In 2017, I started working on an app that interacts with the real world using QR code. I became obsessed with QR code, I scan every single one I encounter.
You would be surprised at how many state/government service started printing QR codes (for more info) everywhere only to neglect the domain name. One that stood out to me was at Los Angeles International Airport. The sign said to scan get more info (flight info? I can't remember). I scanned and ended up on a parked domain name.
The OP is a perfect gentleman for not using the domain to exploit people instead. I want to say "how the hell do they let the domain name expire?" but I've worked in large companies where this was the running joke every few weeks. There must be a better way to notify people about an expiring domain name.
I'd bet that they started doing it, had zero uptake, cancelled the project, didn't bother re-printing promo material or renewing domains. QR codes are still too geeky (and maybe will always be).
Anecdotally I noticed QR codes all over the place in East Asian countries (on receipts in Taiwan for example).
Then here in Australia we now have a QR code system for 'checking in' to an establishment (for Covid tracing). I'd say at this point the vast majority of the population must be using QR codes multiple times a week/month. I've also seen quite a few bars/restaurants implement NFC/QR discs on tables that then point you to the menu/online ordering. It works surprisingly well (and I believe some countries in Europe have done the same in terms of menus at the very least).
In Singapore, it’s also pretty common for cafes to have menus (or even end-to-end ordering and payment) via QR code. I think that’s a pretty good use case (in addition to COVID check in/checkout).
We have those in the UK too, to "check in" cafes etc. Pretty much nobody uses them, which is part of the reason the whole tracing effort was basically abandoned.
I'd say just by subjective observation that lockdown and limited staff availability have done a huge amount to take QR to ubiquity more than anything else.
It’s now as simple as can be - the basic camera app on most phone is enough to use QR codes, but it seems it’s not natural, apart from specific usecases.
Another "attack" is simply to print and stick a different QR code on top of a public one. Then you could redirect unsuspecting users to a malicious or advert website. The fact that this isn't done tells me nobody really scans public QR codes...
Sounds like you'd be familiar with Munzee. For anyone who doesn't know, it's like Geocaching, but instead of a container with a logbook, you look for a QR code and scan it to log a find.
> My February 2021 Apple Fitness challenge is to walk 227km in the month.
I half expected OP to turn the NFC tags into a scavenger hunt. Like, set a cookie and display a progress bar how many of the NFC tags have been scanned by that device.
put up a form to ask for the name of the station, and get the browser to share the gps location. also ask for which lines stop here and where they are going.
submit all that to openstreetmap.
then do a search on the station name and gps location and display some useful information.
for the scavenger hunt, save the station codes in local storage in the browser, so that visitors can track their progress but you don't track visitor movements. only upload highscores to the server.
also display a random family friendly joke to encourage scanning.
experiment, see if you can find something that makes this go viral...
to get traction, look for groups that like to play scavenger hunts. also contact the openstreetmap community and public transport enthusiasts. you should find some people interested in doing something with this.
Almost certainly loads of people noticed, just no-one with both the motivation and funding to do anything about it.
One of the downsides of your website being down is that it's really hard for anyone to get to the "Contact Us" form on your website and let you know about it.
What was expired was the domain `transl.in`. Perhaps that was set up just for NFC/QR links or something? Maybe other "short url" use?
That is not the main domain or website for Translink, the public transit authority for the state of Queensland. Which is at https://translink.com.au/, with a "contact us" link at the top.
If Translink's entire web presence had disappeared, due to a domain renewal problem or anything else, I am confident it would have been noticed and fixed quickly. It's the public transit authority for the whole dang state!
It's possible(? not very likely?) there are QR and/or NFC using customers who without QR/NFC links working can't figure out any other way to contact Translink to let them know.
I think it's also possible that few actually use QR codes/NFC links.
> It's possible(? not very likely?) there are QR and/or NFC using customers who without QR/NFC links working can't figure out any other way to contact Translink to let them know.
More "can't be arsed" than "can't figure out". That's enough of a hurdle to prevent me spending my time fixing someone else's domain renewal problem when I can't even be bothered renewing my own ones.
Indeed,I wonder how long this went without anyone noticing, because if nobody felt like spending the energy to report it for a long time, it suggests it wasn't important enough to any users to bother, or there weren't hardly any users.
If it's a service that lots of people depend on and find valuable, some of them are going to bother googling a web page and hitting "contact us" link to report it.
