So it seems that you will need a modern Android device with Google Play Services installed or a modern iPhone/iPad to be allowed to browse the web in the future.
No mention of device integrity verification yet, but the writing is on the wall.
If Google Play services is listed as a requirement, that implies that a "certified Android" device capable of Play Integrity attestation is required, since that's the only officially supported way to obtain Google Play services. On consumer-facing support articles like this, they don't tend to get into the nitty gritty details like what APIs are being used. If MEETS_DEVICE_INTEGRITY is required, that would probably not be explicitly listed here.
E.g. the consumer documentation for Google Pay just says you need a "certified" Android device and a screen lock set up: https://support.google.com/wallet/answer/12200245
(Yes, if you go deep into the FAQ at the end it eventually states that if you rooted your phone, you can't use tap to pay, but that requirement is implied by the certification requirement [1].)
In Google's eyes, and in the eyes of the law due to trademarks filed by Google, Android == Google Android.
This feature would make little sense if it's not using device attestation because otherwise it would be easy to spoof. I expect that it will initially not use it, and they will start A/B testing device attestation in the coming years.
[1] Expand "What to do if you see device is not certified" -> "Reset device to fix issue" https://support.google.com/android/answer/7165974
No, it doesn't. It implies that the app for handling the deeplink lives within GMS as opposed to needing to manually install a separate app like you do on iOS. GMS does not have a hard dependency on device integrity APIs being supported.
Does the iPhone recaptcha app force you to login with a Google account? Seems we didn't need ID verification for the web to lose all anonymity.
Music/movie corporations and game developers must look forward to an age where people can't access the cache files or hook up a debugger to their apps anymore
(Heck, I wish there were fewer parties, like if five single-topic good parties (bij1 against racism, pirate party for internet freedoms, volt for international collaboration, party animals for environmental welfare, etc., plus greenworkersparty as the current overarching big boy) would band together, it'd be a much easier choice!)
That not every country is so lucky (not all of them have free elections, or elections at all) is a shame indeed, but at least for countries like mine I'd be much happier to have a government arrange a system than a tech corporation and foreign laws. Presuming that the 2-party system you speak of is the USA's, at least both corps are governed by your own laws, that's something!
I see recaptcha less frequently but it’s much more annoying, with all the clicking of crosswalks, or busses, or whatever. I am not looking forward to a web where google can not only lock me out of my email, but also large sections of the previously public internet. Occasionally google decides I don’t get to do searches, and that’s not too much of an inconvenience, there are other search engines.
In the olden 20th century, we had a term for that...
This is something site owners choose to implement or not. They're the ones paying the extra hosting fees to handle potentially unwanted traffic, and dealing with spam that traditional CAPTCHA's are no longer effective against. Google's not forcing this on anyone else.
I know, people will slavishly knuckle under, but let me dream for a few minutes.
LOL is this real?
I guess yes, because yesterday ReCaptcha asked me to screenshot a QR-code with the mobilephone :-D
So does Binance.
Not about attesting to Google that you have a proper smartphone as a proxy for your humanity, like this thing.
There's some sort of serious issue with learned helplessness or something
Only if politicians are still corrupt and law enforcement doesn't work.
Which means the writing is on the wall.
Also the example is ridiculous, that you need to scan a QR code to place an order. Maybe they should require filing a visa application as well.
You know, its funny, I don't think I've ever seen captcha on HN once.
Note: I know QR code is ubiquitous these days, but still blinding scanning a QR code to go to accessing an URL is like running a binary downloaded from the internet.
Note2: yes, the `curl $URL | bash` installation approach is essentially just that, yet somehow became popular.
Not that I like this thing at all. But using a QR isn’t exactly why it sucks.
Google Gemini can solve them and I don't think that it will take long for lower power AI systems to be able to solve them.
I will be unable to solve the phone verification because I use LineageOS for microG, but any fraudster can just buy a bunch of $30 android phones. Many people have trouble using a smartphone, so they use dumbphones, but they will be locked out. Many people just don't have any mobile phone because they don't think that it is useful.
