SoylentNews is people
SoylentNews
https://www.theatlantic.com/health/archive/2021/08/covid-19-vaccine-cards-why-so-big/619707/
This spring, as New York City warmed up and the local vaccination rate surged, I met my best friend for our first restaurant meal together in months. As soon as we sat down, she began rifling through her purse. "I have something for you," she told me. From her bag came a rectangle of clear, thick, double-layered plastic—the kind of display pocket that often dangles at the end of a lanyard. My friend had swiped a handful from her office's supply closet. "It's for your vaccine card," she explained. But I already knew.
When I got my first shot, in late February, I sat in the mandatory waiting area, holding my new card in one hand and my wallet in the other, trying to understand why the two objects weren't compatible. I contemplated where I should put this brand-new golden ticket, ultimately sliding the thin piece of too-large card stock into an envelope I found in my tote. I'm going to either lose this or destroy it, I thought to myself.
Indeed, I lost it—at least for a little while. Despite dutifully sliding the card into its new protective pocket after lunch with my friend, I eventually found myself tearing my apartment apart searching for it, for exactly the reasons I had feared: It was the wrong size for the one place where most people keep all their important everyday documents, and of too nebulous a purpose to sit safely in a drawer with my birth certificate and passport. Could it unlock some sort of privileges at the airport? Were restaurants going to check it? Did I need to take it to medical appointments? My card had gotten shuffled into a sandwich baggie filled with extra masks, not to be rediscovered for six weeks.
With all due respect to our country's overworked and undersupported public-health apparatus: This is dumb. The card is dumb, and it's difficult to imagine a series of intentional decisions that could have reasonably led to it as the consensus best pick. Its strangeness had been a bit less important in the past seven months, when evidence of immunity was rarely necessary to do things within America. Now, as Delta-variant cases surge and more municipalities and private businesses begin to require proof of vaccination to patronize places such as restaurants and gyms, the rubber has met the road on this flimsy de facto verification apparatus. It's not the highest-stakes question of this stage of the pandemic, but it's one that's become quite common: How did we end up with these cards?
What size are the COVID-19 vaccine ID cards in other (non-USA) countries?
(Score: 3, Insightful) by lentilla on Tuesday August 24 2021, @05:37PM (4 children)
I scan QR random codes all the time.
There is a vast difference between reading something and acting on it. Just scanning a random QR code isn't going to make your device dirty!
(To be sure, QR code scanning applications should never blindly act on data - same as autorun.inf should never have been implemented the way it was - at some point you simply can't help people not to shoot themselves in the foot.)
I am very much impressed by QR codes. There are a really elegant way to reliably transfer a small packet of data from one place to another in a human-friendly format. Children can use them. Older adults can use them. They are the digital equivalent of a handed-out flyer you can stick in your pocket.
By themselves, QR codes are complete benign.
I agree with you completely here.
(Score: 0) by Anonymous Coward on Tuesday August 24 2021, @06:25PM (3 children)
Interesting because I've written exploits for competitions that are delivered via QR codes with no action needed other than for the user to scan them. Any time an application accepts unsanitized input from an unknown source it's a possible vector for malicious code execution.
(Score: 2, Redundant) by lentilla on Tuesday August 24 2021, @07:28PM (2 children)
Congratulations on finding a cool exploit!
... and an application to act on the data contained within (you missed the important part).
Well, there's your problem!
The reason I am posting this highly redundant reply is that it is critical that "normal people" understand the distinction between data and action in the realm of information technology. Like I said above, simply scanning a naughty QR code doesn't make your device "dirty". Given your ability to write exploits this will be self-evident to you, but it is also important that everyone else understands this too - such that they can apportion blame in the correct place - it's not the QR code at fault, it's either the application that processes it or a fundamental failure of the user to comprehend digital safety. "Digital safety" being as much a part of the modern survival toolkit as not walking down a dark alley in a bad neighbourhood. I would not want people to be misdirected to be scared of data. The salient issue is what what is done with that data. That is where we need to address our focus.
(Score: -1, Redundant) by Anonymous Coward on Wednesday August 25 2021, @01:06AM (1 child)
Calling your own post redundant is just begging for the Shitheads to mod you... -1 Redundant. Yes, I did.
(Score: -1, Redundant) by Anonymous Coward on Wednesday August 25 2021, @01:30AM
Then own it, Mr. Coward.