@Anomnomnomaly never scanned one outside my home. Never will.

@Anomnomnomaly Contrary to what was claimed, this post is 98% scaremongering, discarding an entire technology because of *check notes* parking payment fraud, as depicted on the picture.

It is entirely possible to use QR codes safely with a minimum of care, especially when they aren't related to payment. No need for grand-standing statements or, goodness forbid, all caps.

@Anomnomnomaly no. Use a scanner that shows what it is before opening it in a browser. If it's a redirect (bit.ly etc) THEN 👆🏻 don't open it. Most are redirects 😔 true.

@Anomnomnomaly Same treatment for unknown USB sticks

@Anomnomnomaly Yeah, the nightmare here is that most of the real QR codes link to really fishy-looking URLs - generally payment/billing firms you've never heard of - so there's no good way for even a clued-up user to tell real from fake, other than these factors like whether the actual physical thing looks like a sticker over the real code

@Anomnomnomaly that is a good shout 👏🏾 these QR code stickers are everywhere. Don't scan !!

Also be very wary of the 'techpologists'

those that claim all tech is benevolent, for the greater good (greater good) and to make the world easier and better for all.

It's not, it's there to increase profits for a minority by the exploitation of others... that's it. Any 'benefit' for people is a side effect not actually intended.

@Anomnomnomaly There is so much illiteracy around this subject, and the illiteracies keep piling up.

@Anomnomnomaly the one and only place I’ve used a QR code was at the emergency room. It was assigned to me and I could see that no one had accessed it to alter it.

@Anomnomnomaly erm, not sure if just not using it is the right way. Use QR codes with a scanner that tells you the target. If the target is phishy / URL shortener, whatever, then don't go further, else use it.
I would recommend the app "QR Scanner" by @SECUSO_Research https://f-droid.org/packages/com.secuso.privacyFriendlyCodeScanner

@Anomnomnomaly Unless it's my Twixxer profile picture, you can scan that with impunity.

I mean I don't remember if you'll end up here or rickrolled because it points to a server endpoint I control and can alter on a whim, but it's safe. honest.

@Anomnomnomaly and what can happen when i scan them?

@Anomnomnomaly well dang I can't order at restaurants anymore

@Anomnomnomaly OR REFUSE TO USE THEM AS A MATTER OF PRINCIPLE!

- Abythin else is support for #Cyberfacism and supporting #Cybercrime!

@Anomnomnomaly if you're a designer of such documents always include the URL or text contained in the QR code below or adjacent to it.

@Anomnomnomaly
Or just stop using them and require people to write out the URL addressees so one can at least examine it for legitimacy. BUT we won't do that because the convenience is worth the risk, after all we sacrifice our privacy for convenience and we embrace monopolies for convenience. Convenience trumps everything.

@Anomnomnomaly I don't disagree with anything you've written here, which is why it's such a shame that we occasionally have to use QR codes for accessibility reasons when inclusion hasn't been considered/possible from the start. For example, to direct people to a more accessible version of a data entry experience in a museum, give access to a web-browseable version of some event information without people having to type a URL, etc. It's a terrible solution and I hate it.

@Anomnomnomaly
That is fearmongering tho.
QR are links (sure, they are more complex and the simple act of scanning and decoding can be an attack vector, but so is receiving a message with some IM apps), and are no more malicious than links.

They are also a convenient way to encode information that the user should not have to type.

So yeah, everyone should use caution while operating a connected device, but hating QRs is scaremongering, and it'is stupid too.

Don't do that.

@Anomnomnomaly When you actually have/want to scan something, I can really recommend BinaryEye (available via f-droid).

It will *not* open the link by default but will show you the scanned value first, then you can decide whatvto do.

Also it supports tons of code-formats, not just QRs (bar-codes, etc)

@Anomnomnomaly now I want to get rickroll qr code stickers

@Anomnomnomaly

Everything is just a scam now, isn't it?

I give up.

@Anomnomnomaly If you *do* scan it, do so in a way that you can see the content prior to any action being taken. Whatever device you have, you may have to try various things (with trusted (ie. you created them, or at least have tested them) QR codes). They weren't *really* designed for public use.

@Anomnomnomaly I avoid these kind of parking places, I still prefer to pay with cash if possible.

@Anomnomnomaly That's the only way we can pay for parking at a local unattended garage where we go frequently. I guess we won't go there anymore.

@Anomnomnomaly Re-toot if you checked if there's enough of the code left to scan it 👨‍🔬

@Anomnomnomaly ...or just use a sane qr code reader that doesnt immediately open websites and lets you copy the link first, so you can check it for authenticity. just simply scanning a code can never hurt you

@Anomnomnomaly Never open a link you don't see/know/understand. QR codes are incomprehensible to us, therefore QR codes must not be scanned.

@Anomnomnomaly Kinda wild how there's no authentication on those at all, tbh. (Except maybe a Let's Encrypt certificate, but that doesn't verify that it's indeed the right parking app)

@Anomnomnomaly Hmm. While undoubtedly you have to be careful of QR codes (same as any links) your advice isn't quite right.
With a modicum of care and common sense, it's entirely possible to use QR codes successfully and safely.
A QR code pointing to a URL is effectively the same as a link, and you wouldn't say "Never click any links! Ever!!" now would you?
Yes, caution is needed (with anything online) but there's really no need for hysteria.

@Anomnomnomaly Japan has been using a new system with digital signatures in QR Codes for years now, would be time to adopt that worldwide..
https://america.cgtn.com/2019/05/20/new-security-for-qr-codes-in-japan-aimed-at-increasing-cashless-transactions

@Anomnomnomaly
I have a stupid app, which just reads the content and shows me the URL. To open it I must exclicitely toggle it on against the hint.

https://secuso.aifb.kit.edu/QR_Scanner.php

I can recommend all of their apps, even if I don't use them all.

@Anomnomnomaly Shouldn't this probably good advice also go for link shorteners?

@Anomnomnomaly Theft like this isn't enshittification. It's just destruction. Please let Doctorow have his day in the light for drawing out a truly horrendous business practice.

@Anomnomnomaly This is why we can't have nice things.