Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
QR codes for covid need to be tokenized and hashed and salted at random intervals, like one time based tokens. whatsapp is using these types of QR codes for their web app. in theory those still can be tracked, but when all covid passports would be digital it would create an endless database, which, at some point, should overwrite itself, making tracking useless.
offcourse, you still need to trust the QR code scanner, malicious hardware can try to fingerprint your phone. so that can be tricky.
i dont think places like border control would accept a blind YES/NO answer, so thats why official covid passports also contain your name for ID (but that makes it not more secure). but for a pub or entering your workplace this double blind check would be more than enough security.
1 Like
Then just make it a physical card or I guess you could also hypothetically set it so that WiFi and Bluetooth are temporarily turned off when the QR code is open. You could also set it up so the scanner only reports codes scanned on a specific interval of time.
That won’t help. It is the QR Code that needs to change each time it is presented, otherwise it is trackable. Printing it out won’t make any difference.