I like the functionality of QR codes, but the fact that they're not human readeable makes them unsafe. It would'nt be unthinkable to make a QR-code, paste it over an existing one (for instance: the QR code in the bar to pay for a tip) and redirect the user to a spoof website where they can tip me instead of the bar/musician.
My QR reader on Android (ZXing's Barcode Reader) shows you the information on the screen before you decide what you want to do with it. That's as "Human Readable" as it needs to be, for me.
If that became widespread, I could see places that display QR codes like the bar in your example take steps to make the QR codes physically inaccessible.
For example, they could put the QR code behind glass, and have a sign telling people to only scan the code if they can see it behind the glass. Someone could still paste a QR code of their own outside the glass, but it would be pretty obvious.
Or instead of printing them on paper, they could have a small LCD screen dedicated to displaying the code. This could be designed to make it obvious if someone tries pasting a code over the screen. For instance, the screen could be a bit bigger than the QR code, which could move around the screen, like the bouncing ball or logo in many screen savers.
I agree that QR codes are a bad idea because they’re not human readable. But wouldn’t that particular hack be possible with a URL as well? It might be detected faster I suppose.
Check out HR codes, an alternative to QR codes which encode all valid URL characters to images. https://github.com/hantuzun/hr-code
Human Response Codes are designed to be recognized by humans and OCR.
If it's sticker based QR normally you just show your screen to the person behind the counter before you pay to verify recipient and amount.
Many payment QRs are actually dynamically generally on a POS machine LCD so you get amount and recipient on your device - so that fake sticker problem doesn't exist in these cases
I don't think making codes human-readable would help -- human-readable URLs are spoofable too.
For example, if you replace "tipme.com/some_bar" with "tipme.cz/some_bar", most people would have no idea the latter is the wrong URL; and even waiters/cleaners may not notice the change
Isn't this easily solvable by the URL based codes have to have a signature and other verification that the browser can enforce? So instead of a link to paypal to pay me, it is a link to the bar's website and that site has a paypal popup originated from the bar's website.
Well, the fact that they are not human readable and that some badly designed software takes dangerous actions with them without confirming with the user makes them unsafe.
They are readable when decoded; a lot of them just contain URL's.
There is a bit of an analogy here to shortened URL's.
You can add the "human readable tag" as 'VISIBLE' underneath any QR code you create in Bartender. (the only caveat is if the item the QR points to is a really long string it becomes unwieldy.. hang on lemme give you some examples -- I.. make a QR that points here.
Remember them? This wednesday I saw a giant QR code 2 meters high at a train station in Copenhagen.
They're very much in use, everywhere. I fail to see how I'd forget about them.
But without even reading the article I know that QR codes are only as powerful as the app that parses them. They can't do anything on their own, just convey a chunk of data to a reader.
I believe they caught on more than NFC because they require so little. Just a camera, which is already present in all devices. While NFC is a much bigger decision to implement since its field of use is much more restricted.
I think you are right on track with your observation. Another thing I might add:
QR codes can just be printed, by everybody with a printer. Designers don't need to think a lot about technical details, they just put the QR code into their layout and send it off to the printing press (or in fact the screen).
Additionally because QR Codes are optical, it doesn't matter if you stand 20 meters away from the billboard if the QR code is big enough, while with NFC you would have to come close.
Also NFC wouldn't work with a billboard a few dozen meters away, but QR does.
Although I find the stupid implementations funny, I've seen ads pasted on cars, they'd have super dense QR code, but maybe be the size of your palm.. uhm, if the idea is for people stuck in traffic around you to see them, they need to have less pixels or be bigger. Besides the dense QR codes are not just some domain, but usually is some ad agency who wants to track how many times the code has been scanned and how many times they've redirected people to the real URL, so they can charge the owner for the service of... having a QR code.
