
Why does that QR Code go to justinsomnia.org? - jacobr
http://justinsomnia.org/2011/03/why-does-that-qr-code-take-me-to-justinsomnia-org
======
gerggerg
QR codes are a massive phishing scam waiting to happen. I'll just go cover up
the one at my bank with a sticker of the same exact size that links to my own
site that looks exactly like the bank's site. Or maybe I'll put one on the ATM
and see how long I get traffic before someone takes it down.

~~~
nostromo
I also think QR codes could eventually be used by "shock site" trolls as in
the bad ol' days on Slashdot. It's perfect because there's no way to inspect
the URL before visiting the website. I've scanned a few QR codes on street
lamps (for music events, etc.) and this is always in the back of my head.

Here's a much more fun example of a QR code prank: [http://fbcdn-
sphotos-a.akamaihd.net/hphotos-ak-ash4/302963_1...](http://fbcdn-
sphotos-a.akamaihd.net/hphotos-ak-
ash4/302963_10100624084077408_10715714_59172015_1090246928_n.jpg) (totally SFW
of course)

~~~
bri3d
I do agree that QR codes can be used for trolling, but there's _absolutely_ no
reason you can't inspect the URL before visiting a link from a QR code - all
that's stored in the QR code, after all, is the URL!

The trivial technical solution is a QR code reader which tells you where
you're going before it sends you there, which ZXing (the Barcode Reader for
Android) and several iOS QR readers already do.

~~~
peterhajas
Short URLs (very common in the QR code space, for making a smaller code)
quickly circumvent this solution. If I see "bit.ly/asdf", I'll assume they
just shortened their URL.

~~~
lambda
And this is one of many reasons that URL shorteners must die. If it weren't
for Twitter, people wouldn't be so used to blindly clicking through short
URLs.

But anyhow, most URL shorteners offer an API to retrieve the long URL. You
could implement that in your QR code scanner as well, for the most popular URL
shorteners, to allow people to see where they will be redirected to.

~~~
babebridou
Alternatively on Android, you can use FairyPreview to decode most minimized
URLs for you before sending them to the browser.

[https://market.android.com/details?id=com.fairyteller.linkpr...](https://market.android.com/details?id=com.fairyteller.linkpreview)

------
mortenjorck
When I worked in marketing communications, we had a policy that anything that
could be mistaken as final, approved assets in a printed piece had to be
covered with a big, diagonal, magenta "FPO" label (for position only). Whether
it was an inaccurate placeholder image, or a justinsomnia QR code, it had to
be obvious it was not the final art.

------
pak
This only supports my long running contention that normal people (outside of
Japan) do not understand QR codes, and wherever they are printed, you would be
better off writing a short URL. They are 1) opaque, 2) ugly, 3) impossible to
memorize, 4) confusing to non techies and 5) no faster than typing the URL for
the majority of viewers.

~~~
cdeonier
I agree with your first four points, but how did you arrive at your fifth
point? QR Code applications I've used scan in about 1-2 seconds (the time it
takes to auto-focus), which I think is probably faster than typing a URL.

~~~
ewoodrich
If you include the time it takes the download (or find) a QR Code app, it
makes sense. Considering that neither iOS nor Android come stock with a
reader.

~~~
cdeonier
Agreed, no doubt it takes time to set up a phone to read QR codes. I was more
interested to see whether there was some link/study which compared the
actually processes of typing vs. scanning, which I thought was the intent of
his fifth point.

------
dholowiski
We use QR codes extensively where I work. We use them in print ads and on TV
commercials and I have a re-occurring nightmare that we'll use the 'wrong' QR
code somewhere disastrous... like printing a link to our competitors on 10,000
brochures or something like that.

I insist that I check all QR codes before they're sent out, and I scan them
with 2-3 different QR scanning apps.

As another commentor mentioned, I often send our QR codes to a redirector URL
- either a branded redirector service I built, or to a WordPress site with the
redirection plugin, or even to it's very own domain name which is configured
for forwarding.

~~~
karterk
Very curious - are they actually effective? Do people use them? What's the
"click-through" rate like?

~~~
corin_
An interesting data point - Storm On Demand (<http://www.stormondemand.com/>)
use AdWords a lot, and I'm always seeing their ads (clearly Google has
designated me their target market - correctly).

Some of their MPU adverts had QR codes in them, and I called this out on
Twitter telling them it was moronic to think that anyone would want to scan
the QR code off an advert rather than just click it. Their response was that
in their testing of many different adverts, the ones with QR codes were
getting the best CTRs. They didn't know the reason for this, and neither do I
- but it's interesting none-the-less.

~~~
joelrunyon
It'd be interesting to compare the CTR to the scan-through-rate(% of people
that scan the actual QR code).

I'd imagine that quirkiness of a QR code to the average user would pop-out of
the page quicker and catch their attention faster than a normal image would.

