Masson Mills use QR codes to preserve atmosphere

QR codes may make designers shudder, but they are instantly recognisable and relatively small compared to information and interpretation boards. This was the view taken by Masson Mill museum at Cromford in Derbyshire. They have taken to unusual step of removing display boards "...so as to evoke a sense of the authentic atmosphere of a working cotton mill from the 18th and 19th centuries..."

Given that they are in a deep river valley and the walls and metal machinery preclude an ambient phone signal, they have provided Wi-Fi throughout the visitor area so that once logged in the user has no trouble accessing the content. My only criticism is that the pages are not optimised for the small screen of a mobile, so I had to zoom and pan to read the information, which is a fiddly process. I'd also have preferred an audio or video tour to static information, but maybe this will follow.

Despite their small size, the codes stand out clearly, aided by the orange-coloured 'M' next to them. Do try and visit as this is a really fascinating place with twice-daily demonstrations of working machinery. I'd be interested to hear what you think about them and how effective you find the mobile digital interpretation.

5 QR code do's and don'ts

1. Do use free tools and experiment

As well as Q-Action there are loads of free tools and apps out there, both for creating and for reading QR codes. You can download a free reader app to your smartphone, and there are web sites (including Q-Action) where you can generate free QR code images for printing. Note that QR code and 'bar' code or UPC are not the same thing. You need to experiment and test and to think about how you will maintain the codes in future - such as if your web address changes after you have posted 50,000 leaflets.

2. Don't pimp your code

QR codes can contain some redundancy (Q-Action uses the maximum 30%) and some of the shapes are for orientation and calibration. Even the white border is part of the code. If you colour the pixels or the background, or cover them with reflective plastic they may not work, or worse they may work for you in a test environment and not your user in their environment. Remember that cameras do not naturally see the same spectrum that we do.

3. Do think about size and location

If the user can hold their phone close to your QR tag then 20 mm square should be a safe minimum size. If not, then as a rule of thumb a side of the printed code should measure about one tenth of the viewing distance. Remember also that bending a QR code around a mug or similar will distort it, so you have to stretch the original image just the right amount to make it appear square. If your QR code is a web address then the user will need a mobile phone signal or wi-fi to access the web page. The classic error is to print a small code on a poster the other side of subway tracks in an underground location. QR codes are a way of going from a physical artefact to an on-line experience, so it's no good having a QR code on a web page where it would be easier to have a clickable link. See wtfqrcodes for a laugh at the expense of....others.

4. Do use re-programmable QR codes

Free cloud services like YouTube, Flickr, Google Drive, and Dropbox enable you to share editable documents on the web, but take care to use a programmable QR code (like the Q-Action 'Goto' type) because if you change the document its URL will change. You don't want to have to re-print the code each time.

5. Do think about where you are sending the user

A mobile phone has a very small screen and limited add-on functionalities such as Flash. It's no good sending the user to a page that is not designed for mobiles. Also, the way people use QR codes is a very 'here and now' medium so your page should give the user something that is relevant to where they are and what they can do at that moment in time. Sending them to your normal home page will only annoy them - it's the QR code equivalent of spam.

It's amazing how many ideas you can come up with if you just think through the fact that QR codes take you to a web page and you can update that web page. Have a go with a couple of Q-Action free pages and see what you can come up with.

5 QR code ideas

1. Garden plant information

Put QR code labels on your plants or other natural products so that people can easily get information on what they are and what to do with them. Q-Action is so cheap (£45 a year buys you 1,000 codes) that any garden centre or hobbyist can afford to have QR codes for each variety.

2. Window shopping (with buying)

When you are closed, or if you have displays away from your premises, you can still be selling if your 'window shoppers' can switch to the web and hit a 'buy now' button.

3. Remotely updatable 'Special Offer' posters and menus

If you have offers that change over time you simply make the printed poster a generic 'Offer of the week' or 'Today's specials' and change the contents of the Q-Action page that the QR code points to. Price lists that change are an ideal application.

4. Electronic instructions for use

A printed QR code on a product can provide a way for anyone with a smart phone to identify it and get up to date information, such as instructions for use, warranty and service information, product recall alerts, and information on accessories and re-ordering. All this can be updated centrally, keeping you in touch with your customers and even subsequent owners.

5. Everlasting membership and loyalty cards

The user's details can be kept on a Q-Action page that only you can access, while the member's card can be scanned by themselves, or by your staff, to check their renewal date or privileges. Such cards can provide a degree of security as user's can't access the information themselves.

Iron Age QR codes?

At Burrough Hill Iron Age hill fort in Leicestershire we are for the next few weeks providing Q-Point based heritage interpretation during the third season of a major five-year archaeological excavation. We have installed five QR tags in places where previous trenches are now covered up, so that visitors can have the ground re-opened up again for the on their mobile phone. We are testing the principles and analysing the usage, as we believe that there is potential in such sites for the steady stream of day-to-day visitors to get much more out of their visits. There is a big open event this coming Sunday, 1st July where we will have a stand.


The UK is also currently building up to the Festival of Archaeology which runs from 14th - 29th July and features guided tours of the Burrough Hill excavations on the 14th, which is also the last day of these excavations. So budding archaeologists and armchair Time Team fans should install a QR code reader on their phone and hot foot it to Burrough Hill on one of these dates.

