Mastodawn

It seems that so far, regardless I have to print the website in text. So is there any benefit to using a QR code?

Konstantin Weddige 5d ago

@JoBlakely less risk of mistyping and accessibility for people struggling typing.

@weddige thank you. I figured there were accessibility benefits, and even maybe less risk of going to the wrong or phishing site by accident.

yelling jackal 5d ago

@JoBlakely if the website is printed in text that's best case scenario! That way you know what the URL should look like when you scan it, so you don't have to type but can still compare.

@len yeah. I’d do both regardless.

Ray McCarthy 2d ago

@JoBlakely
A link to the author's website in an ebook as an ancient eink ereader may not have any wifi / internet access.
Put the text and a hyperlink too.

Never use short codes.

Mike Dolbow 5d ago

@JoBlakely generally don't, but while I used to see them as a "solution looking for a problem", I've come to see the utility.

Anecdotal example: Red Cross blood drives. They used to have a bar code for their "Rapid Pass", which is a pre-screening tool that donors can use to save time. The bar code was really difficult to scan off my phone, requiring several painful tries from staff.

They replaced the bar code with a QR code, and it consistently works better.

Artemis 5d ago

@JoBlakely
I avoid them, though I do often think about pasting over QR codes in public spaces with different QR codes that lead somewhere else. In a lot of scenarios it would be quite easy to do.

Jenica Lake เหล็ถเลถ 5d ago

@artemis @JoBlakely qr side quests for fulfilling mutual aid requests or donating to food banks- slipped over restaurant menu QR codes

polinamials 5d ago

@artemis @JoBlakely I've seen multiple times a QR code sticker pasted over top the original. That's why I'm very cautios scanning these things I'm public

sasutina13a is-a sasutina13a 5d ago

@polinamials @artemis @JoBlakely

Apps which hide the data in a QR code and immediately connect to whatever it points to are not anyone's friend.

At the very least, apps must show the data to the user and let the user decide whether to continue or not. And logging would be most helpful as well.

sasutina13a is-a sasutina13a 5d ago

@polinamials @artemis @JoBlakely

I have a little pocket barcode scanner I can use to read barcodes without any actions being taken by an app. It is very useful.

@polinamials @artemis @JoBlakely

staringatclouds 5d ago

@sasutina13

What we could use is a phone app that reads the code & tells you what it is & only starts a browser if you tell it to

@staringatclouds @sasutina13 @polinamials @artemis
In the thread there are a couple mentioned like that.

@sasutina13 @polinamials @artemis

staringatclouds 5d ago

@JoBlakely

I should have read back in the thread 🤦‍♀️

Thanks Jo

@staringatclouds no worries! It became a surprisingly long thread. Lots of great replies.

@sasutina13 @polinamials @artemis @JoBlakely

Bill 2d ago

Even if the app shows the link, frequently i find it is a redirector or shortener

Jo - pièce de résistance 2d ago

@w_b @sasutina13 @polinamials @artemis
I would never do that. That’s risky.

@JoBlakely @sasutina13 @polinamials @artemis

Bill 2d ago

I evaluate the QR code depending on where I see it, whether or not I follow the link

Flash Mob Of One 5d ago

@JoBlakely I just prefer to type the address myself and know I'm navigating where intended.

Becca 5d ago

@JoBlakely Ive been known to use them in place of finding another way to copy small chunks of text

and signal uses it, so there's that i guess

i dont use a scanner that automatically previews or opens links: https://f-droid.org/packages/com.secuso.privacyFriendlyCodeScanner

Theyre on Mastodon also: @SECUSO_Research

QR Scanner (PFA) | F-Droid - Free and Open Source Android App Repository

(SECUSO) Privacy Friendly QR-Scanner with minimal permissions

Franchesca 5d ago

@JoBlakely scanning a random qr code in the wild can be a security risk, they are often used for scams, and who knows what fake websites they might link to.

@Frantasaur I was thinking of adding them to my zines. They seem common there. I have them on my promo cards for my art and on tiny stickers I made also for my art.
But seeing as how so many seem wary (as am I) maybe it’s not worth adding it.

Franchesca 5d ago

@JoBlakely I think if you are an artist or small business handing out cards, this is one scenario where I would have some trust in it. I see this a lot at craft fairs and the like. QR codes for ordering in a busy pub or restaurant, or fundraiser posters put up by who knows what individual are another matter.

