(no title)

I don't know if this would be possible given the limited information currently available, but an example may be:

User attempts to browse anonymously through the use of A VPN, obscuring their residential IP. Website, or third party analytics on a website generate unique links and embed them in QR codes hidden on the page. A twist on tracking pixels. Browser requests, and caches image containing QR code on disk. Later, after user has disconnected from VPN their OS indexes images on the filesystem (for search purposes, or whatever, parses the QR code and requests the url contained. Malicious site/analytics firm now has additional data point (residential IP, not obscured by VPN) to correlate against.

There's also the remote potential that the QR code parsing/request functionality could have vulnerabilities. The behavior known doesn't indicate that, but it might result in exploitation with less human interaction if they are found.