A QR code just represents a string. If anything gets embedded, it will be
visible in the text. Like in Joe's example, you'd see a different domain
that forwards to the URL you wanted. If you test it and the decoded string
is exactly what you put into the generator, it's fine. (Whether the website
you visited to generate that code is safe is a different question, so I
second the recommendation of Zint or the tools built into your browser.)
Most security risks of QR codes are really to the users. If the codes are
posted in public places--like those little cards on restaurant tables to
pay for your meal--someone could theoretically cover them up with a
different code that tricks patrons into giving away their sensitive
information, or downloads malware to their phones, etc.
-Tamara
On Wed, Nov 29, 2023 at 3:36 PM Joe Hourclé <[log in to unmask]> wrote:
> >
> > On Nov 29, 2023, at 6:05 PM, Fitchett, Deborah <
> [log in to unmask]> wrote:
> >
> > Further on "The plethora of "free" code generators online are
> harvesting information": is there a reliable way to check if a given QR
> code has tracking embedded inside it?
> >
> > I've just tried generating a sample QR code for a URL from Chrome,
> Duckduckgo, and Some-Random-Internet-Site, then opening it in random online
> QR code decoders. The results returned *appear* to exactly and only the URL
> I entered ... but I want to check I'm not missing something.
>
>
> That should be enough
>
> The concern is when they send you through some intermediary website (which
> then redirects to the URL that you gave the generator)
>
> -Joe
--
Tamara Marnell
Program Manager, Systems
Orbis Cascade Alliance (orbiscascade.org <https://www.orbiscascade.org/>)
Pronouns: she/her/hers
|