Recaptcha is a service offered by Google. It doesn’t matter on which site the user encountered the QR code verification request - the problem is with Google (the company.)
It does matter, because that Google integration didn’t happen by magic. Whatever the site is, they chose to do things that way.
The only way Google stops things like this is if they get actual pushback, and the only realistic way to achieve that is to make the people using their service reconsider.
and the only realistic way to achieve that is to make the people using their service reconsider.
So what exactly will naming the site achieve? If someone wants to boycott recaptcha (which I’m 100% onboard with, btw) they’ll just not comply with the captcha and leave the site when they encounter it. On the other hand, someone who would not otherwise visit the site cannot reduce traffic to the site by direct action. Telling their friends “don’t use that site, it uses recaptcha” is no more effective than telling them “don’t use any site that requires you to do QR recaptchas.”
The site is using Cloudflare for DDoS protection, and unfortunately Cloudflare is probably the most effective tool for this. It also looks like it might be archive.org in the screenshot, and they’ve been dealing with a lot of DDoS attacks lately.
I don’t think Google advertises “we force you to scan a QR code” as a feature of reCAPTCHA either, so it feels a little weird to me to blame the site for using a DDoS protection tool that in turn uses reCAPTCHA for human verification when Google randomly decides to add a new stupid challenge type.
Name the offending website please.
Google. It’s their recaptcha service doing that. The QR code validation also gets rejected if you’re using a privacy oriented mobile OS like Graphene.
At the cost of conditioning people into following orders from random qr codes
you mean it was google.com? Or on which website was this recaptcha?
Recaptcha is a service offered by Google. It doesn’t matter on which site the user encountered the QR code verification request - the problem is with Google (the company.)
It does matter, because that Google integration didn’t happen by magic. Whatever the site is, they chose to do things that way.
The only way Google stops things like this is if they get actual pushback, and the only realistic way to achieve that is to make the people using their service reconsider.
So what exactly will naming the site achieve? If someone wants to boycott recaptcha (which I’m 100% onboard with, btw) they’ll just not comply with the captcha and leave the site when they encounter it. On the other hand, someone who would not otherwise visit the site cannot reduce traffic to the site by direct action. Telling their friends “don’t use that site, it uses recaptcha” is no more effective than telling them “don’t use any site that requires you to do QR recaptchas.”
Exactly this!
archive.is in this case
are they fucking serious with this shit?
what the hell…
Archive.is is a Russian propaganda bot net. Don’t use it.
What are good alternatives?
ah, that explains it…i half-remembered that something is off about that site, but couldn’t remember what it was…thanks for the heads up!
It looks like a Cloudflare interstitial. I also don’t think sites get to choose which challenge types show up in reCAPTCHA, so this is on Google.
Isn’t the site choosing to use recaptcha?
The site is using Cloudflare for DDoS protection, and unfortunately Cloudflare is probably the most effective tool for this. It also looks like it might be archive.org in the screenshot, and they’ve been dealing with a lot of DDoS attacks lately.
I don’t think Google advertises “we force you to scan a QR code” as a feature of reCAPTCHA either, so it feels a little weird to me to blame the site for using a DDoS protection tool that in turn uses reCAPTCHA for human verification when Google randomly decides to add a new stupid challenge type.
As far as I know, Cloudflare doesn’t use reCaptcha. I think they use a version of hCaptcha running on their own workers.