WiFi QR Code Generator

A WiFi QR code generator is a specialized encoding mechanism that translates wireless network credentials—specifically the network name, security type, and password—into a two-dimensional scannable barcode. By standardizing this data into a specific text string format recognized universally by modern smartphone operating systems, this technology eliminates the friction and human error associated with manually typing complex passwords. In this comprehensive guide, you will learn the precise syntax behind these codes, the history of their development, the cryptographic network standards they support, and the expert methodologies required to implement them flawlessly in any home, commercial, or enterprise environment.

What It Is and Why It Matters

A WiFi QR (Quick Response) code is a machine-readable optical label that contains the specific configuration data required for a device to join a local wireless network. At its core, it is simply a two-dimensional matrix of black and white squares (modules) that represents a highly structured text string. When a smartphone camera or dedicated scanning application captures this image, the device's operating system decodes the text string, parses the network credentials, and automatically initiates the connection handshake with the local router. This completely bypasses the traditional user interface requirement of navigating to network settings, selecting a network from a broadcast list, and manually entering a password.

The existence of this technology solves a massive usability problem inherent in modern cybersecurity. As best practices for wireless security have evolved, network passwords have transitioned from simple, easily memorized words to long, complex strings of alphanumeric characters and symbols. A standard WPA2 network password can be up to 63 characters long. Asking a guest, customer, or employee to manually type a string like "k9#vP2$mL9!qZ4*w" on a small mobile keyboard introduces significant friction and a high probability of typographical errors. This friction results in wasted time, frustration, and a poor user experience.

Furthermore, the implementation of WiFi QR codes matters deeply for operational efficiency and security hygiene. In commercial environments, such as coffee shops, hotels, or corporate offices, staff members historically wasted countless hours verbally repeating passwords or printing them on easily lost slips of paper. By displaying a QR code, businesses enable frictionless, self-service connectivity. From a security standpoint, QR codes allow administrators to utilize maximum-length, highly complex passwords without worrying about the user's ability to type them. It also allows for the seamless sharing of credentials for hidden networks (where the network name is not publicly broadcast), ensuring that only users with the physical code can even attempt to connect.

History and Origin

To understand the WiFi QR code, one must trace two separate technological lineages: the invention of the QR code itself, and the standardization of the specific data format used to encode WiFi credentials. The QR code was invented in 1994 by Masahiro Hara, an engineer working for Denso Wave, a subsidiary of the Japanese automotive components manufacturer Denso. Hara was tasked with creating a system to track vehicle parts during the manufacturing process. Traditional one-dimensional barcodes could only hold about 20 alphanumeric characters, which was vastly insufficient for Denso's needs. Inspired by the black and white pieces on a Go board, Hara developed a two-dimensional matrix capable of holding up to 7,089 numeric characters or 4,296 alphanumeric characters, incorporating physical position detection patterns (the large squares in the corners) that allowed scanners to read the code from any angle at high speed.

While Denso Wave held the patent for the QR code, they made the crucial decision not to exercise their patent rights, releasing the technology into the public domain. In 1999, the QR code was approved as a Japanese Industrial Standard (JIS X 0510), and in 2000, it became an international standard (ISO/IEC 18004). However, for the first decade of its existence, QR codes were largely confined to industrial logistics and the Japanese mobile phone market. The concept of using QR codes to trigger specific actions on a mobile device—like adding a contact (vCard) or connecting to a network—required a standardized syntax that applications could universally understand.

The specific text format used for WiFi QR codes was not developed by a massive corporate consortium, but rather emerged from the open-source community. Around 2008, the ZXing (pronounced "Zebra Crossing") project, an open-source barcode image processing library written in Java, began standardizing various QR code payload formats. The developers at ZXing established the WIFI: URI scheme. Because Android's native barcode scanner was built using the ZXing library, this format quickly became the de facto standard for Android devices. Apple, however, lagged behind. It was not until the release of iOS 11 in September 2017 that Apple integrated native QR code scanning directly into the iPhone's default camera app, officially supporting the ZXing WiFi syntax. This 2017 milestone marked the true tipping point, transforming the WiFi QR code from a niche Android feature into a universal, platform-agnostic standard utilized by billions of devices worldwide.

