Green Pass Covid-19: cosa c’è nel QRCode e come proteggere la privacy

Il QRCode nel Green Pass della certificazione per il Covid-19 contiene tutti i dati sensibili dell’utente: come leggerlo e perché è meglio non condividerlo via chat o social


Veronica Nicosia Giornalista scientifico

Laureata in astrofisica, giornalista scientifico e content editor SEO, scrive di tecnologia per magazine online e carta stampata. Nel 2020 approda a Libero Tecnologia

A distanza da pochi mesi dal rilascio delle linee guida per la certificazione vaccinale del Covid-19, il Green Pass italiano ha finalmente preso forma. Immunized users will be able to start again to travel in Italy and Europe, go to public events and be able to move between regions even if classified as red or orange zone.

A pass that allows immunized Italians to return to breathe and can finally have more freedom. There are 3 ways to get the Green Pass: being vaccinated, being cured of Covid-19 for less than 6 months, or having performed a rapid or molecular test in the 48 hours prior to release. All of this immunization information, the user's biographical data, and the places where they have had a vaccine or test are sensitive data that are contained in a QRCode. A matrix code that if framed with a camera will reveal thanks to dedicated apps a link in which to access all the information. Even if encrypted, there is a way to decode them that malicious people could use and, for this reason, the advice is to keep your code away from prying eyes to protect your privacy: better not to share it via chat, let alone on social networks.

Green Pass: what the QRCode contains

The green certificate of Covid-19 made by the Italian Ministry of Health has implemented all the guidelines established by the European Union. The Green Pass contains all the sensitive data of the user, certifies the type of immunization, encloses all the data in a QRCode that respects privacy and is equipped with a digital signature, which guarantees the validity of the information contained therein.

The ways to obtain the certification are three, and all must clearly attest that the user is immunized against the virus. Tra le informazioni presenti nel QRCode troviamo: cognome e nome, data di nascita, malattia o agente bersaglio (Covid-19), soggetto che ha rilasciato la certificazione (Ministero della salute), identificativo univoco del Green Pass. Poi a seconda del tipo di immunizzazione, saranno certificati dati diversi:

  • Utente vaccinato: tipo di vaccino somministrato, nome del vaccino, produttore, numero di dosi effettuate e numero totale di dosi previste, data dell’ultima somministrazione e Stato in cui è Stato eseguita la vaccinazione
  • Utente guarito dal Covid-19: data del primo test molecolare positivo, Stato che ha effettuato il test, data di inizio e di fine validità del Green Pass
  • Utente con test negativo: tipo di test eseguito (rapido o molecolare), nome del test, produttore, data e ora del prelievo del campione, risultato, centro o struttura in cui è eseguito, Stato in cui è stato effettuato.

Green Pass: how to read the QRCode

Generally, reading a QRCode is very easy. These matrix codes are designed to be easily deciphered by dedicated apps: just frame the camera and you'll get a link that redirects to a web page with the desired information.

In the case of the QRCode for the Green Pass of Covid-19, the situation is different. Containing sensitive information, the code has been encrypted, but those in possession of decryption keys, which are available online, and opensource QRCode reading programs with some PC experience could easily decrypt it.

Green Pass: the alarm of the Guarantor of Privacy

In recent days, perhaps because of the happiness of being able to return to travel and move between red and orange zones, several users have begun to share the QRCode of their Green Pass on social networks or via chat with their contacts. To raise the alarm is the Privacy Guarantor, who recalled how using the sensitive information contained therein any malicious person could use the data to commit fraud, identity theft or even commercial profiling.

For this reason, after downloading the Green Pass on your smartphone through the app Immuni and the app IO, or having downloaded it on your computer and saved as a photo in your phone, you should be very careful not to share it. The selfie with your QRCode celebrates your newfound freedom, but it could lead to unpleasantness and expose unwitting users to cyber criminals.