• Cypher@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    10 months ago

    It’s a genuine security risk.

    Menus aren’t killing the environment either.

    • gila@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      10 months ago

      If you’re using these links as restaurant menus as opposed to ordering platforms (this is how I use them, and how this post & other commenters seem to be presenting the concept) that’s kind of limited to a risk of straight up being phished in a situation where you don’t really have any reason to hand over your information.

      In a pub/bar setting it’s helpful to know what’s available at the bar before I’m standing at it, especially if I’m buying a round. That is to say it generally lowers the bar to menu availability, not raise it. Because before the pub/bar would simply have no table menu and you’d figure out what you wanted by asking or looking at the taps

      • Cypher@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        There are clickless exploits and other methods that don’t require you to enter information, nevermind that nearly all of these menus have ordering and payment available through them and mimicking websites is fairly simple.

        QR codes cannot be trusted just like links from unknown sources cannot be trusted.

        • gila@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          I think you’ll find there isn’t an Android or iPhone on the market today vulnerable to SQL injection or XSS etc via scanning a QR code. You’re talking about device vulnerabilities that get patched and it’s equally possible to encounter these exploits with plaintext URLs

          • Arcka@midwest.social
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            If the restaurant doesn’t have a good enough reputation that I couldn’t trust the QR they provided (which displays the URL so I can inspect it before launching the web browser), I also wouldn’t want to trust my health to eating there.

            It isn’t like some random thing you found on the sidewalk.

          • Cypher@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 months ago

            You’re talking about device vulnerabilities that get patched

            Patching out zero days takes time.

            it’s equally possible to encounter these exploits with plaintext URLs

            Yes which is why I clearly stated that following URLs from any unknown sources carries risk.

            The difference is that due to menus being a point of payment they have a greater incentive for abuse.

            • gila@lemm.ee
              link
              fedilink
              English
              arrow-up
              0
              ·
              10 months ago

              So we shouldn’t use smartphone features if they could potentially have exploits? With this logic you shouldn’t have a phone.

              • hemko@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                10 months ago

                We shouldn’t replace perfectly good solutions with unreliable, cumbersome, insecure, annoying shitty tech just because.

                • lolcatnip@reddthat.com
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  10 months ago

                  Thinking that simply visiting a web site for a business you’ve already decided to patronize is dangerous is some serious boomer logic.

                  • hemko@lemmy.dbzer0.com
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    ·
                    10 months ago

                    If we only focus on the security part, how the do you know it’s even their site you’re visiting? Often those qr codes are just stickers on table, trivial to slap a new one there

                    But it also adds a lot of annoyance for customers who came to eat food, not doomscroll on their fucking mobile phone

    • yukichigai@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      Yeah, I get wanting to not reprint menus every time something changes, but there are ways to do that which are more convenient and accessible than “scan a QR code to go to a random website and pray you have working internet access and also the site is working and up to date.” Y’know, like a damn menu board on the wall. Whiteboard/chalkboard even!

      • Knightfox@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        This is my personal preference, a place I used to go a lot had a black board across one whole wall and the menu was hand written on it. The menu changed frequently and it was often full of flourish and creativity from some employee.