~~~
corin_
I did ask that and, while they obviously didn't give figures for either, did
say that by CTR they were judging actual clicks - i.e. yes, it was a case of
having a QR code making people click it, not that it was making people scan
it.

(They were also tracking QR scans seperately, but didn't say how well that was
going.)

------
eliaskg
I made the experience that it's never a good idea to point a QR code to a
fixed domain. Always create a little redirect app where you can define later
on what target the link should point on.

So for example point the link to <http://mysite.com/qr>

where you have a little redirection-php file that you can edit at all time.

~~~
sp332
As a user, that would really annoy me. I like to know where I'm going before I
put a URL in my browser.

~~~
iso8859-1
I don't think the majority of users check the URL of the QR code. Why wouldn't
you trust the advertiser? I think it's really rare to see an advert that looks
innocent, but actually isn't, and at the same time contain a QR code that has
a "malicious-looking" URL.

~~~
sp332
I guess I'd trust ads more than random QR codes on blogs. My point is, if the
point of a redirect is that you can send people to a different page later in
time, then you really can't depend on the QR code taking you where you expect,
or even to the same page that it used to go to.

~~~
guan
If this is such a concern, you can always have your browser ask you for
permission before it follows a redirect. Any URL anywhere could potentially
redirect.

~~~
sirclueless
I guess the point is that there is a certain amount of comfort to be had if
the url is <http://www.domainname.com/> because at least then you know that
any redirects are intended for the entire world: no one is shuffling you
though ad trackers making you feel like a pawn.

------
sp332
Does anyone know of a FF plugin that will decode QR codes in images on a page,
and maybe even turn them into live links? Here's one for Chrome:
[https://chrome.google.com/webstore/detail/bfdjglobiolninfgld...](https://chrome.google.com/webstore/detail/bfdjglobiolninfgldchakgfldifphic)

~~~
dochex
Here's our Mac OS X program that reads QR codes anywhere on your screen -- any
program (browser, editor) -- and makes them live links.

<http://www.ripeapps.com/#qrreader>

~~~
nvk
Check out the discussion here <http://hackerne.ws/item?id=3532925>

------
MrNibbles
<http://www.shouldiuseaqrcode.com/>

~~~
rmassie
It says no.

------
hamiltonchan
One way to combat the issue is to create a "designer code", which is an
intricately designed QR code. You can check out examples at
<http://www.paperlinks.com/designercodes.php>. It is much harder for
wrongdoers to mimic one of these.

------
muyuu
There is a Vietnamese restaurant here in London where waiters have QR-codes in
the back of their tees. Just last week I was there and some older guy was
following a cute tall and slim waitress around with his iphone, trying to scan
it. Creepy as fuck, but I guess it was justified by the QR code placement.

------
mnutt
Interesting story, though I don't understand what he says at the end about not
being able to redirect the QR Code to another link because the QR Code is the
link. Why not just send a 302 redirect?

He sounds like he wouldn't do it on principle, but I don't understand the
technical reason why he couldn't.

~~~
pilif
Because then his blog would be unavailable? The code points to the root of his
domain.

And even if he was willing to have his blog redirect to that other site,
there's still the issue about all these other misprinted codes. If they point
to $randomblog it's mostly funny. If they point (via the redirect) to
$possible_competitor, it's much worse

------
nowarninglabel
Side note, Justin's an awesome guy, he just did a short stint as a co-worker
at Kiva for the last 4-5 months, but is now working on a startup. We had a
great laugh around the office last month when he was still here.

------
GigabyteCoin
Odd, I thought it would have created a larger ripple after reading. See here:
<http://www.alexa.com/siteinfo/http://justinsomnia.org>

------
franze
ohkhey, that explains, why <http://miniqr.com/justinsomnia> is one of the most
visited pages on miniqr, the QR code was scanned via
<http://miniqr.com/reader.php> more than a 100 times. (a nice gallery of
people scanning the QR code visible if you visit the first URL)

------
mkramlich
QR codes are the new XML. great technology that's perfect for a certain role
but being used in far too many other roles whether it's a horrible fit. But
it's another buzzword for a resume!

~~~
simcop2387
Not just another buzzword for a resume, I put one on my resume. I got more
responses but no more offers doing that. It seemed to grab attention and then
distract people.

------
kenrik
Funny. I used his QR code to test my barcode scanner when I first got it
working in my iPhone App.

+1 pageview.

------
habudibab
Would be great for viral marketing. As far as I know it is possible to forge
codes that are valid but have an image embedded. A stickfigure giving another
one oral pleasures for example. Place it in the streets and people who think
of QR codes as random jumble will see it as a funny coincidence, take a
picture for the funny pages and maybe decypher it and visit your erotic
gadgets shop.

