• AmbitiousProcess (they/them)@piefed.social
    English
    293·
    27 days ago

    This is really bad even just from the perspective of user behavior. Training people to scan QR codes from anything that looks like a captcha box is HORRIBLE for security.

    “Thanks for scanning the code, just one more step! Please input your phone number, and type in the code you receive.”

    Boom, account stolen.

    • LeapSecond@lemmy.zip
      21·
      27 days ago

      And the phone number thing is already happening too. Google, discord and probably other stuff already ask for a phone number to prove you are a human when they flag your account.

      • InFerNo@lemmy.ml
        6·
        26 days ago

        It’s a server setting. one of my oldest servers has enabled this and I haven’t chatted with anyone there anymore because I need to verify my phone first.

    • comrade_twisty@feddit.orgEnglish
      1243·
      27 days ago

      What they are doing is way worse tban what you understood.

      These QR codes will show on your Desktop PC and you will need an Android phone or an iOS device with a logged in Google QR code app to get past it.

        • FineCoatMummy@sh.itjust.worksEnglish
          59·
          27 days ago

          Ayup that has been the holy grail of big tech.

          They are most of the way there today. Make Identity Resolution inescapable. Bing bang boom.

          It is more than just phones and lappys too. It’s everything. That smart TV. That fitness watch. That automobile. That streaming music service. The ebook reader you got as a birthday gift.

          Your behavior across every single device is data gold. This is today’s reality.

          • Lemmayng@lemmy.worldBanned from communityEnglish
            18·
            27 days ago

            Yep, data gold to sell to data brokers and investors so they can sell you shit that you don’t need and can’t even afford.

      • kalpol@lemmy.ca
        66·
        27 days ago

        I wouldn’t scan shit from a website. Random QR codes are a security risk. Just won’t visit that website.

        • comrade_twisty@feddit.orgEnglish
          63·
          27 days ago

          That’s why you have to use the special google app that will protect you from all these dangers*

          *and also collect all your data, sell it to advertisers and forward it to US surveillance agencies (for your own protection of course).

          • FineCoatMummy@sh.itjust.worksEnglish
            301·
            27 days ago

            Sad thing is, that argument works against so many ppl. “I can trust this app. It’s from Google!”

            We(*) are tearing down personal computing. Brick by brick. The very idea of controling our own devs is getting lost. Replacing with Big Tech Feudalism.

            (*) Not most of us here. But in the whole pop.

      • Phantaloons@piefed.zipEnglish
        91·
        27 days ago

        Guess I’m not going to Youtube, then.

        I see a future where we have our mandated government ID shitphone for banking, corpo and government suchn’shit, and the laptop we access Anna’s, Yggdrasil and TOR with.

        and the days go by!

        Not exactly same as it ever was, but seems kinda 2007 to me. I doubt any Lemmy instance or i2p site will enforce Google’s QRcode spy-proxy.

        • ferrule@sh.itjust.works
          5·
          26 days ago

          My current GraphineOS phone will probably be my last smartphone. I’ll be moving to a dumb phone and a data hotspot connected to some type of cyberdeck. Will have that thing locked down, blocking known abusive companies like Google. Honestly could care less about using any service that touches them.

        • freebee@sh.itjust.works
          4·
          26 days ago

          It’s not 2007. Devices are everywhere now, smartphones, TV’s etc. The social dimension (social pressure) and implications are very different now. Their power increases, amount of people caught in the loop is immense now. 2007 was all still fun and games.

          • Phantaloons@piefed.zipEnglish
            3·
            26 days ago

            Undoubtedly, and more still will be as corporate greed turns the internet into pay-per-view TV. We can’t help that.

            Make your decision for yourself for what to do with your connections and your own devices. You are in control of at least that, if nothing else.

      • fartographer@lemmy.world
        3·
        27 days ago

        I am in no way condoning Google’s behavior, nor am I trying to normalize it. With that out of the way: maybe running Android Studio with an AVD might be a decent workaround. For now…

    • Tore@piefed.worldEnglish
      13·
      27 days ago

      That would make the two of us. My Fairphone 3+ is still kicking well with /e/OS.

