I Don’t Trust QR Codes. How Can I Manually Preview Them?

[Reply]

bump:

It IS a URL.

Sorry to be pedantic, but since we’re talking about trust, QR codes don’t have to be URLs. They can encode arbitrary data, including URLs but also vCards, wifi invites, phone numbers to call, and sometimes malware, as above.

You can’t be certain before scanning that a QR code is showing a URL. Even if they write the URL below the QR code, there’s no guarantee the QR code actually matches that (and often it won’t, since they’ll likely point to a tracking URL instead).

It is very different from a simple URL. To your phone, scanning a code is more like getting an email or receiving a text. It has to decode it first (which can itself be a buggy process) and then it has to parse the data in it (another potential vulnerability) and then choose which app to handle it with (another potential vulnerability) and then if the app opens it, the app itself then has to parse and process that payload (another vulnerability).

It’s not a great risk, usually, but if in doubt, just ask somebody for the URL and manually type it in instead.

[phs3]

I didn’t see the Echo post but have had the same complaints for years. “Alexa, **** off” at least works to shut it up. But when I’m about to run out the door, late, And say “Alexa, temperature now”, I want the temperature and not a greeting and an ad!

Amazon totally lost the plot on the Echo and have wasted TONS of money on it.

[DPRK]

kenobi_65:

Bosda_Di_Chi_of_Tricor:

Do I need a special app on my phone to do it?

Not anymore.

When QR codes were first introduced for general/commercial use, maybe a decade ago, one did need a specialized QR reader app to read them (and direct your phone browser to the correct website). Today, the standard camera apps on iPhones and Android phones have the capability to read the codes, and send you to the websites.

You could, but I always preview the code (which may not be a URL, nor necessarily a QR code for that matter) using a special app. I like Binary Eye