lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

69
active users

#qrcodes

0 posts0 participants0 posts today
Replied to Glyn Moody

@glynmoody Like so many things it's not really the technology that's at fault. QR codes are a convenient way of encoding & transmitting information.

The problems are that (a) most phones are configured to automatically load the webpage pointed at by a QR Code (assuming it encodes a URL) and (b) the persistent problem behind almost all online scams -- users are not given the tools or knowledge to help them detect a fraud.

I use the SECUSO QR Scanner app on my phone which not only displays the URL before launching it, but requires the user to check a confirmation box forcing you to think a bit more about what's about to happen.

Of course that only solves problem (a) above.

secuso.aifb.kit.eduKIT - Secuso Main Page

Well, duh...
"National Car Parks, which runs 800 car parking sites across the #UK, is considering removing QR codes from its signage".
At one point, I thought of creating one for my #church notice board, but decided against when alerted to the gaping security #problem!
#CarParks
#crime
#qrcodes odes
bbc.co.uk/news/articles/cq6yzn

BBC NewsOrganised crime gangs behind rise in QR 'quishing' scamsThousands of scams linked to fraudulent QR codes have been reported since 2019, the BBC finds.

Today's pleasant discovery: If you search DuckDuckGo for

qr code the text you want in a QR code

then it generates the QR code for you. This is going to make things much easier with the ebooks I'm including in my book display in the library.

Apparently someone is sticking fake "Parking Payment" QR codes on parking meters in Manhattan Beach (California).

#qrcodes #scam

2025-04-01 13:26:52 PDT

The City warns residents and visitors about a scam involving unauthorized QR codes for parking payments. Currently, there are no QR codes for online payments at parking meters or pay stations.

Please avoid using any QR codes you come across, as they may lead to fraudulent sites. Only use official payment methods.

Report any suspicious activity to our Police Department. Stay safe and vigilant!

If you see a QR Code on a parking meter, do not scan it. Contact Manhattan Beach Police at (310) 545-4566.

member.everbridge.net/31157840

🆕 blog! “A Recursive QR Code”

I've been thinking about fun little artistic things to do with QR codes. What if each individual pixel were a QR code?

There's two fundamental problems with that idea. Firstly, a QR code needs whitespace around it in order to be scanned properly.

So I focussed on the top left positional marker. There's plenty of whitespace there.

Secondly, because QR codes…

👀 Read more: shkspr.mobi/blog/2025/03/a-rec

#art #qr #QRCodes

Terence Eden’s Blog · A Recursive QR Code
More from Terence Eden

I have seen article claiming that #Google is going to switch to requiring use of #QRcodes (which I loathe) in order to use #gmail, sometime in the not too distant future. The other email that I have used in the past gradually became useless in recent years (I suspect Gmail of blocking smaller mail servers) so I have just finished migrating everything to my gmail address, but it looks like I now need to migrate elsewhere.

Can people recommend a reliable email service?

🆕 blog! “Why are QR Codes with capital letters smaller than QR codes with lower-case letters?”

Take a look at these two QR codes. Scan them if you like, I promise there's nothing dodgy in them.

👀 Read more: shkspr.mobi/blog/2025/02/why-a

#qr #QRCodes

Terence Eden’s Blog · Why are QR Codes with capital letters smaller than QR codes with lower-case letters?
More from Terence Eden

Why are QR Codes with capital letters smaller than QR codes with lower-case letters?

shkspr.mobi/blog/2025/02/why-a

Take a look at these two QR codes. Scan them if you like, I promise there's nothing dodgy in them.

   

Left is upper-case HTTPS://EDENT.TEL/ and right is lower-case https://edent.tel/

You can clearly see that the one on the left is a "smaller" QR as it has fewer bits of data in it. Both go to the same URl, the only difference is the casing.

What's going on?

Your first thought might be that there's a different level of error-correction. QR codes can have increasing levels of redundancy in order to make sure they can be scanned when damaged. But, in this case, they both have Low error correction.

The smaller code is "Type 1" - it is 21px * 21px. The larger is "Type 2" with 25px * 25px.

The official specification describes the versions in more details. The smaller code should be able to hold 25 alphanumeric character. But https://edent.tel/ is only 18 characters long. So why is it bumped into a larger code?

Using a decoder like ZXING it is possible to see the raw bytes of each code.

UPPER

20 93 1a a6 54 63 dd 28   
35 1b 50 e9 3b dc 00 ec
11 ec 11

lower:

41 26 87 47 47 07 33 a2   
f2 f6 56 46 56 e7 42 e7
46 56 c2 f0 ec 11 ec 11  
ec 11 ec 11 ec 11 ec 11
ec 11

You might have noticed that they both end with the same sequence: ec 11 Those are "padding bytes" because the data needs to completely fill the QR code. But - hang on! - not only does the UPPER one safely contain the text, it also has some spare padding?

