QR Codes for passwords

[Joeviocoe]

I know, I know. This idea isn't new and has been rejected with prejudice over the past few years each time it is brought up.
Mainly from #675 #10540 #11116 #10942 and others.

The main justification for denial is:

Many QR scanning apps maintain a history which over time accumulates your passwords on your device. iOS may be different, but Android still has no proper built-in QR code scanner, unless you count Google lens as one, which probably sends the entire QR code into the cloud.

The main rebuttal is this:

Because there are some Smartphone Apps with hidden history features, you deny to implement that feature at all? And ignoring the fact that there are many others with "disable history" options build in?

Please think about this: Isn't it the same if users are allowed to copy passwords from KeePassXC to the clipboard?
From my point of view it's exactly the same. KeepassXC cannot guarantee that the user has installed another clipboard managing software, which creates a history.

I can predict the counter argument for comparing against some clipboard managers is that there is a way to exclude text sent from KeepassXC from the history of some clipboard managers running on the same system. And thus, it's easier to prevent.
But this is no guarantee as there are some clipboard managers which do not respect special flags sent to the clipboard manager.

I want to reopen an honest discussion about QR Codes for password data. I do not think it is in the spirit of Keepass and other FOSS programs to be such a Big Brother trying to "protect users" from a situation they can only assume might be occurring. This ASSUMPTION is that people are using smartphones with QR code readers with the history enabled, and never clear it, disable it, or use other QR code readers.

I can only speak for myself... but I'd like to think that anyone who installs a bit of Open-Source software like KeepassXC, probably also is savvy enough to handle installing a privacy focused QR code reader on their smartphone, or at least knows how to modify a setting.

I simply cannot agree with the prejudicial refusal to see that the benefits outweigh the risks here. It does sound like developers may be stuck in a mindset of, "I wouldn't use it, therefore nobody should". But I shouldn't assume their mindset either.

IMHO, users should be given a choice. The developers CANNOT KNOW what apps exists on our other devices or our technical knowledge. It is not enough if SOME qr code readers may unknowingly keep a history. If they are really that concerned for the safety of ignorant users, they can put a big bold header on top of the QR Code box with a disclaimer, "Ensure your QR Code reader is not keeping a history!"