Bit.ly Considered Unsafe (for QR Codes)


(After Ben Metcalfe's post on the the vb.ly sage).

As a mobile Internet consultant, companies often ask me which QR generator to use. There are many worth considering, but I always tell clients to avoid bit.ly.

The security of Libya Internet organisations are probably not an immediate concern (you did know that's what .ly stands for, right?). What is worrying is how bit.ly exposes your QR campaigns to your competitors.

How Does The Bit.ly QR Generator Work?

You can use Bit.ly to shorten URLs. Add a ".qr" at the end to get a QR code. Simple, easy, and insecure.
http://bit.ly/uRmAhs.qr
Bit.ly qrcode

Exposing Your Statistics

Here's a handy trick. Take any Bit.ly URL and add the + symbol to the end.
https://bitly.com/nTTo9j+
Bitly stats exposed

Congratulations! You can see all the clicks, referrers, and other statistics.

There is, as far as I am aware, no way to prevent this. If you have used Bit.ly to generate a QR code - everyone can see how well your campaign has done.

Revealing Your Future Campaigns

Bit.ly's open access means anyone can see all the short URLs and QR codes you have ever created. Here is a list of all the QR codes created by Southeastern Trains. Here are all the FT's "How To Spend It" short URLs. It's amazing what you can find by rummaging about...

Imagine that you're preparing for a print-run for a future campaign. With several weeks lead time, you'd better get those Bit.ly links created before you send things off to the printers.

So, now any of your competitors can see what QR codes you are creating, what promotions you will be running, and how well they do in the future.

You can make your profile private by changing your settings - but it is public by default.

It's Not Under Your Control

Once you've created a Bit.ly link, it is unchangeable. If you've made a mistake with the link - tough. If you've printed thousands of posters with the Bit.ly code which points to the wrong place, you're out of luck. Bit.ly codes cannot be changed.

While Bit.ly has proved stable so far - what happens if the service breaks? You're reliant on a 3rd party - without an SLA - for your campaign.

Incomplete Statistics

Which phones are using the QR code? Bit.ly won't tell you - and there's no way to get the information. So, there's no way to tell which phone platforms you need to target.
You do get some country by country breakdown, but that's it.

Conclusion

I would advise all companies to use their existing web infrastructure to create short URLs. If your web team can't create simple rewrites - fire them. Seriously, it's incredibly easy, it means you control the codes, to where they redirect, service levels, and get all the statistics you need.

Time to delete your Bit.ly links? Sorry, you can't do that either.

Feel the need for some bespoke QR consultancy? Contact me for details.

5 thoughts on “Bit.ly Considered Unsafe (for QR Codes)

Leave a Reply

Your email address will not be published. Required fields are marked *