Key Concepts and Terminology

To master the generation and application of WiFi QR codes, you must understand the underlying networking and encoding terminology. These concepts form the vocabulary required to troubleshoot connectivity issues and optimize the scanning experience.

SSID (Service Set Identifier): This is the technical term for the name of your wireless network. It is a sequence of up to 32 bytes that uniquely identifies the network to client devices. When you open your phone's WiFi menu and see a list of available networks, you are looking at broadcasted SSIDs. In a QR code, the SSID must be encoded exactly as it appears on the router, including exact capitalization and spacing.

BSSID (Basic Service Set Identifier): While the SSID is the human-readable name of the network, the BSSID is the machine-readable MAC (Media Access Control) address of the specific wireless access point broadcasting that network. WiFi QR codes typically encode the SSID, not the BSSID, allowing the device to connect to any access point in a mesh network that shares the same network name.

Hidden Network: By default, wireless routers continuously broadcast a beacon frame containing their SSID, announcing their presence to any device within range. A hidden network is configured to stop broadcasting this beacon. To connect, a user must know both the exact SSID and the password. WiFi QR codes have a specific boolean flag (true/false) to indicate whether the network is hidden, prompting the scanning device to actively probe for the specific SSID.

QR Code Version: QR codes range from Version 1 (21x21 modules) to Version 40 (177x177 modules). The version dictates the data capacity of the code. As you add more characters to your WiFi password or SSID, the QR code generator must automatically step up to a higher version, resulting in a denser, more complex matrix of squares.

Error Correction Level (ECL): QR codes utilize Reed-Solomon error correction algorithms, allowing the code to be read even if it is partially obscured, damaged, or poorly printed. There are four levels: L (Low, restores ~7% of data), M (Medium, ~15%), Q (Quartile, ~25%), and H (High, ~30%). Higher error correction makes the code denser and requires a higher Version number, but increases reliability in physical environments.

How It Works — Step by Step

The magic of a WiFi QR code does not lie in a centralized database or an internet-connected lookup system. All the necessary information is stored locally within the physical geometry of the code itself. The process relies entirely on a standardized text string known as the MECARD-like syntax, originally popularized by the ZXing library. The format follows a strict, semi-colon-delimited structure.

The universal formula for a WiFi QR code string is: WIFI:S:<SSID>;T:<WEP|WPA|blank>;P:<PASSWORD>;H:<true|false|blank>;;

Let us break down every variable in this formula:

1. WIFI: - This is the scheme identifier. It tells the operating system, "The following data is a wireless network configuration."
2. S:<SSID>; - The S: denotes the network name. If your network is named "Cafe_Guest", this section reads S:Cafe_Guest;.
3. T:<Encryption>; - The T: denotes the authentication type. The accepted values are WPA (which covers WPA, WPA2, and WPA3), WEP, or nopass (for open networks).
4. P:<PASSWORD>; - The P: denotes the network password. If your password is "Coffee123!", this section reads P:Coffee123!;.
5. H:<Hidden>; - The H: denotes whether the network is hidden. It accepts true or false. If omitted, the default is false.
6. ;; - The string must terminate with two semicolons to indicate the end of the data payload.

Full Worked Example: Imagine you are configuring a network for a small business.

• Network Name (SSID): Office-5G
• Security Type: WPA2
• Password: SuperSecretPassword2024
• Hidden Network: No

Step 1: Construct the string. Following the formula, we combine the elements: WIFI:S:Office-5G;T:WPA;P:SuperSecretPassword2024;H:false;;

Step 2: Handle special characters (Escaping). If your SSID or password contains a colon (:), a semicolon (;), a comma (,), or a backslash (\), these characters will break the syntax because the scanner uses them as delimiters. To fix this, you must "escape" them by placing a backslash (\) immediately before the character. For example, if the password was Pass;word:1, the string would become P:Pass\;word\:1;. In our current example, no escaping is needed.

Step 3: Encode into Bits. The generator software takes this 58-character text string and converts it into a binary data stream using Alphanumeric or Byte encoding modes.

Step 4: Apply Error Correction. The generator applies Reed-Solomon error correction. If we select Level M (15%), the software mathematically generates additional recovery bytes and appends them to the data stream.

Step 5: Matrix Generation. The binary data is mapped into a 2D grid. The generator places the three large square finder patterns in the corners, alignment patterns, timing patterns, and finally fills the remaining modules with the data and error correction bits. The resulting image is ready to be scanned by any smartphone.

