Google Cloud fraud defense, the next evolution of reCAPTCHA

https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-fraud-defense-the-next-evolution-of-recaptcha/

27•unforgivenpasta•1h ago

Comments

SoKamil•55m ago

Google clearly wants only Google approved models to traverse the web.

xacky•39m ago

The fact that mobile devices are now mandatory to prove "humanness" means that Google no longer trusts desktop/open platforms anymore.

mayama•38m ago

The site doesn't mention this. But, are they locking down QR code auth for only safetynet authenticated devices and with mobile number verification?

bobbiechen•32m ago

Yeah, I had the same question myself. I think that's what you would want to do to make it airtight (plus some amount of rate limiting or flagging for devices that are part of dedicated device farms).

But even if not, there's still value in raising the barrier to entry. For example, you can buy 1000 reCaptcha solves for $1-2 from various captcha-solver services. And yet that $0.001-per-request fee does discourage mass-scale bot attacks.

Hizonner•23m ago

... You... think... it would be a good thing.

Don't you...

arian_•30m ago

Google building harder walls against bots while simultaneously building AI agents that need to get through them is peak 2026.

tardedmeme•18m ago

They're expecting everyone to whitelist Google agents because Google has the market share for people to complain if Google agents don't work.

stupidgeek314•29m ago

Why can't an AI scan the QR code? Just fire up an emulator if necessary

tardedmeme•18m ago

The app that scans the code talks to the TPM in your phone to prove that your phone is running an unmodified Google OS.

hellojesus•15m ago

I know that's the final destination, but I didn't see that listed in the requirements page linked above. Any proof of this affecting the current implementation?

bramhaag•29m ago

The requirements for the mobile devices are listed here: https://support.google.com/recaptcha/answer/16609652

So it seems that you will need a modern Android device with Google Play Services installed or a modern iPhone/iPad to be allowed to browse the web in the future.

No mention of device integrity verification yet, but the writing is on the wall.

Hizonner•25m ago

... or you'll need to stop using reCAPTCHA if you want to get any traffic on your Web site.

I know, people will slavishly knuckle under, but let me dream for a few minutes.

tardedmeme•19m ago

99.999% of people don't give a shit and don't even know what this means. They'll follow the instructions. These are the same 99.999% of people who press win+R ctrl+V enter when the captcha prompts them to. Because do this to see the dancing bunnies.

hellojesus•19m ago

This is going to make my grapheneos journey a bit more exciting. How wild to force users through an official google identification for web browsing.

Does the iPhone recaptcha app force you to login with a Google account? Seems we didn't need ID verification for the web to lose all anonymity.

everdrive•16m ago

I've been saying for years that it does not make sense to browse the web on a smartphone. Eventually things will get bad enough that people will agree with me.

Old Job Is Still Running You. You Just Don't Work There Anymore

Google Gemini app does not respect chat history preferences

Walt Disney and the Romance of Building (A Ton of Apartment Buildings)

Show HN: What the OpenAI Agent Phone might feel like

How AI agent memory works

Bitter Lessons from the ISSpresso

Supreme Court denies Apple breathing space in Epic fight

Saved ~40GB of db space wasted on unused indexes

March Amtrak Up 21%; Flying Up 7% Since 2019

Programming Still Sucks

Batch API is terrible for one agent. It might be great for a fleet

Surveva: Global Social Polling

A Mutation Gave Humans the Gift of Speech. These Mice Have It, Too

Show+HN:YouTube Transcript API

Recondo – Logging Proxy for Coding Agents (Claude Code, Codex, Gemini)

DeepSeek could be valued at up to $50B in first fundraising

What Happens When Fraud Tempts UK Workers? (2025)

An agent OS built as narrow workers on iii primitives

Ask HN: Should coding agents fall back to another model when one fails?

Relm4: An elm inspired rust GUI framework based on GTK4

Are you allowed to put that SoC 2 logo on your website?

Ascynd – AI video clipper that runs on your machine

Show HN: I built a personalized portfolio builder for your values

1 in 8 workers say selling company logins is justifiable

Learning the Integral of a Diffusion Model

When DNSSEC goes wrong: how we responded to the .de TLD outage

Embed Arbitrary Payloads into JPEGs Without Special Tools

Solidity vulnerability findings open dataset

MySQL 9.7 Is Out and the Community Wins

Show HN: Dez brings back Zed's Text Threads