tracking QR code, nope. Not to mnention how easy would it be to hide a malicious URL in a QR code. Nope, nope, nope.
unitedwithme@lemmy.today 5 days ago
This is a “trust me bro” vibe from Google. Guess sites will just have to deal with a drop in traffic. Cuz they’re not getting any more data from me if I can help it
Brummbaer@pawb.social 5 days ago
First they filled the web full of ads, then they let loose an army of bots and now they have to come up with solutions to identify and track real humans, so as not to waste their precious advertising.
Kichae@lemmy.ca 5 days ago
Awesome. Something to keep me away from big wrbsites and on the small web.
Kissaki@beehaw.org 5 days ago
They say it’s a QR code challenge, resistant to bots, but what does it to? How does it work?
Corngood@lemmy.ml 5 days ago
I looked for info and didn’t find anything.
Obviously you could decode the code on the device that’s showing it, so why not also provide a link?
I have to assume that it’s because the mobile device must be one where they can check that you’re only running google approved software (play integrity or whatever it’s called these days, maybe the apple equivalent).
adarza@lemmy.ca 5 days ago
the qr itself is just a link to a recaptcha web page with a unique identifier in the url.
the magic is all hidden in the required app that’s linked to your google account and device, and the interactions that take place between it and google’s servers once it sees that code or link.
smeg@feddit.uk 5 days ago
We invite you to join us at Next ‘26 to talk about new capabilities
This post is just the announcement for a conference talk
SteevyT@beehaw.org 5 days ago
So how do I get through one of these without a working camera?
LukeZaz@beehaw.org 4 days ago
There are no doubt countless programs to scan QR codes on a desktop computer, and I know similar exists for phones. A camera is not needed.
At the same time though, that begs the question of what, exactly, is going to prevent an AI from doing the same goddamn thing? So it’s still shit.
Sina@beehaw.org 5 days ago
I expected something awful, but this is beyond my already low expectations.
prism@lemmy.dbzer0.com 5 days ago
This is it, what they’ve been wanting all along. You will no longer be able to access vast swathes of the internet unless you have a Google approved device, that is a Google-certified Android device with Google Play Services (aka Google Play Spyware) or an app on iOS. Use GrapheneOS or a Linux phone? No internet for you.
What I’d like to know is, what if you’re already accessing a site from your phone? And what if you genuinely don’t have another device? I’m assuming the answer to the second is you’re SOL.
LedgeDrop@lemmy.zip 5 days ago
You’re also missing the point, that a real user with a real name will be tied to each web-request that is “approved”.
This is the beginning of the mandatory age enforcement/requirement.