Types, Variations, and Network Security Methods

When generating a WiFi QR code, the T: (Type) parameter is critical. It dictates the cryptographic handshake the device will attempt to perform with the router. Understanding the variations in network security is essential for creating functional codes.

WPA / WPA2 / WPA3 (Wi-Fi Protected Access): This is the modern standard for wireless security and the most common variation you will use. WPA2, introduced in 2004, utilizes the Advanced Encryption Standard (AES) and the Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP). WPA3, introduced in 2018, upgrades this with Simultaneous Authentication of Equals (SAE), which protects against offline dictionary attacks. Fortunately for QR code generation, the ZXing standard groups all of these under the single T:WPA; tag. The smartphone and the router will automatically negotiate the highest mutually supported protocol (WPA2 or WPA3) during the connection phase.

WEP (Wired Equivalent Privacy): Introduced in 1997, WEP is the original wireless security standard. It utilizes the RC4 stream cipher. However, WEP was found to have severe cryptographic flaws; a standard WEP key can be cracked by a novice using freely available software in less than three minutes. While the QR code standard still supports the T:WEP; tag for legacy compatibility, WEP is considered entirely obsolete and highly insecure. It should never be used in modern deployments.

Open Networks (No Password): Many public venues, such as airports or municipal parks, offer open WiFi networks that do not require a password to establish the initial radio connection. For these networks, the syntax changes slightly. The Type is set to blank or nopass, and the Password field is omitted entirely. The resulting string looks like this: WIFI:S:Public_Transit_WiFi;T:nopass;;. Scanning this code bypasses the password prompt and instantly joins the open network.

Hidden SSIDs: As mentioned previously, some network administrators choose to disable SSID broadcasting as a rudimentary form of security (though it is easily bypassed by packet sniffing). When generating a code for a hidden network, the H:true; flag is mandatory. If you omit this flag, a smartphone scanning the code will passively listen for the network's beacon. Because the beacon is disabled, the phone will assume the network is out of range and fail to connect, even though the credentials are correct.

Real-World Examples and Applications

To fully grasp the utility of WiFi QR codes, we must examine concrete scenarios where they provide measurable value in time savings and user experience.

Scenario 1: The High-Volume Coffee Shop Consider an independent coffee shop in a busy downtown area. The shop serves 400 customers per day, and approximately 25% (100 customers) ask for the WiFi password. The password is a secure 16-character string: C0ff33_B3@n_2024. Historically, the barista had to verbally repeat this password, often dealing with confusion over capitalization or special characters. If each WiFi interaction takes an average of 45 seconds, the staff spends 75 minutes per day simply relaying a password. By printing a 10cm x 10cm WiFi QR code and placing it on a small acrylic stand at the register and on every table, the shop reduces the interaction time to zero. Customers self-serve in 3 seconds. Over a year, this saves the business over 450 hours of labor, allowing baristas to focus entirely on order fulfillment and customer service.

Scenario 2: The Enterprise Guest Network A mid-sized corporate office with 500 employees frequently hosts vendors, clients, and interviewees. Corporate security policy dictates that the guest WiFi password must be 20 characters long, completely randomized, and rotated every Monday morning at 2:00 AM. Manually updating printed signs or emailing the new password to the receptionist every week is prone to human error. Instead, the IT department automates the process. A script generates the new password, updates the Cisco Meraki access points, and simultaneously generates a new WiFi QR code. This code is automatically pushed to e-ink displays located in the lobby and conference rooms. Guests scan the e-ink display to connect securely, ensuring the company maintains strict security compliance without creating a bottleneck at the reception desk.

Scenario 3: Smart Home and IoT Provisioning A consumer purchases a new smart thermostat. These "headless" devices (devices without a screen or keyboard) are notoriously difficult to connect to home WiFi. The user typically has to connect their phone to a temporary network broadcast by the thermostat, open an app, type in their home WiFi password, and wait for the device to reboot. Modern IoT manufacturers streamline this using Wi-Fi Easy Connect (DPP), a protocol that utilizes QR codes. The user generates a WiFi QR code on their smartphone representing their home network credentials. They then hold the smart thermostat's built-in camera up to the phone's screen. The thermostat scans the code, parses the credentials, and joins the home network instantly, reducing a frustrating 5-minute setup process to a 10-second interaction.

