there's a "new" discord account steal thing going around based on this
you join a discord guild, and they send you this qr code and say "scan this to verify to talk in the guild lol"
and if you do, congrats, you just logged them in. they then lock you out and change your pass
Follow
@unascribed So, what happens if I redirect someone to that URL from a website I own? How is scanning the QR code not equivalent to opening a URL? If it is equivalent, why don't we see scans where people put redirects to that on random spam websites, or send people shortened urls to that via email, or sth like that?
