Luzifer
commented
1 year ago That's correct. The QRCode needs to be generated before it can be viewed. That's why the Tor browser detects canvas use. Generating the code on click doesn't work - at least not the way it's currently displayed.
When used in an environment where browsers are common with enabled fingerprint detection / canvas disabled I'd recommend disabling QR support.
Tor browser warns about possible canvas-based fingerprinting shortly after encrypting a secret. I think the QR code is being rendered in the background even if you don't click the button. (I haven't seen it on other browsers, but I can imagine Firefox may do the same when fingerprint resist is enabled.)
Disabling QR support using the customize feature fixes it.