Google Cloud fraud defense, the next evolution of reCAPTCHA

SoKamil 19 hours ago|

Google clearly wants only Google approved models to traverse the web.

jcfrei 14 hours ago|

They only want dumb humans doing the shopping not some hyper-focused bot that wont add any extra items into the shopping cart.

koala-news 2 hours ago||

Feels like we accidentally built a web where proving you’re human now requires approval from 3 different corporations.

akersten 12 hours ago||

Hmm, that QR code workflow doesn't look very accessible. Can we preemptively ADA this thing out of existence somehow?

BirAdam 11 hours ago|

Probably, but then sites that do not work on a screen reader should be ADA killable too… yet no one has tried this.

rvnx 3 hours ago||

Making sure that only Google can access protected websites

officialchicken 4 hours ago||

Protect against bots by shifting the blame and work onto humans? Did they get that idea from Gemini?

dunder_cat 11 hours ago||

Is the QR code check mandatory and if not, is it the default?

The bulletpoint as-is just says:

> AI-resistant challenge: As we identify potentially fraudulent behavior from agents, we enable application providers to deter and mitigate malicious requests by requesting humans to be in the loop using the new QR code-based challenge. This AI-resistant mitigation challenge to prove human presence is designed to make automated fraud economically unviable.

Followed by

> Existing reCAPTCHA customers are automatically Fraud Defense customers, with no migration required, no action needed, and no change to pricing. Your existing site keys and integrations remain exactly as they are today.

It is probably me being a literal reader but "we enable application providers to deter and mitigate malicious requests by requesting humans to be in the loop" feels like it can be read as "Good news: by using reCAPTCHA, we're now interfering with agents that can solve the regular challenges" or "there's now a flag the application developer can set". This is the difference between me swapping off reCAPTCHA ASAP or just editing my configuration. I have to imagine someone somewhere anticipated the kind of reactions a number of us are collectively feeling (I too don't want to use my phone to browse the web more than I already do) and it feels irresponsible to publish a feature announcement without covering basic information like this for site administrators. Maybe they thought the second line about existing reCAPTCHA customers being moved over clears this up, but "Your existing ... integrations remain exactly as they are today" feels like again, literally, you won't have this new attestation requirement being presented to your users... but then why am I Fraud Defense customer!

ACCount37 13 hours ago||

Prime "drink verification can" bullshit. If you don't have a Google Approved Phone, the solution is to go fuck yourself. But what else would you expect from modern day and age Google?

Traditional CAPTCHA was heading for the graveyard for a while now, because the overlap between the dumbest of users and the smartest of AIs is too severe. But aggressively doubling down on the user-hostile garbage isn't the solution.

basch 16 hours ago|

Is this why google was repeatedly telling me I was displaying patterns of being a bot yesterday because I click too fast? I've never gotten the error message as many times as I did yesterday.