> people can be bribed or convinced to join botnets so IP whitelisting doesn't work either

Do you think this won’t also be bypassed, by bribing people to scan QR codes and spoofing location etc.?

The person who scanned to QR code is knowable. They have their IMEI encoded in the response.

	▲	armchairhacker 10 minutes ago \| parent [-]
		Allegedly can be spoofed. But regardless, I imagine scammers will circumvent this to buy products, login to bank accounts, etc. of the exact users they’re targeting. The user will be presented with “Scan this QR code for $100” as the scammer is logging into their account with spoofed metadata.