 |
 |
A QR code just represents a string. If anything gets embedded, it will be visible in the text. Like in Joe's example, you'd see a different domain that forwards to the URL you wanted. If you test it and the decoded string is exactly what you put into the generator, it's fine. (Whether the website you visited to generate that code is safe is a different question, so I second the recommendation of Zint or the tools built into your browser.) Most security risks of QR codes are really to the users. If the codes are posted in public places--like those little cards on restaurant tables to pay for your meal--someone could theoretically cover them up with a different code that tricks patrons into giving away their sensitive information, or downloads malware to their phones, etc. -Tamara On Wed, Nov 29, 2023 at 3:36 PM Joe Hourclé <[log in to unmask]> wrote: > > > > On Nov 29, 2023, at 6:05 PM, Fitchett, Deborah < > [log in to unmask]> wrote: > > > > Further on "The plethora of "free" code generators online are > harvesting information": is there a reliable way to check if a given QR > code has tracking embedded inside it? > > > > I've just tried generating a sample QR code for a URL from Chrome, > Duckduckgo, and Some-Random-Internet-Site, then opening it in random online > QR code decoders. The results returned *appear* to exactly and only the URL > I entered ... but I want to check I'm not missing something. > > > That should be enough > > The concern is when they send you through some intermediary website (which > then redirects to the URL that you gave the generator) > > -Joe -- Tamara Marnell Program Manager, Systems Orbis Cascade Alliance (orbiscascade.org <https://www.orbiscascade.org/>) Pronouns: she/her/hers