QR Codes
by John Bandler
QR codes (quick response codes) can be convenient and help you find a website or webpage with a scan from your phone or tablet instead of manually typing in the address.
QR codes can also present some risks regarding cybercrime and privacy.
As with everything in life, we need to assess the risks and benefits and make a reasonable decision.
Let's discuss.
My QR Codes to JohnBandler.com
My QR codes are safe, they take you to a safe place, and do not collect any information about you.
My QR codes take you to this site, JohnBandler.com. This site is safe, your only danger would be falling asleep while reading the articles.
My QR codes are static (not dynamic) meaning I do not collect any information about the device scanning the QR code.
In contrast, dynamic QR codes are generally able to obtain and maintain some statistics such as number of scans, times, dates, and operating systems used.
I use QR codes for course handouts and in my newer books. That way attendees and readers can find a reference article easily. I try to make it clear where exactly that QR code will take you by writing out the webpage address near the QR code.
I have some mild analytics on my website (as does almost every website) using a QR code to get to my website does not reveal extra information. Though I can see aggregated data that someone visited the website, the analytics cannot tell if they come by QR code, nor which QR code they scanned or where they scanned it.
The bottom line is, if you want to go to my site, it doesn't really make a difference for your privacy or security whether you use the QR code or type in the webpage address.
Static QR codes
Static QR codes are fixed, they will always will point the user scanning the code to a specific webpage (e.g. URL).
It works sort of like this:
- A QR Code is created that points to a webpage (or other URL) and its available for the user to see.
- User points their phone camera to view the QR code (or uses another computer camera device)
- The computer recognizes that it is a QR code, may frame it and advise what website the QR code is pointing to
- The user then directs their computer (smartphone) to proceed to that website (e.g., with a tap)
- The computer launches the default web browser and goes to the webpage indicated in the QR code
- The website sees a new visitor, but probably doesn't know how exactly the visitor got there, or that the visitor used a QR code to get there.
If that specific webpage (URL) becomes obsolete, the Static QR code keeps pointing web browsers there. You would need to create a new QR Code for any new URL.
Dynamic QR codes
Dynamic QR codes go through a middleperson, the company that helped you create that QR code and will continue to manage what happens when someone scans that QR code. You may need a subscription (pay some money) to create dynamic QR codes, you can change where they ultimately land, and some analytics are collected.
It works sort of like this:
- In sum: A QR Code is created that points to the QR Code company landing page, and the QR Code company then redirects visits to the designated final landing page.
- The QR Code is available for the user to see.
- User uses their phone camera to view the QR code (or uses another computer camera device)
- The computer recognizes that it is a QR code, may frame it and advise what website the QR code is pointing to
- The user directs their computer (smartphone) to proceed to that website
- The computer launches the default web browser and goes to the webpage indicated in the QR code
- This webpage is an intermediate stop at the QR code company, which collects some analytics such as time, date, user location, user computer operating system
- The QR code company then redirects the user to the final landing page (this can be changed, which is what makes it "dynamic")
- The website sees a new visitor. With analytics (thanks to the QR code company), they can link it to the use of the QR Code and other data.
- Since the final landing page can be changed as needed ("dynamic") without changing the QR Code image itself, that has a number of benefits. Printed QR codes never have to go to dead or obsolete webpages.
Weighing risks of QR codes
Nothing in life is risk free. We weigh the pros, cons, and probabilities.
Pros
- QR Codes are an easy way to get to a website you want to get to, when you know where you are going, when you trust who put the QR Code there. Reading and typing a URL into a smartphone is a pain, but using the QR Code is fast (hence the name "quick response").
Cons
- A malicious QR Code could take you to a malicious website. A malicious website can damage your computer, try to install malware, etc.
- An imposter QR Code could take you to a malicious or imposter website (phishing website). That website could harvest your credentials (if you attempt to login).
- A malicious QR Code could try to launch one of your apps (applications) and perform an action.
- A QR Code from companies that do not respect privacy could take you to a website that does not respect your privacy.
- A dynamic QR Code collects some data about you. Companies are always trying to learn about people they interact with, including location. There is a lot of tracking and data collection, maybe you don't want this extra bit of data being tracked.
Privacy recap
Privacy is an important issue. We should be aware of the choices we are making for our own privacy. Companies should be aware of their privacy practices, what they are collecting from consumers, and be fair and transparent about it.
Consider these scenarios:
- You go to a restaurant, are handed a menu, place an order, pay with cash. The restaurant has obtained very little data about you.
- You go to a restaurant, you are required to scan a QR Code to view their menu on your smart phone. Now you visited their website too, and the restaurant can collect some analytics data about you and your computer device. A "brick-and-mortar" transaction has become linked with a digital online interaction, your device, web browser, and more.
I'm not saying one is good and the other is bad, just pointing out the issues.
How does one create a QR code?
There are lots of ways to create a QR code.
One of the easiest ways is to use your Chrome browser:
- Go to the webpage (URL, universal resource locator) that you want to create a QR code for
- Select the three dots at the top right of the browser to launch the main menu
- Select "Save and Share" to launch the next menu
- Select "Create QR code"
This creates a static QR code that lands the user on that webpage. It also has the Google dinosaur (T-Rex to be exact). That might not be what you are looking for.
Other companies will generate free QR codes for you.
For my book I used QR Code Monkey which is free for static QR codes. You can adjust the design, colors, add a logo image, and more to create static QR codes. They state they do not save or reuse customer data in any form.
- https://www.qrcode-monkey.com
- https://www.qrcode-monkey.com/#about
There are other companies that will allow you to make free static QR codes as well.
How does the technology of a QR code work?
See the YouTube link below for an awesome video, a nice relaxing evening watch.
Conclusion
QR codes can be very convenient. But you need to know whose QR code you are scanning, and weigh the risks of cybercrime and privacy.
This short article has many simplifications, is not tailored to your circumstances and is not legal or consulting advice.
If your organization needs help with improving its internal documentation and compliance with laws and regulations, including regarding cybersecurity and protecting from cybercrime, let me know.
Additional reading on this site
- Law
- Cybersecurity
- Privacy
- My policies book with lots of QR codes in it to aid the reader
- Introduction to Law (Outline)
More information elsewhere
- Wikipedia on QR Codes, https://en.wikipedia.org/wiki/QR_code
- QR Code Monkey
- QR Code Generator
- https://www.qr-code-generator.com
- https://www.qr-code-generator.com/blog/static-vs-dynamic-qr-code/
- https://www.qr-code-generator.com/blog/how-does-qr-code-tracking-work/
- https://support.qr-code-generator.com/hc/en-us/articles/7664170522893-What-is-the-difference-between-Dynamic-and-Static-Codes
- https://www.qr-code-generator.com/qr-code-marketing/more-information-more-flexibility/
- Veritasium (Derek Muller), How do QR codes work?, Sep 30, 2024, via YouTube at https://youtu.be/w5ebcowAJD8
Disclaimer: I do not know much about the QR Code companies I link to, so I am not vouching for them, nor do I intend to promote them. But their articles were helpful and I used the QR Code Monkey site to generate a lot of free QR codes.
This article is hosted at https://johnbandler.com/qrcodes, copyright John Bandler, all rights reserved.
Originally posted 2/8/2024, updated 12/04/2024.