Near Field Communication, QR codes and smart posters

Posted by Kieren Pitts on 24 Jan 2013 | Tagged as: Marketing, Security, Talks

Yesterday evening I went to the sixth round of Tech Talks in Bristol. One of the talks was on Near Field Communications (NFC) and, specifically, the use of NFC phones and “smart” posters.

What is Near Field Communication?

Near Field Communication (NFC) is just a set of standards that allows devices to establish radio communication between each other when they come into close proximity. A common example is that of NFC chips in credit cards which means you can just place them close to a payment terminal to make the payment (rather than having to swipe your card).

Many smart phones are NFC capable and the NFC also allows the phones to read passive Radio-frequency identification (RFID) tags. RFID tags can have URLs encoded in them so, when you touch your smart phone on the RFID tag your phone browser goes off to that web site.

Smart posters

There are many applications for NFC and RFID but the main application being discussed in the talk was within “smart” posters. The idea being that you place your passive RFID tag on the poster. Consumers then tap their phone on the relevant bit of the poster and they can then be directed to visit a web site, get a discount coupon, download your app etc, etc. The value to the advertiser would then be a means to request additional information from the user to identify who they are (often by means of them interacting with your web site or app).

I think my biggest question about smart posters is; who does this benefit?

It’s easy to suggest it’s good for the consumer. For example, by tapping the poster they might get a discount or they learn about what’s going on at a venue being advertised at that moment in time. However, are consumers motivated to go up to a poster and tap their phone against it to find out more? NFC only works over a short distance so the phone does have to be very close (within a few centimetres) to the poster.

Conventional posters need to be able to grab someone’s attention and give them all the information they need from a distance. Do smart posters offer enough incentive to change the “view from afar” behaviour?

Security

I’m also  concerned about the security of this sort of communication (and related things like QR codes). Tapping your phone against something means that you don’t know where the phone’s browser is being directed until you’re already there. You can lock RFID tags to prevent tampering with that particular tag but that’s not a solution. What would stop someone replacing the RFID tag on a poster altogether, that’s much easier than tampering with the one that’s there?

Consumers tapping their phone against a poster for some company might reasonably expect to then log in to that company’s site if they’re already a customer. An unscrupulous person replacing an RFID tag (or sticking a home printed QR code over the top of an original one) on a poster would be able to phish details and I think many consumers would struggle to spot that phishing was taking place.

It’s just my opinion but I think the only reason we’ve not seen more of this sort of behaviour to date is that QR codes and RFID/NFC (in this context) are not things that many people are commonly using. Consequently there’s little point in nefarious people spending any time exploiting them (yet). In some situations people are more motivated to use them but even then the numbers seem low. For example, there are 300 scans of QR codes per day for bus information in London but those buses carry 6 million passengers per day.

Aside from the security risk of phishing, would companies be happy to expose themselves to guerilla consumers? For example, a sufficiently motivated person might stick their own QR codes over the top of the ones on posters for, say, a coffee outlet that avoided paying tax. Their own codes might direct people to the website for an independent establishment close by. The change might go undetected for months.

Posters are a passive, fire-forget media and making them smart without having a mechanism to spot tampering is, I think, a big risk.

Advertisers only?

I do think that, in the context of smart posters etc, the technology predominantly benefits advertisers. They’re a means for them to extract information from potential customers in a largely passive manner and they can use the scan rates to determine what poster locations are popular. One other selling point is that advertisers can change the final location of where the consumer’s phone browser is sent without changing the RFID tag (presumably through simple redirection server-side). However, won’t the same poster in the same location for long periods of time mean that regular “passers by” will eventually start ignoring it? There is, of course, no outward indication that anything has changed.

Given how cheap it is to print large numbers of ‘normal’ posters I’d imagine the addition of an RFID tag would significantly raise that cost. As a result these posters would have to last many times longer to be cost effective. This isn’t the normal approach for posters as they are, by the nature of the material used, unlikely to last that long.

So, my view is that whilst NFC is great for contact-less payments etc and QR codes might be useful on things like food packaging I remain unconvinced about the idea of a smart poster. It does seem to predominantly benefit the advertiser; for it to work for consumers it requires a change in how they interact with posters and that seems unlikely to me.

Django, Python and Cassandra… one year on

Posted by Kieren Pitts on 21 Jan 2013 | Tagged as: Web development

Wow, where has the time gone? It’s well over a year since my last blog post which is a reasonable indication of how hectic things have been. Perhaps I should have a New Year’s resolution of blogging more?

Anyway, it’s over a year since I switched to working full time on a new web application written in Python, using the Django framework and back-ended (at least in part) by Cassandra. So, my thoughts on these are perhaps well overdue:

  • Python – I’m really impressed with Python. I’ve done some Python before but it’d always involved Zope or Plone and that affected my opinion of Python itself. Now I’ve been able to spend more time writing Python code outside of Zope/Plone projects I can safely say that I really, really like Python. Python code feels a lot cleaner than Perl or PHP and, although I was initially sceptical of the enforced white-space, I’ve learned to appreciate it.
  • Django – I’ve used other web frameworks but Django definitely feels the most polished, feature-rich and has the best documentation. I’ve also really appreciated the testing support, especially given the scale of the application we’re creating, although I’d prefer it if the tests ran a bit quicker. It’s also well maintained and regularly updated.
  • Cassandra – Coming from a traditional SQL/RDBMS background, working with Cassandra has been interesting. It fits our use case well and in some areas has performed better than the old system using PostgreSQL. We’re still using PostgreSQL where an RDBMS makes sense but Cassandra has come into its own in the areas where we’d suffered with speed problems in the past.

