You must log in or register to comment.
How would you make an arbitrary QR code have a verifiable signature?
Just pay a public CA everytime you make one /s
A verifiable signature could be created but the use of public keys lets malicious actors to sign using the same key
Find yourself a QR scanner that gives you a preview of what the code is before sending you to the open web.
I like this one, found it on F-droid. “QR Scanner (PFA)” https://github.com/SecUSo/privacy-friendly-qr-scanner
For example, the QR code sirico@feddit.uk posted (it can scan from a saved picture too) shows me this;
Wait, do normie phone, just, instantly open an untrusted website? The camera on LineageOS has a “scan” mode where it shows the data of scanned QR codes before you make an action.
Yup, modern security at its finest. Normie’s don’t stand a chance.
I wish email clients would do something similar, especially for Formatted links.
Open up a big popup that shows the full sender address, the full link, and underline/color any numbers so its clear AMAZ0N.com is b.s.
They show you a tiny pop up with some of the URL. Not all of it. You click that and it goes right to it.
I remember thinking this years ago when I saw a QR code for paying for parking. I don’t want to buy a printer though, otherwise I would have printed one to link here.
Nice try.
I just like his music
Me too I actually like getting rickrolled
What app you using that gave you that preview?
Voyager (wefwef). Great app. Just realized they’ve got newer link
gXcQ - link stays blue.
XcQ - no click for you.
For some reason this didn’t really occur to me.
I don’t see QR codes as a potential attack vector… At least, I didn’t… Until now.
It’s weird because I’m usually the one pointing out issues with everyone else’s plans… I didn’t realize I still had blind spots on this. Oh well, I’m only human.