Konstantin Weddige 5d ago

@Frantasaur @JoBlakely tbh. QR codes are not more of a risk than a printed URL. They have been used in demonstrations to scare people, but I would classify these demonstrations itself almost as a scam. They usually are based on the implicit assumption, that it would be more secure to copy the URL by hand, which it isn't. Do not rely on recognising phishy URLs to be safe online!

TL;DR QR codes are fine; don't trust any website you got from a flyer blindly.

@weddige @Frantasaur
Yeah, that was what I figured too.
You just need to have some discernment going to any site. Even then there is always some, often significant, risk.

My camera shoots fascists 5d ago

@JoBlakely @weddige @Frantasaur

Most people are unlikely to type in Cyrillic characters (as one example) when hand typing or using voice transcription to input a URL, but could easily mistake those when a phishy URL shows up when they scan the QR code.

QRs remove friction at a time when people really need friction removed, like when being tired, stressed or in a hurry, making it even less likely that someone would catch a scam URL. I think they're dangerous for general use.

@Mikal good point.
@weddige @Frantasaur

can everything be outside now?5d ago

@weddige @Frantasaur @JoBlakely QR codes are generally contextually located so more trustworthy - the restaurant table is a protected space, with the restaurant invested in making sure the QR codes do the right thing, for example.
A URL shortener or unrecognized, unmonitored URL or QR code in the wild real world, and even more so on the Internet, are to be treated with caution.

@thesquirrelfish
Makes sense and good advice esp. re: url shorteners.

@weddige @Frantasaur

@thesquirrelfish
URL shortener should be really suspect, because there is absolutely no need for one in a QR code.
@weddige @Frantasaur

Franchesca 5d ago

@thesquirrelfish @weddige @JoBlakely it’s the context that’s the danger. You can fake the context by walking in somewhere and leaving flyers or putting stickers, and with QR codes it’s way too easy for the average person to already have the link opened before they stop and think. Scammers are never going to rely on hand typing a url, it gives the mark too much time to think. A nice QR code can feel official until it’s too late.

can everything be outside now?5d ago

@Frantasaur @weddige @JoBlakely IMHO it's better to train people/yourself on what information is sensitive and how to recognize scams than to intentionally slow or deny access to whatever you're trying to promote or access.
Like as an extension of your idea we shouldn't have clickable URLs in html because they're too likely to be a spammer. I would be more on board with making the email service or printer/publisher or business liable for what they provide access to than to slow individuals access to the info they want

Franchesca 4d ago

@thesquirrelfish @weddige @JoBlakely well, the better the “security” the less an individual can actually do. I agree that it’s a balancing act between ease of use and being cautious. Things like restaurant QR codes where you order and pay are too wide open for abuse, ditto for charity collections via posters with QR codes. Having them on business cards or in other scenarios can be useful.

can everything be outside now?4d ago

@Frantasaur @weddige @JoBlakely oh I think restaurant QR codes are more trustworthy than like giving a restaurant a credit card.

Deborah Preuss, pcc 🇨🇦4d ago

@thesquirrelfish @JoBlakely @Frantasaur @weddige yes, in the US they often walk away with your cresit card, i think?
Here the waiter usually brings a mobile credit card reader (or you pay at the cash). Taxis have them too.

Franchesca 4d ago

@thesquirrelfish @weddige @JoBlakely I’ve never been to a restaurant that took away my card! How can I even enter my pin if they do that? Back when they had those physical machines where they took an imprint of the numbers then maybe, but I don’t think I’ve seen that this millennium 😅

Some QR scams to watch out for
https://susqr.com/qr-code-scams

QR Code Scams: 10 Real-World Examples & How to Avoid Them (2026)

From parking meters to restaurant menus — learn the 10 most common QR code scams and how to spot them before they steal your data.

susQR

Jo - pièce de résistance 4d ago

@Frantasaur @thesquirrelfish @weddige
They probably steal one’s set for tapping.

can everything be outside now?4d ago

@JoBlakely @Frantasaur @weddige yeah it's the general practice in the USA for them to take the credit card away.
But mobile card readers can be hacked too, or people can do all kinds of different scams like impersonating staff(or even entire businesses). It's really just what people are invested in securing that makes security work 🤷‍♀️