    • s38b35M5@lemmy.worldEnglish
      9·
      26 days ago

      And nothing of value was lost. I’m over social media, over commercial apps, and maybe I’m over having a mobile phone, too.

  • ISOmorph@feddit.org
    1831·
    27 days ago

    That would only make me install Graphene even harder if I wasn’t already writing from a phone with it

    • comrade_twisty@feddit.orgEnglish
      851·
      27 days ago

      This. Time to stand up to Google and completely boycott the surveillance tech that the US is deploying.

    • Pirate2377@lemmy.zipEnglish
      24·
      27 days ago

      Hopefully this will push Linux Mobile development so that we are no longer completely bound to Android or iOS

    • bagsy@lemmy.world
      35·
      27 days ago

      Every company that uses these captcha service should also be fined so hard. This isnt just google here.

      • jafra@slrpnk.net
        11·
        26 days ago

        And every company that is relying on gsm or the apple pendant to verify anything.

    • Batmorous@lemmy.world
      8·
      26 days ago

      And forced to open-source their OS’es. And have to make their communities owned by the people instead of corpos. We are all beyond pissed and done with their shit. Everyone get more people on board into the movement daily to be focused on getting things done together!! Keep each other in the fight with online and in-person communities

  • Freakazoid@lemmy.ml
    95·
    27 days ago

    Let’s hope the EU prevents this from happening. We should be able to access every site we wish without Google’s permission.

    • Batmorous@lemmy.world
      17·
      26 days ago

      We should all be encouraging Europeans to:

      1. Force Android and iOS to be given to the people to own and open-source the OS fully in EU with GPL license
      2. Fine them to oblivion if they do not cooperate
      3. If they try to double down then piece up their companies into parts

      We all tired of their fucking shit. Everyone keep getting people active and informed on all this!! Together anything is possible!!

    • eleitl@lemmy.zip
      1221·
      26 days ago

      The EU is busily building the Fourth Reich, so don’t expect help from there.

      • lsjw96kxs@sh.itjust.worksFrançais
        6·
        26 days ago

        Yeah, sure, at a really slower pace than USA. Maybe in a century. They still care more for their citizens Trump ever did.

        • Narri N. (they/them)@lemmy.ml
          8·
          26 days ago

          The ongoing battle against online privacy is a symptom of capitalism, the EU is a capitalist state. The only thing the EU would ever do against US-based capitalism is to gobble up those capital gains for themselves. It doesn’t matter if it happes or not, the privacy-issues for end-users would never be alleviated by the EU.

          • Alaknár@sopuli.xyz
            12·
            25 days ago

            From what you’re saying, they would’ve already introduced all those capitalist methods of control the first time around.

            Which they didn’t.

            What gives?

            Also: the EU is literally incapable of “gobbling up capital gains for themselves” because “themselves” doesn’t exist in this context - the EU is not a “State”. The member-states might (and some do).

  • AmbitiousProcess (they/them)@piefed.social
    English
    591·
    27 days ago

    This does seem to work with sandboxed Google Play Services on GrapheneOS btw.

    I scanned the demo QR code on Google’s talk page about it with sandboxed Play Services enabled and it gave me a custom popup asking if I’d like to verify.

      • krashmo@lemmy.world
        34·
        27 days ago

        Unless you’re doing that from a separate device in a separate location then all you’re doing is giving them the data they need to link those two accounts

        • FauxLiving@lemmy.world
          21·
          27 days ago

          You’re right, you’re not going to achieve complete anonymity if you’re interacting with Google services in any way, but you can reduce the amount of information that they receive.

          Sandboxed Google Play Services doesn’t have privileged access to location information, so it can’t pull your GPS location or Wifi Positioning information. It would only see a blank profile and doing this would allow for your primary profile to continue to not run Play Services.

          Any malicious code which could be injected into the process would find itself in a sandbox, on a blank profile and isolated from the rest of the system.

          Google would only see that you are authenticating from a profile without anything installed, from an unknown location and coming from whatever VPN endpoint that you’d like. They could possibly infer that the blank profile and your ‘real’ profile are different via browser fingerprinting. You can randomize a lot of fingerprinting datapoints with browser extensions, but avoiding browser fingerprinting is a whole other topic.

