2022 is about to end, and there are still official services that send SMS texts to people telling them to follow links to https://bit.ly/somewhere . Educating people against phishing gets hard, when services’ customers are educated like this…
@marado@twtxt.net We really need to stop using link shorteners and QR codes, but the damage is already done.
You can put a sticker with a QR code (and no other information) on a wall in a city and people will scan it out of curiosity. They scan it, their iPhone only tells them it goes to snapchat.com (I just checked on the latest version of iOS), and they end up on my website instead because it’s an open redirect.
Granted, my website is a much better place to be than snapchat.com, but you get the idea.
@abucci@anthony.buc.ci QR codes and link shorteners can be useful, but people have been trained to click and scan things without doing their due diligence. Of course, mobile operating systems make it very difficult to do so because their goal is to remove as much control as is acceptable by the user.
As far as I know, you have to load the page in a browser before you can see the entire URL, giving it the opportunity to redirect somewhere else or exploit some vulnerability on your device.
I think we agree here. When the user has no control and is taught to blindly trust these things, bad things happen.