Q-Action cards as a secure access system

Here’s how Q-Action QR codes can be used to create a simple but robust photo-pass access security system for buildings and events, at almost no cost and without special equipment or infrastructure.

The security problem

I once interviewed a security chief at a major airport who, rather alarmingly, told me that his tests had shown that you could walk past one of their security guards with the photo security pass of someone radically different to you and yet still have an 80% chance of not being challenged as, even putting sloppiness and fatigue aside, it was difficult for humans to match photographs to people. Technologies such as biometrics have been hyped as solutions, but are costly and have so far failed to work reliably; as demonstrated by the recent abandonment of iris scanning at UK passport control. Technological solutions to security seem to come at a cost and to involve dedicated equipment, with little by way of fall-back if it fails.

As with any security system the effort and complexity of what you build using Q-Action depends on the nature of the risk and the degree of threat, but you can easily lock this system down to a greater or lesser degree according to your resources and your own balance of security and convenience. You can also change that balance quickly in response to perceived threats.

Really Simple Security

For a low-level security system without requiring equipment or infrastructure beyond a smartphone, you create a standard Q-Action membership or similar card type, ideally  with a photo of the owner. You could even put the photos on a shared space where they can be maintained by the card owner as they get older, grow beards, change their hair, or wear glasses. You can produce printed cards with the photo images and the QR code like standard security passes.

The QR code on the cards are scanned by security personnel with a any PC/laptop/tablet or a mobile phone. Even at this level it already represents an increased level of security as the photo that appears on the card and the photo on file that appears on scanning the QR code should be identical. This should already be much more positive and reliable than asking a person to compare a poor passport-booth photo with a real face walking by (which you will still have present as a check that this is the holder).

If you have a high peak traffic flow and want to avoid hold ups you could let the individuals scan their own cards and simply show their phones and matching cards to security. Both are possible to fake, but it is a lot of trouble.

Really Serious Security

Now comes the clever bit. The trick is to create one or more ‘security images’ that can be uploaded to a fixed URL that only you have access to. You put this single URL in all of your cards in the ‘background image’ field. This means that the current background will be rendered from all cards as they are scanned. As this is repetitive, any change in the regular background will be immediately apparent to security personnel.

You can change the background of the cards according to days of the week, time of day, or even individually per user according to their access level. As no user has access to the image, which could be complex, or could be unique and frequently changing, it would be difficult in the extreme to anticipate or replicate the correct security image.

If you are really prepared to go to town and have a Local Area Network and/or Wi-Fi, you could put the image on an internal server and restrict access by IP or MAC address, as well as restricting access of the scanning device to the known image source. This ensures that the security image is only delivered to a known device, and that the scanning device can only access the security image from a known source. This should be within the capabilities of most local set-ups using only the standard user access control features. Add WPA or similar encryption and you have a system that is about as locked down as it can be.

Lost stolen and abused

Q-Action cards reported as lost or stolen can have the message or the photo changed by the administrator to give a highly visible warning to security upon scanning. The background image URL can also be removed or changed to an alert one. Any subsequent scanning can also be noted from the web analytics audit trail. Cards can thus be rendered ineffective and a liability.

Regular system abusers, or personnel known to be high-risk, or in some other way special, such as visitors or contractors, can be flagged with a message or a different background image that causes security to give them appropriate attention.

No photo (or other data apart from the QR code) on the physical cards in an internally locked-down system (security image served from an internal server not available on the Internet) means that anyone gaining possession of a valid card and trying to use it, or to doctor it, has no idea what the complete scanned result should look like.

Multi-factor security

There are a number of factors that make it difficult to circumvent a Q-Action access system, but the fundamental strength is that you can centrally control, and easily change as frequently as you like, the data, the photo, and the background security image that attests to its validity.

Other factors are:

• Physical photo and stored photo (or other image) are an exact match, which is easy and quick for a human to assess
• Q-Action URLs are randomly generated so are not able to be guessed
• The first part of the URL shown after scanning should be the Q-Action one, otherwise it is a fake and this can be captured in a closed local network
• Q-Action QR codes are hard to spoof as all look very similar whereas another URL would produce a different pattern
• Access to the security image can be highly restricted in a local area network
• Using web page analytics means that an audit trail can be created

Geocaching with QR codes

There just has to be a new angle on geocaching using QR codes. One user has suggested that instead of leaving 'treasure' articles in containers there could be a QR tag from which you are able to access some form of on-line 'treasure'. Maybe we could make a Q-Action page where people can sign in, instead of a physical log book that is subject to vandalism and the elements. The hunt is on.

QR codes for estate agents

Estate Agents have long been pioneers of QR codes as they enable window cards and house sign boards to be 'captured' by passing 'punters' on their mobile phones. We now have the ability to add an image to Q-Action cards, which makes them suitable in their native form for quick and dirty particulars about a property, along with a kerbside picture.

If something more sophisticated is required then using the 'Goto' card you can store a word or pdf document behind a QR code. This trick involves using a cloud storage such as Google Docs, making a document shared as 'public' and pointing the Goto Card at its URL.

The real beauty of Q-Action is that you could mix both types of particulars and even switch between them as the Action Card URL, and therefore the QR code image, remains the same.

Internal inspection is strongly advised, so if you are an Estate Agent go to q-action.appspot.com and get a free account to try.

Example Action Card

Example nbsp;document