Beware: QRFY.com, QR code snare

Spanish company QR Code Generator PRO S.L (hereinafter, the „QRFY”) practice on getting paid clients on QR code generation services is manipulative and violate informed consumer consent principle.

In this post I will describe how you can get in trouble by generating the QR codes on their website.

First let’s define the terms: QR code and „dynamic” link.

A QR code (Quick Response code) is a type of two-dimensional barcode that stores information as a pattern of black and white squares, which can be quickly scanned by a device to access data, such as URLs, text, or contact details. It is easy to generate QR codes using free tools, even within browsers (Edge and Chrome have it built in, just right-click on the page).

Often QR codes are used with shortened URL‘s, that is, short links that, on trying to access it, redirect the browser to another (longer) link. Shorter links allow QR codes to be smaller and quicker to read for our devices, and in addition, some services allow you to make such links dynamic, that is, you can change the page URL the short link targets without changing the short URL itself.

Cool, ha?

Those two services (URL shortening and QR generation) are often integrated and, if you only need a few such links/QR codes, they are available for free. E.g., bitly.com allows you to create two 10 short links and 2 QR codes for such links per month for free. That is enough for most casual users.

But you have to be careful with some providers. If the provider allows you to generate a dynamic link and later demands money for using it, you may be in trouble. One such manipulative provider is QRFY.com.

Suppose you need a single QR code for an event, like wedding or conference. You intend to put it on the participants cards and conference/event materials, so people can easily find updates and news. You google for QR code generator online and find one, looking very professional, at https://qrfy.com

So, you enter the link, website generates the QR code:

If you scan the code, you will see it resolves to Website URL you have entered, so, great! So, you press download button…

After pushing „Download QR“ you find that there is no direct download, registration is required:

And if you go back and try to download it via the browser right-click action „Save image“, you find it is also disabled. You can actually do a screenshot and be done with it. But that is a workaround that may not come to your mind at once. OK, so lets register, that could not hurt, right?

So you register successfully:

On pushing Accept (what are you accepting, exactly?), they suggest downloading the QR code yoy previously generated, some nice format choices there!

So you push „Download“ and here is the JPEG image that you get:

It might look about the same, but it is not the same as the initial QR code. Here is a comparison, and what it resolves to. Inestead of a QR code that resolves directly to your website/page you get a code that resolves to THEIR website’s redirect link to your website, which is in their control, not yours:

Initial QR code:

Resolves to:
https://lapas.info
„Same“ QR code after registration:

Resolves to:
https://qrfy.io/8JxBhAMXnS

Notice that NOWHERE on the way to download of the QR code you were:

  • a) introduced/required to opt-in to the site service conditions,
  • b) warned that your QR code is changed into a redirect link controlled by QRFY company, and of course I was not;
  • c) warned that (surprise surprise!) the link encoded into the QR code will expire in a week

Not only were you not warned explicitly, the website implies that the QR codes will work all the time in the title page, in the Basic Information section:

So, the idea is that the QR codes generated over the trial period are „yours forever” and therefore should work as expected (on scan should lead to your website). But after the trial period you can only create codes on their website if you choose a plan and pay. The reality is that, though the pictures of QR codes cannot be taken away after you download them, they stop doing what they are supposed to do when the trial period expires.

Again, impression is given that the codes you generate during the trial period will work indefinitely, and only later you will have to pay to generate new ones.

So here they say, again, the the QR codes do not expire, UNLESS you create a „dynamic code”. You did not opt for that, but they replaced covertly the static code with dynamic. Again, you were not warned that the website intentionally changes the QR codes to dynamic ones, and the passage above says explicitly they do not do that.

So, you have created a QR code, there is a promise that it will not expire, and you continue with production of the materials (sending wedding invitations, printing conference materials with the QR code, etc).

And then in 7 days the QR code stops working: on scan they open the QRFY website instead of yours, which says the link is disabled „for some reason”, and suggests you log in to reenable it.

You login to their website and find that to reenable the redirection link, that is encoded in your QR code, you need to choose one of the paid subscription plans, the cheapest of which is 145.16€ for three months, paid at once.

The materials, invitations etc that have already been printed and distributed, and if they contain a QR code that does not work, they promise you a public relations disaster. You are time-pressed, so you weight the options and choose the lesser evil, choose that „cheapest” plan and pay those 145.16€. Ah, and when choosing that subscription you have to agree to all the long list of conditions, one of which is „no refund”.

What a fine business model in a EU country Spain! Consumer protection institutions should take not of this one.

If you try to find out who they are, the most you can get on their website is their legal address. No people are willing to associate their name with this schema.


Paskelbta

sukūrė

Žymos:

Komentarai

Parašykite komentarą

El. pašto adresas nebus skelbiamas. Būtini laukeliai pažymėti *

Brukalų kiekiui sumažinti šis tinklalapis naudoja Akismet. Sužinokite, kaip apdorojami Jūsų komentarų duomenys.

Raktažodžiai

atviras kodas bylos Codeigniter darbas drėlingas el. parašas EŽTT genocidas gimimas holokaustas InEnglish internetas joga Jurgelis karo nusikaltimai kde konferencija Kononov Kraujelis kubuntu LAT LGGRTC lietuvybė linux microsoft mokslai mokslas nusikaltimai žmoniškumui partizanai PHP pokaris programavimas programos religija religijos laisvė sausio13 sektos seneliai teismas teisė tinklaraštis vasiliauskas vertimas wordpress žurnalizmas

Vėliausi įrašai

Mano web projektai

Sąskaitos paprastai | Patobulinta juridinių asmenų paieška | Asmens kodų tikrinimo priemonė

Visuomenė, politika, etc.

Gentys | Religija.lt | Lietuvos religijotyrininkų draugija | Krizių įveikimo centras | GPB | BDS judėjimas

Tinklaraščiai

Kūlverstukas | Rimas Kudelis | Ar kas nors dar rašo tinklaraščius? 🙂

Technologijos

Codeigniter | HTMX | Alpine.js | Kubuntu

Mano viešasis PGP raktas
keybase.io paskyra

Autorinės teisės

© 2004-2024, Donatas Glodenis. Šiame tinklaraštyje paskelbtą autorinį turinį kitur galima naudoti tik gavus raštišką autoriaus sutikimą.

Jei konkrečiu atveju nėra nurodyta kitaip, tinklaraščio įrašuose išsakomi vertinimai yra asmeninė jų autoriaus nuomonė.