Is scanning QR codes with your phone risky?

The lock symbol on a website merely means that the site is being accessed via HTTPS, which means your communication with the site is encrypted. So no third party can intercept your communication with the site and extract your credit card number from the stream, like they could with a plain HTTP site. However, it tells you nothing about the trustworthiness of the site itself. They could be saving your CC number to use for nefarious activities later. You had better have other reasons to trust the site other than the fact that it is using HTTPS.

It might not even be nefarious, but merely incompetent. Plenty of sites have been found to have stored credit card numbers with poor to no encryption.

The company and its site are legit.

I’m not entirely confident about the security of its app.

Well, it could send you to fake payment site:


Restaurants using QR codes for diners to pull up their menus using their smart phones is one of those things that I believe will survive Covid, especially for smaller locally owned restaurants, who may change their menus more often.

Interesting. I guess looking over a restaurant menu is still safe, but anything involving money is iffy.

If only @Mangetout worked for those city governments!! He coulda warned them!

It looks like the city wasn’t using QR codes or even allowing payment on a website. The scammers just stuck up the codes to go to a website. Basically an updated version of a guy walking around accepting payment for parking.

LOL Love the new name :smiley: :smiley:

Also depends where on the page the lock symbol appears. Browsers that I’ve seen display the HTTPS lock symbol somewhere in the address bar at the top, or in the status bar at the bottom.

But I’ve seen lots of dialog boxes (for logging in or entering credit cards, e.g.) that have a padlock symbol somewhere in the dialog box. These sites are (typically) legitimate, but putting a lock symbol there proves nothing. Any web designer can put any image anywhere on a dialog box!

My Covid vax certificate has a HUMONGOUS QR code on it. I have no idea what it says, but it sure must be more than a URL!

Size doesn’t really count. Complexity of the QR code does. They can hold 3Kb of data. From a layperson perspective 3Kb is several “pages” of unformatted text, inasmuch we can use “pages” to describe digital data.

Usually, though, they merely carry a URL, because you can fit a lot more data (and advertising) on a website.

Size of a QR code may indicate that the person who made it has increased the error correction level - at the maximum level, up to 30% of a QR code can be obscured, defaced or missing and the whole of the data can still be read and recovered from it.

And sometimes, they’ll plop some other sort of image in the middle of the QR code. I’m not sure if this is officially supported in the standard, or if they’re just counting on the error correction dealing with it.

I’m thinking you could plop a QR code into a Game Of Life field and start it running and see what you get.

Interesting idea. It would of course become unscannable on the first generation, because the structural parts controlling position, alignment and timing would be broken. Might be interesting to restrain those parts and see if the rest ever turns back into something scannable. Seems very unlikely to happen.

I keep meaning to make a device with a little screen on it that shows the current time, encoded as QR (so changing every second). I just like the idea of making people use a device - their phone - that already contains an accurate clock, to read a clock.

It seems that is really happening:

Dense, unstructured states like that generally don’t do much interesting-- I’m guessing that within 20 timesteps or so, you’d have a half-dozen gliders thrown off, and be left with maybe the same number of squares and blinkers, maybe one or two hexagons.

How boring. My Covid certificate has a HUMONGOUS QR code. It must have my entire life biography in it. I was thinking if I plop that into a Life field and let it run long enough, I might eventually get the entire works of Shakespeare.