This is very common in retail. What tends to happen is that a retail buyer would work with a supplier and order a product in . That product packaging will have a promotional or information site it will link to & is printed as a QR code. From a buyers perspective they are doing this as it’s a way to provide value or information to their customer and supplier fronts the cost of this.
The IT teams within retail aren’t kept in the loop and neither are they aware of a site that is hosting any of this content. All the content and marketing of this is done by a agency who are hired and managed by the category or merchandising teams in the head office .
Product sells for a quarter or maybe 6 months at the most . Products get rotated and goes back to warehouse until such time in a year they need to liquidate the stock and do promotional discount pricing as part of back to school or Black Friday etc.,
By then the agency that fronted this and created the site has lost its domain or the site isn’t maintained/ gets compromised etc.,
At that point the product is on the shelf , domain is hijacked or the hosting provider / host gets taken over by a malicious actor.
Then the IT / security teams in the retail organisation are asked to step in and support their business colleagues.
Every major retail corporation will have this happen to them at least once a year. IT teams will have a laugh about this and nothing ever changes as a process as it doesn’t really affect the share value or damage the reputation of the retailer as such
Always remember to convert a QR code back to text before printing / distributing it.
There are some shady QR code generation sites on the Internet that produce codes that work for a week or so, but go to some unexpected third-party domain that redirects to your site. Later, you find out that you have to pay them a subscription fee if you want the QR code to keep working.
This is why I've grown even more careful about introducing new domains in production.
If I keep everything in one or a small amount of production domains, even if a product is shut down, a project ends, and everyone has long forgotten about it - it's still hitting my load balancers and I can deal with it. Cheaply, too. Some 404 pages delivered by a loadbalancer probably cost cents or less per month. I can also make it a cute branded image based on a few conditions as well if you give me that.
And some POs are arguing how this is controlling and how this might be constricting freedom and such. And, yes it is. But on the other hand, we won't have porn hosted on something the company once promoted. Unless the company wants to rebrand as such.
Yeah registering a domain is sort of a permanent act. If you ever let it expire, someone else can take it over and start receiving all emails, http requests, and anything else directed at services you used to run there. And possibly responding to them. They'll easily get certificates to verify the domain, since all that's needed to do that is control of the domain.
From a customer point of view this is also a lot more trustworthy. Hypothetical example. If i visit annualpromotion2023.pepsi.com. I know for sure Pepsi owns the domain and would be more comfortable putting in personal information there, compared to pepsiannualpromotion.com, that is a lot more likely to be a scam.
One of my customers found out someone copied their website almost to perfection under a different domain name and started advertising their products for way less prices. They wanted the website gone of course. So now i had to explain our company doesn't have any jurisdiction on some website hosted on the other side of this planet.
I have recently received a subpoena from 'the other side of the world' regarding a domain I registered recently.
It seems the domain in question was one of many involved in IP infringement against a global fashion brand long before I came along. A simple check of registrar data would confirm I have f all to do with this.
Either some big law firm knows different from you or are just scamming their client? Surely this can not be the case?
I don't think much of the technical or moral chops of big law firms involved in the intellectual property game, but this seems reasonable to me.
The site was being used to do some bad thing to their clients, they're justified in assuming the current owner might know something about it. Changing registrars and WHOIS info is exactly the kind of thing a shady site might do to throw off investigation. If you're fortunate, you'll at least get your reply read by someone who can understand the plain English of "it wasn't me, I bought the site since then" and doing a bit of research to cross check that.
What this needs is a mitm service that gives shortened/custom urls like https://prom.os/paw_patrol_biscuits that redirect to the vendor's site, and when the promo/limited-run is over the url can be 'turned off' in a control panel and then default back to a 'This promotion has ended, but visit <vendors general site>' for more information on products' or such.
I guess it'd be hard to get companies to use such a service, except for situations that cause product issues like this one we're seeing.
