QR Codes

by John Bandler

QR codes (quick response codes) can be convenient, help you find a website or webpage with a scan from your phone or tablet instead of manually typing in the address.

QR Code to JohnBandler dot com

QR codes can also present some risks regarding cybercrime and privacy.

As with everything in life, we need to assess the risks and benefits and make a decision.

Let's discuss.

My QR Codes to JohnBandler.com

My QR codes are safe, they take you to a safe place, and do not collect any information about you.

My QR codes take you to this site, JohnBandler.com. This site is safe, your only danger would be falling asleep while reading the articles. Near one of my QR codes you will see the address (URL) of the webpage that the QR code will take you to.

My QR codes are static (not dynamic) meaning I do not collect any information about the device scanning the QR code.

In contrast, dynamic QR codes are generally able to obtain and maintain some statistics such as number of scans, times, dates, and operating systems used.

I use QR codes for course handouts and in my new book. That way attendees and readers can find a reference article easily.

While I have some mild analytics on my website (as does almost every website) someone's use of a QR code to get to my website does not provide any extra information. I can see that someone visited the website, but I cannot see whether they come by QR code or other method, and I certainly cannot tell which QR code they scanned or where they scanned it. So the bottom line is if you want to go to my site, it doesn't really make a difference for your privacy or security whether you use the QR code or type in the webpage address.

Static QR codes

Static QR codes are fixed and "forever" will point the user scanning the code to a specific webpage (e.g. URL).

It works sort of like this:

  • A QR Code is created that points to a webpage (or other URL) and its available for the user to see.
  • User uses their phone camera to view the QR code (or uses another computer camera device)
  • The camera and computer recognize that it is a QR code, may frame it and advise what website the QR code is pointing to
  • The user directs their computer (smartphone) to proceed to that website (e.g., with a tap)
  • The computer launches the default web browser and goes to the webpage indicated in the QR code.
  • The website sees a new visitor, but probably doesn't know how exactly the visitor got there

That specific webpage or URL might become obsolete, but the Static QR code keeps pointing there, you would need to create a new QR Code for a new URL.

Dynamic QR codes

Dynamic QR codes go through a middleperson, the company that helped you create that QR code. You may need a subscription (e.g., pay money) to create dynamic QR codes, you can change where they ultimately land, and some analytics are collected.

I think it works sort of like this:

  • A QR Code is created that points to the QR Code company landing page, and the QR Code company redirects visits to the designated final landing page.
  • The QR Code is available for the user to see.
  • User uses their phone camera to view the QR code (or uses another computer camera device)
  • The camera and computer recognize that it is a QR code, may frame it and advise what website the QR code is pointing to
  • The user directs their computer (smartphone) to proceed to that website
  • The computer launches the default web browser and goes to the webpage indicated in the QR code
  • This webpage is an intermediate stop at the QR code company, which collects some analytics such as time, date, user location, user computer operating system
  • The QR code company redirects the user to the final landing page
  • The website sees a new visitor. With analytics, they can link it to the use of the QR Code and other data.
  • The final landing page can be changed as needed, without changing the QR Code image itself (that's what makes it dynamic)

Weighing risks of QR codes

Nothing in life is risk free. We weigh the pros, cons, and probabilities.

Pros

  • QR Codes are an easy way to get to a website you want to get to, when you know where you are going, when you trust who put the QR Code there. Reading and typing a URL into a smartphone is a pain, but using the QR Code is quick.

Cons

  • A malicious QR Code could take you to a malicious website. A malicious website can damage your computer, try to install malware, etc.
  • An imposter QR Code could take you to a malicious or imposter website (phishing website). That website could harvest your credentials (if you attempt to login).
  • A malicious QR Code could try to launch one of your apps (applications) and perform an action.
  • A QR Code from companies that do not respect privacy could take you to a website that does not respect your privacy.
  • A dynamic QR Code collects some data about you. Companies are always trying to learn about people they interact with, including location. There is a lot of tracking and data collection, maybe you don't want this extra bit of data being tracked.

Privacy recap

Consider these scenarios:

  • You go to a restaurant, are handed a menu, place an order, pay with cash. The restaurant has obtained very little data about you.
  • You go to a restaurant, you have to scan a QR Code to view their menu on your smart phone. Now you visited their website too, and the restaurant can collect analytics data about you and your computer device. A "brick-and-mortar" transaction has also become a digital online interaction.

Privacy is an important issue. We should be aware of the choices we are making for our own privacy. Companies should be aware of their privacy practices, what they are collecting from consumers, and be fair and transparent about it.

How does one create a QR code?

There are lots of ways to create a QR code.

One of the easiest ways is to use your Chrome browser:QR code to QR code article

  • Go to the webpage (URL, universal resource locator) that you want to create a QR code for
  • Select the three dots at the top right of the browser to launch the main menu
  • Select "Save and Share" to launch the next menu
  • Select "Create QR code"

This creates a static QR code that lands the user on that webpage. It also has the Google dinosaur (T-Rex to be exact) which may or not be what you are looking for.

Other companies will generate free QR codes for you.

For my book I used QR Code Monkey which is free for static QR codes. You can adjust the design, colors, add a logo image, and more to create static QR codes. They state they do not save or reuse customer data in any form.QR Code to JohnBandler dot com

  • https://www.qrcode-monkey.com
  • https://www.qrcode-monkey.com/#about

There are other companies that will allow you to make free static QR codes as well.

Conclusion

QR codes can be very convenient. But you need to know whose QR code you are scanning, and weigh the risks of cybercrime and privacy.

This short article has many simplifications, is not tailored to your circumstances and is not legal or consulting advice.

If your organization needs help with improving its internal documentation and compliance with laws and regulations, including regarding cybersecurity and protecting from cybercrime, let me know.

Additional reading on this site

Policies Book QR code
QR code to my policies book

More reading elsewhere

Disclaimer: I do not know a lot about the QR Code companies I link to, so I am not vouching for them, but their articles were helpful and I used the QR Code Monkey site to generate a lot of free QR codes.

This article is hosted at https://johnbandler.com/qrcodes, copyright John Bandler, all rights reserved.

This article is also available on Medium.com at NOT YET (though not kept as up to date).

Originally posted 2/8/2024, updated 2/19/2024.