Nothing is ever truly “free”, is it?
You, like I, have probably noticed an increase of QR Codes everywhere. From government-driven and managed, like New South Wales, Australia, to independent retailers and entertainment venues, the small squares of lines and shapes are everywhere.
During the pandemic, these little codes have appeared outside of nearly every place of business I have visited, begging us to “check in” for the purposes of contact tracing and crowd control. Some demand basic contact details, others demand a lot more. Some are even sneakily using checkboxes to subscribe us to marketing.
For the most part, QR Codes are unchecked and largely uncontrolled. Venues have rapidly implemented the technology just to stay in business without so much as a second thought to whether they are configured correctly, secured, and handling personal details appropriately.
Worse, we blindly scan them and check in because we’re more preoccupied with getting to happy hour in time for cheap drinks and seeing our friends at the pub. Once day when we get swamped with spam emails or hit with a phishing attack, we’ll wonder where we went wrong.
Businesses are now using QR codes for promotions and this past weekend, at least four items I bought included contests / give-aways / promotions with a QR code printed on their packaging. The allure of a free gift is tempting, but the only thing being given away freely is our personal data.
This morning, my yoghurt included a promotion with a “chance” to WIN activewear. Hey, if I’m eating yoghurt I must want activewear, right?
I’ve thrown myself upon my figurative sword many times in the name of research, so I figured that I would play along and see where this goes. I cleaned off the underside of the lid to reveal the QR Code and a unique alphanumeric sequence.
The link popped up in my camera app, so I tapped on the link but it failed to load. I quickly figured it out that my VPN didn’t like it much (I use Privacy Pro on my iOS device).
So, I did the most obvious thing and disabled my VPN. Nobody was going to prevent me from a “chance” to WIN my activewear, dammit!
Success! The page loaded. Of course, I didn’t know yet if I was a winner. I have to give them something for that chance, right?
Oh yes… for good measure, going through the annoying process of a reCAPTCHA to make sure “I’m not a robot”.
So, let’s look at the Terms and conditions. A few interesting items.
And then a bit further down…..
“Any information that is reasonably capable of being associated with you….” Right. So what the actual hell does that mean? There is a lot of information “reasonably capable of being associated” with me but that doesn’t mean it is either accurate or relevant.
And it gets better.
“We may also acquire personal information from publicly available sources, social media platforms, and vendors.” Finally, something that doesn’t surprise me.
And for the record, the statement “as permitted in their privacy policies” means we’re all doing it. The policy just bangs on and on but the summary is that just to get a CHANCE to win something, your privacy has been discarded.
And for the record, I didn’t win anything but a loss of privacy, some personal data to contribute to my ever-growing digital shadow.
But at least breakfast was tasty!
Stay safe out there.
Disclaimer: The thoughts and opinions presented on this blog are my own and not those of any associated third party. The content is provided for general information, educational, and entertainment purposes and does not constitute legal advice or recommendations; it must not be relied upon as such. Appropriate legal advice should be obtained in actual situations. All images, unless otherwise credited, are licensed through ShutterStock