Skip to content

Include QtQR Package for a QR Code Creation and Decoding GUI in Tails

The Graphical QR generator and decoder frontend QtQR is a good candidate to be included in Tails for working on sensitive documents.

Debian Package: qtqr

QtQR: a Qt GUI (front-end) for python-qrtools

Creating and decoding QR codes is important for producing & safely following QR links on banners, business cards, flyers, posters, and leaflets, as well for Bitcoin transactions or even crossing air-gaps. QtQR is 42 kB. Easy to use. Its dependencies are already in Tails.

The user SHOULD be able to do all relevant things with easy-to-use graphical interfaces. The PELD SHOULD present a solid, user-friendly desktop environment with all the expected features after booting: file management, system settings configuration, support applications etc.

Currently, QR scanning in Tails requires command-line use, and creating QRs may involve Python scripting. QtQR simplifies these tasks significantly.

The PELD aims at providing a "safe" environment to produce and optionally publish sensitive documents. While the combination of anonymous access to the Internet and resistance against future equipment analysis does most of the job, some application-level attacks deserve special treatment: e.g. tools needed to inspect and cleanup metadata — such as EXIF data — in files SHOULD be available.

QtQR is a safer way to create and decode QRs. Without it, many users may resort to online QR generators or decode QRs with clearnet mobile devices, risking tracking.

We avoid proposing several options to accomplish the same task.

The only offline alternative is learning to code and using a website is all downside:

  • It requires a network connection

Malicious or insecure QR websites may:

  • Track which QRs the user scans or creates in a session.
  • Leak or steal the encoded data.
  • Ransom the user by charging to keep the QR active after printing costs have been incurred.
  • Phish or censor by decoding to incorrect data.

Restarting with an Administration password to run sudo apt install qtqr—if users even know it exists—is a lengthy process which might push them towards worse options. Including QtQR in the default Tails setup would offer a reliable, offline solution that aligns with Tails' goals for working on sensitive documents.

Relevant Screenshots of the application:

image

Riou needs donations, but trusting a QR website may hurt privacy or even "blacklist" the address.

image

Encoded URL link: An online QR generator scammed a graphic designer.

image

This is a "SeedQR" representing a Bitcoin mnemonic seed phrase and can NEVER be trusted on any website.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information