Probably not, Australian public transport authorities learned that lesson the hard way pretty early on when at least one metropolitan area issued completely unlocked and unencrypted NFC travel cards that allowed you to just issue yourself money.
Sure, but those were the travel cards. Likely the marketing department is in charge of these signs, perhaps even outsourced to some agency, who may not consider this
Pretty cool (I am a QLDer), well done - be interesting to see how many hits you get.. I think given the renaissance of QR Codes here due to the lurgy there is going to be QR codes on everything public transport, NFC is dead!
Indeed, OP, will you post stats on traffic after you hand it back over? I’m really curious how many people tap these things at bus stops. It must be near zero.
In the few hours I've been tracking, zero people have accessed a URL other than the root domain - which I'm guessing no NFC tags link to, and the local bus stop page I'm guessing is all from the blog post, seeing as though no other pages have been opened, I'm guessing my local bus stop isn't the busiest bus stop in the network.
I think this will be even more amusing if the net effect is zero actual visits from real bus stop scans. Shades of picturesofpeoplescanningqrcodes.tumblr.com.
odd they don't also have a QR code there, which, for this purpose, seems a more ubiquitous way of doing things. NFC doesn't seem to have much advantage over QR, other than maybe harder to graffiti over
Would you please stop posting unsubstantive and/or flamebait and/or nasty (like this one) comments to Hacker News? We ban that sort of account, and we've asked you more than once before. I don't want to ban you, so please fix this.
I laughed at this, but this joke is probably out of date now.
In Australia, at least, every venue (restaurant, shop, indoor place you spend more then 5 minutes in) has a QR code that links to a form to add your name/email for contact tracing.
I guess the alternative is a book and pen and the front (which places have as backups) but it would be interesting to if all these QR codes everywhere have introduced many security issues or how much easier it actually made contact tracing vs the book.
I've had the idea of glueing a QR code that would load up the Rick Roll video on top of some ad's code (it was a big billboard on the wall of a pedestrian tunnel promoting Munich/Bavaria's bid for the 2022 winter olympics), but never actually executed it...
1. No harm was done (at best you'd get a Site Cannot be Reached, at worse someone with more malicious intentions would recreate the site prior to the expiration and steal information).
2. It's not really "public shaming" - I'd argue the company is not really an entity that can be "shamed" since it's a human emotion, but even if companies could feel emotions it would be more of embarrassment than shame.
3. The post itself says they will give the domain back.
4. Not that much time passed (at most 21 days per the post)
5. The publicity of the post increases the likelihood it will go back to the rightful owner.
I can still see your post, for what it’s worth. I didn’t downvote (or flag) you but I do think you should think hard about whether there was really any good reason for you to respond in such a condescending and finger-wagging way. Show us the real harm done by this harmless (and frankly a little productive) prank.
Edit: and yes I see the irony in my finger-waggy tone. :D
You should give it back, noticing a domain is expired and registering it is not a hack to be proud of, honestly it's kind of a dick move that anyone with $1.99 can pull off. You're also not teaching anyone any lessons by saying they should have updated their contact info and enabled auto-renewal with the registrar. It's most likely due to a simple processing error or simple administrative mistake neglecting to update their card on file, etc. But take down the public shaming statement from the website and let them take back their domain.
To be fair, it's probably worth registering and then offering it to the original owner at cost to prevent a more malicious user from holding it hostage.
My intention is for it to be returned, whilst also sharing an entertaining, and educational message with the community. Don't let your domain names expire otherwise anyone can have them. ¯\_(ツ)_/¯
Eh, that’s exactly what I’d do. Register it, get a LOL out of it, then hand it over. I’d even give it to them for free. It’s funny and it’s harmless and teaches them a lesson with some mild embarrassment.
Heh. I can only imagine the reaction you'd get if you tried to report to the front-line support staff that their NFC shortlink domain registration had expired.
This "simple administrative mistake" could easily lead to the next SolarWind-style breach in a different setting. A nonchalant attitude towards site reliability engineering is exactly what is not needed.
You would be surprised at how many state/government service started printing QR codes (for more info) everywhere only to neglect the domain name. One that stood out to me was at Los Angeles International Airport. The sign said to scan get more info (flight info? I can't remember). I scanned and ended up on a parked domain name.
The OP is a perfect gentleman for not using the domain to exploit people instead. I want to say "how the hell do they let the domain name expire?" but I've worked in large companies where this was the running joke every few weeks. There must be a better way to notify people about an expiring domain name.