If only there was some open standard for browsers to verify that a real human is visiting a website, so that website owners wouldn't have to rely on bespoke hacks that only work in chrome.
This would be great if it didn’t have any downsides. China has a system like that: QR code to login everywhere. Everything is linked to your phone number which is given after taking a picture of you and official ID.
We are gonna have to live in a slightly bot-rich society to keep this at bay.
It starts with browser control. And then, ends with needing human verification to ssh into a server that you own. Let’s just build better security.
The problem isn't that the hack only works in Chrome, it's that the system being proposed is inherently terrible regardless of how it's implemented.
There is no such thing as a reliable standard for browsers to verify that users are human that does not harm the open web or threaten user autonomy and accessibility. Every single accessibility standard and user choice about extensions and access is abusable by malicious actors, and every security measure to block abuse of automated scraping or access also blocks valid use cases.
Yes, an open standard that any browser could use to prove human interaction would be great. It's also impossible, of course; all attempts so far lock in specific software or hardware stacks and then pretend that bots can't use those systems, guaranteeing both false negatives and false positives.
We are gonna have to live in a slightly bot-rich society to keep this at bay.
It starts with browser control. And then, ends with needing human verification to ssh into a server that you own. Let’s just build better security.