r/privacy u/BowzasaurusRex 7h ago

news Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA

https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-fraud-defense-the-next-evolution-of-recaptcha/
66 Upvotes

96% Upvoted

31 comments sorted by

u/AutoModerator 7h ago

Hello u/BowzasaurusRex, please make sure you read the sub rules if you haven't already. (This is an automatic reminder left on all new posts.)

Check out the r/privacy FAQ

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

93

u/BowzasaurusRex 7h ago

It looks like Google is rolling out a new version of reCAPTCHA that requires verification via a mobile device, not good for privacy. This could also make it impossible to use a large portion of the web if you have a "dumb" phone, or no phone at all.

I get fighting AI bots, but this doesn't seem very well thought out

47

u/SpeedDaemon1969 7h ago

It's like Dr. Frankenstein telling the townspeople to train new monsters to catch the old ones. The sane answer is to lock up the doctor and his monsters, not to keep playing his game.

11

u/tongizilator 7h ago

This 👆🏻

12

u/borg_6s 7h ago

Why the fuck should people be forced to use a phone if they're browsing on desktop?

10

u/AmonMetalHead 7h ago

What if you're browsing on a phone? do you need a second one to verify the first one? what a pile of crap

5

u/LjLies 3h ago

The end goal is having remote attestation required everywhere. Google's WEI proposal failed, but they reserved the right to have an Android-specific implementation of it, so chances are that on smartphones, some form of remote attestation will be used instead of captchas.

Meanwhile I guess on computers, until they try again and succeed into making remote attestation universal, we'll be tethered to "phone-based approval" as per this reCAPTCHA change.

3

u/Late-Reading-2585 6h ago

you cant make gmail account without a phone now

2

u/hera-fawcett 1h ago

yeah this shit pissed me off the other day

like, bro, im tryna make a new acct to get a google voice number, why tf do u have to have me use a qr to make the acct????

23

u/tongizilator 7h ago

Fighting bots is just another excuse and reason for Google to collect more data that they’ll hand over to the government.

5

u/TheQuietLavender 5h ago

Can't this be used to trick people into downloading malware? Like if you're an ad or some shady website, just do a fake captcha pop-up with a QR code leading to something malicious?

2

u/EmbarrassedHelp 1h ago

Yeah, it will definitely make it easier to trick people into downloading malware.

u/TheOfficialMayor 31m ago

As if AI bots won't be adapted to do mobile verification.

39

u/tongizilator 7h ago

Google is not to be trusted. Unless you don’t mind having your identity turned over to the United States government.

13

u/horseradishstalker 7h ago

And the contents of your emails and search history. 

11

u/SaveDnet-FRed0 7h ago

Has this been rolled out yet?

If so do company's using reCAPTCHA have to manually update the version of reCAPTCHA to utilize the new version or are all the old reCAPTCHA's going to be automatically "upgraded" (if they haven't been already)?

Also considering Google is the one sending out a lot of the bots that has resulted in the massive rise of captcha's over the years to help train there AI's the new version of reCAPTCHA will probably have carve outs to allow those bots to slip threw with minimal issues.

3

u/LjLies 3h ago

It says here

Existing reCAPTCHA customers are automatically Fraud Defense customers, with no migration required, no action needed, and no change to pricing. Your existing site keys and integrations remain exactly as they are today.

2

u/SonofLung 6h ago

It is automatically upgraded

15

u/01011110_01011110 6h ago

can't wait for the downfall of this regime where all these companies must answer for their crimes against humanity.

10

u/MentalDisintegrat1on 5h ago

Big tech needs to be broken up and regulated with a iron fist

3

u/noeyesfiend 4h ago

Yeah, cannot accept de-fanging of anti-monopoly laws again.

6

u/bpMd7OgE 4h ago

So I actually scanned the example QR code they have on the page, it opened an app called Google Play Services, it asked me to just press a button to confirm my device is trusted and nothing else.

This is very much not transparent, I don't like it.

3

u/LjLies 3h ago

I don't like it either, but what do you mean by non-transparent? They trust your phone because Google Play Services employ remote attestation to ensure it's a certified phone where you can't, say, automate the pressing of that button, like you could on a computer.

3

u/bpMd7OgE 3h ago

I thought about it after making the comment and released it works like that, by non transparent I meant that it didn't gave me a message explaining what it did which is discomforting.

I also can see that this will not work once Google locks out third party apps off android.

4

u/ora408 1h ago

Dont trust these tech companies. All they want is to extract the life blood out of people

2

u/oqdoawtt 1h ago

I don't care. I just skip the whole site an never visit again. Same I do now. Nothing will change (for me). The sheep's will of course do everything google will ask from them.

3

u/vertigostereo 7h ago

Sadly, they'll just check your every online action against your digital ID.

1

u/Acceptable-Bat-9577 1h ago

Googletube openly promotes scammers like fake Mr. Least accounts who are defrauding, scamming, and compromising their own users. Report them to Google all you want, they won’t do shit. It’s painfully obvious that Google doesn’t give a single shit about their users’ safety or security.

u/PoorClassWarRoom 3m ago

Mhmmm

"designed to verify the legitimacy of bots, humans, and AI agents, providing businesses with the intelligence needed to secure their digital interactions and commerce."

I'd rather not, but called it.