

That square QR barcode on the poster? Check it's not a sticker - tankenmate
http://www.theregister.co.uk/2012/12/10/qr_code_sticker_scam/

======
VBprogrammer
Does anyone have metrics on how many people actually scan QR codes? I'd count
my self as pretty technical and except for a few attempts years ago for
novelty value I've never scanned one. I can't imagine non-technical people
even knowing what these are but their recent proliferation makes me wonder if
maybe I'm wrong.

~~~
erock
I did an experiment in my town, placing my own qr codes over everything i
could find. running for a month, with putting 80 or so qr codes through out
town.

the number of scans i got was around 10. no one scans QR codes

I have been thinking about printing up my own posters, like "Scan the code
below to donate to Toys for Tots", but i still don't think I'd get many scans.
here's an article [http://www.veracode.com/blog/2012/06/dangers-of-scanning-
qr-...](http://www.veracode.com/blog/2012/06/dangers-of-scanning-qr-codes-
interview-with-eric-mikulas/)

~~~
leephillips
If you got 10 scans after distributing 80 stickers I would not conclude that
"no one scans QR codes". This is, instead, an impressive proportion of
responses, unless I misunderstand.

~~~
erock
To be fair, I'm more disappointed, that i didn't track each scan a little
further, and I'm also disappointed no one flamed me when their scan took them
to a web page telling them they shouldn't go around just scanning random
things.

------
nwh
I actually did do this once to a particular area of advertising. I took the
time to make unique codes for each one replaced, and routed the requests past
my own server to record each hit. The idea was simply to find out how much
they get used, as a lot of clients seem to insist on having them as the only
call to action on their advertising.

In the end there were about 20 proxied URL on an extremely high traffic
footpath.Either people noticed the edges of the sticker (unlikely), or
absolutely nobody in my area wanted to scan any of those suckers.

------
franze
well, it seems a very un-economic strategy, because

you need to invest in

    
    
      a) physical items (paper, glue)
      b) human workforce
      c) transportation (you need to get around town)
    

and also

    
    
      I) nobody uses QR codes
    
      see http://www.google.com/trends/explore#q=qr%20code%2C%20qr%2C%20&cmpt=q and
      http://www.google.com/trends/explore#q=qr%20code%2C%20qr%2C%20mail&cmpt=q
    

i run a quite popular create and read QR code website <http://miniqr.com>, and
well let's say i won't get rich (for this sideproject)

mail spam works because it's cheap to distribute, physical QR-codes - not so
much.

~~~
Cogito
_nobody uses QR codes_

<http://picturesofpeoplescanningqrcodes.tumblr.com/>

(this has been posted on other QR code threads before, but is always relevant)

~~~
apathetic
it's empty. Did they mean it to be this way?

~~~
ceejayoz
thatsthejoke.jpg

------
ohwp
Another thing is that most apps show the Unicode URL:

    
    
      * User confirms he likes to open the url https://www.gооgle.cоm ('о' != 'o')
      * https://www.xn--ggle-55da.xn--cm-fmc/ is opened

~~~
andrewaylett
Did you check xn--ggle-55da.com? Google's already registered it :). Some TLDs
have restrictions on which IDNs can be registered, specifically to avoid this
kind of spoofing...

~~~
tankenmate
And in fact all new gTLDs will be required to have a policy to limit this kind
of thing.

------
daeken
It'd be really interesting to scan codes in the wild, print replacements that
forward it through a tracking service, and replace the originals. Information
on when and where people scan QR codes across different markets (e.g. which
products are most scanned) could be quite valuable.

~~~
franze
i.e.: <https://news.ycombinator.com/item?id=4898851>

~~~
daeken
Completely missed that -- thanks!

------
vyrotek
Google Glasses (and the competitors) might make QR codes very popular soon.
Your camera will always be on and picking up any codes it happens to cross.
This obviously eliminates the first friction point which is taking out your
phone and pulling up your QR app.

But, the more I think about this the more I'm afraid for this. They could
essentially act as real world cookies. They could track everything you've
glanced at and be used to bombard you with ads or other things. I'm sure there
will be resistance and then QR scanning features might be turned off by
default. Then we're back to no one scanning QR codes.

------
jeffehobbs
Spam is a best case scenario -- unexpected porn would be a more eye-searing
experience. I remember this trick from the good ol' days of Slashdot.

~~~
meaty
Yes in London we've had Goatse QR codes deployed, much to the amusement of the
deployer I imagine :)

------
ortusdux
I wonder if there is a possible system where google goggles could replace QR
codes, like a physical adwords. The advertiser submits their ad, google slaps
a 'official google ad' watermark in the corner for orientation, and pairs the
image with the desired url. QR codes already assume that the user has internet
access. Users are much more friendly to the idea of holding their phones up to
a billboard because it asked them to. Hijackers would need to run a card
through goggle payment processing to get a dirty url to work in the system.
And what does the advertiser get out of the whole thing? Analytics.

------
nicholassmith
I was chatting to a friend recently about how if QR Codes had taken off a bit
more than they have (in terms of general population penetration, so your 50
year old parents would know what they are), that they'd become a pretty decent
way to use for miscellaneous hijinks/spamming/attack vectors. Especially when
that Samsung Android bug was discovered that could trigger the reset code,
that in the wild would have been something crazy.

------
edent
I wrote about this a year ago <http://shkspr.mobi/blog/2011/12/how-to-prevent-
qr-hijacking/>

It's already happening - on a small scale. QR codes are really popular in the
UK, but I've only seen this sort of "sticker attack" once.

~~~
anu_gupta
> QR codes are really popular in the UK,

I don't think that's accurate, at least for values of "really popular" that I
understand.

------
snippyhollow
That's funny, because I made such stickers that I put in Paris subway on top
of ads:
[http://emotion.inrialpes.fr/people/synnaeve/index_files/qr_w...](http://emotion.inrialpes.fr/people/synnaeve/index_files/qr_wiki_rdm_en.png)
that redirect to a random Wikipedia page...

------
Aardwolf
I have the solution!

Rather than putting a QR code on the poster, put the actual URL there, so it's
obvious when it's a spam URL.

And then let phones use OCR to visit the URL!

Then both the human and their phone can read it.

~~~
indiecore
QR has error correction and stuff built in, OCR does not.

------
froo
Guerilla Marketing possibility by hijacking other people's ads?

~~~
jiggy2011
Maybe, but a company doing this could probably look forward to some strongly
worded letters from the lawyers of the company who bought the poster space.

------
jfb
How about not scanning robot barf in the first place?

------
indiecore
Good argument for customizing your QR code a little bit. Likely anyone who's
going to do this will just print off a big pile of black and white perfect
squares. If you design your media so that looks weird to people that's a
single passive thing that will help protect your customers.

