[liberationtech] dark mail alliance

phreedom at yandex.ru phreedom at yandex.ru
Mon Nov 4 02:28:51 PST 2013 

On Sunday, November 03, 2013 04:06:11 PM Bill Woodcock wrote:
> > On Nov 3, 2013, at 3:30, "phreedom at yandex.ru" <phreedom at yandex.ru> wrote:
> > 
> > I don't see how "pasting over" a QR code in a way that's not easily
> > detectable is somehow harder than pasting over a domain/email, or
> > printing a real-looking fake ad and pasting it over the real one.
> A QR code is already isolated in an opaque white square.  It's single color,
> and moreover, that color is black. And it's smaller than a billboard.
> 
> By contrast, a textual URL or email address will be in a specific typeface,
> probably matched to the rest of the billboard. It's also likely
> size-matched to other text. Most importantly, it's likely printed right
> over a patterned and colored background.
> 
> While you're correct that you can address, to some degree, all of those
> issues by wheatpasting over the entire billboard, provided you're at least
> as competent a visual designer as the person who executed the original ad,
> which is easier to print and transport? A full-color billboard, or a
> black-on-white sheet of tabloid-sized paper?
> 
> To put this all in more practical terms, since these issues were not
> apparent to you, you're a less-skilled visual designer than anyone who
> would be paid to produce an advertisement. Therefore, you would not be
> capable of covertly coopting their advertisement. Yet you'd still be
> perfectly capable of successfully pasting over their QR code without anyone
> being the wiser.

I can't talk about others, but I'd be quite suspicious if I saw a second layer 
of paper exactly where the qr code is located. If such attacks gained 
momentum, I guess people would be more careful.

Most of ads tend to be quite simplistic and lacking any of unintentional anti-
tampering features you mention, yet it doesn't look like hijacking attacks 
happen on a massive scale.

Besides this, I highly doubt that being friendly to ads is somehow the most 
important feature, or at least nearly as important than having a permanent ID 
that can't be hijacked because the service terms changed or some bureaucrat 
signed a paper.

I'm saying this as someone who makes it a point to ignore spam and 
"untargetted ads", so maybe I miss something useful...

More information about the liberationtech mailing list