99
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 23 Mar 2024
99 points (100.0% liked)
technology
23277 readers
254 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
For real, if you're scanning QR codes... you shouldn't be. They are not secure and it's infinitely easier to hijack a business QR code than it is to install a card skimmer, except a QR code can be used to gain access to vastly more than just your credit card details.
On a similar note there's this company I have purchased a consumable good from online that I opted for auto-renewal with because it's cheaper. I have a new card since I signed up with them so the transaction didn't go through this time around and there's nowhere on their website to change my card details. It takes idk 24-48 hours and then I get this text message saying something along the lines of "Your card has failed to process, please follow this (url shortened link) to update your details". The shortened url leads to a 3rd party payment processing and credential-storing website that is a reputable e-commerce frontend so I'm 99% it's legitimate but I was like "Naw, fuck that" and sent their company director a blistering email saying that their payment processing is virtually indistinguishable from a phishing scam and to do better.
I haven't updated my card details with them since that email and their garbage tier "I can assure you that the message you received is verified and was sent from by our team" response in protest.
Fucken tone deaf bullshit. My problem wasn't me saying "Can you please verify that you sent me this message?" (MFer, do you want me to email you every time I need to update my card details to verify this shit??) but it was that their processes are extremely vulnerable to exploits and, although I'm fairly confident that I can identify that it's legitimate, I don't want to have to go through the process of carefully checking the unshortened url for any sneaky typographical anomalies and sussing out the whole website and it creates such a lax security culture that it encourages people who aren't tech savvy to drop their guard, which can easily lead to personal disaster.
Fuck all companies, fuck capitalism etc. etc. but such blatant, negligent disregard for customer security is just straight-up bullshit.
/rant
I only scan QR codes with an app which translates them to text but does not automatically follow the links within
Same! I use SecScanQR—free and open source, does exactly what I need it to and nothing more. One thing not made obvious by its interface is that you can use the Android share function to scan from an existing image as well, which is handy for when you come across one on the net.