          The ‘real’ privacy solution is to avoid anything that uses this version of recaptcha. However, if you have to use these services then you can still reduce the amount of information leaked via Play Services by using a blank profile to scan the QR codes.

          • WhyJiffie@sh.itjust.worksEnglish
            21·
            27 days ago

            You’re right, you’re not going to achieve complete anonymity if you’re interacting with Google services in any way, but you can reduce the amount of information that they receive.

            its not even about complete anonymity. google has zero business in when I’m logging into my utilities company account, or other semi-governmental portals!

  • Sarcasmo220@lemmy.ml
    54·
    27 days ago

    Eventually privacy minded people like us will have to start creating and visiting sites on the dark web.

    • Patrikvo@lemmy.zip
      8·
      26 days ago

      Sheesh, using alternative sites instead of Facebook and Reddit isn’t using the dark web.

      • topperharlie@lemmy.world
        16·
        26 days ago

        if they add this requirement for the “I’m not a robot” technology this affects way more than stupid Facebook, reddit and the likes, most things behind anti DDoS use this shit.

        I find this very dystopian, and there are not many “oh I’ll just visit the sites than don’t have it” alternatives. You might as well just open IRC and be done with it, I tend to visit a bit more of the internet (even if I haven’t visited Facebook, Instagram and the likes in years)

        • FineCoatMummy@sh.itjust.worksEnglish
          7·
          26 days ago

          Ayup absolutely. Those co’s have such weight. They can drive this into essential services. Banks. Gov services. All online stores. Heck even sites that don’t need logins.

          It’s short sighted to say “I’ll just use other sites then”. The end of that road is, we get excluded from modern life.

          You’re so right, it’s dystopian.

    • Batmorous@lemmy.world
      51·
      26 days ago

      No fuck that we must continue to grow the movement and get more people on board. We don’t give in to those rats and their garbage they try to put on us. Together we all can do together. Fuck them. Many of us already are doing and the more the better

    • eleitl@lemmy.zip
      1·
      26 days ago

      No need for that, just spin up a nginx with letsencrypt certs. Most people don’t need Cloudflare.

    • destiper@lemmy.mlEnglish
      422·
      26 days ago

      The “root of bad” is capitalism itself, the logic of the system tends to create monopolies over time, as demonstrated in the game ‘Monopoly’

      • muusemuuse@sh.itjust.worksEnglish
        5·
        26 days ago

        Regulations used to exist to break that that behavior. But they were either removed over time or not enforced. It can be done. It used to be. It wasn’t flawless but it wasn’t what we have today either.

        • sexy_peach@feddit.org
          2·
          25 days ago

          Everything is possible. Some things just highly unlikely in the current political climate. I think the mamdani method of doing a shitload of door to door campaigning has been really successful in other parts of the world as well.

          It can give a huge boost to leftist parties which then will be able to affect positive change but also change the political landscape. Overton window and all that.

          What I’m saying is get the fuck out with your local leftist party/candidate or whatever if you can.

            • sexy_peach@feddit.orgEnglish
              1·
              25 days ago

              I mean yes, but waiting for the world to change isn’t healthy I believe. Either arrange yourself with how it is now or try to be the change. I bet it’s best to do both.

      • mcv@lemmy.zip
        51·
        25 days ago

        It’s the love of money that’s the root of all evil, according to Jesus, but yeah, that’s the driving force behind capitalism.

        • magnetosphere@lemmy.dbzer0.com
          3·
          25 days ago

          It’s the love of money that’s the root of all evil

          Thank you for getting this quote right. Often, it’s shortened to “money is the root of all evil”, which hits different, and removes the element of personal responsibility. The “love of money” bit is important.

          • mcv@lemmy.zip
            2·
            25 days ago

            Exactly. Money as a tool is fine. You need a way to pay for stuff. It’s the love of money, money as a goal in itself, far beyond what you’ll ever need to live, that’s the problem.

      • FluorideMind@lemmy.world
        212·
        26 days ago

        Capitalism is fine small scale, most systems are. Humans are just wired for efficiency and so with every player on the same board the most ruthless player wins.