Common Mistakes and Misconceptions

Despite the relative simplicity of the technology, both users and administrators frequently make errors when generating and deploying WiFi QR codes. Understanding these pitfalls is crucial for ensuring universal compatibility.

Misconception 1: "The QR Code connects to the internet to verify the password." This is a fundamental misunderstanding of the technology. A WiFi QR code is entirely offline; it is simply a visual representation of text. When a phone scans the code, it reads the text and blindly attempts to connect to the router using the provided credentials. If you generate a QR code with a typo in the password (e.g., P:Password124 instead of P:Password123), the QR code will still generate perfectly. However, when the user scans it, their phone will attempt the handshake with the router, fail the authentication, and display an "Incorrect Password" error. The generator cannot validate your credentials.

Mistake 2: Failing to Escape Special Characters As detailed in the syntax section, the semicolon (;), colon (:), comma (,), and backslash (\) are reserved characters in the MECARD format. A common mistake occurs when a network password naturally contains one of these characters. If a user's password is Hello:World;, and they fail to escape it, the generated string is WIFI:S:MyNet;T:WPA;P:Hello:World;;;. The scanning device will read P:Hello and assume the password has ended, treating :World;; as malformed junk data. The connection will fail. A proper generator must automatically parse the input and add backslashes: P:Hello\:World\;.

Mistake 3: Inverting Colors or Lacking Contrast Graphic designers often try to make QR codes aesthetically pleasing by changing the colors to match brand guidelines. While QR codes do not have to be black and white, they rely heavily on high contrast between the dark modules and the light background. A critical mistake is "inverting" the code—making the background dark and the data modules light. While some modern smartphone cameras can process inverted codes, many older devices and dedicated barcode scanners cannot. The dark modules must always be significantly darker than the background, and a "quiet zone" (a blank margin equivalent to at least four modules in width) must be maintained around the perimeter of the code.

Mistake 4: Generating Dynamic Codes for WiFi There are two types of QR codes: Static and Dynamic. A static code encodes the actual data directly into the matrix. A dynamic code encodes a short URL (e.g., https://qr.co/12345), which redirects the user to the actual data hosted on a server. WiFi QR codes must be static. If you use a dynamic QR code generator for WiFi, the user's phone will scan the code, recognize it as a web link, and open a web browser instead of the native WiFi connection protocol. Furthermore, dynamic codes often require a paid subscription to keep the redirect link active.

Best Practices and Expert Strategies

To ensure your WiFi QR codes scan instantly and reliably across 100% of devices, professionals adhere to a strict set of best practices regarding physical design, placement, and encoding.

Optimal Error Correction Selection: While it might seem logical to always choose the highest Error Correction Level (Level H - 30%), this is a flawed strategy. Level H drastically increases the density of the code, making the individual squares much smaller. If the code is printed at a small size, older smartphone cameras with lower megapixel counts or poor autofocus will struggle to resolve the tiny modules. For WiFi QR codes, which are typically printed on clean surfaces and not subjected to heavy physical damage, Level M (15%) or Level Q (25%) is the optimal balance. It provides enough redundancy to survive a minor scratch or smudge while keeping the matrix simple and easy for low-end cameras to decode rapidly.

The Sizing Formula: A QR code is useless if it is too small to be scanned from a comfortable distance. Experts use a standard formula to determine the minimum printed size of a QR code: Minimum Code Size = Scanning Distance / 10. If you place a WiFi QR code on a wall, and you expect users to scan it from 1 meter (100 cm) away, the code must be at least 10 cm x 10 cm. If you print it on a small table tent where the scanning distance is 20 cm, the code can be 2 cm x 2 cm. Never print a QR code smaller than 2 cm x 2 cm, regardless of the scanning distance, as the camera lens may not be able to focus at such close range.

Contextual Labeling: A QR code floating in isolation is confusing. Users do not inherently know if scanning it will open a menu, download an app, or connect to WiFi. Always frame the QR code with clear, actionable text. An optimal layout includes a header reading "Scan to Connect to WiFi," the actual QR code in the center, and the plain-text SSID and Password printed clearly beneath it. Providing the plain-text credentials serves as a critical fallback mechanism; if a user's camera is broken or their device has a software glitch that prevents scanning, they can still connect manually without needing to ask for help.

