Google is the biggest creator of bot traffic on the internet with its crawlers, not to mention what they do to train their AI. I bet this won't block Google's own bots.
this post was submitted on 07 May 2026
23 points (100.0% liked)
Technology
42905 readers
221 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 4 years ago
MODERATORS
Phishing campaign authors will love this. It normalizes users scanning barcodes they can't read to go to unknown locations on a device where it's harder to see the URL and there's no IT watching for phishing activity.
Exactly my thoughts, too. QR codes are a great tool, but also an incredibly valuable and opaque vector for scams.
The was one recently where they put scam QR stickers over parking payment signs, so users gave their credit card details to scammers. How are you supposed to catch that, as the end user? It's not like you know the URL you're supposed to be going to.
Normalizing scanning QR codes just to access a website is going to be abused by scammers in no time.
This is it, what they've been wanting all along. You will no longer be able to access vast swathes of the internet unless you have a Google approved device, that is a Google-certified Android device with Google Play Services (aka Google Play Spyware) or an app on iOS. Use GrapheneOS or a Linux phone? No internet for you.
What I'd like to know is, what if you're already accessing a site from your phone? And what if you genuinely don't have another device? I'm assuming the answer to the second is you're SOL.
You're also missing the point, that a real user with a real name will be tied to each web-request that is "approved".
This is the beginning of the mandatory age enforcement/requirement.
Scan a Google tracking QR code, nope. Not to mnention how easy would it be to hide a malicious URL in a QR code. Nope, nope, nope.
This is a "trust me bro" vibe from Google. Guess sites will just have to deal with a drop in traffic. Cuz they're not getting any more data from me if I can help it
First they filled the web full of ads, then they let loose an army of bots and now they have to come up with solutions to identify and track real humans, so as not to waste their precious advertising.
I expected something awful, but this is beyond my already low expectations.
So how do I get through one of these without a working camera?
There are no doubt countless programs to scan QR codes on a desktop computer, and I know similar exists for phones. A camera is not needed.
At the same time though, that begs the question of what, exactly, is going to prevent an AI from doing the same goddamn thing? So it's still shit.
Awesome. Something to keep me away from big wrbsites and on the small web.
I'm not sure this is the right mindset to have. Sure you can isolate yourself for a while but at some point your bank will use this shit. Your doctor will send you a message via their orgs website. Your grocery store will charge you obscene prices if you don't use their app. The Internet has not been an optional utility for many years now.
this mindset is what keeps the world without big tech going. to just accept their abuse is to make it far more certain
I wasn't implying to accept it. I would say actively resisting it, complaining to the companies that utilize it, elect reps that will implement useful regulations is better. To just hide in a corner of the Internet doesn't accomplish much though.
It's true. I'm sorry I definitely said we should all hide in the corner. I should have probably have not said that using real words that actually came from me and have not been inserted into my fucking mouth by some finger wagging bystander looking for a soapbox to well-akshually from.
They say it's a QR code challenge, resistant to bots, but what does it to? How does it work?
the qr itself is just a link to a recaptcha web page with a unique identifier in the url.
the magic is all hidden in the required app that's linked to your google account and device, and the interactions that take place between it and google's servers once it sees that code or link.
I looked for info and didn't find anything.
Obviously you could decode the code on the device that's showing it, so why not also provide a link?
I have to assume that it's because the mobile device must be one where they can check that you're only running google approved software (play integrity or whatever it's called these days, maybe the apple equivalent).
We invite you to join us at Next ‘26 to talk about new capabilities
This post is just the announcement for a conference talk