• AmbitiousProcess (they/them)@piefed.social
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 months ago

    This is really bad even just from the perspective of user behavior. Training people to scan QR codes from anything that looks like a captcha box is HORRIBLE for security.

    “Thanks for scanning the code, just one more step! Please input your phone number, and type in the code you receive.”

    Boom, account stolen.

    • comrade_twisty@feddit.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      What they are doing is way worse tban what you understood.

      These QR codes will show on your Desktop PC and you will need an Android phone or an iOS device with a logged in Google QR code app to get past it.

        • FineCoatMummy@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Ayup that has been the holy grail of big tech.

          They are most of the way there today. Make Identity Resolution inescapable. Bing bang boom.

          It is more than just phones and lappys too. It’s everything. That smart TV. That fitness watch. That automobile. That streaming music service. The ebook reader you got as a birthday gift.

          Your behavior across every single device is data gold. This is today’s reality.

    • bagsy@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      Every company that uses these captcha service should also be fined so hard. This isnt just google here.

      • jafra@slrpnk.net
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        And every company that is relying on gsm or the apple pendant to verify anything.

  • ISOmorph@feddit.org
    link
    fedilink
    arrow-up
    3
    ·
    2 months ago

    That would only make me install Graphene even harder if I wasn’t already writing from a phone with it

    • Pirate2377@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Hopefully this will push Linux Mobile development so that we are no longer completely bound to Android or iOS

  • Phoenixz@lemmy.ca
    link
    fedilink
    arrow-up
    3
    ·
    2 months ago

    If google requires me to permit other companies to leech all my personal data to be able to use anything on the Internet at all, I say we label Google, Microsoft, Apple as criminal organizations

    I’m sorry, bit there have to be limits.

    I. DO. NOT. WANT. TO. USE. ANYTHING. GOOGLE.

    OR APPLE. OR MICROSOFT.

    FUCK ALL THESE OLIGARCH COMPANIES INTO THE GROUND

    I do not want my private data leeches and sold every day, I don’t even get paid for it

  • korazail@lemmy.myserv.one
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    For a decade or two now, it’s been pretty much assumed that everyone has an internet-connected, camera-equipped, browser-capable device in their pocket. Restaurants, banks, hospitals, employers and even government offices use QR codes and websites to get you to their menus, forms or services.

    If ID is being tied to my mobile spy device, then I need my mobile spy device to be a right and not a luxury. $40-50 for a few years of validity, internet access provided at no cost, even if slow. I can have my luxury phone be where I’m ‘anonymous’, but I want the government to subsidize the mobile spy device if it’s a mandatory expense. Even cheap phones cost a lot of money.

    To be clear, I don’t want ID tied to my phone, but it’s gotten harder to exist without one, so it should be something we have access to with minimal friction.

    Add food, water and shelter to that list, but you can’t ask for them without a web browser.

  • AmbitiousProcess (they/them)@piefed.social
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    This does seem to work with sandboxed Google Play Services on GrapheneOS btw.

    I scanned the demo QR code on Google’s talk page about it with sandboxed Play Services enabled and it gave me a custom popup asking if I’d like to verify.

  • Freakazoid@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    2 months ago

    Let’s hope the EU prevents this from happening. We should be able to access every site we wish without Google’s permission.

    • Batmorous@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      We should all be encouraging Europeans to:

      1. Force Android and iOS to be given to the people to own and open-source the OS fully in EU with GPL license
      2. Fine them to oblivion if they do not cooperate
      3. If they try to double down then piece up their companies into parts

      We all tired of their fucking shit. Everyone keep getting people active and informed on all this!! Together anything is possible!!

    • eleitl@lemmy.zip
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      2 months ago

      The EU is busily building the Fourth Reich, so don’t expect help from there.

        • Narri N. (they/them)@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          The ongoing battle against online privacy is a symptom of capitalism, the EU is a capitalist state. The only thing the EU would ever do against US-based capitalism is to gobble up those capital gains for themselves. It doesn’t matter if it happes or not, the privacy-issues for end-users would never be alleviated by the EU.

          • Alaknár@sopuli.xyz
            link
            fedilink
            arrow-up
            0
            arrow-down
            1
            ·
            2 months ago

            From what you’re saying, they would’ve already introduced all those capitalist methods of control the first time around.

            Which they didn’t.

            What gives?

            Also: the EU is literally incapable of “gobbling up capital gains for themselves” because “themselves” doesn’t exist in this context - the EU is not a “State”. The member-states might (and some do).

    • FineCoatMummy@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      What do you plan to do? Dumbphone? No phone? Break glass in case of emergency phone in a faraday pouch?

      I’m considering a break-glass dumbphone in a faraday pouch. I REALLY fucking hate location tracking. I’d keep it seperate from my IRL ID. Prob is, it’s hard. Screw up once, big data pounces. One call tied to your name in any way. One friend puts it in their contacts. One time to forget the pouch and there’s a location ping at your residence. Not to mention the difficulty of even buying it and setting up a plan. Ugh :(

      • belunos@lemmus.org
        link
        fedilink
        English
        arrow-up
        0
        arrow-down
        1
        ·
        2 months ago

        I’m a teams app for dumb phones away from getting off smart phones. I’m fiddy and have to use my readers to even see my phone, so I’ve slowly stopped using it for much outside of random apps for appliances. I can get an ipad for that, though. I’m also a privacy advocate, but I’ve made peace with the fact that ship has pretty much sailed

    • destiper@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      The “root of bad” is capitalism itself, the logic of the system tends to create monopolies over time, as demonstrated in the game ‘Monopoly’

      • mcv@lemmy.zip
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        It’s the love of money that’s the root of all evil, according to Jesus, but yeah, that’s the driving force behind capitalism.