They have (finally) snuck in to North American life, but it would still be unusual to see them on a billboard here. I find it interesting that most use cases in America involve transmitting information from a phone, rather than to it: boarding passes, event tickets, Amazon Prime codes at Whole Foods.
The only exception I can think of off-hand where scanning the codes on a phone is common here is scooter rentals. I doubt the average person on the street here would know how to scan a QR code they encountered in the wild (as opposed to app-specific codes).
QR codes seem to be more accepted in certain parts of the world. Even though they are becoming more popular in the USA it still lags behind Asian countries by a lot. And you're right about NFC...Its main problem is that you need to be right next to it for it to work.
I put a simple image on my homescreen with a QR code of my contact details some time ago. One thing I like to do when somebody asks me for my details is just show them the image and tell them to point their iphone camera at it. On Android, use Google Lense. The look on their faces when the phone offers to save the contact is priceless.
Apple only added this feature fairly recently. So, people are mostly unaware of how convenient QR codes can be. Most people I do this to are completely unaware their phone can do this and it beats having to fumble with apps and mobile keyboards trying to figure out email addresses, phone numbers, etc.
If you are interested; just google for qr code generator and contact and you will find dozens of sites offering that. There are plenty of libraries for generating QR codes client and server side. You can download them as pdf, png, svg, etc. I puth the document on my Google drive and created a short cut on my android phone.
Really cool idea. I used Qrafter[1] to make a QR code from my contact. Uploaded the image to Google Drive, then dragged a GDrive widget onto my home screen on my Android phone for quick access to the QR code.
Even cooler, on Sunday made friends with someone just back from teaching English in China, and at lunch we're exchanging phone numbers and I go, "Wait a minute..." and opened up the image.
She scanned it and immediately demanded to know how I'd done it. Thanks for the tip! :)
"Nomophobia, the fear of low battery on phones, is virtually nonexistent in China, thanks to the widespread availability of power bank stations"
Perhaps I'm more paranoid than other people, but plugging your phone in to a public USB device seems incredibly dangerous to me. At the very least someone could have tampered with it to damage the next user's device, and at the worst it could be cloning your device's entire storage.
Well when in China you already have no expectation of privacy, so no worry there. And if you thought you could tamper and do some damage, well, remember the pervasive surveillance apparatus? Off to the dissident organ harvesting plant you go!
Cloning the storage, or any other file access, no longer works with modern devices. For example, last time I plugged my phone into rental car, I got two easily refusable prompts, to access contact list and to access files.
Damaging the device is a real deal -- I'd think more by accident than by design ("we spilled some soda on this charger... so it now gives out 20 volts instead of 5).
That's why I used to carry a small USB voltmeter with me when traveling.
I use QR codes to quickly share a URL (or text) with my Android phone from my iPad.
The Shortcut is simple and easy to use (1). If I wanted to do the same thing on Android, I'd use Termux (2).
---
My 'Universal Clipboard' is a text file on a VPS. My devices set or get the contents via SSH. E.g. Android[Termux SSH] > VPS < iOS[Shortcuts 'Run Script over SSH']. Comes in handy!
I used QR odes for the same sort of thing, but Firefox sync has gotten so good at sending tabs to specific devices, including a desktop that might not have a convenient camera, that it's even more convenient.
I created a Telegram Bot for sharing urls and texts between my devices - it doesn't do anything, it's just there. I pinned it on all of my telegram apps, and use it to copy and paste links and texts between all devices.
I'm pretty sure this is not how it is intended, but it works for me.
"Nomophobia, the fear of low battery on phones, is virtually nonexistent in China, thanks to the widespread availability of power bank stations"
Actually nomophobia is more than a fear of low battery - it is a fear of being without a working mobile phone, e.g. due to loss of phone, poor signal or low battery. It is more of a psychological condition, and proper treatment is to address the root cause rather than avoid the situation - it would be like saying heroin addiction is not a problem because there are heroin dealers on every street corner.