Pre-Deployment Testing: Never deploy a WiFi QR code without testing it across multiple operating systems. A professional administrator will test the generated code using an up-to-date Apple iPhone (iOS), a modern Samsung Galaxy or Google Pixel (Android), and at least one older device (e.g., an iPhone 8 or a budget Android phone). This ensures that the syntax is universally recognized and that the physical density of the code is scannable by inferior camera hardware.

Edge Cases, Limitations, and Pitfalls

While WiFi QR codes are incredibly versatile, they are not a panacea for all network onboarding scenarios. There are specific edge cases where the technology breaks down or fails to deliver the expected frictionless experience.

The Captive Portal Problem: The most significant limitation of WiFi QR codes is their inability to bypass captive portals. A captive portal is a web page that the user of a public access network is obliged to view and interact with before access is granted. You frequently encounter these in hotels, airports, and coffee shops (e.g., a page requiring you to check a box accepting the Terms of Service or enter an email address). If a network utilizes a captive portal, the QR code will only complete step one: establishing the local radio connection to the router. Once connected, the user's phone will still intercept their internet traffic and pop up the captive portal login screen. The QR code cannot automatically check the "I Agree" box or fill in an email address. Administrators must clearly communicate this to users, otherwise, users will scan the code, see the WiFi icon appear, but remain confused as to why they cannot access the internet.

Enterprise WPA2/WPA3-Enterprise (802.1X): The standard WiFi QR code syntax is designed for WPA-Personal (PSK - Pre-Shared Key), where every user shares the exact same password. It does not natively support WPA-Enterprise (802.1X), which is commonly used in large corporate environments or universities (like the eduroam network). In a WPA-Enterprise setup, users authenticate using their own unique username and password via a RADIUS server. Because the QR code format only has a single P: field for a shared password, it cannot pass both a username and a password. Therefore, standard WiFi QR codes cannot be used to onboard users to 802.1X networks. (Note: The Wi-Fi Alliance's newer DPP standard addresses this, but standard ZXing QR codes do not).

Exceeding Data Capacity Limits: While rare, it is possible to exceed the practical data limits of a QR code if the SSID and password are absurdly long. The absolute maximum length for an SSID is 32 characters, and the maximum length for a WPA2 password is 63 characters. If you maximize both, along with the syntax overhead, your text string will be roughly 110 characters. While a QR code can easily hold 110 characters, doing so pushes the code to a higher Version (e.g., Version 6 or 7). If printed too small, this dense matrix becomes unscannable. Network administrators should aim for passwords between 16 and 24 characters to maintain a lower QR code density and faster scanning speeds.

Industry Standards and Benchmarks

The generation and utilization of WiFi QR codes are governed by a combination of formal international standards and widely accepted industry benchmarks. Adhering to these ensures interoperability across the global hardware and software ecosystem.

ISO/IEC 18004:2015: This is the foundational international standard that defines the precise requirements for the symbology of the QR code itself. It dictates the exact dimensions of the finder patterns, the mathematical algorithms used for Reed-Solomon error correction, and the decoding procedures. Any legitimate WiFi QR code generator must output images that strictly comply with ISO/IEC 18004:2015. If a generator produces non-compliant matrices, the resulting codes may scan on some devices but fail completely on others.

Wi-Fi Alliance (WFA) Device Provisioning Protocol (DPP): While the ZXing WIFI: text string is the universal standard for consumer smartphones, the Wi-Fi Alliance recognized the need for a more robust, cryptographically secure onboarding method, particularly for IoT devices. They introduced the Device Provisioning Protocol (DPP), marketed to consumers as "Wi-Fi Easy Connect." DPP also uses QR codes, but the data payload is entirely different from the traditional ZXing format. Instead of exposing the plain-text password in the QR code, a DPP QR code contains a public bootstrap key and a MAC address. When scanned, the devices use this public key to establish a secure, encrypted out-of-band connection to negotiate the network credentials. This means that even if a malicious actor intercepts the DPP QR code, they cannot extract the actual network password. While DPP is the gold standard for IoT, standard ZXing QR codes remain the benchmark for human-to-smartphone network sharing due to native OS support.

Comparisons with Alternatives

WiFi QR codes are not the only method for simplifying network onboarding. Evaluating them against alternative technologies provides a clearer picture of their specific advantages and trade-offs.

