[jqpabc123]

QR codes are booming though. Cheap to set up and easy to use.

And totally insecure --- as in anyone can make a copy and share it.

This is possible with beacons as well but not as easily nor without cost. And beacons can offer greater ease of use --- no need to scan.

There are applications for each.

[BjoernKW]

> And totally insecure --- as in anyone can make a copy and share it.

Which is totally fine for the use case at hand and not a security issue at all, in this case. For other use cases, such as advertising, sharing would even be desired behaviour.

A possible security issue for the museum use case rather would be a malicious actor replacing the QR code with their own, thereby trying to have visitors download malware to their phones.

[Someone]

> For other use cases, such as advertising, sharing would even be desired behaviour.

Not necessarily. It could be used to associate the advertiser with something they don’t want to be associated with.

Depending on what the QR code leads to, that may have to be a subtle difference.

For example, if I copy a QR code for a Greenpeace campaign and place them at the Indianapolis speedway, or at a hunting event, theres a chance that those who read the code will think that Greenpeace placed them there in an attempt to comment on the badness of those events, but what if the link leads to a “good to see you here” or fairly generic “support this green event” web page, things may be different.

[jqpabc123]

QR Codes are like URL links in spam email.

They can be easily generated/distributed at almost no cost and it's difficult to tell in advance if one is malicious or not.