this post was submitted on 18 May 2024
229 points (93.5% liked)

Privacy

31872 readers
437 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

I didn't know my city was cool enough to put signal flyers.

top 45 comments
sorted by: hot top controversial new old
[–] Baguette@lemm.ee 145 points 5 months ago (3 children)

Cool but I wouldnt exactly trust a random qr code

[–] my_hat_stinks@programming.dev 89 points 5 months ago (2 children)

QR codes essentially just encode text, as long as you're using a sensible QR code reader and check any URLs before opening them there's minimal risk to scanning a QR code.

[–] TaviRider@reddthat.com 71 points 5 months ago (4 children)

I still wouldn’t trust it because of homograph attacks.

[–] hashferret@lemmy.world 30 points 5 months ago (2 children)

Respectfully I think this is a minimal attack vector in this case due to the limited character set of urls. But thanks for the callout, I didn't know there was a name for this sort of attack.

[–] Lichtblitz@discuss.tchncs.de 22 points 5 months ago* (last edited 5 months ago) (1 children)

Modern browsers happily show you the actual characters, while sending their encoded entities to the server. So, from a user perspective there is no ASCII limitation. Case in point: söhne.at (just some random website, I have no idea what they are or if they are legitimate)

[–] gila@lemm.ee 6 points 5 months ago (1 children)

They'd still resolve via DNS to an address in ASCII though, right? Wouldn't that only be an issue if ICANN didn't have a monopoly on DNS registration? i.e what we already depend on for a semblance of convenience without totally compromising opsec

[–] qaz@lemmy.world 9 points 5 months ago* (last edited 5 months ago)

It utilizes punycode under the hood. The actual DNS entries still use ASCII.

[–] qaz@lemmy.world 13 points 5 months ago

Punycode enables you to encode any Unicode character as ASCII. Almost all browsers support this.

[–] 4stringscooter@lemmy.ml 9 points 5 months ago (1 children)

Or xss/sqli/etc attacks on vulnerable sites that don't sanitize url query parameters

[–] 4stringscooter@lemmy.ml 14 points 5 months ago

Or maybe a fraudulent signal app.

I mean, generally speaking, just don't click on random links. This is a random link. Qr codes are valuable but we're conditioning society to just be cool with clicking on random shit without putting much thought into it.

[–] captain_aggravated@sh.itjust.works 6 points 5 months ago* (last edited 5 months ago)

Oh is that like bankofarnerica.com or whatever, hoping the r and n look enough like an m for at least some people to click?

edit: under absolutely no circumstances click on the above link. Your bank will be robbed and your foreskin soldered shut. To very don't.

[–] InternetCitizen2@lemmy.world 5 points 5 months ago

That's fair

[–] bloubz@lemmygrad.ml 7 points 5 months ago

Well not really, it's a good way to do a IDN homograph attack

[–] jqubed@lemmy.world 7 points 5 months ago (1 children)

I may have in the past put lyrics from “Never Gonna You Up” or links to the music video on YouTube in QR codes I printed on blank business cards and left them in public places around town.

[–] possiblylinux127@lemmy.zip 2 points 5 months ago

You should a tracking link that has been shortened

[–] Successful_Try543@feddit.de 6 points 5 months ago

You could still enter the URL manually if you are concerned.

[–] gencha@lemm.ee 30 points 5 months ago

That's wanderful!

[–] NegativeLookBehind@lemmy.world 26 points 5 months ago* (last edited 5 months ago) (1 children)

Surely it's legit

EDIT: It actually is

[–] CrayonMaster@midwest.social 13 points 5 months ago (1 children)

What is it? Just signal's webapge? I'm a coward.

[–] NegativeLookBehind@lemmy.world 21 points 5 months ago

Yup. I cropped the QR code and checked it with an online reader, and it’s literally signal.org

[–] RedditWanderer@lemmy.world 16 points 5 months ago

I wander what it means

[–] possiblylinux127@lemmy.zip 4 points 5 months ago* (last edited 5 months ago) (1 children)

It probably it is a person putting up flyers

[–] InternetCitizen2@lemmy.world 3 points 5 months ago

I guess I mean someone in my city not the government.