On Sunday, November 03, 2013 04:06:11 PM Bill Woodcock wrote: > > On Nov 3, 2013, at 3:30, "[email protected]" <[email protected]> wrote: > > > > I don't see how "pasting over" a QR code in a way that's not easily > > detectable is somehow harder than pasting over a domain/email, or > > printing a real-looking fake ad and pasting it over the real one. > A QR code is already isolated in an opaque white square. It's single color, > and moreover, that color is black. And it's smaller than a billboard. > > By contrast, a textual URL or email address will be in a specific typeface, > probably matched to the rest of the billboard. It's also likely > size-matched to other text. Most importantly, it's likely printed right > over a patterned and colored background. > > While you're correct that you can address, to some degree, all of those > issues by wheatpasting over the entire billboard, provided you're at least > as competent a visual designer as the person who executed the original ad, > which is easier to print and transport? A full-color billboard, or a > black-on-white sheet of tabloid-sized paper? > > To put this all in more practical terms, since these issues were not > apparent to you, you're a less-skilled visual designer than anyone who > would be paid to produce an advertisement. Therefore, you would not be > capable of covertly coopting their advertisement. Yet you'd still be > perfectly capable of successfully pasting over their QR code without anyone > being the wiser.
I can't talk about others, but I'd be quite suspicious if I saw a second layer of paper exactly where the qr code is located. If such attacks gained momentum, I guess people would be more careful. Most of ads tend to be quite simplistic and lacking any of unintentional anti- tampering features you mention, yet it doesn't look like hijacking attacks happen on a massive scale. Besides this, I highly doubt that being friendly to ads is somehow the most important feature, or at least nearly as important than having a permanent ID that can't be hijacked because the service terms changed or some bureaucrat signed a paper. I'm saying this as someone who makes it a point to ignore spam and "untargetted ads", so maybe I miss something useful... -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
