reCAPTCHA Mobile Verification "AI-resistant challenge"
editHere is a huge bombshell being shared around in libre spaces:
https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
In summary, reCAPTCHA now serves a new form of CAPTCHA for IPs/devices flagged as bots (mobile, desktop, etc.), presenting itself as a QR code. The problem is, anyone who isn't using an Android/iOS phone with sufficiently updated Google Play Services, being de-Googled Android phones, Linux phones, feature phones, and having a complete lack thereof will get locked out.
In fairness, the regular CAPTCHA still shows up, however, anyone who is unlucky to have their IP/device flagged and has to perform an action gated behind reCAPTCHA (login/register/anything else) could find themselves having to use this new flow.
I think that previously, Google showed an infinite CAPTCHA or refused to even serve a CAPTCHA upon bot detection, so this should merely be a new way to regain clean status, right? This still sets a dangerous precedent, and only time will tell if this becomes the only way to solve the CAPTCHA and whether other CAPTCHA providers will incorporate something like this.
This is part of a larger "Google Cloud Fraud Defense" program designed to "verify the legitimacy of bots, humans, and AI agents":
Reading into it, it isn't clear whether this measure is exclusively used to verify users' use of AI agents (it doesn't appear that way), but regardless, this is now a feature of reCAPTCHA.