Anyone remember when Googles Motto was Donât Be Evil?
Iâm really curious how this supposedly works on iPhones after iOS 16.4 without any additional apps required.
Is this some sort of standard GrapheneOS could implement? (Like maybe this is some proof of work thing)
Did Google convince Apple to bundle some weird thing in iOS?
Do people without mobile phones just not get access to websites anymore?
Is there a demo anywhere?
I know, that doesnât answer any of my questions.
Edit: Because it says âIf verifying on iOS/iPadOS device with version 15.0-16.4, download the reCAPTCHA app in the App Store. After installation, return to the challenge to try again.â which implies after 16.4 you donât need this app, but why?
Yeah, those are good questions. I donât know.
Perhaps someone from GrapheneOS team can answer for whatâs what and why and how they plan to mitigate this issue in the future.
I just scanned the QR code in their support doc screenshot and all it does is open an App Clip.
So you DO need to install/use Googleâs proprietary software on iOS, theyâre just pretending itâs not an installation because itâs an App Clip instead of an App Store download.
The annoying thing (like all App Clips) is that is still stays on your phone after, until you manually remove it.
Can I just use my phone without Google Play Services in piece? 
It was bad enough that Proton doesnât support notifications, security keys, and document scanning without Google Play Services. Then of course we have the Play Integrity API situation. But forcing it for captchas is just next level.
People need to stop just accepting that they need Google Play Services or that itâs fine and make a stand against this nonsense.
Yeah I was just thinking this. They essentially brought SafetyNet to the web 
Wtf
Looks like a bigger blow to user privacy and freedom than even Play Integrity APIâŚ
I guess we need to hope that the EU steps in and phases this out of existence.
(Itâs because before iOS 16.4 random websites couldnât open App Clips, only regular apps, but now they can)
Sharing with Third Parties
For users that have opted into sharing analytics with third-party developers, Apple shares a subset of analytics information that is relevant to that developerâs App Clip, as long as the analytics information and statistics are aggregated or in a form that does not personally identify you. Apple shares this information to help Appleâs third-party developers improve their App Clips, apps, products, and services designed for use with Apple products.
You may enable or disable sharing of crash data and statistics about how you use App Clips with third-party app developers by going to Settings > Privacy > Analytics & Improvements > Share with App Developers.
Retention
Data associated with an App Clip is deleted from your device after 10 days or non-use, or, if you have signed in to the App Clip with Sign in with Apple, after 30 days of non-use. App clips are automatically removed from your device after 30 days of non-use.
At all times, information collected by Apple will be treated in accordance with Appleâs Privacy Policy, which can be found at www.apple.com/privacy.
so surely this is a way for google to get more data from Learn More About App Clips - Apple Support
Even putting a pin in GrapheneOS & degoogled device issue, this would appear to be a tremendous reinvention of the way we interact with the internet. You are not free to simply use a desktop. You MUST have a mobile smart device accessible. Is your phone dead? Charging in the next room? No internet for you
Adding a Google Play requirement ontop of that is kind of insane. Recaptcha is a broad anti-spam protocol; I wouldnt be surprised to learn it has a supermajority marketshare. This feels like a cut-and-dry monopolistic practice
Meanwhile malicious actors will just use CloakBrowser: Stealth Chromium that passes every bot detection test. Yes, it works, no, you donât need to do any captchas.
The Python wrapper is MIT-licensed and open source, but the Chromium binary itself is completely closed source. 
I am not saying it is privacy respecting or you should use it. Webscrapers donât care about sourcecode. Cloakbrowserâs reasoning, which I think is fair, is that fingerprinting companies constantly test these browsers, and showing their antidetection mechanisms would make it easier. Signal doesnât share the sourcecode of their spam detector thing. Yes, this is a browser which is vital, but run it in a vm if you want and definitely watch the network, idc.
They mentioned they would be willing to get an audit once it gets bigger.
I understood. I meant that even burning the machine isnât enough anymore once you install that.
Very relevant: Google's "Open" Android
You can try to use my template to contact site developers and ask them to move away from recaptcha. If there will be enough of us, ice could melt.
Template
Hello!
I am an Internet researcher who fights for privacy and security on the vast Internet. As part of my initiative, I select sites at random to further test them for security and privacy. And if you are reading this, your site has become one of them :)
Unfortunately, a very serious threat to the privacy of your users has been detected on your site, namely linking to the services of the evil corporation Google (reCAPTCHA).
I strongly recommend switching to a free alternative to hCAPTCHA.
Pros of hCAPTCHA:
- The service is completely free and does not require any costs
- Easy to switch from malicious reCAPTCHA (https://docs.hcaptcha.com/switch/)
- Extremely reliable! Cloudflare, the leading DDOS protection company, switched to hCAPTHA (proof: https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/)
- No personal data collection or malicious cookies, unlike reCAPTCHA (article one https://nearcyan.com/you-probably-dont-need-recaptcha/ and article two https://www.reddit.com/r/CryptoCurrency/comments/cdvie3/googles_new_recaptcha_tracks_your_online/).
- Works in any country, as it is completely independent of the evil corporation Google.
Please forward this letter to the site management in its original form. Thank you for your attention!
Oh i think this is not playing into what most companies care about.
Better would be:
I am a marketing and lead conversion researcher. I noticed that you lose many customers due to a technology named Recaptcha making many customers drop out of your website out of annoyance with the user experience needing to use their phone while trying do something on your website. I suggestâŚ
Because letâs be honest, outside of of privacy, this is a horrific user experience.