There’s apps that just scan the qr code into a text field no matter what its content is, then you can inspect the URL manually.
Unfortunately there’s a deeper problem in this security model, in that only a tiny tiny fraction of the web’s userbase knows how to assess a URL, and even experts can easily struggle
Unfortunately there’s a deeper problem in this security model, in that only a tiny tiny fraction of the web’s userbase knows how to assess a URL, and even experts can easily struggle