Except if they were halfway intelligent they wouldn't have it go automatically to the site.
And when you do this and something goes really wrong criminal charges get laid.
this post was submitted on 06 Jan 2025
3 points (100.0% liked)
Memes
53438 readers
788 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 6 years ago
MODERATORS
Can we just get a website that plays a soundbite at full volume screaming about how they person is bad at privacy practices, maybe with Korn in the background for maximum embarrassment?
Except that people are not halfway intelligent.
Criminal charges? It’s called the 1st amendment bro.
Not if it incites violence, causes harm or any of the other carve outs in the first amendment of the USA.
I am aware that the post is supposed to be funny, and you are most likely making a joke, but this is the internet and these sort of disclaimers tend to be necessary.
A smart attack would be coupled with a clear message. Have the malware clobber them with anti-evil messages and just like that you have a sound free speech defense.
I'm not sure if you could actually get criminal charges for this unless you were hosting the malware in which case that's another issue. It would essentially be the same as walking around with a website URL on your shirt. The observer is responsible for typing in the URL or scanning the code and what they decide to do on the website that follows.
There's the argument that you distrubuted it.
got it from a thrift shop, I don't even know what that square thing is
I don't know about the states, but here in Canada the government takes the position "ignorance of the law is not a defence".
You're not being ignorant of the law - you're being ignorant of the weird computer square printed on the shirt you thrifted
Claiming you didn't know it could cause harm isn't a defense in court in Canada.
Anymore bullshit?
Christ you're a cordial fellow
I was, I thought quite clearly, having a joking poke. Obviously "didn't know lol" isn't a defense.
Consider florida, where if you are caught with shrooms that are wet, freshly picked, they cannot convict you for carrying contraband because you do not necessarily know what you picked.
Laws are often based on intent. In some cases, penalties vary depending on intent. It would be an unacceptably brutally harsh law to judge someone under a presumption of harmful intent for something they might have no awareness of.
QR codes can have icons on them. Certainly if I created such a t-shirt, I would put some cool looking icon in the center of it. Someone being dragged through the system might argue “i did not know that qr code was real.. i just liked the cat in the middle of it”.
“Malice” implies intent. Accidents are not malicious. Neglect in the worst case. So certainly any charges could not be based on malice.
Does anybody configure their phone to automatically scan photos for QR codes and visit the links?
Not sure but I think QR codes that hold wi-fi creds would more likely be automatically processed by phones. Seems like an adequate attack surface. Maybe dodgy creds could overflow or do some kind of DB attack. Or even legit creds could lead someone to connect to a malicious hot-spot captive portal that the attacker carries.
When my phone's barcode reader app sees a web link, it fetches the page's title to display next to the actual link. So it is going to that web server and fetching resources by itself. Even though it isn't actually rendering the page and running javascript, it might be exploitable.
But that's the barcode app - is it always running, looking for barcodes in all the photos you take? Because there are already shirt with giant barcodes on them - presumably just artistic with no meaning, but who knows?