        • magnetosphere@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          It’s the love of money that’s the root of all evil

          Thank you for getting this quote right. Often, it’s shortened to “money is the root of all evil”, which hits different, and removes the element of personal responsibility. The “love of money” bit is important.

      • FluorideMind@lemmy.world
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        2 months ago

        Capitalism is fine small scale, most systems are. Humans are just wired for efficiency and so with every player on the same board the most ruthless player wins.

        • Doomsider@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Ah yes, the mythical small business capitalism we all hear about. I will agree it sounds good on paper and also seems to distribute money in a somewhat efficient manner.

          Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.

          I think there is a worthwhile debate here around systems and culture. Perhaps capitalism could work if people were not inherently so greedy. I tend to believe that culture is the deciding factor which is a little disheartening honestly.

          • zqps@sh.itjust.works
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            It’s not just culture. Most people value community and the well-being of others above amassing wealth (provided their needs are met). The problem is that capitalism indoctrinates us against those values, and even more that it rewards and empowers those who don’t share them at all.

            • eldavi@lemmy.ml
              link
              fedilink
              English
              arrow-up
              0
              ·
              2 months ago

              @Doomsider@lemmy.world

              Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.

              the primary “authoritarian” government of the world has proven that it is possible and that keeping them under a tight leash is the only way to prevent them from indoctrinating the masses; that’s why the number of billions and the wealth of the its millionaires have been steadily declining for the last decade or so, while simultaneously continuing to improve the quality of life for its citizens; meanwhile while the united states is poised to get its first trillionaire class very soon.

              • Doomsider@lemmy.world
                link
                fedilink
                arrow-up
                0
                ·
                2 months ago

                I sure hope you are not talking about China as they have produced more billionaires than the US for the last two years dramatically increasing their income gap. If you think they have capitalism in check I have a bridge to sell you in Brooklyn.

                • eldavi@lemmy.ml
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  2 months ago

                  you’re not wrong – china’s billionaire count is up. but here’s the cycle that people in the west miss: a new crop of billionaires come along (eg. tech, evs, ai) and they replace the old crop (eg. real estate & manufacturing) that the chinese gov’t already short-leashed, and boom, numbers jumped.

                  that new crop will experience their own slowdown too once they get their own short-leashes like the previous crop did. it happened around 2018-2024, and it’ll happen again and again. china’s churn is fast, but the pattern’s the same every time: rise, stall, replace; no permanent footing/beachhead for a billionaire class from which to capture the system or spread misinformation like it is in the united states.

  • Sarcasmo220@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    Eventually privacy minded people like us will have to start creating and visiting sites on the dark web.

    • Patrikvo@lemmy.zip
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      Sheesh, using alternative sites instead of Facebook and Reddit isn’t using the dark web.

      • topperharlie@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        if they add this requirement for the “I’m not a robot” technology this affects way more than stupid Facebook, reddit and the likes, most things behind anti DDoS use this shit.

        I find this very dystopian, and there are not many “oh I’ll just visit the sites than don’t have it” alternatives. You might as well just open IRC and be done with it, I tend to visit a bit more of the internet (even if I haven’t visited Facebook, Instagram and the likes in years)

        • FineCoatMummy@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Ayup absolutely. Those co’s have such weight. They can drive this into essential services. Banks. Gov services. All online stores. Heck even sites that don’t need logins.

          It’s short sighted to say “I’ll just use other sites then”. The end of that road is, we get excluded from modern life.

          You’re so right, it’s dystopian.

    • Niquarl@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Apple and Google are gradually expanding their use of hardware-based attestation. They’re convincing a growing number of services to adopt it. Google’s Play Integrity API and Apple’s App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.

      Google’s Play Integrity API requires hardware attestation for the strong integrity level and is gradually phasing in requiring it for the more commonly used device integrity level. Apple already has it as a requirement. Over the long term, this will increasingly lock out hardware and OS competition.

      The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it.

      Apple’s Privacy Pass brought hardware attestation to the web to help with passing captchas on their own hardware. Many people saw that as harmless since few sites would be willing to lock out non-Apple-hardware users. Apple and Google are both likely to bring broader hardware attestation to the web.

      Google’s reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems:

      https://support.google.com/recaptcha/answ

      er/16609652

      Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple’s privacy pass, Google’s ‘cancelled’ Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web.

      Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They’re bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more.

      Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It’s enormously anti-competitive.

      Google’s Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn’t somehow specific to an AOSP-based OS. You can’t avoid this by using a mobile OS based on FreeBSD instead. You’ll just be more locked out.

      Google’s Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it.

      It doesn’t provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source.

      Governments are increasingly mandating using Apple’s App Attest and Google’s Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them.

      Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they’re directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security.

      reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that.

      This isn’t about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don’t license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere.

      Services shouldn’t ban people from using arbitrary hardware and operating systems in the first place. Google’s security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It’s for enforcing their monopolies via GMS licensing, that’s all.

  • Geodes & Gems@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    Smartphones are such an utter wretch nowadays, & I’m not even sure if there was a time they weren’t. I don’t get the appeal of a smartphone, they do everything a dumbphone does but worse, more expensive & with an unremovable thick layer of scum, yeah a smartphone has some of the features of a laptop or desktop but who needs that baked into their phone for every moment?

    People are trying so hard to fix smartphones (even by giving money to the least privacy respecting companies ever by buying Google phones) when they can get a dumbphone and be rid of those problems in the first place. Well that’s my opinion at least, I think it might be a bit extreme.