Shit no! You know what you can’t change if/when they inevitably leak your data? Your fucking hand.
Privacy
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
Uhh. Have you seen men in black? /s
I've got a bucket of golf balls and a 12ft 2x4 that says otherwise
One scar away from losing access to your ability to pay …
Biometrics can not really be changed. Except maybe through time or trauma (i.e. age or injury). They can be used to uniquely(?) identify a person - except maybe twins - at the expense of anonymity, which has it's own set of problems.
But because they can not easily be changed they're a terrible security feature. Once they leak, they're unusable and you're hosed. You can't issue a new palm print for your bank account like you could a new chip card and password.
Also, just because you waved your hand over a scanner does not mean that you approve and consent of the transaction. With tap to pay there were ideas of mobile point of sales devices just tapping on peoples backpacks in a crowded area. You don't even keep your biometrics markers in your pocket, they're just out in the open for anyone with a camera. This may be bordering on paranoia, but a few years back (2014) German hackers from Chaos Computer Club took iris scans from Angela Merkel (then Chancellor of Germany) and finger prints of Ursula von der Leyen (then Minister of defense) using nothing but press fotos. Cameras have only gotten better.
TL;DR: Biometrics can be used for identification but should never be used for authorisation.
Biometrics also aren't great and uniqueness. At least where computers are concerned.
Recently we had one of our customers install fingerprint readers on their points of sale, the idea being any staff member can log in just by touching the pad. Even with only a few hundred staff registered, you get people logging in as each other.
Paying with your phone works on the presumption that your phone is locked and you accept responsibility for ensuring your phone wasn't breached. It uses contactless technology, but it's still effectively chip and pin as far as your bank is concerned.
Meanwhile, paying with a contactless card is processed as "cardholder not present" where the seller assumes de facto liability and must prove otherwise. Contactless payments were never a new type of card processing, it was a new method but is categorised the same as when mail/phone ordering from a catalogue. The same with online purchases. They were always a step below card & signature or chip & pin. Paying with your phone is the same as chip & pin though, where the onus is on you to ensure the transaction is secure.
Paying with your hand has all sorts of issues making it impractical. You would definitely need an additional confirmation eg PIN, but claiming that your hand is as secure as a traditional card doesn't lend well to pinning the liability on you. So banks are unlikely to use it.
I hope this tech stays where ever the fuck it is and never touches Europe
May it die the death of a thousand deaths
I didn't know paying in body parts was legal.
It's a brave new world, it seems
Forget about privacy, this is just fucking dumb
One point of failure that can’t be replaced if stolen?
This won’t ever take off, and will most definitely die out quickly in favor of literally any other technique including just embedding an nfc chip and battery to your palm surgically. Which I probably still wouldn’t be thrilled about but
I've see where you can pay with your fingerprint at some venders. It's a similar concept, in terms of single point of failure. Regardless, I hope you're right.
E: **mostly right. I won't embed anything in my skin for payments. CC or cash or phone NFC (and I don't like that one for it's security implications). That's it.
I won't even use phone NFC for payments. Card, cash, or I'm taking my business elsewhere.
I've never used phone NFC for payment. I'm with you here.
Yep exactly, a single point of failure that also can’t be replaced
{At the board meeting}
Alex: "I wonder if we could do this"
Blake: "Maybe we should talk about whether we should?"
[Blake gets thrown out the window]
{Several months later}
Moss: (sees device at a retailer) what the crap? Terrible idea!
Who needs an NFC chip when you can just place a nail shaped NFC sticker on them and gel paint over them? We don't need implantables; those could get copied anyways and cause the need for unnecessary surgeries to replace them as well.
Buy the tags; apply them to your nails and paint them any color you want; pair them to your phone and use appropriate username + password + 2FA + Fingerprint combos to authenticate to your financial institution.
Lost a nail? No big deal. The tags don't carry financial data; they just provide a URI to the merchant; which can ping your phone/smartwatch and ensure that you are:
- Present at the location.
- Not too far away from pay terminal.
- Have not signaled to your devices you are under duress. (Spoken keyword and/or excessively stressed biosigns)
- Have not blocked spending by tap.
Oh, that palm. I thought Palm introduced their own payment method for Palm phones or something.
That's would be better hahs
I still think the idea of tech implants are cool but I've also reached the point where I wouldn't get one unless I learned to build it myself and was in charge of every single aspect of it.
Considering I lack degrees in medicine and computer science, I don't think I'll have them done anytime soon lol
You don't need degrees to hack stuff.
I'd want to get some type of learning before I started to cut myself open.
Someone has 100% put their dick on that palm reader. Guaranteed.
"payment unrecognized. Object too small or too far away. Try again"
a lot more people will have touched themselves, then the palm reader, without first washing their hands
You're not wrong.
😬
Damn, based on the post title I thought Palm Pilots were going to become useful again.
bro, come back to me when most stores accept touch emv payments. lol, like each fucking store is gonna know what to do with a fucking palm scan when emv is fucking forbidden magic.
Haha! Good point. It's been "mandated" a couple years ago, right? It's barely anywhere
Interesting regional differences. It's incredibly rare that I find a store that doesn't support tap-to-pay
Be careful not to raise your arm too high... 💀
I think as long as you stay in the green zone?
Anything higher than petting pets is already too risky. Especially in modern day Germany.
Someone took the novel "The Java Script Café" from "Stealing the network: How to own an identity" (page 141) and made a business model for it.
Where is this?? Whole foods?
Yup
"How about I pay with my blood?" Actually, sshh, don't give them ideas!
Peter Thiel is interested.
All this trouble and they didn't even make the scanner shaped like a hand so you can high five it. Waste of potential.
Smash it!
I'd rather not go to prison. If I were a billionaire, I could probably avoid prison with a good/sleazy lawyer, but, as it stands, I cannot.
How do you open your phone? Finger print?
The fingerprint in the phone is stored and verified locally, no way this is the case here.
It's okay, only Jeff Bezos and three weird sysadmin dudes can see your fingerprints. Don't worry bro. /s
Noooope
I've seen that in Lexx!