A lot of online QR code generators provide this service (often by default without making it clear that they are injecting their URL). It can definitely be useful to "change the URL" after deploying the code, but you still have the same problem that you don't control the domain. If you stop making payments or the company goes out of business then you are out of luck.
IDK if any of these services support custom domains. So that you could have qr.mycompany.example or whatever. That way if something goes wrong with the service you can at least direct it to something else.
But I think in general you should control your URLs. Especially for printed material. Often this would be something like a short URL or some other small name that can be directed to the intended final site and changed at any point.
I can completely understand the concern with a compromised promotional website listed on the packaging, but a full product recall seems to me extremely wasteful. Presumably, all those bags (which look to me like they're made of plastic) will have to be disposed of, if not the actual biscuits themselves.
This is just one factor in a multitude of reasons why single-use plastics are wasteful, but I believe that if a company is not responsible enough to look after a URL they should not be plastering it all over consumer products.
A URL is for life, not just for Christmas. Not sure whether to link to the Dogs Trust or the W3C here!
This is why there's a "starving kids in Africa" meme. The amount of perfectly good product that goes to waste in "developed" countries is certainly one of the most infuriating things about modern life. Perhaps future historians will also comment on this point as they unearth perfect artifacts from landfills.
The pragmatic approach would be to put a small piece of opaque tape over the offending text and put the product back on the shelves. I've seen that happen with nutritional information on imported products, where the original label printed on the packaging presumably didn't meet the legal requirements and thus a new one was put over it.
This is just one factor in a multitude of reasons why single-use plastics are wasteful
IMHO that's not the real worry here --- that would've ended up in landfill or been incinerated anyway regardless of the recall, and it's a tiny amount of waste relative to the rest of the otherwise usable product.
Realistically is anyone actually going to return these products because of the URL though?
I'd assume it's more damage control in the event someone actually does visit the URL because then they can say, "well we have recalled these products, sir".
An alternative interpretation is that the cost-of-materials is insignificant related to brand dilution and/or the intended promotional value of the URLs themselves.
The biscuits may very well have simply been a flytrap of sorts (honey), or loss-leader. Disposing of them given that the URL is itself no longer useful might well be the pragmatic approach.
I also doubt the public will return sold product, though they might take actions against the packaging itself. I'd hope that unsold stock will be diverted to food banks or other noncommercial distributors, though possibly with a provision that packaging be covered (stickers or labels?) or removed prior to final distribution.
"An alternative interpretation is that the cost-of-materials is insignificant related to brand dilution and/or the intended promotional value of the URLs themselves."
Cost will be some fraction of the retail price. But that's coming from a streamlined production + packaging pipeline.
As soon as you'd choose to repackage product, then you need a whole lot of hands (people) to do that. And then cost of repackaged product easily goes to 2..5x what it was on the first run.
That's not worth it for manufacturer. Profit is lost on that batch, disposal is the next cheapest option.
Sometimes there are alternatives, like food banks, or use as cattle feed. But often not (or manufacturer is too lazy / doesn't care).
Does anyone actually visit random URLs on food they buy? It must be less than 1% of people doing that so I don’t see why that would make them any money? (it says this is the URL of the supplier, so it’s probably not something that people would want to visit like a game)
Let's all hope w3.org doesn't forget to renew their domain. Because if they do, all these links to "Cool URIs don't change" will suddenly become extremely ironic. We're safe at least up to 2029...
Seems like one of these automated domain-takeover attacks: watch for expiring domains, snap them up the moment they expire, replace them with porn ads, profit.
It's a domain parking page full of ads for Chinese porn apps. The company closed shop and some squatters took over their domain. A recall seems unnecessary to me, but I'm guessing they got complaints and figured this was just safer.
It's not just porn, it's actively malicious. The site tries to install a configuration profile (iOS) if you click through, presumably to install a root CA or something.
If you don't have kids, or none of your close family do, there's no reason you would be aware of the brand, but if you do they're astonishingly popular and almost impossible not to be aware of :-)
> PAW Patrol is a Canadian computer-animated children's television series
> The series has been sold to TV networks in over 160 countries.
