Why Google’s New “Are You Human?” Test Could Block You from Your Favorite Sites

Google’s new Cloud Fraud Defense system is quietly turning reCAPTCHA into a de‑facto gatekeeper for the web: if you don’t have a compatible system, you can’t get into the site. More than 4 million sites use some version of reCAPTCHA, including big names like Spotify, Canva, Medium, Calendly, Pinterest, major news outlets, e‑commerce sites, and SaaS dashboards.

Users are most likely to hit the QR/Play‑Services flow on registration pages, login forms, password‑reset flows, and checkout/payment steps where merchants turn on “high assurance” verification.

When a site using Cloud Fraud Defense thinks your traffic looks risky (new device, VPN, privacy‑hardened browser, Tor, unusual behavior), you’ll encounter the new system.

On certain logins, password resets, or payments, instead of “click all the buses” you’ll see a QR code on your desktop and a prompt to scan it with a phone; your desktop session stays blocked until a compatible phone scans and approves it. If you don’t have an approved phone, you’re stuck.