GrapheneOS
`Auto-verify` should be turned off by default for potential privacy implications
Auto-verify allows sites to save information about you confirming you are a human. Other sites can then query this information from the original site as part of verifying if you are human or not.
Looks like it’s based on Private State Tokens which are Google’s implementation of Privacy Pass. It’s basically just a privacy-preserving way to bypass CAPTCHAs. Apple has a similar thing with their Private Access Tokens. The info they’re talking about is likely just the Private State Tokens themselves which are essentially just letting you bypass the CAPTCHAs after you complete one successfully. They’re stored in their own separate area away from other browser data.
This should probably be closed as Auto-verify doesn't pose much of a privacy concern.
@pingu-the-penguin
Auto-verify doesn't pose much of a privacy concern.
I believe you mean to say 'the convenience trade-off is worth revealing that I've completed a CAPTCHA elsewhere.'
Auto-verify doesn't pose much of a privacy concern.
I believe you mean to say 'the convenience trade-off is worth revealing that I've completed a CAPTCHA elsewhere.'
I said what I meant.
https://developers.google.com/privacy-sandbox/protections/private-state-tokens https://github.com/WICG/trust-token-api
We could leave it open for after all state partitioning work is done but it's pointless right now.
I said what I meant.
As do I my paraphrasing (my appreciation for the links notwithstanding).