> In 2016, the season two episode "Pups Save a Mer-Pup" was nominated for Best Animated Television/Broadcast Production for Preschool Children in the 43rd Annie Awards. As of 2023, PAW Patrol has received twenty five Canadian Screen Award nominations with twenty wins.
The sad thing is that they won't. Lidl can't risk sending these out with the compromised URL on the packaging, and covering the URL would take a lot of people in the chain cooperating and donating resources to arrange that.
It is cheaper for Lidl just to donate a new batch without the URL and destroy the affected batch… The best thing one can hope for is that these end up on the break room table at Lidl shops, but there are probably rules that prevent that too.
Quoted below to save you a click. Sounds like it's not a problem with the products themselves, but their website got hacked.
---
Important Notice: Product Recall
Paw Patrol All Butter Mini Biscotti Biscuits x 5
Paw Patrol Choc Chip Mini Biscotti Biscuits x 5
Paw Patrol Yummy Bake Bars Raspberry Flavour x 5
Paw Patrol Yummy Bake Bars Apple Flavour x 5
Batch affected: All stock
• Lidl GB is recalling the above-mentioned branded product as we have been made aware that the URL of the supplier which is featured on the back of the packaging has been compromised and is being directed to a site that is not suitable for child consumption.
• We recommend that customers refrain from viewing the URL and return this product to the nearest store where a full refund will be given.
We apologise for any inconvenience caused and thank you for your cooperation.
Reminds me of the time I was buying a windshield for my 2001 Ford Focus and I had troubles on the website and by chance found out they link a js file from a non registered domain so I registered it and watched the traffic.
Seems to have been used on multiple sites and when a site loads js from a compromised site you can do anything on the site.
I reported it four times and after 6 months they still didn't fix it.
Isn't it literally why it exists - to push stuff to kids? It's pretty much a way to work around regulations pertaining to advertising to children.
At this point in Poland we have a Paw Patrol variant of literally anything a kid could use or consume - from regular and electric toothbrushes, through clothes, sheets, toys, shower gels, food, beverages. Whatever you think of, there's a version with a Paw Patrol dog being sold somewhere.
I only recently saw Bluey for the first time (only one of my kids is still, barely, in the demo for it).
God damn it’s good. It’d be a solid choice for a lazy Saturday afternoon of getting baked and zoning out on TV, even for those without kids. Mellow, funny, you get little wins to root for, and some fun bits that go over kids’ heads. Rare for a show targeted that young to be as appealing to (or, at least, tolerable for) adults. Far better than, say, Daniel Tiger, which is already well above the bottom tier of that kind of show.
[edit] incidentally, I think Fred Rogers would have been disgusted by all the heavy-handed auto tune in Daniel Tiger. Giving kids a wildly incorrect model of what ordinary, real human singing sounds like strikes me as the kind of thing that would have prompted him to bring down the “no” hammer on his own show in a damn hurry, if someone had suggested it. Bugs me every time I watch it.
I also love Bluey but I think we might be somewhat biased, because it clearly makes an effort to cater to adults as well (most chapters can be seen as being about parenting, and sometimes contain non-obvious lessons for parents). Perhaps from the viewpoint of a child it wouldn't be so superior to other cartoons.
Although it does have the quite objective advantage of not being overstimulating. Most current cartoons look overwhelmingly overstimulating for me as an adult, and move at such a fast pace that in some I can barely follow the action, and we throw them at small kids...
My kids really love this show, coincidentally it's even on at this moment. Regarding the parenting lessons, they resonate with the kids as well. There was an episode after which one of our kids compared the story of an episode with something that happened in our household and it gave us a nice chance to talk about it on their level. The Bluey writers really do a terrific job. My kids never learned a lesson from Paw Patrol, except wanting to buy their merchandise.
Mom and I had a really emotional moment when 4yo was getting incredibly discouraged that he couldn’t hit the baseball but his older brother could. And 6yo just went to him and said “it’s okay! Run your own race.”
