Google Cloud fraud defense, the next evolution of reCAPTCHA

Will it be GDPR-compliant -- contrary to reCAPTCHA ?

I suppose it's now become a default assumption every customer is going to own a smart phone that complies with this requirement?

It seems on iOS you'll even need to download an application, which is quite a bit of friction.

In the current economic times, adding minutes onto the user journey is not going to result in increased sales, I suspect the data will prove the opposite.

Using a mobile device is bad enough as it is: TOTP, email, SMS codes, 3DS etc, while you can say this is part of the "flow", it's too much. I can see many abandoned journeys from this.

Does not seem to anyone that Google is wielding too much power over our digital lives and the Internet?

The efforts by Googles, Meta, TikTok, X and AWS etc. to fight fraud and other financial crimes are probably largely deficient. They earn significant revenue from crime and criminal activity. Compared to banks which are required to prevent financial crimes up to personal criminal liability of employees there are no comparable rules for social media platforms.

How do two service businesses get treated so differently by law?

Can I confirm that this is more shit from Google trying to lock people into their ecosystem (or Apples) under the guise security?

ofc, there is classic web support, aka noscript/basic (x)html?

How are people stopping bots reliably?

Google building harder walls against bots while simultaneously building AI agents that need to get through them is peak 2026.

This would not have ever been announced while Lina Khan was running the FCC.

I am almost certain that labs in India and China have already developed a solution to bypass the “Scan this QR” method.

What is easier than pointing a camera at a QR code and commanding and an AI bot to follow the next steps?

> we enable application providers to deter and mitigate malicious requests by requesting humans to be in the loop using the new QR code-based challenge.

I'm so pissed off in advance. I hope that Google die and collapse in sudden bankruptcy before we have to support this crappy challenges that are totally user hostile!

How do I fit TOR in this? Do anonymous users get to use a more anonymous app?

Another nail in the web anonymity sounds like

Two mdashes in the first sentence...hmm.

just how evil can google be?

Who are the engineers building this technology? Make their identities known so displeasure about these systems can be delivered directly to those who most deserve it.

We are much MUCH closer to "drink verification can" than to the time that greentext was written. Like many things in 2026, it's beyond fucking wild, it's a parody of itself.

And I don't see it getting better without government regulation. But states are now weaker than corporations. How can we expect them to take charge?

Human verification via QR code does not mitigate labor farms.

Maybe soon there will be a market for a phone specifically for use as a dummy, to get past all this nonsense.

Google and the reCAPTCHA network aren't even that good with fraud prevention. You would think being literally omniscient over the whole internet would make it trivial to catch account takeovers, and Gmail has a proven track record at resisting account takeover, but when we tried to integrate their fraud signals, they were worthless, worse than the rest of the industry, worse than our homegrown trash from a decade ago.

Because Google doesn't actually care about preventing fraud, they just want the data you feed them and the fraud feedback you provide. It's all take, no mutual business.

[flagged]

[flagged]

[dead]

"This AI-resistant mitigation challenge to prove human presence is designed to make automated fraud economically unviable."

Oh, you sweet, summer child.

Thanks for sharing