Have you wondered why it's so hard to scan those Service NSW / VIC COVID check-in QR codes, or watched in frustration while someone else tries to scan one?

It turns out... they are in fact, really hard to scan.

And they didn't have to be... 🧵
(I'm surely not the first to notice this, but I haven't seen anyone else mention it)

QR codes have a neat feature where they change size based on how much information is encoded in them. The trade-off is that the QR code becomes more detailed, and therefore harder to scan.
QR codes also have redundancy, which means that you can correct for errors at the expense of making the QR code more detailed (this is why when people whack their logo in the middle of a QR code, it still scans). NSW use "high" redundancy.
So a QR code with less information will be easier to scan because for the same printed size, the dots are larger and easier for the camera to detect.

The checkin codes are actually URLs, which either load in your phone's browser, or the app it decodes them directly.
So let's look at a reenactment of a Service NSW one, which is the base URL ( https://www.service.nsw.gov.au/campaign/service-nsw-mobile-app?data=) plus ~220 bytes of "data".
This "data" is a JSON blob. {"t":"covid19_business","bid":"ABCDEF","bname":"...","baddress":"Addr, Road, Suburb, NSW AUSTRALIA"}.

That's the full name and address of the location.
The only actually relevant piece of information here is the six-digit "business id". You'll notice that some locations allow you to enter this ID directly into the app (e.g. on busses). The base URL is also longer than it needs to be.
So every part of this could be optimised. The final result could have been the 28 byte URL: https://qr.nsw.gov.au/ABCDEF . Even at "high" redundancy, this becomes:
It's crazy what a difference this makes!! For the same printed size, I can just wave my phone roughly in the direction of the second code, whereas the original one takes quite a lot of effort.
The example I've seen from Victoria is even worse. The payload is a 500 (!!!) byte JWT (at "medium" redundancy). They also support a six-digit PIN though, so could have done the same thing.
My understanding is that ACT, QLD, and TAS do something more efficient, but I haven't seen an example. Would be interested to hear!

(End 🧵)
OH! One more very important thing.

This system is really important and keeps us safe!! Don't forget to check in. It really works, and helps the state contact tracers immensely. Persist with the QR code, or enter the pin manually if you have to.
THAT SAID. Centralised check-in (like every state in Australia is using) is a massive privacy overreach. We should have gone with decentralised check-in like in the UK and NZ, where your location data **doesn't leave your phone.**
You can follow @jim_mussared.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.