There are entire episodes of Bluey that are pretty much therapy for parents. And there’s episodes that celebrate being a parent. There's even episodes that bring tears to my eyes every time, even having seen them half a dozen times.
- Baby Race
- Bike
- Camping
- Flat Pack (how do they tell a story that deep in six minutes?!)
- Sleepytime (yep, welling up just thinking about it now)
> and move at such a fast pace that in some I can barely follow the action, and we throw them at small kids...
I love animation so I end up watching a ton of cartoons and I have to agree that shows these days can move way too fast. You can tell a whole story in a 5-15 minute episode, but telling a story well in that time takes serious talent and I'd love to see what talented writers like that could do with a story that had room to breathe.
It matters a lot less for shows with little if any continuity but serious story telling needs a lot more time. I'd feel better about it if there were a bunch of animated shows with 40-60 run times to balance things out.
One good thing I'll say about hyper-fast paced animation is that it forces the audience to fill in a lot of blanks on their own. That could engage a kid's imagination if they take the time. I get the feeling that it's the older audiences who tend to go nuts with that though.
> Perhaps from the viewpoint of a child it wouldn't be so superior to other cartoons.
My friend's son LOVES Bluey. When it's on TV or a phone he'll stare at it without blinking for as long as it's on. I didn't notice it until another friend asked why he was crying and his dad told us he just doesn't blink when Bluey is on.
Just to clarify, I didn't want to imply that it cannot be great from the viewpoint of the kids. Just that for most parents it tends to be the uncontested best among shows for that age, miles ahead of any competitor without a second thought (an opinion that I myself share) while for kids it's probably just one more that some may prefer while others don't.
My son does like it quite a lot, and it prefers it to many others such as Dora, Spongebob, Paw Patrol or the infamous Peppa Pig, but he will choose PJ Masks or Superkitties over Bluey, and those two I find... not very good, to be honest. Especially Superkitties.
Your friend's son has great taste in cartoons, although not blinking might be taking it a bit too far :)
There's a new one in the mix too, called Pupstruction, which seems to be Disney's "this is legally distinct from paw patrol" entry. Watch Disney Junior and you'll see a lot of Bluey and Pupstruction.
Bluey is still king to me, but Pupstruction being centered around construction rather than law enforcement is a positive distinction in my eyes.
There seems to be a weird popular misconception about Paw Patrol being some sort of police recruitment propaganda for toddlers. I've (unfortunately) had to sit through hundreds of episodes and it really isn't. The police dog is not particularly treated as a main character as all of them are given pretty equal screen time and storylines (out side the recent film, which does focus on him). And even when the episodes do focus on Chase it's barely police work, certainly he doesn't go around pointing his gun at immigrants. His main ability as a police officer seems to be that he has a megaphone.
Indeed. And even if it had some police propaganda, this wouldn't be that bad anywhere in the developed world except the US. The perception of police spending most time harassing minorities and exacerbating humanitarian crises? That's a US problem. Literally no one else has it. Which is what makes the attitudes to LEO that US exports sad, and perhaps even dangerous.
> The perception of police spending most time harassing minorities and exacerbating humanitarian crises? That's a US problem. Literally no one else has it.
France just had weeks of riots because the police shot Nahel Merzouk [1] due to similar dynamics that have been developing in France since at least the Algerian crisis [2]. I don't know if "spending most time" is a fair characterization of French minorities' perception but the antagonistic relationship between police and minorities is far from a US only problem.
I think that merely the fact that people are bothered enough to riot shows that the problem in the US is much more extended, where shootings by the police were such an everyday phenomenon that the biggest reaction you'll get is an extra-high shrug.
The French do love a good riot but don't forget that the George Floyd protests just a few years ago were the largest in US history - during pandemic lockdowns, no less. They devolved into something resembling riots in only a few cities but "extra-high shrug" is hardly how I'd describe that series of events or the other smaller protests since. The Minneapolis ones only wrapped up in May of this year after the criminal cases were resolved.
