• 11 days

    This is a national security issue. A major corporation should not be able effectively impose a security ceiling by banning more secure operating systems (like GrapheneOS) due to it not making them money. Governments should pass regulations requiring any devices that meet certain security standards and support hardware attestation to be accepted by hardware attestation schemes. This will not pose an undue burden on businesses because you can easily add something like GrapheneOS to your scheme (https://grapheneos.org/articles/attestation-compatibility-guide), and even if it did, that doesn’t matter when national security is on the line.

    Right now, it’s not as dire because you can still choose image or audio CAPTCHA, but I don’t know how long that will last, and getting the regulation out before the problem happens is better than after.

    • 10 days

      The whole “regulation is bad” scheme was bought and paid for with billions of dollars spent a small number of people who could make tens of billions by conducting their business without concern for the damage (economic externalities) they do. Its a transparent history and obvious on its face.

      And yet so many average people go online and parrot it back, drinking the coolaid and passing it along.

    • getting the regulation out before the problem happens is better than after

      There’s this weird effect where preventing a disaster is often invisible, sometimes looks detrimental or a waste of time; but responding to a problem and solving it is visible and will get you acclaim. That creates a cynical incentive to let a problem become visible before combating it so as to avoid the Kassandra effect where nobody believes you until it happens.

  • 12 days

    I personally have definitely encountered the point where I’m just not going to do some things merely because of “the principle”.

  • 10 days

    This happens on Linux via Edge Suite.

    They block my ability to use quite a few websites. I’ve tried changing my user agent amongst many other solutions but it never works. My IP is not blacklisted.

    I GUESS YOU DIDNT WANT ME TO BUY ANYTHING ON YOUR GODDAMN SITE ANYWAY.

  • 12 days

    Maybe this is the kick up the arse companies need to finally start using hCaptcha or even Anubis.

    • I hope so, but it could easily come the other way. “We are so used to/deeply integrated/in a close strategic partnership with Google therefore we rather lose 5 % of our customers that care about privacy and are a pain in the ass for our data-driven business.”

      • 12 days

        5% is huuuge overestimate. Maybe on a tech site or forum. On a regular website for the general public? Less than a rounding error. Remember, we are in a lemmy bubble

    • 12 days

      Please not hCaptcha. It’s basically guaranteed to generate infinite loops.

        • 12 days

          It’s almost every time for me. Maybe they don’t like my ad blocker or my browser’s privacy settings but it’s rare for hCaptcha to let me through after three or four repetitions.

          Usually I give up after ten because of it won’t let me in by then it won’t let me in after a hundred. I tried.

          • 12 days

            It should work if you use a Firefox based browser with tracking protection set to strict and resistFingerprinting disabled, then use Jshelter with the following settings.

            • Locally rendered images: Little lies
            • Locally generated audio: Little lies
            • WebAssembly speed-up: Enabled
            • Everything else including Fingerprint Detector disabled

            Then visit fingerprint.com in a normal window, then visit it again in private mode with a VPN or with a dufferent server selected. You will see that the ID is different both times which proves that you’re protected.

            As for the adblocker, just use uBlock Origin with the Quick Fixes list disabled as it may shadowban YouTube comments because their bot protection is silent.

            • 12 days

              That is… a rather byzantine list of requirements to get a captcha service to work as opposed to just running a Firefox derivative with tracking protection on standard and a default-configuration uBO (which is the specific configuration that led to the 100 repetitions, not some kind of recommendation).

              • 10 days

                A standard Firefox is not private and is easily fingerprintable. Those settings give you good privacy but won’'t make most captchas fail.

                • 10 days

                  I am perfectly aware that these settings aren’t very private and I usually run something a bit tighter. My point was that even a mostly vanilla setup couldn’t get past hCaptcha.

    • 12 days

      We’ve moved to Cloudflare’s turnstile and it’s significantly less obnoxious.

      • Unless you use a VPN and run any kind of script blocker like noscript or uBlock Origin’s medium or hard modes.

        So fucking obnoxious.

  • 11 days

    I’ve started the transition away from Google. Sucks because, sometimes, it was really convenient. But now, screw 'em.

    • 11 days

      Convenience is how they get you. I have also been telling people for years that security and convenience are opposite ends of the same line. The closer you are to one the farther you are from the other.

  • It’s funny because my town just posted an article saying a bunch of people got scammed by fake ones already.

  • 11 days

    The robots were about to kill me and my entire family when I said “Look! A stop sign!”. They immediately recognized my superior intelligence and retreated. /s

  • 11 days

    Monopoly or Duopoly. Either way, it’s gotta be taken down.

  • Recaptcha has been trash for years now. Like, it either doesn’t bock bots, or it blocks actual real people. Don’t use it. Use turnstile.

    • 10 days

      turnstile

      Haven’t heard of it before, looks to be made by Cloudflare. Cloudflare don’t seem to be a totally awful company, but that’s always just one CEO-change away.

      Their web site sounds promising, saying “Turnstile can generate multiple types of non-intrusive challenges to verify users are human, all without showing visitors a puzzle.” and “Unlike CAPTCHA options, Turnstile never harvests data for ad retargeting.”

      So how do they make money from this?

      • 10 days

        It’s right on the page you linked? You have to pay for it.

        Free tier says it’s cloudflare branded and only recommended for small hobby projects.

  • Everyone needs to flood the web with fake reCAPTCHA QR codes that lead to something that looks malicious to the average person.

    • LOOKS malicious? Why not just BE malicious? That’s way more lucrative if we’re at that point.

      Looking malicious just trains users that it’s probably ok to do X on sketchy sites…

  • People are so oblivious to this shit.

    … OK, no, there’s a slow dawning that online privacy is important for many reasons, but it never seems to translate into action. Probably largely because there’s hardly any consumer alternatives. Employers have been renewing contracts with Big Tech for decades and can’t be arsed to even think about changing their behavior.

    They’re still going to buy new surveillophones just to be able to log in again.

  • 11 days

    Quick question: If Google doesn’t want to own Android anymore, why don’t they make it public domain instead of trying everything to kill it?

    • 10 days

      They want Android very much and all the data that goes with it.

      They don’t want you to use Android in a way that doesn’t let them harvest your data.