I think the only thing I’ve been disappointed in is the choice of IDEs. I’ve tried a few out over the last year having parted company with Komodo due to not being able to justify the price tag. I started off with Eclipse and there’s a lot to like in Eclipse if it wasn’t for the bugs. Some of the bugs seemed core to Eclipse, such as only deciding to allow a keyboard short cut for commenting code to work on rare occasions. Other problems stemmed from third-party plug-ins so weren’t Eclipse’s fault directly.

After Eclipse I thought about using Komodo Edit but that doesn’t have support for Git so is a non-starter.

I tried PyCharm for a bit but that was too slow for me. I was having to wait for it to catch up with what I was currently trying to do and it was frustrating. It could be a Linux thing but since I only use Linux that was that for PyCharm.

I like the look of Ninja IDE but again the Git support isn’t very good. There’s a third-party plugin that adds support for staging and committing but you have to revert to the command line for pushing or pulling. I’m still playing around with Ninja, although not using it in anger, as I think it has the potential to be really good.

So, I’m currently using Aptana (which is based on Eclipse) and that seems OK albeit with a few of the same issues. Some keyboard short cuts are temperamental but it hasn’t crashed without warning (yet).

I’ll try and devote future blog posts to some of the specifics about the project I’m currently working on. There’s a wealth of technical, legal, usability and design challenges so there should be plenty to talk about. However, at this stage my New Year’s resolution will have to be one of not committing myself to blogging more and I’ll just blog as and when I find the time.

Goodbye camel – using some different technologies

Posted by Kieren Pitts on 16 Sep 2011 | Tagged as: Web development

For the last few years I’ve been the lead developer on Bristol Online Surveys (BOS). BOS is very well used and popular but it’s also quite old (the core system being launched in 2003 but with many enhancements subsequently built on top) and written in procedural Perl.

I don’t mind admitting that I like Perl but the development life cycle for procedural apps is not exactly pain-free. Some of the most recent changes to BOS have dramatically improved the look and feel and, under the hood, made the surveys more accessible. However, significant changes result in a development and testing process that is long and complicated.

Having done a lot of procedural Perl at work for the last few years (and only doing object-oriented programming with MVC frameworks outside of work), I was keen to adopt a more modern methodology at work. So, two weeks ago I began work on a new project and essentially replaced all the technologies I’d been working with at work in one fell swoop:-

So far, I’ve enjoyed the switch and it’s not been as disruptive as I’d thought it might be (certainly not as disruptive as when I stopped using Windows on the desktop and moved entirely to Linux in 2003). I’d done a bit of Python in the past but am rapidly getting back up to speed. I’ve also found the Django framework fairly intuitive although this was helped by my experiences of other Web frameworks outside of work (for example CakePHP). The NoSQL side of things will probably be a different matter ;-)

Outside of work I’ve been doing a number of interesting things which I plan to blog about separately in the near future. Perhaps the most interesting are experiments with Google’s App Engine and trying to stop ‘Facebook Like’ buttons dramatically increasing load times on web pages as illustrated below:

Site performance graph with a peak that appears to relate to the Facebook Like button implementation

Upcoming changes to cookie laws

Posted by Kieren Pitts on 15 Mar 2011 | Tagged as: Legal, Web development, Web statistics

As I’m sure most readers are aware, the European e-Privacy directive is due to be implemented in the UK in May and will result in a change in the law relating to cookies (small files stored on your computer’s hard drive). This change is getting increasing coverage on techie mailing lists and even on more mainstream news sites such as the BBC.

The law states that cookies or similar devices must not be used unless the subscriber or user:

  • is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
  • is given the opportunity to refuse the storage of, or access to, that information.

The only exceptions are cookies that are “strictly necessary” for provision of a service. The oft-cited example being session cookies for e-commerce sites etc.

The law will mean that consent must be obtained for all other cookies, including cookies used for Web analytics (such as Google Analytics), personalisation or any other non-essential purpose (e.g. advertisement tracking).

The Information Commissioner’s Office (ICO) is yet to issue clear guidance to developers on how to obtain consent. For example, this could be interpreted as having to implement functionality ensuring that users confirm consent in a web page/pop-up etc when a non-essential cookie is to be set. Alternatively it may be that consent could be implied by browser settings. Obviously any intrusive mechanism of consent is likely to present a barrier to users so developers are awaiting the guidelines from ICO with interest.

The ICO has said that they will give organisations time to adapt and so won’t be in a position to start enforcing the law immediately. So, for now, it’s perhaps just a case of being aware of the impending change and waiting for guidance from the ICO.

Further reading:

Update: 25/05/2011

The law comes in to effect tonight and, although the ICO has now issued guidance, the steps Web developers should be taking remain far from clear. At this time it’s hard to see how a site setting non-essential cookies (such as those used for Web analytics) could comply with the law without intrusive interstitials or pop-ups. These approaches could be seen to dramatically decrease usability and offer a competitive advantage to similar sites operating outside of the European Union.

In an ICO press release today they say that organisations have up to 12 months to comply with the new law.

Next »