        • SocialistVibes01@lemmy.ml
          101·
          26 days ago

          There’s no small scale capitalism as the Capital needs to expand more and more. Political Economy 101.

        • Doomsider@lemmy.world
          71·
          26 days ago

          Ah yes, the mythical small business capitalism we all hear about. I will agree it sounds good on paper and also seems to distribute money in a somewhat efficient manner.

          Unfortunately there has never been a government able to regulate and keep capitalism this way. Other people have said it is simply not possible due to the nature of capitalism.

          I think there is a worthwhile debate here around systems and culture. Perhaps capitalism could work if people were not inherently so greedy. I tend to believe that culture is the deciding factor which is a little disheartening honestly.

          • zqps@sh.itjust.works
            4·
            25 days ago

            It’s not just culture. Most people value community and the well-being of others above amassing wealth (provided their needs are met). The problem is that capitalism indoctrinates us against those values, and even more that it rewards and empowers those who don’t share them at all.

        • iglou@programming.dev
          5·
          26 days ago

          Capitalism does not work because companies will always seek to grow more and more and more. It’s the core of capitalism. You need anti-capitalist policies to keep companies small.

    • grrgyle@slrpnk.net
      17·
      26 days ago

      Break up the billionaires while you’re at it. Their sickness will boil the seas away to nothing

  • meowmeow@quokk.auEnglish
    471·
    27 days ago

    Can we trust that isn’t a campaign to promote Google? What are these websites? Why aren’t they blocking an iPhone? Can any of that be replicated or is this just a Google campaign to create fear and doubt

      • hperrin@lemmy.caEnglish
        11·
        27 days ago

        Android is open source in the same way that Minio is open source.

        • TrickDacy@lemmy.world
          2·
          27 days ago

          I know in what way it’s open source. I just don’t understand what person this idiot thinks they’re mocking when they wrote that. It’s as if they think there are really people out there claiming that android/Google respects privacy (lol) and that it’s proven by part of the OS being open source. People make up fake scenarios to get mad about and they’re often rather ridiculous.

          • hperrin@lemmy.caEnglish
            11·
            27 days ago

            Oh, that’s what you mean. Ok, so every time I mention I have an iPhone because a. I value my privacy and b. I try not to support companies that actively harm the internet, someone says “but Android is open source”, as if merely having a few open source components means that Android is better in any way than any other OS.

            In this instance, Google is not only making the internet worse, they’re doing it in a way that requires their own closed source libraries to even access a huge portion of the internet. This further makes any functional Android OS closed source.

            The most ridiculous thing is that iOS is almost as open source as Android is. There are very few components of an Android based OS that are open source where the equivalent in iOS is not open source.

            Also, hey, thanks for calling me an idiot. ;)

            • TrickDacy@lemmy.world
              1·
              27 days ago

              Yeah I don’t have experience with people really simping for android let alone claiming it’s meaningfully open source. The most I’ve seen is saying it’s not nearly as closed off as iOS which is just a fact. And I will say that as well because it’s a fact. But that has almost nothing to do with the OSS aspect. Or privacy. So yeah I still don’t quite get your point of inserting this here.

    • FineCoatMummy@sh.itjust.worksEnglish
      121·
      27 days ago

      What do you plan to do? Dumbphone? No phone? Break glass in case of emergency phone in a faraday pouch?

      I’m considering a break-glass dumbphone in a faraday pouch. I REALLY fucking hate location tracking. I’d keep it seperate from my IRL ID. Prob is, it’s hard. Screw up once, big data pounces. One call tied to your name in any way. One friend puts it in their contacts. One time to forget the pouch and there’s a location ping at your residence. Not to mention the difficulty of even buying it and setting up a plan. Ugh :(

      • belunos@lemmus.orgEnglish
        5·
        26 days ago

        I’m a teams app for dumb phones away from getting off smart phones. I’m fiddy and have to use my readers to even see my phone, so I’ve slowly stopped using it for much outside of random apps for appliances. I can get an ipad for that, though. I’m also a privacy advocate, but I’ve made peace with the fact that ship has pretty much sailed