BY TYLER DURDEN
MONDAY, JUN 08, 2026 – 03:30 AM
Authored by Dr R P via The Daily Sceptic,
Never mind Fancy Bear, or the NSO Group, the biggest threat to the open internet today is from the Big Tech corporations on which it has come to depend. For what else are we to conclude given that Google appears to be working on a system to lock large parts of the internet behind a new form of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) designed not to tell apart humans from bots, but instead to make an un-person of anyone who doesn’t own an ‘approved’ Android or Apple device.
Google’s reCAPTCHA service is used by a wide variety of websites, many of them independent of Google in every other regard, to limit incoming traffic or data entered into contact forms. It is intended to prevent automated software from accessing these resources and using them to send spam messages or flood websites with denial of service attacks. You have probably encountered it when told to identify all the bicycles in a grid of images.
Under the auspices of its Cloud Fraud Defence programme, Google is introducing a new form of CAPTCHA for which the way to ‘prove’ one is a human is to be in possession of a Google-approved device. Reclaim the Net’s original reporting focused on the threat to deGoogled phones, meaning phones running Android-like operating systems which have Google’s – often unwelcome – proprietary features removed, such as GrapheneOS or LineageOS.
However, just as the dull name of ‘age verification’ serves as a cloak beneath which schemes to end all truly personal computing can be smuggled, the danger here could be much broader than the technically focused headline implies. As the sources discussing this are relatively few, it is hard to ascertain exactly what has already been rolled out and what is still in the conceptual stages. But it appears that the new style of CAPTCHA threatens not just users with deGoogled phones but anyone without an ‘approved’ device.
Google’s own documentation confirms the existence – as a "Preview" in limited use with alternative options presently existing – of CAPTCHAs which require an Apple or Android handset to pass them. But it describes this in a "Mobile Verification" context, which may imply a more limited use than reCAPTCHA in general. However, with such functionality possible, there is no reason that Google could not activate this, without alternative options, everywhere that its reCAPTCHA-branded prompts appear.
Knowing that locking out everyone except Android users would have even the most clueless politicians smelling a monopoly, Google has deigned to also allow Apple iOS users through, but their approval is nonetheless limited to devices where the full tech stack is under corporate control. Apple phones and tablets use a locked bootloader to trap users within a walled garden, where they are at Apple’s mercy whenever an unwelcome new feature is introduced. Unless the Keep Android Open campaign succeeds, certified Android devices will soon be scarcely better, a condition of certification being that manufacturers must obstruct users from side-loading to install apps from outside Google’s Play Store.
Because Apple and Android phones do not respect your freedom, Google chooses to trust them. That’s an odd-sounding sentence, so let me explain.
On a Linux desktop, or a GrapheneOS phone, you, the user, have true control of your own property and can modify its operation to suit your own ends. And whilst Microsoft Windows has definitely not been respecting your freedom recently, Windows users still have control over what extra programs they install on a Windows system, for now. But on an Apple or Android device Google can be confident that it is precisely as enshittified as Big Tech intended it to be. It can be sure that any programs running on the device were programs which it approved within its own app stores, and that the device will never prioritise the needs of the user when they conflict with the desires of the corporate master.
Hardware attestation – where your device, via a cryptographic process, provides proof to a remote server that its hardware and software are genuine and unmodified – intensifies this imbalance even further. Not only can the device keep tabs on you, but it can also use a cryptographic key kept within a normally-inaccessible part of the system to sign each message it sends to the centralised servers and assure them that you have not tampered with it. The server can choose to deny access to any device not able to provide the signed confirmation. In Big Tech’s dictionary, exerting true ownership over your own property is now dismissed as tampering, where anyone with the temerity to ‘tamper’ with the items they bought with their own hard-earned money is to be excluded from polite society.
Within modern certified Android devices, the Play Integrity API provides capabilities for hardware attestation. For Apple, the App Attest API performs the same function. The TPM 2.0 security chips which Microsoft decided to list as a hardware prerequisite for recent Windows versions provide the physical components which would be necessary if Microsoft seeks to introduce hardware attestation in future, its decision being made doubly suspicious by the fact that even the most security-focused Linux distributions do not make TPMs a requirement and that today’s Windows can run without a TPM in practice. This concept of ‘Trusted Computing’ does comparatively little in terms of letting you trust that your computer remains secure, but is very helpful to let remote centralised servers trust that your computer will obey their diabolical DRM schemes.
Some banking apps already use hardware attestation, having bought into Google’s argument that this improves security. Google’s argument is laughable. Their hardware attestation approves legacy stock Android models which have known unpatched vulnerabilities – including ones which would allow malware to spy on user activity – or have received no updates for years; but it blocks fully up-to-date GrapheneOS devices. In treating hardware attestation as a proxy for security, banks and other app providers are locking out the more secure devices. And for all these security hoops they expect users to jump through, services still leak sensitive records by the billion from large-scale data breaches at their end.
Source:
Diem ‘Richard’ Nguyen
Liên Minh Bảo Hiến Mỹ Gốc Việt
Vietnamese American Conservative Alliance (VACA)
https://freedom-vaca.org/vaca-blog-tieng-viet-nam/