Surprises me that YouTube videos don't use them - instead the YouTubers say: "click the link in the description" but I am always using a console to watch YouTube on TV from my couch, so I never click their link.
Also free to air television never uses them.
Also I've never seen one used on the giant screen at a sports game or concert.
Also they could just be used for paying for anything at the checkout.
My understanding of QR code’s is that they just are a machine readable string and that string is usually a URL. The phone then is responsible for parsing the string and doing something (like launching a browser/url or other installed app). So users are not paying by QR code, users are paying via a web app and Using the QR code to input the url for that app/item/quantity etc.
In short: QR codes are a great way of connecting arbitrary physical items with your smartphone and as a consequence with any kind of web service. A bit similar to NFC, but with some important differences: they don't require any electronics, work at any range (just make the QR code large enough) and they can be done either by print or displayed on a screen. Additionally, when scanning the QR-code, the user can see the URL it translates to. (Doesn't have to be URLs, but that is probably the most common usage).
I am surprised, not more business cards have QR-codes printed on them with the important contact information. But for my personal use, I have a QR-code containing my email address as a picture on my phone, so I can display it for anyone to scan whom I want to give my address to.
> Tip bar staff [...] Scan and shop anywhere [...] digital public transportation cards
The thing that surprises me here isn't the success of QR codes, but the failure of NFC (and to a lesser extent Bluetooth) which was practically designed for paying with your phone.
How did NFC lose out to QR codes at the application it was designed for? Was it a reliability problem? Were the APIs too locked-down for anyone to be able to work with them?
It's still strange to me that android doesn't come with a simple qr reader. They did the right thing with the thousand crappy flashlight apps, and just integrated the functionality in the OS. They should do the same with QR code scanning.
Alan Zhang of WeChat was prophetic when he said: “The entry point for PC internet is the search box. The entry point for mobile internet is the QR code
I just found "The Barcode Book" in my local library, and it was pretty cool to see dozens of different barcode schemes out there, all with different properties. The world of interesting, useful barcodes is much larger than QR codes.
++ India. QR codes are everywhere for payments due to NPCI's (national payments commission of India's) efforts with instant payments. Shops small and big today display a QR using which you can pay bank to bank without credit/debit card charges and interoperability between payment processing companies like Paytm is mandatory.
The ad network and renting bikes and more recently charging electric scooters cases are also catching on.
>>>"At scenic sites and public spaces nationwide, toilet paper is BYO. Those who come empty-handed can do a QR code or facial recognition scan to receive up to 31 inches of toilet paper."
So hold on, if I don't have a working phone, I can't wipe my ass?
I think the biggest problem QR codes had when it came to adoption is that phones, by default, don't come with software to read them. If every OEM camera app could read QR codes I think they'd be much more common.
[+] [-] dirktheman|6 years ago|reply
[+] [-] wccrawford|6 years ago|reply
[+] [-] tzs|6 years ago|reply
For example, they could put the QR code behind glass, and have a sign telling people to only scan the code if they can see it behind the glass. Someone could still paste a QR code of their own outside the glass, but it would be pretty obvious.
Or instead of printing them on paper, they could have a small LCD screen dedicated to displaying the code. This could be designed to make it obvious if someone tries pasting a code over the screen. For instance, the screen could be a bit bigger than the QR code, which could move around the screen, like the bouncing ball or logo in many screen savers.
[+] [-] tobr|6 years ago|reply
[+] [-] jensv|6 years ago|reply
[+] [-] sfifs|6 years ago|reply
Many payment QRs are actually dynamically generally on a POS machine LCD so you get amount and recipient on your device - so that fake sticker problem doesn't exist in these cases
[+] [-] theamk|6 years ago|reply
For example, if you replace "tipme.com/some_bar" with "tipme.cz/some_bar", most people would have no idea the latter is the wrong URL; and even waiters/cleaners may not notice the change
[+] [-] snarf21|6 years ago|reply
[+] [-] kazinator|6 years ago|reply
They are readable when decoded; a lot of them just contain URL's.
