Should homeowners wish to promote their property listing on Zillow, now they can with the drop of a link or simply entering the listing ID. Print it, wear it, share it, the world of QR codes is growing.
UpTier also creates socially aware QR codes for anyone, simply enter your social usernames, and create. It’s free, and easy.
We’re not sure what the pay model will look like in the future, but this leads us to the ultimate problem with QR Codes no one is talking about but us, and that’s QR spam.
QR spam will most likely stop QR use in its tracks unless a guaranteed safe transaction is presented. In fact, unless I know exactly what is on the other side of a code, I will not scan it. Why wouldn’t I want to scan it? Because my phone is worth more than the convenience of the 50/50 chance I’m taking by scanning a Trojan horse or ad serve onto my handheld device. I, like many people, have been trained not to click on links if I do not know where they’ll take me, and QR codes are the future of spam links.
Mark my words, until a trust source is created that all QR codes are fed through, the investment of real money into QR codes for Realtors is a risky proposition. If I see the code on a Realtor’s sign, hard printed, I am more likely to trust the QR destination than I am on random things like paper items such as business cards.
In fact today, I received a QR code in an email from a trusted source, did I scan it? No, I did not, and you shouldn’t either.
This is nothing on UpTier, I’m sure their product is sound, but in the future if ad supported, then it’s spam, is it not? And what of NEWS of the first ever QR shared virus? The publicity alone will dead end the future of QR use.
Solution? Is it time for certified codes? If so, what does that even mean or look like?
QR Spam, it’s what’s cookin’.
Steven Noreyko
February 28, 2011 at 1:51 pm
Seems pretty paranoid to me. How would a QR Code inject a Trojan or other virus on to your mobile device? I’d like to know if it’s even possible.
Most of the scanner apps I’ve looked at on iPhone will sandbox the QR Code text within the app, and then offer to send you to a browser or make a phone call, etc. Not sure what BlackBerry or Android users have to deal with here.
Seeing SPAM is certainly a problem with QR codes, but if you scan the code, that content is more HAM (to you) than SPAM since you ASKED to see the content.
I’m curious to watch what happens in this space
Benn Rosales
February 28, 2011 at 2:09 pm
It isn’t ham if your once no ad QR is now filtered with an ad to support the QR provider.
Paranoid?
Come on. Clicking YES or NO on your computer screen was one upon a time seen as safe. lol Shortened links once upon a time never sent you to a malicious site, and today QR codes are obviously safe. Sure.:) It’s evolution.
Ralph Bell
February 28, 2011 at 4:50 pm
@Ben I use my own QR software on my server. I at least know that it will never have ads. But like everything else on the net someone will find a way to take an originally great idea and turn it into spam…Facebook, Twitter, bit.ly, etc. All have succumb to the evils of online marketing.
Joe Cascio
February 28, 2011 at 7:53 pm
I think the previous commenter was not out of line in using the term paranoia. This article doesn’t point out any specific threat, exploit or vulnerability owing uniquely to QR codes. It mentions no actual instances where a QR code in and of itself was used to deliver a virus or malware payload. It doesn’t even theorize on a QR-specific vulnerability or threat vector.
I did a little research on this topic and the only specific vulnerability regarding QR codes I found had to with, guess what… Windows ActiveX. And that was some years ago and has undoubtedly been rectified.
Let’s look at the facts here. QR codes are merely data. You can’t put anything in a QR code URL that you can’t put in a URL that you publish on a web page. You can’t embed binary executable code in QR. A QR code doesn’t contain any threat that doesn’t already exist, as far as I can see. If you use iOS or Android, the phone will prevent the browser from installing or executing any code you didn’t specifically authorize or that comes from their app stores.
But the point is, it’s no different from clicking a malicious link on a web page. If you take the proper precautions to protect yourself from malicious web pages, a QR code won’t hurt you either.
If the author knows of a particular new or unique threat presented by QR codes, then he should state it and stop hand-waving. If he knows of or has heard of a case where a QR code was used as an exploit vector then he should give us what facts he has.
QR codes may be new to the author and many others in the US, but they have been in use for years by the millions all over Japan and Europe. If there was some particular threat owing to their use, I presume we would have heard at least something about it by now.
Stacy Chapman
February 28, 2011 at 11:32 pm
Interesting post Benn! We have been considering adding QR codes into our event ticketing software, and I really never considered the possibility of spam on the other side of the URL. I’m not sure if the thought of potential spam will sway me from scanning in the future, but it will definitely make me think twice if I don’t know the source.
This past weekend, I actually scanned several QR codes on my phone from real estate signs and was excited at how easy I could get house data when a flyer was not present. The only frustration I saw from the scan was the slow speed it took to pull up a few of the websites that were driven entirely in Flash due to the high number of images and virtual tours.
Dawn Green
March 1, 2011 at 12:05 am
Hey Benn, great article! We’ve been thinking that adding QR codes to our print-at-home PDF tickets was in a future upgrade, but you blind-sided me with this! Obviously, I’ll take a wait-and-see approach on this one.
Thanks!