• Daisyifyoudo@lemmy.world
    link
    fedilink
    arrow-up
    21
    arrow-down
    33
    ·
    1 year ago

    Yeah sorry, if I can view the menu from my phone instead of touching a menu that 6000 other people have touched, without having to deal with either the server taking it away or it being in the way on my table, I don’t see why I would want or need an actual physical menu

      • LinkOpensChest.wav@lemmy.one
        link
        fedilink
        arrow-up
        15
        arrow-down
        1
        ·
        1 year ago

        Even a restaurant’s legit web site may require cookies or some other thing that not everyone is comfortable with

      • Daisyifyoudo@lemmy.world
        link
        fedilink
        arrow-up
        3
        arrow-down
        13
        ·
        1 year ago

        I see your point, but that seems highly improbable. That a bad actor would be willing and able to successfully create a QR Code that looks enough like the restaurant’s QR and that neither the patrons nor the establishment itself would notice. Not only improbable, but the roi for the scammer seems very poor.

        • bob_wiley@lemmy.world
          link
          fedilink
          English
          arrow-up
          22
          arrow-down
          2
          ·
          1 year ago

          No one working at the restaurant is analyzing the pixels in a QR code to see if they are in the right spot. A QR looks like a QR code. Show someone 10 QR codes and ask them to pick the one from their restaurant, no way anyone is getting that right based on anything more than dumb luck.

          The fake one could even forward on to the normal menu after it does the nasty bits, assuming it’s just installing something that will run in the background. This seems like a great way to get some malware out into the wild, especially if it can’t self-replicate.

          • Daisyifyoudo@lemmy.world
            link
            fedilink
            arrow-up
            3
            arrow-down
            9
            ·
            edit-2
            1 year ago

            They might not be analyzing, but its not like restaurant’s qr codes are just plain generic qr codes. They are branded, so effort would have to be put into making them appear to be authentic. And I think it’s improbable that staff wouldn’t notice. And again, the roi for the bad actor seems incredibly poor.

            • hemko@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              9
              ·
              1 year ago

              Alright, what if it’s a restaurant that’s popular within a certain discriminated demographic? The risks for such attack would instantly skyrocket

            • Intralexical@lemmy.world
              link
              fedilink
              arrow-up
              7
              ·
              1 year ago

              They are branded, so effort would have to be put into making them appear to be authentic.

              Not really. Branded QR codes are just regular, unbranded QR codes but messed up— You basically just stick the the branding right on top, and then let the built-in error correction take care of the rest. Should take all of 5 minutes to set up, or maybe 20-30 if you wanna be a stickler for detail.

              And I think it’s improbable that staff wouldn’t notice.

              If I were working at the restaurant— I think I’d notice after a couple weeks— They’d have impunity up to then— But even then, I’d just assume the management switched it out or patched it up because they wanted to change the link for metrics or messed up something backend or something like that.

              The staff is paid to wait tables, not to audit cybersec from the perspective of the customers.

              And again, the roi for the bad actor seems incredibly poor.

              Probably highly variable.

              If the restaurant has a lot of patrons that are wealthy and technologically illiterate, with banking apps on unupdated phones with known exploits, then you’d think “ROI” is basically everything in the bank accounts of the patrons.

              Same if the online menu includes online payment options for whatever reason.

            • bob_wiley@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              2
              ·
              1 year ago

              I’ve seen places with generic QR codes, and at best most would just have a logo in the middle the sticker could easily go around, if that particular target would lead to a big enough pay off. I don’t know what the ROI would be. I don’t know how these hackers make money, but they seem to make enough to make it worth their time.

    • JustAnotherGuy@lemmynsfw.com
      link
      fedilink
      arrow-up
      4
      arrow-down
      2
      ·
      1 year ago

      I’m with you on this, I live in a country where a digital menu is not a given and I hate it more than people who prefer physical menus seem to hate digital menus. I do agree that both should be available as an option