There is a bit of an analogy here to shortened URL's.
[+] [-] samstave|6 years ago|reply
https://i.imgur.com/uv09CuL.png
and without the tag
https://i.imgur.com/tOwHANb.png
Takes two seconds
[+] [-] Kalium|6 years ago|reply
[+] [-] kevinlou|6 years ago|reply
[+] [-] ben_w|6 years ago|reply
For example, you can make a data URL containing JavaScript and turn that into a QR code:
https://kitsunesoftware.wordpress.com/2017/04/10/executable-...
Some QR code readers execute that JavaScript. (Not all, fortunately).
[+] [-] acbart|6 years ago|reply
[+] [-] INTPenis|6 years ago|reply
They're very much in use, everywhere. I fail to see how I'd forget about them.
But without even reading the article I know that QR codes are only as powerful as the app that parses them. They can't do anything on their own, just convey a chunk of data to a reader.
I believe they caught on more than NFC because they require so little. Just a camera, which is already present in all devices. While NFC is a much bigger decision to implement since its field of use is much more restricted.
[+] [-] atoav|6 years ago|reply
QR codes can just be printed, by everybody with a printer. Designers don't need to think a lot about technical details, they just put the QR code into their layout and send it off to the printing press (or in fact the screen).
Additionally because QR Codes are optical, it doesn't matter if you stand 20 meters away from the billboard if the QR code is big enough, while with NFC you would have to come close.
[+] [-] netsharc|6 years ago|reply
Although I find the stupid implementations funny, I've seen ads pasted on cars, they'd have super dense QR code, but maybe be the size of your palm.. uhm, if the idea is for people stuck in traffic around you to see them, they need to have less pixels or be bigger. Besides the dense QR codes are not just some domain, but usually is some ad agency who wants to track how many times the code has been scanned and how many times they've redirected people to the real URL, so they can charge the owner for the service of... having a QR code.
[+] [-] crazygringo|6 years ago|reply
Occasionally you'll see one on an ad or something... but the number of people who would ever scan it must be minuscule.
It's just not part of normal life here. At all.
(Employees scan codes on tickets for events or transportation though, very common, but I don't think those are technically in QR format usually.)
[+] [-] paulgb|6 years ago|reply
The only exception I can think of off-hand where scanning the codes on a phone is common here is scooter rentals. I doubt the average person on the street here would know how to scan a QR code they encountered in the wild (as opposed to app-specific codes).
[+] [-] exclusionzone|6 years ago|reply
[+] [-] jillesvangurp|6 years ago|reply
Apple only added this feature fairly recently. So, people are mostly unaware of how convenient QR codes can be. Most people I do this to are completely unaware their phone can do this and it beats having to fumble with apps and mobile keyboards trying to figure out email addresses, phone numbers, etc.
If you are interested; just google for qr code generator and contact and you will find dozens of sites offering that. There are plenty of libraries for generating QR codes client and server side. You can download them as pdf, png, svg, etc. I puth the document on my Google drive and created a short cut on my android phone.
[+] [-] 0x38B|6 years ago|reply
Even cooler, on Sunday made friends with someone just back from teaching English in China, and at lunch we're exchanging phone numbers and I go, "Wait a minute..." and opened up the image.
She scanned it and immediately demanded to know how I'd done it. Thanks for the tip! :)
1: https://apps.apple.com/us/app/qrafter-qr-code/id416098700
[+] [-] akrosis|6 years ago|reply
[+] [-] onion2k|6 years ago|reply
Perhaps I'm more paranoid than other people, but plugging your phone in to a public USB device seems incredibly dangerous to me. At the very least someone could have tampered with it to damage the next user's device, and at the worst it could be cloning your device's entire storage.
