The TSA have come under fire for many things. Most recently, Fred Trotter has called them out for using a “dummy” QR code which leads to a page the TSA don’t control. An astonishingly lax approach to QR use.
Last year, I noticed this QR code as I passed through San Francisco Airport.
What I find most curious is that the TSA are using the Goo.gl URL shortener.
This is a bad idea for two reasons.
- How does a user know where the code is going to take them? The URL “goo.gl/Qrlx1” could lead literally anywhere. A security minded organisation should always use their own domain name when creating a QR code.
- Google short URLs allow anyone to see your QR code’s usage statistics.
Interesting to note that there are a few people prepared to pay roaming data charges to view the site. I’ve no idea if this exact QR code is at other airports, but it’s gathering around 80 scans per day.