(you pay by scanning QR code in .. well, everywhere)
Some currencies are even literally called Marks lol https://en.wikipedia.org/wiki/Mark_(currency)
The Poshmark morons demanded government id to buy a $35 shirt. On an established account, an address that matched my credit card, etc.
The only answer is delete your account.
The only reason they'd care is because they want to sell your personal information.
I've seen multiple people break botguard (the obfuscation used by recapcha) within the last year when before it was considered a huge technical envour.
Devices like phones don't have this issue since Google owns the client attestation end to end and can fingerprint you without the risk of receiving spoofed values.
Ok, concrete scenario. What about homeless people using the computer at the library? Im pretty sure Google wouldn’t intentionally cut marginalized people like this off from the entire internet, would they?
Please don’t respond with sarcasm.
Sure they would. Cloudflare has already arbitrarily blocked entire swathes of the internet. Captcha as well. Your average user ends up going to the path of least resistance, and end up with a compliant ISP or carrier that's doing all sorts of censorship and gatekeeping and siloing and funneling.
And if they did get noticed, they'd whip up some sort of program through their cronies like the Obama phone, and get subsidized service to some token groups, heavily favoring political funneling and defaults supporting whatever party won the grift for that particular round of conspicuous do-gooding.
It's bad, man. For technically savvy people, they can get around things, switch up DNS, muck with vpns, etc. Normal folks are kept firmly within the walled gardens.
Then there's the information silos, platforms, and psychological shit they use. People don't have a chance in hell of getting a free and open link to the internet, what they see is tied to their identity, tied to their service provider, tied to their geographic location, and it's all done seamlessly in the background so they never even notice what they're missing, by design.
It wasn't snark. It's the awful, honest truth, and I have things to suggest involving wire brushes for anyone at Google or any other company involved in this shit.
We need a digital bill of rights, outlawing commercial trafficking in user data, mandatory ephemerality, and penalties involving prison time for CEOs and fines that are rapidly and unavoidably fatal even for companies like Alphabet or Amazon if they screw up even a little bit. Otherwise, this whole pretense at a free and open internet is just a convenient talking point and marketing schlock.
(edit) It seems to still exist: https://www.fcc.gov/general/lifeline-program-low-income-cons...
Why wouldn't they? Google is notorious for making marginalized people's lives harder if it can make them money. Some examples:
- Hosting Palantir's ImmigrationOS, used by ICE to track immigrants
- Actively removing tools marginalized people use to protect themselves against ICE, such as ICE-tracking apps on the play store
- Intentionally aided Israel in committing genocide as part of Project Nimbus
- LGBTQ creator censorship on YouTube
Cutting off a small group of people they've repeatedly shown not to care about in the first place is a small price to pay to further cement their position as gatekeeper of the internet.
However, services that homeless people will be using should factor in their target audience (such as the homeless not having a phone at all, or maybe not one that's up to date even).
However, like it or not, having a modern up to date device is becoming essential for even rudimentary basic access to society. Whether that's right or wrong it's where we are.
Honestly, if you ask such terminally naive questions don't be surprised to get sarcasm in reply. Google does cut off access to chunks of people if it deems it profitable to do so!
Literally the first guideline under "In Comments" is:
> Be kind. *Don't be snarky.*
I say this because I used to have a dumb-phone for an year and more and I only stopped using it when it broke (its battery fried but its replacable but I don't find battery its size). No smart-phone period,(I am a teen so I can afford to do that)
Recently, I wanted to make a google account, guess-what, I literally couldn't make a google account without having an (smart)phone. Google's new feature on making a google account also requires you to qr code your way into, similar to this re-captcha.
I tried to somehow find ways to have a phone number OTP but even when I finally managed to do that after so much PITA, I didn't get the OTP (at all).
I am pretty sure that my phone number works as I got another OTP from google when I had finally given in and used an android device to make an account and even then, there is so much friction.
