> Should you trust this tool with your WiFi password?
> Of course not! You shouldn't trust anything on the internet ever — but if it
> makes you feel better, I promise none of the information you enter on this page
> is saved anywhere.
I saw a theory on Reddit that you could safely use a tool like this by disconnecting from your internet before entering the information, then reconnecting after saving the QR code and having deleted it (thereby theoretically preventing your information from ever being sent to the website).
That sounds plausible, and the tool does seem to work while offline, but I don't have the expertise to confidently state that this would 100% protect you. Anyone want to chime in with how hard this would make it for them to harvest your data (if they wanted to, which I'm inclined to believe they don't, but just in terms of best practices)?
You could always write code that saves the data temporarily until the user reconnects to the internet or even visits the website again.
I'm not certain how I would use people's wifi passwords without being at their home, but I'm certain somebody on Hacker News could tell me exactly why it is a bad idea to share your wifi password to the internet.
> I'm not certain how I would use people's wifi passwords without being at their home
Doesn't Google track router SSID names and MAC addresses? This definitely used to be a searchable database that was connected to Maps. I can't find any of the old websites but it looks like it might still be accessible via API.
> but I'm certain somebody on Hacker News could tell me exactly why it is a bad idea to share your wifi password to the internet.
Not a hacker but I'm going to give a easy but not critical example. If you have access to another device in range (say, because you run a botnet) you can jump into another neighboring network. I'm sure someone on HN could give us a much more worrisome example.
Well, if you connected to my service I can probably geolocate you. Or I can use a SSID=>lat/lon database to find where your wifi is assuming you have a unique name for your Wi-Fi network. Then I can go there and connect a laptop it and do nefarious stuff from there, and attribute it to you. Threaten the president, torrent Linux ISOs, etc.
If you're actually concerned about your data, find an offline QR generator. Encoding a WiFi network is just adding some extra plaintext to a normal QR code.
The irony it’s your infinitely better protected using a webpage in Incognito with network disconnected, than downloading an offline generator and running the binary on your computer.
Depends a lot on context. Generally I agree, but for this particular use case, I use QR Scanner from SECUSO. It's available on F-Droid, and I think it's a very good tool for the offline generation use-case. Android-only though, of course.
one time i couldn't find _any_ other way, so I saved the page source to desktop, gave the javascript a once-over, disabled networking, opened the chrome inspector network tab, opened the saved copy of the page, did my thing, didnt see any network activity, closed the browser, then re-enabled networking
If you really want to overengineer things, take a look at https://kmanc.github.io/be_my_guest/! I only put in the effort to make this work for my own networking gear, but it could be pretty easily extended to work on other hardware :)
It’s also a feature in the AT&T Smart Home app. The printing from iOS is not ideal so I have an 8" square QR code taped to the wall for people who want to join my guest network.
Android gives you a QR code to share the network. Realistically you could just screenshot that, crop and print it out. Not have to rely on a third party QR service you aren't sure about.
Beware of "online QR code services", all of them insert some spam redirectons in the QR code.
After trying a dozen founds from Google, I finally found a decent one from a german university.
I made this one so I'm pretty sure it doesn't do that — but you just got me thinking of all the QR codes on tombstones and inked into people's skin that probably redirect to a pay day loan website or something.
The trick is to use whatever that is built into the system you are using. On iOS I use the Shortcuts app to create an action to generate QR codes. On desktop I just use Chrome's built-in QR code generator right from the address bar.
Assuming you already trust your OS and your browser, this means you do not need to trust any additional party for this simple task.
My Frtzbox router will generate QR codes so I can just pint those. You could also save the QR code from Android device as an image and them print it. The same from a KDE desktop with the additional step of a screenshot of the active Window.
I reused a small CD jewel case to store the guest network WiFi QR code on the coffee table, and I also included a NFC tag with the same info that you can tap under the QR code, with a small NFC symbol carved out in the middle of the QR code (thanks to the error correction mecanism) to indicate the possibility.
Printing? In this day and age? Probably time for a weekend project with e-ink display which displays current guest wi-fi password. Or a simple LED matrix would be cheaper to build? As a bonus password is rotated on a daily basis.
This is awesome, I've always been to lazy to set this up and regret it every time someone is over and I have to tell them my wifi password is tacokissies456
Is NFC ubiquitous now? Every phone has it? I used to use it for stuff when I used android like changing the phones mode when I got in my car before I could do it when connected to my cars bluetooth etc but I thought most phones didn't have it or were removing it a few years ago. I'm iphone 13 pro now no idea.
It's pretty ubiquitous ever since GooglePay/ApplePay took off and gave most people a reason to want it, at least in markets where those systems operate. I have noticed that grey-market imports of Android phones are sometimes missing NFC support when the domestic version has it though, so it does depend on where you are.
I don't have many friends, so it hasn't been a problem so far. I did write the information on the tag as well to avoid me having to dig it out for people without nfc.
What a delightful site! I really enjoy the writing style, and it does have a few nice tips.
Kinda reminds me of that "list of things you didn't know you could do" (or something like that) that was shared here a while ago.
> Of course not! You shouldn't trust anything on the internet ever — but if it > makes you feel better, I promise none of the information you enter on this page > is saved anywhere.
I saw a theory on Reddit that you could safely use a tool like this by disconnecting from your internet before entering the information, then reconnecting after saving the QR code and having deleted it (thereby theoretically preventing your information from ever being sent to the website).
That sounds plausible, and the tool does seem to work while offline, but I don't have the expertise to confidently state that this would 100% protect you. Anyone want to chime in with how hard this would make it for them to harvest your data (if they wanted to, which I'm inclined to believe they don't, but just in terms of best practices)?