Im in the community reverse engineering web CAPTCHAs, it's because they are too easy to reverse engineer with Claude now.
replyI've seen multiple people break botguard (the obfuscation used by recapcha) within the last year when before it was considered a huge technical envour.
Devices like phones don't have this issue since Google owns the client attestation end to end and can fingerprint you without the risk of receiving spoofed values.
Where is this specified? I don't see that in TFA.
replyThe example they give in TFA is having the user scan a QR code, presumably from a mobile device.
replyBut that's not a specification
replyI think they are jumping ahead but it does seem like a logical conclusion. Would tie in nicely with the online ID verification stuff popping up everywhere.
replyDoes anybody trust it? MacOS seems to be the only desktop platform I see be trusted.
replyI think the pathetic thing about this is that it’s so much less intuitive than stuff like cloudflare and Anubis.
replyGoogle, a multi-billion dollar company, is going to make the customers of their corporate clients pull out a phone and do some bullshit just to visit a website.
Meanwhile, when Cloudflare/Anubis verifies you there’s zero required interaction and you barely even see the anime character because it all loads so fast. At most Cloudflare makes you check a box.