Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft The funniest part is that a lot of apps use Google libraries (which means most "degoogled" setups aren't actually degoogled) which can act like a copy of Play Services themselves, so those apps could be a viable option for verification if Google insists on an app, but Google's gotta have that invasive Play Services access, right?
edit: Blog post because the article above doesn't cite its sources:
Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog
Today at Next ‘26, we’re launching Google Cloud Fraud Defense, the trust platform for the agentic web and the next evolution of reCAPTCHA.
Google Cloud Blog (cloud.google.com)
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft So, when you see the QR on your laptop, you'll need to scan it with your phone? I guess, this should reveal who (Google account) is trying to open the site.
-
@asterisk @nixCraft Linux is not terrible at all if setup properly. A linux with a decent Apparmor setup is really good for security.
Flatpak is a shame and Android too: It lets Whatsapp and LinkedIn apps slurp all the contacts without even blinking. All Android sandboxing currently just suck.
Only things like island work a little to isolate rogue apps. And nothing protect users from Google on Android. -
@asterisk @nixCraft Linux is not terrible at all if setup properly. A linux with a decent Apparmor setup is really good for security.
Flatpak is a shame and Android too: It lets Whatsapp and LinkedIn apps slurp all the contacts without even blinking. All Android sandboxing currently just suck.
Only things like island work a little to isolate rogue apps. And nothing protect users from Google on Android.@maat @nixCraft AppArmor and SELinux aren't really comparable to Android's ssndboxing model, which also handles app signing and certificate pinning.
Android's sandbox does not suck (bold of you to say when most Flatpaks can escape the sandbox by editing your .bashrc), Google just requires OEMs to bypass it for Play Services to obtain CTS certification (required to use the Android trademark). Alternate Android-based OSes are very secure (as long as they keep up with security patches, /e and iode do not). GrapheneOS's sandbox for it resolves this issue, letting you use it for apps that need it without security compromises.
A lot of Android's security also comes from verified boot (OS image is read-only and signed, bootloader checks the hash against the one burned in at manufacture or stored in the secure enclave at boot to ensure nothing is compromised) and a hardware secure enclave (which is not a TPM chip, its better)
edit: contact scopes (which GrapheneOS has had for ages) are coming in Android 17 to fix that issue.
-
@nixCraft So you can't use Amazon Fire tables either?
That can be fun, lets see what Amazon does against this
@agowa338@chaos.social @nixCraft@mastodon.social amazon dropped fiteos already. -
@maat @nixCraft AppArmor and SELinux aren't really comparable to Android's ssndboxing model, which also handles app signing and certificate pinning.
Android's sandbox does not suck (bold of you to say when most Flatpaks can escape the sandbox by editing your .bashrc), Google just requires OEMs to bypass it for Play Services to obtain CTS certification (required to use the Android trademark). Alternate Android-based OSes are very secure (as long as they keep up with security patches, /e and iode do not). GrapheneOS's sandbox for it resolves this issue, letting you use it for apps that need it without security compromises.
A lot of Android's security also comes from verified boot (OS image is read-only and signed, bootloader checks the hash against the one burned in at manufacture or stored in the secure enclave at boot to ensure nothing is compromised) and a hardware secure enclave (which is not a TPM chip, its better)
edit: contact scopes (which GrapheneOS has had for ages) are coming in Android 17 to fix that issue.
@asterisk @nixCraft OK so the 16 first versions of Android did suck.
(By the way i hate flatpack principle so you can criticize itvall day i will just boredly agree)
And Google who wants to close Android platform and enforce the equivalent of Microsoft's Treacherous Computing Platform does suck even more.
Let's just degooglize this world... We'll breathe a better air. -
@asterisk @nixCraft OK so the 16 first versions of Android did suck.
(By the way i hate flatpack principle so you can criticize itvall day i will just boredly agree)
And Google who wants to close Android platform and enforce the equivalent of Microsoft's Treacherous Computing Platform does suck even more.
Let's just degooglize this world... We'll breathe a better air.@maat @nixCraft They didn't suck, Google Play Services is what's always sucked (on stock play services can still access all your contacts as scopes are for third-party apps, get a Pixel or the upcoming Motorolas and flash Graphene on it if you'd like to restrict this and also regulate some other hidden permissions like Network and Sensors)
-
@maat @nixCraft They didn't suck, Google Play Services is what's always sucked (on stock play services can still access all your contacts as scopes are for third-party apps, get a Pixel or the upcoming Motorolas and flash Graphene on it if you'd like to restrict this and also regulate some other hidden permissions like Network and Sensors)
-
The Titan M2 is good hardware. A relockable bootloader is a good feature. The 2027 Motorolas will support GrapheneOS when they come out as part of the new agreement.
Edit: your arguments are just unfounded is all I'm saying, Android is much better than Linux and you have no proof to the contrary.
-
The Titan M2 is good hardware. A relockable bootloader is a good feature. The 2027 Motorolas will support GrapheneOS when they come out as part of the new agreement.
Edit: your arguments are just unfounded is all I'm saying, Android is much better than Linux and you have no proof to the contrary.
@asterisk @nixCraft you gave no proof either.
A fully integrated patched tuned industrialized implementation cannot be comparés with « linux » in general which means nothing and everything.
A linux installed and tuned by me on the desktop you will just be able to do what is allowed and nothing else.
I'm sure the same thing and better can be done by far more skilled linuxers than i am on mobiles with properly tailored linux systems. -
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft Wait, so people without smartphones are blocked from viewing websites on their computers because they can't scan a QR code?!
-
R relay@relay.mycrowd.ca shared this topic
