For those who don’t know, it’s where someone takes a QR code like on a poster for a concert and puts a sticker with a different QR code on top to a fake website that looks like the concert website (or a Rick Roll).
The obvious answer is to scratch off the QR code if you notice it’s a sticker, but It’s not always acceptable -or legal- to start damaging stuff to check if it’s real or not. Also what if it’s out of reach on a sign or something?
You can’t put a little text under saying what the website is as a sort of checksum because the vandal can just write their own website under their sticker.
Android does the same. The problem is most of those QR codes are encoded short links which tells you nothing about where they’re taking you.
https://short.link/au1034ghacould take you to a PDF on the restaurant’s Wordpress site or it could take you to malware or somewhere else you really don’t want to go.In that case, I blame the people generating the codes for using URL shorteners. My org uses them in flyers for the public, and I always have to chastise them and re-create the QR codes because they run the URL to our website through bit [dot] ly. 😡
I’ve had one recently that used a similar site. It now has an ad and a click through to get to the site. I think it was meant to be a menu. Enshittification at every point.
Interesting! I did not realize they use bit.ly and such. That would make the solution even more difficult, as Apple and Google would then need to make some sort of deal with every major URL shortening service to somehow be able find out what the URL links to, and then check it against a blocklist. That would require quite a bit of cooperation, to the point of being a non-starter I’d think. Why use a short URL service for a QR code?