I didn’t know my city was cool enough to put signal flyers.

  • my_hat_stinks
    link
    fedilink
    858 months ago

    QR codes essentially just encode text, as long as you’re using a sensible QR code reader and check any URLs before opening them there’s minimal risk to scanning a QR code.

      • hash
        link
        288 months ago

        Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn’t know there was a name for this sort of attack.

        • @[email protected]
          link
          fedilink
          22
          edit-2
          8 months ago

          Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)

          • gila
            link
            fedilink
            English
            68 months ago

            They’d still resolve via DNS to an address in ASCII though, right? Wouldn’t that only be an issue if ICANN didn’t have a monopoly on DNS registration? i.e what we already depend on for a semblance of convenience without totally compromising opsec

            • qaz
              link
              9
              edit-2
              8 months ago

              It utilizes punycode under the hood. The actual DNS entries still use ASCII.

        • qaz
          link
          138 months ago

          Punycode enables you to encode any Unicode character as ASCII. Almost all browsers support this.

        • @[email protected]
          link
          fedilink
          148 months ago

          Or maybe a fraudulent signal app.

          I mean, generally speaking, just don’t click on random links. This is a random link. Qr codes are valuable but we’re conditioning society to just be cool with clicking on random shit without putting much thought into it.

      • Captain Aggravated
        link
        fedilink
        English
        6
        edit-2
        7 months ago

        Oh is that like bankofarnerica.com or whatever, hoping the r and n look enough like an m for at least some people to click?

        edit: under absolutely no circumstances click on the above link. Your bank will be robbed and your foreskin soldered shut. To very don’t.