For instance, terminalcam, gives just enough data to reveal liveness without necessarily giving enough information about identity.
It's interesting the parallels of Google's recaptcha and Cloudflare turnstile.
Cloudflare is free, no image selector, allows VPNs and Tor for the most part, just 0 click with a good ip reputation and 1 click with a bad one.
Recaptcha is paid, trains waymos, sucks millions of hours of human time, asks for camera access, asks for a phone attestation, blocks VPNs/Tor.
Thank god less sites are using ReCAPTCHA.
Looking forward to some other solutions gaining prominence eventually as well.
Like that Anime girl one.
Not sure what problem everybody here is having with this. The alternative would be device certificate stuff (ala did Apple sign for this being a proper Apple device?). Having to shake your hand sounds a lot more privacy friendly. Are you guys seriously worried that Google is gonna steal your secret handshakes?
For starters, it's extremely invasive (camera on to pay a bill - wtf?), has unclear privacy implications and questionable accessibility (to put it mildly).
Like seriously, if I have to turn on a camera to get through a recaptcha then the website doing it can fuck right the hell off with extreme prejudice. My web browser is not allowed to access my cameras for any reason, no exceptions.
They asked for feedback after I canceled the login, I gave very candid feedback in a form.
Then they asked if I would give an interview.
You know why I wanted to log in? To claim a $7 refund.
They ended up mailing it.
(this is from the Netherlands where you can use digID [0] to sign into government services and ID-bound 3rd parties like insurance, mortgages, pensions etc)
With as many Ph.D.s as there are at Google, you’d think they’d be smarter than to come up with this. Which is how you know the PMs are in charge, not the smart people.
No firm lasts forever.
Can't be bothered... so instead using the accessibility option of listening to a phrase instead.
> Google does not retain any images or videos of a user's hand gestures
This is the sole statement of data deletion provided, and nowhere does Google state any other retention policy for derivations whatsoever, whether anonymized or associated, from that hand data; referring instead to the generic terms of service privacy policy:
> Other data is deleted or anonymized automatically
The privacy policy does not have a specific callout for biometric derivations, and so they may choose to anonymize rather than delete your biometric data.
> some data we retain for longer periods of time when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention
Recaptcha exists for the exlclusice purpose of security, fraud and abuse prevention, and so by this clause they may retain your identified hand scan biometrics for as long as they see fit.
> We will share personal information outside of Google if we have a good-faith belief that disclosure of the information is reasonabl[e]
They will give your identified hand biometrics upon request to anyone who can make a convincing case to them.
> We may share non-personally identifiable information publicly and with our partners
And they grant themselves the right to start selling their dataset of humanity’s hand biometrics for personal profit with none shared back to those whose biometrics are now a commodity to be bought and sold.
(Note that Google is not alone in this; see also gestures at much of tech. But that’s no excuse for the grift going unreported by a journalistic entity that’s been around long enough to know better how these reassurance-by-omission scams work. I was already upset with Google but I still expect better of those trying to stop them.)
If a web requires me to do this to access it, I simply refuse.
The last time I needed some web was my electricity company - sent them a ticket with a complaint. They replied with some bs like "your browser is simply not supported" so I kept sending them the same ticket over and over again until I got a real response and it seems they decided to change the system.
To use my favorite quote: That's all it takes really, pressure, and time... :)
Would it deny her hand's reCAPTCHA because it doesn't match my biometrics? Or would it allow her and just make a record in the google database that she was using my phone at 8:42PM ?
So stripping away user privacy even more is justified for implementing an already obsolete verification method?
The internet is dead.
At least I know what kind of hand gesture they will get first :)
Seems like they covered your points just fine. They just did it succinctly and trusted the reader to understand the broader implications.
pinnapi•1d ago