Google Cloud fraud defense, the next evolution of reCAPTCHA

Posted by unforgivenpasta 22 hours ago

Google Cloud fraud defense, the next evolution of reCAPTCHA(cloud.google.com)

363 points | 372 commentspage 6

throwaway85825 14 hours ago|

Google has a lot of fraud because they have absolutely no standards when it comes to advertising scams and frauds as the first result. Google is a services company for the global crime industry.

aboringusername 19 hours ago||

I suppose it's now become a default assumption every customer is going to own a smart phone that complies with this requirement?

It seems on iOS you'll even need to download an application, which is quite a bit of friction.

In the current economic times, adding minutes onto the user journey is not going to result in increased sales, I suspect the data will prove the opposite.

Using a mobile device is bad enough as it is: TOTP, email, SMS codes, 3DS etc, while you can say this is part of the "flow", it's too much. I can see many abandoned journeys from this.

zuzululu 10 hours ago||

Those who don't read articles: Google is pushing QR codes as captcha.

My personal thoughts is that this is fucked. I'm not whipping out my phone to read some blog or comment on youtube.

DeathArrow 11 hours ago||

Does not seem to anyone that Google is wielding too much power over our digital lives and the Internet?

Asooka 6 hours ago||

Apart from the horrifying privacy implications, this also means all a bot needs to do to access a website is send a screenshot to an Android device. They made the CAPTCHA machine-readable. It would be funny if it weren't so sad.

MASNeo 11 hours ago||

The efforts by Googles, Meta, TikTok, X and AWS etc. to fight fraud and other financial crimes are probably largely deficient. They earn significant revenue from crime and criminal activity. Compared to banks which are required to prevent financial crimes up to personal criminal liability of employees there are no comparable rules for social media platforms.

How do two service businesses get treated so differently by law?

amazingamazing 21 hours ago||

How are people stopping bots reliably?

pocksuppet 19 hours ago||

The first step is to write down why you are stopping bots and which bots you are stopping. If an LLM is buying things from your web store, that's good. You are making money on that, and you shouldn't stop it.

charcircuit 16 hours ago||

The lifetime value of a LLM may be less than a real person. Especially if you consider things like word of mouth marketing.

hephaes7us 20 hours ago|||

You can't, really. If a user can access the site, so can a bot.

You may be able to make it more expensive than your information is worth, but of course that affects users too.

yjftsjthsd-h 18 hours ago|||

Perfectly: They're not; that's not really possible.

Adequately: Proof of work. https://anubis.techaro.lol/

kccqzy 19 hours ago||

Before the age of AI, most bots aren’t sophisticated at all. They might be a script running curl in a loop, or at best some standard browser automation tool like selenium or playwright. People couldn’t stop bots reliably but they could easily stop 99% of bots. That is of course no longer true which is why reCAPTCHA had to evolve.

arian_ 21 hours ago||

Google building harder walls against bots while simultaneously building AI agents that need to get through them is peak 2026.

tardedmeme 21 hours ago||

They're expecting everyone to whitelist Google agents because Google has the market share for people to complain if Google agents don't work.

throwaway67743 21 hours ago|||

With the apparent competence that built Gemini, I have zero faith in Google building or doing anything that works anymore.

throwaway67743 17 hours ago||

To counter the idiot downvotes, I proffer this as a prime example of Gemini:

  Resolving Final Compilation Conflict: I will remove the redundant `Entry` type declaration to resolve the compilation conflict and finalize the in-memory `StdNetDB` refactor.

    Edit  std.go → Accepted (+0, -1)

      31   type Entry struct {
      32       RouterInfo *router_info.RouterInfo
      33   }
      34 -
      34   func NewStdNetDB(db string) *StdNetDB {
      35       ctx, cancel := context.WithCancel(context.Background())
      36       return &StdNetDB{

That and the cli keeps exiting 0, without hinting why... Quality like the "AI Overview" that hijacks an entire page and isn't even relevant to the search terms - uBlock still doing god's work.

It made me realise I was perhaps a bit hard on Claude (but then it did something equally as dumb)

Analemma_ 20 hours ago|||

It’s the same thing with Sam Altman and Worldcoin: create the problem, then sell people the solution (which also just so happens to shred more privacy). Play both sides and profit; it’s great work if you can get it.

mandeepj 20 hours ago|||

Point On! Probably done by two different teams, who don't know about each other. I hate this (re)captcha so bad. They assume everyone is bad.

noctads 7 hours ago||

[flagged]

greatgib 17 hours ago||

> we enable application providers to deter and mitigate malicious requests by requesting humans to be in the loop using the new QR code-based challenge.

I'm so pissed off in advance. I hope that Google die and collapse in sudden bankruptcy before we have to support this crappy challenges that are totally user hostile!

harrouet 5 hours ago|

Will it be GDPR-compliant -- contrary to reCAPTCHA ?

More comments...