Even though I have verified my phone number on google, I had to verify the phone number on youtube again to upload a video >15 minutes iirc and yknow I tried to add my number and it didn't send my OTP. So I tried again, and it said that I had tried too much, yes their rate limit of too much is 1
I was sharing all of this with some of my online friends with screenshots. I probably wished to write a blogpost about it that you can't use google without having an (smart)phone.
and now, you are telling me, that Google is gonna force me/us the same but for viewing the open internet, the content and websites that they don't even control. There was one thing about google doing this BS in their own websites because I thought that although really sh.tty, but they don't care about me enough to want me as a user so fine (it wasn't but still)
But this just takes it to an extremely completely next level. I can't stress how bad this all is.
Even after all of the previous things, I still was like, well this problem of google account can still be fixed/isn't thaaat large more than its annoying/frustrating and Google as a company is still mostly fine as compared to other tech giants except from their locking down android thing but this all changed with this move.
With age verification, locking down android, requiring android, recent Utah/UK laws which somehow threaten websites. Internet is turning into Dystopia. We are gonna slowly move towards a allowlist internet where only select few websites are used. For a large swath of the population this is already the case so the voices protesting are quite few but we must do what we can to protest them all from killing the internet. Sorry this got long but I can't stress how bad of a move this is as someone who used to use dumbphone, Google is basically saying that I can't use the internet if I have a dumb-phone.
I mean, that seems to be the general societal attitude.
And you'll need to buy new ones because many things are app only, or are migrating that way (including being able to travel to certain countries)
I must not be the first one to think of this, right?
Right???
Both (Google/Apple) need a much higher level of certification for anything to be allowed to be prompted to install. Either you're already big (and can easily afford to pay for some human time to verify), or you're a manufacturer selling something that has an associated app (again, which implies you're reasonably big and can afford to pay for verification.)
You're neither? Get lost. Somebody types in the name of the app, fine, but the user must find it.
Right?
It seems like security services in many countries started outright to scam the tax payers. Get the wage and pretend brown envelopes don't change hands and policies are not shaped by corporations for their benefit, not the public.
But tactics like this will make that nearly impossible if every website starts requiring a QR code scan on a authorized smartphone.
So the net effect is every AI agent will also have and connect to a physical phone.
And the official Google OS just won't feature remote-control software.
What is easier than pointing a camera at a QR code and commanding and an AI bot to follow the next steps?
It seems on iOS you'll even need to download an application, which is quite a bit of friction.
In the current economic times, adding minutes onto the user journey is not going to result in increased sales, I suspect the data will prove the opposite.
Using a mobile device is bad enough as it is: TOTP, email, SMS codes, 3DS etc, while you can say this is part of the "flow", it's too much. I can see many abandoned journeys from this.
But even if not, there's still value in raising the barrier to entry. For example, you can buy 1000 reCaptcha solves for $1-2 from various captcha-solver services. And yet that $0.001-per-request fee does discourage mass-scale bot attacks.
Don't you...
Let's say I'm running https://grep.app/ for example. AI bots start heavily using it, costing me a ton of money. How would you magically design this so it doesn't matter if the end bots are using it?
I'm so pissed off in advance. I hope that Google die and collapse in sudden bankruptcy before we have to support this crappy challenges that are totally user hostile!
You may be able to make it more expensive than your information is worth, but of course that affects users too.
Adequately: Proof of work. https://anubis.techaro.lol/
Because Google doesn't actually care about preventing fraud, they just want the data you feed them and the fraud feedback you provide. It's all take, no mutual business.
Resolving Final Compilation Conflict: I will remove the redundant `Entry` type declaration to resolve the compilation conflict and finalize the in-memory `StdNetDB` refactor.
Edit std.go → Accepted (+0, -1)
31 type Entry struct {
32 RouterInfo *router_info.RouterInfo
33 }
34 -
34 func NewStdNetDB(db string) *StdNetDB {
35 ctx, cancel := context.WithCancel(context.Background())
36 return &StdNetDB{
It made me realise I was perhaps a bit hard on Claude (but then it did something equally as dumb)
And I don't see it getting better without government regulation. But states are now weaker than corporations. How can we expect them to take charge?
Oh, you sweet, summer child.
If this were some smaller company that just did cloud then it'd never even make it to PoC. This can only happen because it's Google Cloud, and they can leverage everything they own all at once. Those not buying into their ecosystem can take a hike.