When Spencer Buell of Boston Magazine came out earlier this month with a full-throated roar against the QR code, my knee-jerk reaction was to bang my head against the wall. I don’t like hurting myself, though, so I stopped, read his piece in full, and began to feel out where he was coming from. After all, these weirdo pixels aren’t really human-readable, require an expensive, sometimes unwieldy phone to be understood, can be exploited for deception or malware, and might not even make sense as a replacement for good ol’ plaintext… at least at first blush.
Almost every institution you can think of has sought out and adopted QR codes as a salve to COVID uncertainties, bringing people into frequent exposure with menacing boxes, perhaps frequent enough to have them become embedded into fatigue of “hygiene theater” and the seemingly never-ending crisis. But to wish for their demise is not only futile, it’s just shooting the messenger — one of the most versatile ones we have.
The quick academics on the Quick Response(!) code can be found in this archived guide from its inventor, Japanese auto parts maker Denso and its industrial robotics subsidiary, Denso Wave.
Unlike those Universal Product Codes that can take up loads of space for relatively little payoff — clip above courtesy of Ashens on YouTube — adding a literal dimension of information to them allows one to pack in anything from binary to alphanumeric content to even full-fledged kanji characters and have it all be readable and fool-proof at smaller sizes, even with some error. Evolving upon the old zebra stripes was a boon for industry, doing the exact same things as they were — verifying processes, tracking inventory, and such — just more robustly.
But as Denso decided to let the public have at its patents, well, eventually all hell had to come loose, right? From the 2011 guide:
Mobile marketing has been very popular in Japan, Korea, and the Netherlands for several years, and has recently seen rapid growth in North America, where the QR Code is increasingly appearing in print and online advertising, as well as on signs, billboards, posters, business cards, clothing and other items.
That’s where we cue the shirts, the tattoos, the ubiquity of WeChat Pay in China, and us in the West generally being over them after a few years.
And then came COVID-19.
Research was relatively quick to determine that while the virus lasts about as long on many surfaces as it does through the air, the risk of fomite transmission was relatively low with frequent cleaning. Many governments, however, were quick to lay down rules against circulating restaurant-kept menus during the tenuous pre-vaccine period of dine-in experiences and that left most restaurateurs to deal with disposable menus, giving print shops and paper mills down the line one of the first demand shocks of the pandemic.
Our friend Spencer? He’s not buying it.
“QR codes taped to bar tops. QR codes slapped on bus shelters. QR codes on the headstones of the dearly departed,” he laments.
Those QR codes may have only bridged a gap for some shop owners, but for others, they became a full-on replacement and an impetus to stack up their lacking digital infrastructure, especially as front-of-house staff became subject to illness, layoffs, or plain quitting. After all, what good is a QR code linking to a PDF menu when no one can take the order? Online ordering to the rescue.
More time has passed and the savvier types have realized they can stick a redirectable URL and have it point to whatever they need for the moment: lunch menu, dinner menu, today’s specials, their Instagram account with the latest post alerting fans to altered hours, whatever they need. That’s a testament to the power of web development more than anything else, but with QR as a vessel, it made even more sense to stick them everywhere rather than, say, distributing schedule placards at every bus stop and having to turn them over whenever they need an update. As a metro Boston resident myself, I can point out a bunch of ‘T’ stops with schedules from the early aughts slapped on them.
“Did people get deeply unsettling QR code tattoos during this time of strife and suffering,” Buell goes on to ask. “Scan this QR code to find out:”
I’ll spare you the code itself, the inclusion of which is just a bad faith attempt at making you fuss around with your phone’s camera app — yes, it can read QR codes now, it’s been able to for years — for no good reason. It also includes a landing page for ads and that’s just poor taste; much unlike the masterpiece that is the header image for this article.
Oh, about the tattoos: Vice News says ‘yes.’
I’m also not sold on QR’s security scourge. Those same apps and others like Google Lens and QR & Barcode Scanner PRO will generally give you a good preview of what you’ve scanned. Anyone with at least a little internet literacy will want to read out their URLs before you visit their sites.
I’ve also found that these apps generally won’t properly read code (or, at least, a game of Snake compiled in C, then x86 Assembly, then C again by MattKC on YouTube) so that’s at least one threat vector out of the question. Specifically in the case of Android (hello, we’re Android Police, read our other articles), you can’t just go plugging in ADB commands without connecting to an external console and having USB debugging mode turned on — most people won’t even know how to open up Developer Mode on their devices.
Buell’s single biggest objection, though, is the use of “this wretched technology” in a vaccine passport app which Massachusetts and multiple other states would recognize. He cites a Recode piece which talks about New York’s Excelsior Pass app which contains a user-unique QR code that links to the person’s vaccine records and how out of more than 6 million passes issued up to October that those codes were only scanned just over 300,000 times. The lack of engagement can be chalked up to… well, lack of engagement: venues tend to accept the pass at face value, not realizing that they should’ve scanned them with the Excelsior Pass scanner app to verify visitors’ records. Even at that, scanning is officially “recommended, not mandated,” and that’s just not fair to the people using their phones.
Forging a glanceable, passable vaccine card is fairly easy, but for those who want an honest way of showing off their jabs, a paper pass shouldn’t be the only option available. Not to mention the ones we have now can be difficult to replace, ink and all, especially if you got vaxxed without insurance. At the end of the day, our medical records are all on electronic databases anyway. It can be much easier to connect the digital dots and have that precious, combined payload available through a unique URL that can more easily be read as… wait for it… a QR code! Which you can print if you still want a hard copy. That’s what Germany is doing.
Sure, the systems they use aren’t infalliable and can be exploited, but that’s not a QR problem; that’s a database security problem. What I’m not saying is that they need to take over our lives as is the actual case in China nor should we see them as a stepping stone toward the completely unrelated and extremely complex technology of biometric authentication.
QR codes are useful tools that save minutes of poking around on our keyboards. They’re not going to replace human servers with robots at your local diner — unless it’s the owner’s prerogative. They also die as soon as the internet (or host server) does.
Are they finicky sometimes? You betcha. But are they going away? Not anytime soon and for good reason, too. We best be at peace with that.
Spencer.
Read Next
About The Author