I think with US suburban sprawl it's just a lot easier to ignore what's going on in the cities.
Well, also, it is _France_; proud tradition of very large dramatic protests and riots going back over two hundred years. It's kind of their thing. French farmers routinely shut down whole cities when they're vaguely irritated about something; it's unsurprising that protests around more serious and emotive matters than France enforcing an EU ban it was already meant to be enforcing on a pesticide get a bit dramatic.
I don't know if that's just a France thing, I remember here (Greece) ten years or so ago, when a police officer shot a teenager, and the whole country was in flames for a week from the riots. There are still marches and protests every year, on the anniversary.
> And even when the episodes do focus on Chase it's barely police work, certainly he doesn't go around pointing his gun at immigrants.
If he did go around pointing is gun at immigrants that would be the opposite of police propaganda wouldn't it? Most young kids don't interact with police directly, so nearly everything they know about police comes from the media they consume. The question comes down to what kids need to learn about police and what role media plays in that education. Families in certain communities have been educating their children on how dangerous police are for a very long time.
Is it better to introduce an idealized version of police to kids and let them learn on their own that police are dangerous or is it better to present police in children's media realistically so that they're prepared when they see their 8 year old classmate thrown to the ground, handcuffed, and arrested because they acted up in class or so they understand when they see protesters march past their house because police officers beat and murdered another person on camera without consequences?
I suspect that it's better to show kids what police are supposed to be like before introducing them to the harsher reality we live in, but I can't blame people for looking at shows like Paw Patrol and thinking that it's giving kids a very unrealistic view of policing at a time when they should be increasingly made aware of the issues and the risks they face.
My dude/person, it's beyond popular, we have an entire shelf in the toy cabinet dedicated to "paw patrol stuff"
There is a full feature paw patrol movie in which one of the characters breaks the fourth wall and says "How can we afford this? Licenced paw patrol merchandise!". And all the parents in the audience groan.
You're not allowed to advertise to children in the EU, so shows like Paw Patrol is a brilliant workaround. The show itself itself is a product, that can be picked up by various TV stations, but it's also an indirect way to advertising the toys and other co-branded products.
The show is innocent enough that nobody will complain about it, so it's a clever marketing strategy.
> You're not allowed to advertise to children in the EU
Maybe in some EU countries, I guess. In Spain, toy ads are common. Recently, the government prohibited toy ads that are segmented by sex (e.g. marketing dolls or toy kitchens specifically for girls) but otherwise there are no limits as far as I know.
Paw Patrol was created by a toy company to sell products. They design the new products with each new season which includes new vehicles/accessories/etc.
Sure it is. I'd even go as far as to say that in Spain, it's probably the most popular cartoon among 3-5-year olds (I have a 4-year-old son who doesn't especially like it, but many of his classmates love it, all of them know it, and almost every kid in the neighborhood has some kind of toy, stickers, etc. from the franchise).
I always check out the HN comments first. The HN comments don't assault my browsers with popups, ads, awful styling and who knows what else. I may learn what the article is about (not always clear from the title of the submission) and be warned of other people's reactions (like "WOW that giant flashing thing on page 2 can trigger a seizure!" or "Site hijacks back button!" or even more importantly, "Article is a waste of time, author has it all wrong. Here's an authoritative source which explains why").
I may or may not risk a click at all if there are no comments.
I do read the article before commenting though. (Well.... not this time, but it's kind of a meta topic)
I, for one, often glance at the comments first to check if an article is valid. If not, there's probably a highly rated comment explaining what's wrong with an article's facts or reasoning.
Saves me not just a click, but lots of time reading lesser quality articles too.
Sometimes I have the arrogance to have an expectation of what could I read there on the article, so I read the comment section on HN first to find unexpected insight or a POV I wouldn't find boring, for better or worse.
I have automatic PDF downloads configured as the built-in browser PDF viewers are often subpar. So for sure I will check the comments before deciding if I want to click on a PDF link (in this case: I don't).
