You have a phone that's always listening and tracking you.... and you think the QR code is somehow what they need to track you?
Bruh, you've gotta think more and feel less. It's been a common conversation piece for a few years now about how when you talk about something it magically appears in ads and other stuff.
Your phone is doing that even without scanning a QR code if you haven't locked it down and turned it in to a dumb phone.
If you do that it's just your ISP and law enforcement that can track you.
I bought a Light Phone to carry with me when I leave my apartment complex. If payphones still existed I wouldn't even carry that, but if there's an emergency and I'm out, I still need to contact someone. I couldn't imagine scanning a QR code for anything. I don't want to provide them with data to sell.
I have a smart phone (required for work) but it doesn't leave my complex. I know the Light Phone can be tracked with triangulation but that's much better than the smart phone's constant spying and lord only knows what my company put on the phone for their version of tracking.
It’s true! I went to a restaurant the other day and an “accept cookies” notification box came up after scanning the QR and being directed to the website...
For shits and giggles, I checked it out...
It said all of the above and much more!
Name, address, all kinds of shit.
Lets go over the list. When accessing the menu inside the restaurant, they'll know that
The phone is inside the restaurant
The phone was inside the restaurant at the time you were sitting there
The phone was connected to the nearest cell tower to the restaurant (they can't actually know this, only the carrier can, but they can guess.)
Metadata your browser sends to every single page you request, which you can configure to be anything.
This does not seem nefarious.
They'll also know which IP your phone happened to be assigned at the moment you requested the page. With a warrant, the police will be able to go to your carrier and get their customer records for you. I suppose that's vaguely annoying, but you can use a cheap VPN service to foil this. Unless you use a VPN they might also be able to run a traceroute back to your IP, which probably reveals which carrier you are using.
I don't think they'll be able to get the phone IMEI or any other hardware identifiers, since that's simply not accessible to JavaScript in the browser, and it's not being sent as headers when requesting any page. I could be wrong about that. Same with wifi or signal strength, and network status - the best they could do would be to try to load a massive resource to do a speed test and find out how much bandwidth your phone happened to have while inside that restaurant.
The real annoyance about tracking on the web, is cross site tracking, such as when one site embeds a tracking-script from Facebook or Google which lets them correlate your pageview across all sites using those trackers. If you know what you're doing you can block that, but it's hassle.
It gets worse though :-)
When you sit down at the restaurant, they'll know that you are there, and what time it is. They'll know what your face looks like, what you're wearing, approximate height and body mass, and when the waitress comes by to take your order, she'll know if you have dubious personal hygiene. Unless you pay cash, or with an exotic anonymous card, they'll know who you are as well.
If you're worried on this level, don't bring a phone with you.
Dude
You have a phone that's always listening and tracking you.... and you think the QR code is somehow what they need to track you?
Bruh, you've gotta think more and feel less. It's been a common conversation piece for a few years now about how when you talk about something it magically appears in ads and other stuff.
Are you like 80 or something?
thne qr code opens up more corporations to track you, and the for profit data brokers will get even more information from you.
Your phone is doing that even without scanning a QR code if you haven't locked it down and turned it in to a dumb phone. If you do that it's just your ISP and law enforcement that can track you.
Doesn't matter. All phones even dumb phones after 2003 need gps to track you.
I bought a Light Phone to carry with me when I leave my apartment complex. If payphones still existed I wouldn't even carry that, but if there's an emergency and I'm out, I still need to contact someone. I couldn't imagine scanning a QR code for anything. I don't want to provide them with data to sell.
I have a smart phone (required for work) but it doesn't leave my complex. I know the Light Phone can be tracked with triangulation but that's much better than the smart phone's constant spying and lord only knows what my company put on the phone for their version of tracking.
I've never been to a restaurant that was QR only, they've always given me a real menu when I asked for one.
It’s true! I went to a restaurant the other day and an “accept cookies” notification box came up after scanning the QR and being directed to the website... For shits and giggles, I checked it out... It said all of the above and much more! Name, address, all kinds of shit.
Lets go over the list. When accessing the menu inside the restaurant, they'll know that
This does not seem nefarious.
They'll also know which IP your phone happened to be assigned at the moment you requested the page. With a warrant, the police will be able to go to your carrier and get their customer records for you. I suppose that's vaguely annoying, but you can use a cheap VPN service to foil this. Unless you use a VPN they might also be able to run a traceroute back to your IP, which probably reveals which carrier you are using.
I don't think they'll be able to get the phone IMEI or any other hardware identifiers, since that's simply not accessible to JavaScript in the browser, and it's not being sent as headers when requesting any page. I could be wrong about that. Same with wifi or signal strength, and network status - the best they could do would be to try to load a massive resource to do a speed test and find out how much bandwidth your phone happened to have while inside that restaurant.
The real annoyance about tracking on the web, is cross site tracking, such as when one site embeds a tracking-script from Facebook or Google which lets them correlate your pageview across all sites using those trackers. If you know what you're doing you can block that, but it's hassle.
It gets worse though :-)
When you sit down at the restaurant, they'll know that you are there, and what time it is. They'll know what your face looks like, what you're wearing, approximate height and body mass, and when the waitress comes by to take your order, she'll know if you have dubious personal hygiene. Unless you pay cash, or with an exotic anonymous card, they'll know who you are as well.