[+] [-] arpa|6 years ago|reply
[+] [-] cs02rm0|6 years ago|reply
[+] [-] cosarara|6 years ago|reply
[+] [-] greenleafjacob|6 years ago|reply
[+] [-] theamk|6 years ago|reply
Damaging the device is a real deal -- I'd think more by accident than by design ("we spilled some soda on this charger... so it now gives out 20 volts instead of 5). That's why I used to carry a small USB voltmeter with me when traveling.
[+] [-] ekianjo|6 years ago|reply
That story is in China, where everyone is already massively monitored constantly (and this is not even hidden by their government).
[+] [-] 0x38B|6 years ago|reply
The Shortcut is simple and easy to use (1). If I wanted to do the same thing on Android, I'd use Termux (2).
---
My 'Universal Clipboard' is a text file on a VPS. My devices set or get the contents via SSH. E.g. Android[Termux SSH] > VPS < iOS[Shortcuts 'Run Script over SSH']. Comes in handy!
1: https://www.icloud.com/shortcuts/2190aca622b948258a9024d8dda... 2: https://termux.com/
[+] [-] rz2k|6 years ago|reply
[+] [-] jraph|6 years ago|reply
- Copy from the phone and paste on your computer, or vice versa (this is an optional feature, fortunately).
- Right-click on a link in a browser, or click on the KDE Connect icon -> send to device.
You can also send files between devices with it.
(it works outside the KDE environment too, even outside GNU/Linux apparently, and Gnome has its own implementation)
[+] [-] MrGilbert|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]
[+] [-] m-i-l|6 years ago|reply
Actually nomophobia is more than a fear of low battery - it is a fear of being without a working mobile phone, e.g. due to loss of phone, poor signal or low battery. It is more of a psychological condition, and proper treatment is to address the root cause rather than avoid the situation - it would be like saying heroin addiction is not a problem because there are heroin dealers on every street corner.
[+] [-] qplex|6 years ago|reply
It's almost the same thing as worrying about a car breaking down if you're 100 miles from the nearest town.
Yet we don't have a specific "fobia" for that, because it's really not a mental disorder to worry about such things.
So many things today depend on having a working mobile phone.
[+] [-] Tomte|6 years ago|reply
No, thank you.
[+] [-] andrewstuart|6 years ago|reply
Also free to air television never uses them.
Also I've never seen one used on the giant screen at a sports game or concert.
Also they could just be used for paying for anything at the checkout.
[+] [-] matt_the_bass|6 years ago|reply
Is my understanding incorrect?
[+] [-] novok|6 years ago|reply
https://atadistance.net/2019/08/13/transit-gate-evolution-do...
But China is in love with the QR code, so who knows how many years or decades it will take them to make their subway gates use fast NFC payments.
[+] [-] _ph_|6 years ago|reply
I am surprised, not more business cards have QR-codes printed on them with the important contact information. But for my personal use, I have a QR-code containing my email address as a picture on my phone, so I can display it for anyone to scan whom I want to give my address to.
[+] [-] michaelt|6 years ago|reply
The thing that surprises me here isn't the success of QR codes, but the failure of NFC (and to a lesser extent Bluetooth) which was practically designed for paying with your phone.
How did NFC lose out to QR codes at the application it was designed for? Was it a reliability problem? Were the APIs too locked-down for anyone to be able to work with them?
[+] [-] cyborgx7|6 years ago|reply
[+] [-] pacificleo12|6 years ago|reply
[+] [-] dexen|6 years ago|reply
>https://picturesofpeoplescanningqrcodes.tumblr.com/
[+] [-] pmoriarty|6 years ago|reply
[+] [-] sriku|6 years ago|reply
The ad network and renting bikes and more recently charging electric scooters cases are also catching on.
[+] [-] g8oz|6 years ago|reply
So hold on, if I don't have a working phone, I can't wipe my ass?
[+] [-] Causality1|6 years ago|reply