alt Hacker NewsI saw this coming from miles away. Computers are better at solving CAPTCHAs than people are and people can be bribed or convinced to join botnets so IP whitelisting doesn't work either. Now we have tons of fingerprinting and behaviour analysis but governments are cracking down on that. Plus, YouTube had a massive ad fraud problem with ads being played back in the background in embedded videos, so their detection clearly wasn't good enough.
There aren't many good ways to prove you're not a bot and there are even fewer that don't involve things like ID verification.
Their opt-in approach helps shift the blame to individual web stores for a while, so who knows if this will take off. But either way, in the long term, the open, human internet is either going away or getting locked behind proofs of attestation like this.
Apple built remote attestation into Safari years ago together with Cloudflare and Google is now going one step further, as Apple's approach doesn't work well against bots that can drive browsers rather than scripted automation tools.
Luckily, their current approach can be worked around because it's only targeting things like stores now and you can buy things from other stores. Once stores find out that click farms have hundreds of phones just tapping at remotely served content, uptake will probably be limited.
It'll be a few years before this is everywhere, but unless AI suddenly isn't widely available anymore, it's going to be inevitable.
Replies
> people can be bribed or convinced to join botnets so IP whitelisting doesn't work either
Do you think this won’t also be bypassed, by bribing people to scan QR codes and spoofing location etc.?
> people can be bribed or convinced to join botnets so IP whitelisting doesn't work either
what does that bribe look like, as in, how much can one get? what all does that entail? is that a little box i connect to my network and forget about? does that mean if i unplug it unless another payment is received that will work out? i'm asking for a friend that's looking to avoid selling plasma to make ends meet.
I personally think its easier to detect llm controlled browser sessions, the people deploying them are far more naive and inexperienced than traditional scrapers/crawlers.
insert You wouldn't bring a 40 Petabyte Zip Bomb to School, would you? meme
I mean depending on the cost, Google is guaranteed to lose the battle, like gaming anticheat: there are tools that do parsing of the image on screen and send input as a usb device, there is absolutely nothing to detect.
Doing that for a webpage seems way easier than s videogame
> saw this coming from miles away. Computers are better at solving CAPTCHAs than people are
good point... it's interesting how Captcha was initially popularized as a reverse Turing test, but it's just variants of Proof of Work today.
And it seemed clever at the time for Google to leverage this for improvement of their OCR models (it was!), and makes you wonder what utility is derived from the proven "work" today.