Version française

Proof of Concept - Quebec Government QR Code - Impacts to our privacy

Application source code

As seen in recent news reports, several IT security and privacy experts have explained that any restaurant, store, office, and other places forcing the use of the QR Code to access those places could also retain the information, resell it or even follow you!

So here is a video to demonstrate how easy it can be to read the content of the QR code and to keep track of these people while recording the information without leaving any trace.

Several information are available when scanning the vaccination passport. It has already been mentioned that this information needs to be encrypted, but it was only encoded.

The application demonstrates how a malicious commercant who owns multiple branches would be able to track where people are going, if some of those places are visited multiple times and how often. Not to mention the possibility that some will establish partnerships to exchange or resell said data and cross-check them with other sources. Facial recognition in shopping centers?

With all of this information available, this is of course a breach of our privacy. Especially since we are being shown an interest of the Ministry of Health to share citizen health data "de-anonymized" in recent news!

One solution would be to encrypt and not simply to encode, making it impossible for commerces to read the information in the clear text, for example. Everything would be protected by a key that the government would have in order to validate this information. This kind of solution requires an infrastructure in place to get these details securely.

Please note that this app was developed by two (2) people from Hackfest Communcation community for a total of approximately 20 hours. More seasoned programmers could have completed the whole thing even faster. It should also be noted that the level of complexity is not beyond the reach of a person new to programming.