Talk:QR code

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
High traffic

On 2 June 2010, QR code was linked from Slashdot, a high-traffic website. (See visitor traffic)

Editing for better readability[edit]

The page right now has a ton of redundant information, overlap and missing links. I would assume that if I am here to learn about QR Codes, I should also be introduced to all the possible use-cases, the current issues that are being solved using QR Codes (like climate change and authentication) and where I might be able to create a QR Code for myself. What's the protocol for this?

Snehratna (talk) 06:17, 24 January 2020 (UTC)

Possibly a hidden Ad Campaign?[edit]

Note that reference 50 leads to http://vitreoqr.com/2014/QR_Code.html a company that CLEARLY is selling QR Codes. We should also note that everyone CAN download the iQR generator from Denso-Wave's website after registering (free): http://www.denso-wave.com/en/adcd/product/software/building/qrdraw-ad.html IMHO, this reference should be changed or removed. I'd put this as the reference instead: http://www.qrcode.com/en/codes/iqr.html — Preceding unsigned comment added by 188.250.154.18 (talkcontribs) 16:32, 4 July 2014

Reference 9 and 20 are broken links[edit]

What is the protocol for changing broken links? Snehratna (talk) 06:26, 11 June 2019 (UTC)

If you have a replacement link, just change the reference. Be bold. Jordan Brown (talk) 15:55, 23 October 2019 (UTC)
The official guideline is WP:DEADREF, which begins by saying "Do not delete a citation merely because the URL is not working." and then gives some practical advice (next search the site to see if the content has moved to a different URL on the same site; if that doesn't work, next see if the content has been archived at a web archive service; and so on). --DavidCary (talk) 03:15, 24 December 2019 (UTC)

Semi-protected edit request on 15 October 2018[edit]

Qryptal (talk) 09:08, 15 October 2018 (UTC)
 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate.  Spintendo  13:13, 15 October 2018 (UTC)

Semi-protected edit request on 18 October 2018[edit]

223.182.220.45 (talk) 02:02, 18 October 2018 (UTC)
 Not done: it's not clear what changes you want to be made. Please mention the specific changes in a "change X to Y" format and provide a reliable source if appropriate. Kyle Bryant (talk) 02:09, 18 October 2018 (UTC)

Misleading risks section[edit]

QR code#Risks is misleading - as this article explains, it's the URL the 2D barcodes decode to that's malicious, giving a link to a virus in an app store. So the 2D barcode doesnt contain an executable that the reader is to execute according to the decoding protocol, & the same vulnerability applies to all 2D barcodes and data sharing media. 131.191.99.210 (talk) 13:41, 11 March 2019 (UTC)

The claim is that the URL itself can include JavaScript that can attack the browser directly. Even if it's a simple non-executable URL, it can point to a web page that attacks your browser. In theory JavaScript and web pages are safe, but in practice browsers have bugs that can be exploited. It isn't necessary that you download an app. Jordan Brown (talk) 16:09, 23 October 2019 (UTC)
Jordan Brown, you may be right, but Wikipedia policy (WP:VERIFY) is "verifiability, not truth". The above reference says "QR codes cannot be viruses. At the worst case they can point to a URL that .. if you choose to download it ... may ... download a malware." Do you have any reference that says that the URL can contain malicious JavaScript? (The "EvilQR" reference *speculates* that such a malicious URL may be possible, and I agree that practically any URL can be encoded into a QR code, but their testing seems to indicate that most of the tested QR decoders (19 out of 21) didn't execute any JavaScript embedded embedded into the URL before asking for confirmation. The "alert" of the remaining 2 QR decoders is alarming, but it's not clear that indicates a real problem. --DavidCary (talk) 03:15, 24 December 2019 (UTC)
You could have a QR code that attacks the decoder, a QR code that encodes a URL (JavaScript or not) that attacks the browser, or a QR code that encodes a URL that points to a malicious web page. All are certainly plausible, and all have the same end result: your device is attacked. I wouldn’t consider the difference to be important to a non-technical audience. It would be a serious disservice to say that QR codes are safe, without mentioning the risks associated with the remainder of the pipeline. All that said, I’m not unhappy with the current text. It could be finessed a bit to be more technically accurate while still conveying the key warning: that there is a risk. Jordan Brown (talk) 18:44, 28 December 2019 (UTC)
The last sentence of the section is also misleading. I have not found The Wire page linked in the references, but after searching for Russian language sources for this, I found https://xakep.ru/2011/10/03/57128/ (in Russian) and https://securelist.com/malicious-qr-codes-pushing-android-malware/31386/ (in English). Both of these pages describe an Android trojan that was spread via QR codes and sent the $6 texts. I think that while using the codes to spread malware is definitely a risk, it was not the code itself that caused the phones that scanned it to send the messages (this would be the case if they used a vulnerability in the reader app to do this). X0wl (talk) 15:39, 13 July 2020 (UTC)

Can anyone scan the first example in the error correction section?[edit]

I thought the little square on the corner was one of the essential parts that must be present for a code to be readable... --95.92.219.13 (talk) 07:42, 5 July 2019 (UTC)

Damaged but still decodable QR code
Yes, I just now used the ZXing project's Android app to read that QR code with the lower-right corner torn off, and it decoded correctly (to a link to http://en.m.wikipedia.org ).
So apparently that little square alignment mark is *not* essential. --DavidCary (talk) 03:15, 24 December 2019 (UTC)