You’re The Winner….. Of My Data

Logan Daley
Feb 1 · 5 min read
Image for post
Image for post
Image Source: Pixabay

Nothing is ever truly “free”, is it?

You, like I, have probably noticed an increase of QR Codes everywhere. From government-driven and managed, like New South Wales, Australia, to independent retailers and entertainment venues, the small squares of lines and shapes are everywhere.

During the pandemic, these little codes have appeared outside of nearly every place of business I have visited, begging us to “check in” for the purposes of contact tracing and crowd control. Some demand basic contact details, others demand a lot more. Some are even sneakily using checkboxes to subscribe us to marketing.

For the most part, QR Codes are unchecked and largely uncontrolled. Venues have rapidly implemented the technology just to stay in business without so much as a second thought to whether they are configured correctly, secured, and handling personal details appropriately.

Worse, we blindly scan them and check in because we’re more preoccupied with getting to happy hour in time for cheap drinks and seeing our friends at the pub. Once day when we get swamped with spam emails or hit with a phishing attack, we’ll wonder where we went wrong.

Businesses are now using QR codes for promotions and this past weekend, at least four items I bought included contests / give-aways / promotions with a QR code printed on their packaging. The allure of a free gift is tempting, but the only thing being given away freely is our personal data.

This morning, my yoghurt included a promotion with a “chance” to WIN activewear. Hey, if I’m eating yoghurt I must want activewear, right?

Image for post
Image for post
I guess if I like yoghurt, I like activewear, right?

I’ve thrown myself upon my figurative sword many times in the name of research, so I figured that I would play along and see where this goes. I cleaned off the underside of the lid to reveal the QR Code and a unique alphanumeric sequence.

Image for post
Image for post
Seems easy enough, right? What could possibly go wrong?

The link popped up in my camera app, so I tapped on the link but it failed to load. I quickly figured it out that my VPN didn’t like it much (I use Privacy Pro on my iOS device).

Image for post
Image for post
What? You mean there might be a problem?

So, I did the most obvious thing and disabled my VPN. Nobody was going to prevent me from a “chance” to WIN my activewear, dammit!

Image for post
Image for post
Ah. Here we go. Notice the use of name modifiers?

Success! The page loaded. Of course, I didn’t know yet if I was a winner. I have to give them something for that chance, right?

I then proceeded to supply First Name and Last Name (Note: Whenever I provide this information now, I add the name of the company or venue so WHEN I start getting phished or spammed, I know where it came from). I also supplied my age range, email, phone number, the name of the product, and the unique code. Check the boxes for being over 18 and consenting to the T’s & C’s and assuming to accept the privacy policy.

Oh yes… for good measure, going through the annoying process of a reCAPTCHA to make sure “I’m not a robot”.

Image for post
Image for post
Everything you need to spam someone. What about the T&C and Privacy Policy?

So, let’s look at the Terms and conditions. A few interesting items.

Image for post
Image for post
That’s a lot to use

And then a bit further down…..

Image for post
Image for post
Disclose to third-parties, you say?

The privacy policy doesn’t give me much confidence either.

Image for post
Image for post

“Any information that is reasonably capable of being associated with you….” Right. So what the actual hell does that mean? There is a lot of information “reasonably capable of being associated” with me but that doesn’t mean it is either accurate or relevant.

And it gets better.

Image for post
Image for post
Image for post
Image for post

“We may also acquire personal information from publicly available sources, social media platforms, and vendors.” Finally, something that doesn’t surprise me.

And for the record, the statement “as permitted in their privacy policies” means we’re all doing it. The policy just bangs on and on but the summary is that just to get a CHANCE to win something, your privacy has been discarded.

All because we could not be bothered to read either the T&C or Privacy Policy.

And for the record, I didn’t win anything but a loss of privacy, some personal data to contribute to my ever-growing digital shadow.

Image for post
Image for post
Dang. Thought I was a winner!

But at least breakfast was tasty!

Stay safe out there.

Disclaimer: The thoughts and opinions presented on this blog are my own and not those of any associated third party. The content is provided for general information, educational, and entertainment purposes and does not constitute legal advice or recommendations; it must not be relied upon as such. Appropriate legal advice should be obtained in actual situations. All images, unless otherwise credited, are licensed through ShutterStock

Logan Daley

Written by

Aspiring CIO / CISO. Cyber Entertainer, Writer, & Presenter. Humanity, not machinery. Observer of how we use and abuse technology. Empathetic and altruistic.

The Startup

Medium's largest active publication, followed by +773K people. Follow to join our community.

Logan Daley

Written by

Aspiring CIO / CISO. Cyber Entertainer, Writer, & Presenter. Humanity, not machinery. Observer of how we use and abuse technology. Empathetic and altruistic.

The Startup

Medium's largest active publication, followed by +773K people. Follow to join our community.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store