QR Codes Do Not Track

Self-referential QR Code

A QR Code is just an encoded way to share information. They're awesome. You can store a decent amount of the Hitchhiker's Guide to the Galaxy in one QR Code. They can lose up to 30% of the QR Code and still be readable, thanks to the Reed-Solomon error correction built into the algorithm. The Wikipedia page is great, read it, seriously. The Denso-Wave site is great as well. Since they created the QR Code, I would expect so.

The media and others are talking about how QR Codes are a privacy nightmare. Well, no, the QR Code is just an encoded image. The content within could be intrusive, or it could be harmless. This one is a link to MMBHOF

Link to MMBHOF Website

Hopefully your mobile phone will scan that and prompt you before taking you there. If it doesn't, get a better QR Code scanner. Here's the one I use, QRCode & Barcode Scanner

The only real risk in scanning a QR Code is when they're paired with a URI/URL. This is really not much different than phishing/spam links. Say you scan a link aimed at Chrome users, if your scanner opens the link without prompting, you could load a potential phishing/malware link. This is what the press is hyping. 

You sit down at your favorite restaurant, scan the QR Code for the menu, and it links to some URL full of tracking links. I wanted a menu, not my data exfiltrated. Use private browsing mode and far less is taken, typically. Or, ask for a paper menu. They have them, because old people (or paranoid) use their age to pretend they don't know how to use a phone to scan the QR Code.

Recently at a restaurant, I watched an older couple share pictures via air drop and play crossword puzzles with friends (or something like it). And then, when the waitress came around, they asked for a menu. They were told to scan the QR Code. The couple pretended to fumble around with the phone and claimed it didn't work. The waitress returned with a paper menu. Ha!

True story, for the longest time I had my username/password stored as a QR Code sticker on my laptop. It was a long and complex password, such as 

~R8Vm[,4[dcg9Y~\kN>Cre~2U5:eC2E[yAT2U)Xv4JKYRm@/RL{<Vv@fT!sdSEMb

In the years it was displayed in public, only one person asked about it.  I told them it was my password. They laughed and didn't believe me. Maybe others scanned it without me noticing, but never said anything.

Anyway, QR Codes are awesome. Don't believe the scare hype.