Privacy and security
Don't get fooled: how to spot scams in your inbox
Learn how to protect yourself from falling victim to phishing emails.
Read articleNimmi Kanji
Director - Social Purpose Programs, For Good and TELUS Wise
How does a technology created 28 years ago all of the sudden have a major renaissance? With the COVID-19 pandemic, contactless became a way to stay healthy. And QR codes moved from their origins on the factory floor to mainstream almost overnight.
With QR codes being used for everything from proof of vaccination, re-entry to Canada and contract tracing to restaurant menus and contactless payments, the privacy conversation is prominent.
The Quick Response (QR) code was released in 1994 by a Japanese engineer named Hara Masahiro to track vehicles during the manufacturing process. More comprehensive than a barcode in terms of the information it’s capable of storing, the QR code made it easier to scan and track items.
Marketers experimented with using QR codes in the 2000s to direct prospective buyers to their websites, but they didn’t become as popular as they are now until the pandemic hit in 2020. As part of a larger wave of innovation fuelled by COVID-19, the QR code proved very useful in offering a touchless way to share information.
Eric Rescorla, CTO, Firefox at Mozilla explains how the QR code works in his blog, educatedguesswork.org:
The QR codes themselves aren’t necessarily the privacy culprits. It’s the ecosystem they exist in. According to the Washington Post, in its article, QR codes are a privacy problem, but not for the reasons you’ve heard, QR codes, “turn analog interactions — like ordering a pizza — into digital ones, and those digital interactions can be subject to tracking by the restaurant or store. Because QR codes open a browser, companies might use that digital signal to connect the dots between online and offline activity.”
Once you go to a website, you often encounter cookies, which store data on your computer or device to track your session and what you do. For the purposes of privacy, cookies are often used by marketers/advertisers to keep track of browsing activity and gain insight into consumers’ interest, so they can serve up relevant ads.
Rescorla highlights the complexity of a seemingly simple and convenient way of accessing information. The cookie is part of it. But more important is the information the URL encodes. If you provide a table number, or the link goes to an ordering system rather than a readable menu, the site can remember where you sat and what you ordered. Depending on the system operating in the background, you could also be tracked across multiple restaurants.
There have also been some reported security issues with QR codes. In August 2021, several Quebec politicians, including Premier Francois Legault and Health Minister Christian Dube, had their vaccine passport QR codes hacked. While the information compromised only included name, date of birth and vaccinations received, it raised concerns about the safety of QR codes and protecting the information encoded into them.
QR codes have become fairly inevitable, and many businesses, especially restaurants, are using them to cut costs and maximize their understaffed teams – no more updating chalkboard menus or reprinting to stay current. How can you protect your privacy and security while still taking advantage of the convenience?
Like anything online, using QR codes comes with compromises. Following a few simple steps can help you protect your privacy and security, so you can order your favourite pizza, make it through customs seamlessly or provide proof of vaccination to businesses that require it.
Learn how to protect yourself from falling victim to phishing emails.
Read articleLearn how to protect your email and reduce potential exposure.
Read articleLearn best practices to ensure the security and privacy of your online accounts.
Read article