I Don’t Trust QR Codes. How Can I Manually Preview Them?

[Reply]

bump:

It IS a URL.

Sorry to be pedantic, but since we’re talking about trust, QR codes don’t have to be URLs. They can encode arbitrary data, including URLs but also vCards, wifi invites, phone numbers to call, and sometimes malware, as above.

You can’t be certain before scanning that a QR code is showing a URL. Even if they write the URL below the QR code, there’s no guarantee the QR code actually matches that (and often it won’t, since they’ll likely point to a tracking URL instead).

It is very different from a simple URL. To your phone, scanning a code is more like getting an email or receiving a text. It has to decode it first (which can itself be a buggy process) and then it has to parse the data in it (another potential vulnerability) and then choose which app to handle it with (another potential vulnerability) and then if the app opens it, the app itself then has to parse and process that payload (another vulnerability).

It’s not a great risk, usually, but if in doubt, just ask somebody for the URL and manually type it in instead.

[phs3]

I didn’t see the Echo post but have had the same complaints for years. “Alexa, **** off” at least works to shut it up. But when I’m about to run out the door, late, And say “Alexa, temperature now”, I want the temperature and not a greeting and an ad!

Amazon totally lost the plot on the Echo and have wasted TONS of money on it.

[DPRK]

kenobi_65:

Bosda_Di_Chi_of_Tricor:

Do I need a special app on my phone to do it?

Not anymore.

When QR codes were first introduced for general/commercial use, maybe a decade ago, one did need a specialized QR reader app to read them (and direct your phone browser to the correct website). Today, the standard camera apps on iPhones and Android phones have the capability to read the codes, and send you to the websites.

You could, but I always preview the code (which may not be a URL, nor necessarily a QR code for that matter) using a special app. I like Binary Eye

[FluffyBob]

This seems like a really high effort complicated way to save a password, not to mention strangely dumb. People are savy enough to generate a QR code and then use it to post their password in plain sight? Wow.

[Mangetout]

In the case of people using linear barcodes, I saw it happen in warehouse environments where people already had access to a bar code printer for product and location labelling and already had scanners attached to their machines for production purposes. They were convinced the barcodes were a secure way of encoding passwords just because they weren’t immediately human-readable.

[FluffyBob]

Okay, that makes more sense. Still a interesting look at the hunan mind.

I guess the other thing I was not acknowledging is that often passwords are seen as an annoying inconvenience that is implemented in an overly restricted way.

[Reply]

@kaylasdad99, if you’re still interested in this, Veritasium put out an excellent video where he hand-built a QR code step by step: https://www.youtube.com/watch?v=w5ebcowAJD8

It’s the best explanation I’ve seen so far about how they work.

[kaylasdad99]

I watched that. Fascinating stuff.

[DesertDog]

Reply:

Veritasium put out an excellent video where he hand-built a QR code step by step

Call me when you do it with a hammer.