Google is rolling out yet another hostile version of reCAPTCHA, and this time the message is unmistakable: if you want to prove you are human, you must first submit to Google’s mobile ecosystem. In practice, users are being pushed to scan a QR code with a mobile device in order to complete verification. On Android, Google’s own documentation says this requires Google Play Services version 25.41.30 or later. On iOS and iPadOS, the process also depends on Google’s verification flow. This is not progress. It is coercion.

Once again, Google is turning a basic web interaction into a gateway for proprietary control. The result is predictable:

1. People who use GrapheneOS, LineageOS, /e/, CalyxOS, and other free software Android distributions are pushed out;
2. People who reject Google services on principle are excluded;
3. People in regions where Google services are unavailable are locked out;
4. People without smartphones are treated as second-class users.

Even microG-based setups are reported to be unreliable here, which makes the exclusion even broader.

This is exactly the kind of creeping enclosure that free software activists have warned about for years. A public website should not require a proprietary mobile stack just to pass a human check. A person should not need to install Google’s services, use Google’s app, or carry a Google-compatible device simply to access ordinary web content. That is not a technical necessity. It is a political choice, and it is a bad one.

The deeper problem is not only that reCAPTCHA has become more invasive. It is that Google is normalising the idea that access to the web should depend on vendor approval. Today it is a QR code and a mobile verification step. Tomorrow it is more device attestation, more account binding, more silent exclusion. GrapheneOS has already raised concern that this trend extends beyond phones and into desktop environments as well. That should alarm anyone who cares about the open web.

Google Play Services and the verification app are proprietary. They are not neutral infrastructure. They are gatekeepers. Every time a website adopts this kind of system without protest, it sends the same message: convenience for some, exclusion for others. Free software users, privacy-conscious users, and people in low-control environments pay the price.

We should not accept this as normal.

We should demand web verification that does not rely on a proprietary mobile ecosystem. We should reject systems that punish users for running free software. We should push site operators towards replacements that do not force people into Google’s orbit just to access a page.

What you can do now

1. Sign the petition.
2. If you run a website or service, stop using reCAPTCHA where possible. Choose verification methods that do not require Google’s mobile stack, e.g. Anubis, ALTCHA, and mCaptcha.
3. Refuse to normalise forced installation of Google Play Services or Google’s verification app just to pass a human check.
4. Speak up. Share this issue with developers, administrators, and anyone who still believes the web should remain open.
5. Support free software replacements and challenge every attempt to turn access into a privilege.

The web should not be a permission system controlled by Google. It should remain usable by real people, on real devices, without surrendering freedom.