Franchesca 4d ago

@thesquirrelfish @JoBlakely @weddige that sounds a bit oceans eleven compared to just printing out some stickers.

can everything be outside now?4d ago

@Frantasaur @JoBlakely @weddige
I watched someone demo how to jack a mobile card reader at a security conference more than a decade ago, and two decades ago it was done to all the customers of a huge retail chain (TJ Maxx) .
It can be as simple as getting access to the Wi-Fi network or the device and it's a lot harder for staff & patrons to detect and they can collect more data faster and use it before they're detected as opposed to one at a time transactions through a sticker and hoping they're not shut down with charges reversed when someone reports the scam transaction. But again it's level of effort and investment by the thief versus the establishment. There's a lot of ways to scam people, and security is never guaranteed. Pickpockets still exist, and con men become billionaires and presidents 🫠

Russell 5d ago

@JoBlakely It depends.

There's a restaurant that has outdoor seating with a QR on each table. It lets me order food without flagging a server from inside so no need to mask up just to get a seat. Menus should still be an option.

One place gives a QR on the receipt to pay on phone or at register

QR that replicates a visible text link are nice to have.

Saw a shopfront with only 'scan QR for hours' and immediately went 'never going there then'.

I hate QRs that are just shortener/tracker links.

Riccardo Mori 5d ago

@JoBlakely I’m in that grey area between ‘yes’ and ‘no’. There are situations where I use them because there is no alternative. A lot of places to eat where I live don’t have a paper menu and you have to scan a QR code to view it. Some apps need me to scan a QR code as means of authentication.

I’m aware that QR codes can be used maliciously, so I’m certainly not scanning every QR code I see in the wild.

@morrick yeah. When covid began that really took off. It was more sanitary than menus. I just didn’t go to places or I asked for a menu. They did usually have one because not everyone brings a phone with them. I almost never do.

Duke 5d ago

@JoBlakely Hard NEVER. I'd rather lose a limb first.

vrek 5d ago

@JoBlakely depends on qr code purpose and who made it. Like I had a bunch of accounts for different systems with mandatory 36 characters randomly generated passwords. I printed a book with all the usernames and passwords in qr codes. Yeah not best security but it was stored in a locked cabinet and no plain text. We also used qr codes for serial numbers as it was smaller and more reliable.

Now random qr codes stuck to a pole in town... No!

Kim Possible

5d ago

@JoBlakely Only to check in for a vaccine. They make it hell if you say you don't have your phone with you.

Bill, organizer of stuff 5d ago

@JoBlakely I usually check to see if they're tracking links or just an encoded URL before using. I avoid trackers - especially big corporate trackers - like the plague. I also develop a rash whenever someone sends me an email with a QR code in it. Yeesh.

cherrybombspice 5d ago

@JoBlakely If I must I only use QR codes I trust which is super rarely. There's so many ways to get hacked, I prefer not to risk it.

@JoBlakely QR codes are wonderful for many purposes but I prefer to order my food from a real, live person.

@softicecreamlesley
What if it was on an artists business postcard, or zine directing you to the artists website or similar?

@JoBlakely Of course. Anything is better than typing in a URL. I own an English school in Japan and using QR codes to help my students access what they need has been a really game changer.

Also, I have a QR code on a poster in the front window of my school that interested people can scan to access our website.

@JoBlakely QR codes were invented in my prefecture by Denso corporation.

@softicecreamlesley cool!!

@softicecreamlesley thank you! This is good info to know and consider.

Deborah Preuss, pcc 🇨🇦5d ago

@softicecreamlesley @JoBlakely I can see using them inside a closed context like a school. Very convenient.

But in public?

The local bikeshare uses QR codes to access the bikes. But of course someone has hacked that by putting stickers over the real QR codes, so people actually pay someone else 😱.
Yeah, I'm *really* cautious, in public.

@deborahh
I heard about that too. Yikes.
@softicecreamlesley

@deborahh It depends on where you live. That happened to my friend in Britian but I’ve never heard of it happening in Japan. In any case, it sounds like how @JoBlakely would be using it would not be in a public context.

Leela Torres 5d ago

@JoBlakely
I use them with a privacy friendly scanner which shows me the url. I must confirm to open those urls