WiFi QR Codes vs. WPS (Wi-Fi Protected Setup): WPS was introduced in 2006 to solve the exact same problem as QR codes: making it easier to connect devices to secure networks. WPS typically involves pressing a physical button on the router and a corresponding button on the device, or entering an 8-digit PIN. Comparison: QR codes are vastly superior to WPS. The WPS PIN method was discovered to have a massive vulnerability in 2011 (a brute-force attack could crack the PIN in hours, exposing the WPA2 password). Consequently, security professionals universally recommend disabling WPS entirely. Furthermore, WPS requires physical access to the router, which is impractical in a coffee shop or office. QR codes require no physical router access and present no cryptographic vulnerabilities to the router itself.

WiFi QR Codes vs. NFC (Near Field Communication) Tags: An NFC tag is a tiny, unpowered microchip attached to an antenna. When a smartphone is tapped against the tag, it powers the chip via electromagnetic induction and reads the stored data. NFC tags can be programmed with the exact same WiFi credentials as a QR code. Comparison: NFC provides a slightly more "magical" user experience, as the user simply taps their phone to a coaster or wall plaque without needing to open their camera app. However, NFC tags cost money (roughly $0.20 to $1.00 per tag), whereas QR codes are completely free to generate and print. Additionally, while almost all modern phones support NFC, QR codes have a slightly higher universal compatibility rate, especially among budget devices. QR codes can also be displayed digitally on screens, whereas NFC requires physical hardware.

WiFi QR Codes vs. Bluetooth LE (Low Energy) Provisioning: Many modern smart home devices (like Amazon Echo or Google Nest) use Bluetooth LE for initial setup. The device broadcasts a Bluetooth signal, the user's phone connects to it, and the app transmits the WiFi credentials over the Bluetooth connection. Comparison: Bluetooth provisioning allows for a completely wireless setup without requiring the user to physically align a camera with a code. However, it requires the user to download a proprietary app to facilitate the Bluetooth handshake. WiFi QR codes require absolutely no third-party apps, as the functionality is built directly into the iOS and Android camera operating systems.

Frequently Asked Questions

Can anyone who scans the QR code see my actual WiFi password? Yes. The standard WiFi QR code format (ZXing) encodes your password in plain text within the matrix. If a user scans the code with a generic barcode reader app instead of their native camera, the app will display the raw text string, including P:YourPassword;. Therefore, you should only provide WiFi QR codes to individuals you trust with the actual network password. It does not hide or encrypt the credential from the scanner.

Do WiFi QR codes expire? No, a static WiFi QR code never expires. Because the QR code is simply a visual representation of text, it will continue to work indefinitely as long as the physical image is intact and readable. The only way to "deactivate" a WiFi QR code is to log into your router's administrative settings and change the network password or the network name (SSID). Once you change the credentials on the router, the old QR code will still scan, but the connection will fail.

Can I generate a WiFi QR code for a 5GHz or 6GHz network? Yes. The frequency band (2.4GHz, 5GHz, or 6GHz/WiFi 6E) is entirely irrelevant to the QR code. The QR code only contains the network name (SSID) and the password. As long as the scanning device's internal hardware supports the 5GHz or 6GHz band being broadcast by your router, it will connect successfully. If the device only has a 2.4GHz antenna, it will fail to connect to a 5GHz-only network, regardless of the QR code.

Why does my iPhone scan the code, but my Android device fails (or vice versa)? This almost always points to a syntax error in the generation process, specifically regarding the escaping of special characters. Historically, iOS and Android parsed the ZXing string slightly differently. If your password contains a semicolon or colon and the generator did not add a backslash (\) to escape it, one operating system might attempt to auto-correct the error while the other strictly rejects it. Always ensure you are using a generator that strictly adheres to the MECARD escaping rules.

Is it safe to use free online WiFi QR code generators? Generally, yes, but with a caveat. Because the generation happens mathematically, a reputable web-based generator can perform the encoding entirely locally within your browser using JavaScript. This means your SSID and password never leave your computer and are not transmitted to a remote server. However, malicious websites could potentially log the keystrokes entered into their forms to harvest network credentials. For maximum security, particularly in enterprise environments, use generators that explicitly state they process data client-side, or use an offline command-line tool to generate the matrix.