7 Facts About QR Code Privacy

Submitted by Matt on Tuesday, October 18, 2011

Recently, a commenter in one of our blog posts left some comments regarding QR code privacy. What kind of information can we learn from the individual who scanned the QR code? Should we be concerned and afraid to scan because advertisers are able to figure out too much information on us? This article will put QR code privacy into perspective.

First, I want to remind you, these QR codes link to websites. On mobile devices, there is some special functionality that can be used, but there are still some restrictions. 

1. We can't pull someone's e-mail.

If someone scans a QR code, we cannot figure out their e-mail address without asking them for it. Just as you cannot do this with regular websites, you cannot do this with the website landing page for a QR code. 

2. We can figure out the time the QR code was scanned.

You can figure out the time the QR code was scanned. This can get a little tricky if the QR code is being run on a national level and the different time zones are important.

3. We can't pull someone's phone number.

We cannot grab someone's phone number by having them simply scan a QR code. They need to manually input it, send a text message, or call you to figure it out.

4. We can figure out what type of phone they have.

We are able to figure out what kind of phone the person has. Is it Android? iPhone? What model? We can figure this out, and it's important to figure out if the content needs to be optimized for different devices (although normally we don't believe in that sort of thing).

5. Someone else can "steal" your QR code.

Let's say you make a QR code and use the same QR code on flyers and on your website. Someone else can take that QR code from your website, and print it on their flyers. But hey, the QR code simply links to what you want it to link to. That means that if they use it, and it links to a website with your business logo and your branding, then hey, more exposure for you!

Someone else can also take a flyer, scan the QR code, and re-use it. Or, they can take the URL that your QR code links to and generate the same QR code. 

6. We can't have someone automatically like a Facebook page.

Just as this cannot be done on regular websites, it cannot be done on phones. Sorry. :)

7. We can't figure out someone's location without asking them.

With QR codes, we cannot figure out someone's exact location without them accepting that this is "ok." Normally, the website will ask, "This webpage would like to use your location, is that ok?" (or something similar, depending on your phone). This preference is remembered on a per website basis. So, if you go to, say, Google.com, and it asks to use your location, and you say yes. That means any of Google's websites will be able to use your location (without prompting you again).

One possible way to determine someone's location is to use different QR codes for different locations. I realize someone can take a photo of the QR code, someone can then share that, and then others can scan it without being at that location. Starbucks ran a QR code campaign on in-store billboards and they used the same QR code for each location, which means they couldn't narrow down which store had the most scans. 

It's noteworthy to point out the Microsoft Tag can figure out your location. Which is kind of creepy.

 

At the end of the day, it's important to be aware of what kind of personal information advertisers can and cannot learn from you by scanning a QR code.

Any more questions on QR code privacy?

 

Categories: