I didn’t know my city was cool enough to put signal flyers.

    • my_hat_stinks@programming.dev
      link
      fedilink
      arrow-up
      97
      arrow-down
      7
      ·
      6 months ago

      QR codes essentially just encode text, as long as you’re using a sensible QR code reader and check any URLs before opening them there’s minimal risk to scanning a QR code.

        • hash@lemmy.world
          link
          fedilink
          arrow-up
          34
          arrow-down
          4
          ·
          6 months ago

          Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn’t know there was a name for this sort of attack.

          • Lichtblitz@discuss.tchncs.de
            link
            fedilink
            arrow-up
            22
            ·
            edit-2
            6 months ago

            Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)

            • gila@lemm.ee
              link
              fedilink
              English
              arrow-up
              6
              ·
              6 months ago

              They’d still resolve via DNS to an address in ASCII though, right? Wouldn’t that only be an issue if ICANN didn’t have a monopoly on DNS registration? i.e what we already depend on for a semblance of convenience without totally compromising opsec

        • 4stringscooter
          link
          fedilink
          arrow-up
          9
          ·
          6 months ago

          Or xss/sqli/etc attacks on vulnerable sites that don’t sanitize url query parameters

          • 4stringscooter
            link
            fedilink
            arrow-up
            14
            ·
            6 months ago

            Or maybe a fraudulent signal app.

            I mean, generally speaking, just don’t click on random links. This is a random link. Qr codes are valuable but we’re conditioning society to just be cool with clicking on random shit without putting much thought into it.

        • Captain Aggravated@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          ·
          edit-2
          6 months ago

          Oh is that like bankofarnerica.com or whatever, hoping the r and n look enough like an m for at least some people to click?

          edit: under absolutely no circumstances click on the above link. Your bank will be robbed and your foreskin soldered shut. To very don’t.

    • jqubed@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      6 months ago

      I may have in the past put lyrics from “Never Gonna You Up” or links to the music video on YouTube in QR codes I printed on blank business cards and left them in public places around town.