undefined | Better HN

0 pointsBjoernKW2y ago0 comments

> And totally insecure --- as in anyone can make a copy and share it.

Which is totally fine for the use case at hand and not a security issue at all, in this case. For other use cases, such as advertising, sharing would even be desired behaviour.

A possible security issue for the museum use case rather would be a malicious actor replacing the QR code with their own, thereby trying to have visitors download malware to their phones.

0 comments

2 comments · 2 top-level

Someone2y ago

> For other use cases, such as advertising, sharing would even be desired behaviour.

Not necessarily. It could be used to associate the advertiser with something they don’t want to be associated with.

Depending on what the QR code leads to, that may have to be a subtle difference.

For example, if I copy a QR code for a Greenpeace campaign and place them at the Indianapolis speedway, or at a hunting event, theres a chance that those who read the code will think that Greenpeace placed them there in an attempt to comment on the badness of those events, but what if the link leads to a “good to see you here” or fairly generic “support this green event” web page, things may be different.

jqpabc1232y ago

QR Codes are like URL links in spam email.

They can be easily generated/distributed at almost no cost and it's difficult to tell in advance if one is malicious or not.

j / k navigate · click thread line to collapse