On 11/04/2013 05:28 AM, [email protected] wrote:
On Sunday, November 03, 2013 04:06:11 PM Bill Woodcock wrote:
On Nov 3, 2013, at 3:30, "[email protected]" <[email protected]> wrote:
I don't see how "pasting over" a QR code in a way that's not easily
detectable is somehow harder than pasting over a domain/email, or
printing a real-looking fake ad and pasting it over the real one.
A QR code is already isolated in an opaque white square. It's single color,
and moreover, that color is black. And it's smaller than a billboard.
By contrast, a textual URL or email address will be in a specific typeface,
probably matched to the rest of the billboard. It's also likely
size-matched to other text. Most importantly, it's likely printed right
over a patterned and colored background.
While you're correct that you can address, to some degree, all of those
issues by wheatpasting over the entire billboard, provided you're at least
as competent a visual designer as the person who executed the original ad,
which is easier to print and transport? A full-color billboard, or a
black-on-white sheet of tabloid-sized paper?
To put this all in more practical terms, since these issues were not
apparent to you, you're a less-skilled visual designer than anyone who
would be paid to produce an advertisement. Therefore, you would not be
capable of covertly coopting their advertisement. Yet you'd still be
perfectly capable of successfully pasting over their QR code without anyone
being the wiser.
I can't talk about others, but I'd be quite suspicious if I saw a second layer
of paper exactly where the qr code is located. If such attacks gained
momentum, I guess people would be more careful.
Now you are climbing up on a billboard and inspecting the QR code
personally as a way to prove human readable addresses are a solution
looking for a problem?
You already mentioned the idea of domain names that aren't "as
widely-known" as others. "Widely-known" is a feature-- that feature
doesn't exist with QR codes so you clearly understand the issue. I'm not
saying that issue cannot be solved, nor that the current domain name
system is immune to exploits. But if you don't understand the benefits
of human readable addresses you're likely to end up with a less secure
system to replace it. (Especially when the smartphones people must use
to read the QR code in the first place are almost all locked down and
not under the user's own control.)
As far as Namecoin being a buggy DHT... there's a rather large bounty if
Maxim wants to shows us a critical bug in the Bitcoin network. But I
agree the cost of buying addresses is an issue. It's an issue with the
current system, too, but if everyone's going to expend all this
electricity hashing blocks then it should really be a more substantial
improvement than it seems to be. (Not to mention name squatting issues.)
-Jonathan
Most of ads tend to be quite simplistic and lacking any of unintentional anti-
tampering features you mention, yet it doesn't look like hijacking attacks
happen on a massive scale.
Besides this, I highly doubt that being friendly to ads is somehow the most
important feature, or at least nearly as important than having a permanent ID
that can't be hijacked because the service terms changed or some bureaucrat
signed a paper.
I'm saying this as someone who makes it a point to ignore spam and
"untargetted ads", so maybe I miss something useful...
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at [email protected].
