- cross-posted to:
- privacy@lemmy.ml
- google@lemdro.id
- cross-posted to:
- privacy@lemmy.ml
- google@lemdro.id
I encountered this for the first time today while attempting to read something on archive.today.
I confirmed that decoding the qrcode using a computer and following the URL it contains is insufficient; the error it gave directed me here which is what the linked screenshot is of.
The old type of captcha remains available too, for now:
OC writeup by @cypherpunks@lemmy.ml
You must log in or register to comment.
Locking down access for everyone not using US based services, should be illegal for sites (also) intended for the European market, quite frankly.
Captchas are human rights violations
They better not implement that shit as mandatory because:
- 1: I’m running a degoogled phone without Google Play Services
- 2: I’m not installing their blatant spyware app
- 3: I am not letting them create a link between my phone and my PC
- 4: It looks like more trouble than before
- 5: Fuck Google in general
- Bad actors will start using clones of it with malicious QR codes to try and compromise your mobile device as well as your desktop one
My thoughts. All other issues aside, this sounds like a huge, unnercessary, attack vector.
I keep hearing about malicious QR codes, but how does it actually work? Unless there’s a serious vulnerability, how is it different from clicking on any link?
It has been a few years since I worked as a junior in offensive security, but that has been something I could never figure out when I looked into it.
Hmm, I guess you could use it for a pretty good phishing attempt. Just show a fake google login page and you’re set, or maybe a fake .apk download “to confirm the captcha”, but other than that, I don’t really see a vector of attack.
This example might shed some light on how malicious QR codes can work.
There’s a lot of car parks in my area which have had QR codes stickered to the payment meters, instructing people to use the QR code to pay for their parking. These are council or private car parks, but the code takes you to a site that accurately mimics a usual carpark payment site. So people think they’ve paid for parking, but have actually sent money to a scammer, and they also end up with a fine for non-payment from the entity that actually owns the carpark.
That is actually a valid point. It would create a new way to exploit users who don’t know any better.
Reminder to NOT use or support archive.today or archive.is
Why, what did they…ooohhh
I’m out of the loop, what did you find?
EDIT: I guess you’re talking about this? From a first reddit page about why is it down I could find.
The owner did it to themselves, by mounting a surreptitious DDoS campaign and altering the content of the archives to slander people, thus making it an unreliable source. This prompted Wikipedia to (correctly) remove it from all outbound links.
It’s moot if it’s online anymore or not - it’s not a valid archive.
One step closer to “Drink verification can to continue.”
Fuck Sundar Pichai.
Inaction will do nothing. Commenting and complaining is inaction. Get your family on degoogled ROMs. Use Lineage or iode for devices that are supported, have them buy a used pixel for Graphene or Calyx otherwise. Have them complain to lawmakers. The more people who are with us, the less people to tell us to “get over it and be normal”.
I had this yesterday, I hate it. Switched to the eyeball icon and proceeded on.
“Must”
Eye icon says not must.
“We’ve trained enough on crosswalks, fire hydrants, and motorbikes… Back to invasive data collection!”
On a serious note, this is the third time I’ve seen someone getting that new check. It’s probably a trial run/slow rollout but they can’t be removing accessibility features right? Alienating people because they can’t scan seems evil.
Seems like a bear-trashcan problem. There’s overlap between the most intelligent bot and least intelligent human.
Speaking of the crossroads and fire hydrants and motorbikes… I fucking hate recaptcha these days. I used to be able to go through those annoying fuckers first try. Now it’s either I sit through that slow as hell sequence that fades out and in new pictures at a glacial pace and lose it, or I go through the ones where I’m expected to select several tiles in several big pictures (no longer just a single one) and inevitably I always fail this one. It’s gotten so bad I’ve resorted to audio captchas in a few cases. Am I the only one?
The word you’re looking for is … abomination.
I don’t like it but I saw this coming.
