Phishing campaign authors will love this. It normalizes users scanning barcodes they can’t read to go to unknown locations on a device where it’s harder to see the URL and there’s no IT watching for phishing activity.
Exactly my thoughts, too. QR codes are a great tool, but also an incredibly valuable and opaque vector for scams.
The was one recently where they put scam QR stickers over parking payment signs, so users gave their credit card details to scammers. How are you supposed to catch that, as the end user? It’s not like you know the URL you’re supposed to be going to.
Normalizing scanning QR codes just to access a website is going to be abused by scammers in no time.
This is it, what they’ve been wanting all along. You will no longer be able to access vast swathes of the internet unless you have a Google approved device, that is a Google-certified Android device with Google Play Services (aka Google Play Spyware) or an app on iOS. Use GrapheneOS or a Linux phone? No internet for you.
What I’d like to know is, what if you’re already accessing a site from your phone? And what if you genuinely don’t have another device? I’m assuming the answer to the second is you’re SOL.
You’re also missing the point, that a real user with a real name will be tied to each web-request that is “approved”.
This is the beginning of the mandatory age enforcement/requirement.