Considered Unsafe (for QR Codes)

(After Ben Metcalfe's post on the the sage).

As a mobile Internet consultant, companies often ask me which QR generator to use. There are many worth considering, but I always tell clients to avoid

The security of Libya Internet organisations are probably not an immediate concern (you did know that's what .ly stands for, right?). What is worrying is how exposes your QR campaigns to your competitors.

How Does The QR Generator Work?

You can use to shorten URLs. Add a ".qr" at the end to get a QR code. Simple, easy, and insecure. qrcode

Exposing Your Statistics

Here's a handy trick. Take any URL and add the + symbol to the end.
Bitly stats exposed

Congratulations! You can see all the clicks, referrers, and other statistics.

There is, as far as I am aware, no way to prevent this. If you have used to generate a QR code - everyone can see how well your campaign has done.

Revealing Your Future Campaigns's open access means anyone can see all the short URLs and QR codes you have ever created. Here is a list of all the QR codes created by Southeastern Trains. Here are all the FT's "How To Spend It" short URLs. It's amazing what you can find by rummaging about...

Imagine that you're preparing for a print-run for a future campaign. With several weeks lead time, you'd better get those links created before you send things off to the printers.

So, now any of your competitors can see what QR codes you are creating, what promotions you will be running, and how well they do in the future.

You can make your profile private by changing your settings - but it is public by default.

It's Not Under Your Control

Once you've created a link, it is unchangeable. If you've made a mistake with the link - tough. If you've printed thousands of posters with the code which points to the wrong place, you're out of luck. codes cannot be changed.

While has proved stable so far - what happens if the service breaks? You're reliant on a 3rd party - without an SLA - for your campaign.

Incomplete Statistics

Which phones are using the QR code? won't tell you - and there's no way to get the information. So, there's no way to tell which phone platforms you need to target.
You do get some country by country breakdown, but that's it.


I would advise all companies to use their existing web infrastructure to create short URLs. If your web team can't create simple rewrites - fire them. Seriously, it's incredibly easy, it means you control the codes, to where they redirect, service levels, and get all the statistics you need.

Time to delete your links? Sorry, you can't do that either.

Feel the need for some bespoke QR consultancy? Contact me for details.

5 thoughts on “ Considered Unsafe (for QR Codes)

  1. Kai Hendry says:

    The click counts in these campaigns seem pretty low (and damning) to me.

    1. The FT's statistics are not from QR codes - just their Twitter feed. I'll see if I can find something a bit more interesting.

Leave a Reply

Your email address will not be published. Required fields are marked *