The answer lies in the first couple of bytes.

Once the raw bytes have been read, a QR scanner needs to know exactly what sort of code it is dealing with. The first four bits tell it the mode. Let's convert the hex to binary and then split after the first four bits:

TypeHEXBINSplitUPPER20 9300100000 100100110010 000010010011lower41 2601000001 001001100100 000100100110

The UPPER code is 0010 which indicates it is Alphanumeric - the standard says the next 9 bits show the length of data.

The lower code is 0100 which indicates it is Byte mode - the standard says the next 8 bits show the length of data.

TypeHEXBINSplitUPPER20 9300100000 100100110010 0000 10010lower41 2601000001 001001100100 000 10010

Look at that! They both have a length of 10010 which, converted to binary, is 18 - the exact length of the text.

Alphanumeric users 11 bits for every two characters, Byte mode uses (you guessed it!) 8 bits per single character.

But why is the lower-case code pushed into Byte mode? Isn't it using letters and number?

Well, yes. But in order to store data efficiently, Alphanumeric mode only has a limited subset of characters available. Upper-case letters, and a handful of punctuation symbols: space $ % * + - . / :

Luckily, that's enough for a protocol, domain, and path. Sadly, no GET parameters.

So, there you have it. If you want the smallest possible physical size for a QR code which contains a URl, make sure the text is all in capital letters.

Terence Eden’s Blog · Why are QR Codes with capital letters smaller than QR codes with lower-case letters?
More from Terence Eden

Nutzt hier zufällig jemand dynamisch generierte #QRCodes :qrcode: in @LibreOfficeDE Writer? Der eingebaute QR-Code-Generator erlaubt – sofern ich das richtig verstehe – keine Variablen.

Ich möchte allerdings einen Wert aus einer Tabellenzelle, die sich im gleichen #LibreOffice-Dokument befindet, im #QRCode einbauen, sodass sich die Grafik automatisch und dynamisch verändert.

Gibt es vielleicht eine andere* Idee, zum Beispiel über Makros? 🤔

(*kein externer Dienst, alles lokal; idealerweise ohne Makros; Nutzung des LibreOffice-eigenen QR-Code-Generators)

Um möglichst nicht auf gefälschte QR-Codes hereinzufallen, nutze ich unter iOS die QR-App „Qrafter“. Nach dem Scannen kann ich das Linkziel anzeigen lassen, bevor ich die Seite öffne.
Bei Qrafter ist nicht nur schon der Name genial, sondern auch der Funktionsumfang - egal, ob ich QR-Codes lesen oder erstellen will.
Du kannst zwischen der bezahlten Pro-Version und der kostenlosen Variante mit Werbung wählen. Der Funktionsumfang ist identisch.
👉 qrafter.com
#quishing #qrcode #qrcodes #qrafter #ios #ipados

I've seen a number of toots today advising people against scanning random #QRCodes because they can be used in a number of malicious ways.

There are a number of legitimate ways people can use such codes to trick others, and it can require some deeper understanding of how systems work to avoid them. For that reason, I'm not going to contradict that recommendation, but I will add to it.

QR codes are usually just URLs encoded in a visual, machine-readable form, so they aren't necessarily more dangerous than a link. The danger comes from the fact that most scanner apps will directly open whatever URL you scan without giving you the opportunity to consider whether that's a good idea.

You can reduce the risk of scanning such codes by installing a better app which requires manual interaction to open URLs after decoding them.

For android users I recommend "BinaryEye", since it's open-source, ad-free, and has a bunch of other useful features.

Its github page links to both F-Droid and the play store:

github.com/markusfisch/BinaryE

GitHubGitHub - markusfisch/BinaryEye: Yet another barcode scanner for AndroidYet another barcode scanner for Android. Contribute to markusfisch/BinaryEye development by creating an account on GitHub.
Replied in thread

@CrimethInc

A couple examples of why you shouldn't scan random QR codes: techradar.com/computing/cyberc

archive.is/TRmfo

Here's an article *promoting* the use of QR codes to collect data. Just by scanning the code, you are potentially giving up data.
qrcodechimp.com/collect-first-

Screenshot below is from the article.

Do not normalize using QR codes. All important information should be on the flyer, maybe with a QR code in the corner for people who want this. Have the URL printed out as well. The other thing to consider is that it is easy to create a fake URL that looks legitimate (e.g. with Cyrillic characters) and will fool most people at a glance. These fake URLs may even have a valid security certificate! Manually typing in the URL mostly bypasses this problem.

Don’t know who needs to hear this so I’ll say it loud.

DO NOT SCAN QR CODES

A friend did that a couple of days ago. It was on a machine in a car park to download their app. Except someone has replaced it and the first she knew was her bank letting her know they’d spotted fraudulent activity.

She was lucky and the bank stopped all the transactions and blocked her account. The next person might not be.