Slashdot Mirror
Your Fingerprint Buys Groceries in Seattle
lildogie writes: "The Seattle Post-Intelligencer reports that a Thriftway grocery store is installing fingerprint scanners that they will use to identify customers." Each customer's payment method (credit, debit) is then automatically applied at checkout. Haven't they seen Charlie's Angels?
but if you thought those MVP/VIC/etc... cards were bad about providing tacking info, this is a nightmare
XML is like violence. If it doesn't solve the problem, use more.
Thanks a lot!
Interesting concept. Since it's difficult to forge fingerprints, it may be a viable idea. Still, someone other than you could use their fingerprint tied to your money, which isn't a good idea. Whatever works, though...
Live or die trying.
I don't even like it when a place asks for me to use a card, as it gives them too much access to my personal data, and leads to problems like identity theft, and even worse *shudder* spam, and telemarketers. Just think what these marketing demons could do with our fingerprint!
This would be very nice. No more having to bring the stupid pieces of plastic along with you to the store.
Are you out of your mind?!?
No, Just out of bullets!
This will only encourage the act of chopping off fingers. Victims will be out a finger and a few thousand dollars in condoms and baby oil.
Next thing we know, people are going to be walking into this store with other people's severed fingers to save a few hundred bucks off of their shopping bills.
hope my future clone won't be taught how to shop...
If this is to make a significant impact in the area, more businesses need to follow suit.
:)
Unless you're a West Seattle resident, chances are you never shop at this Thriftway. People I know in Belltown, Capitol Hill, Fremont, and near UW all either go for the small co-op grocery stores, Whole Foods, or the commercial Safeways and QFCs.
I think the technology is a great convenience for the consumer, but why should it be limited to one store in a not-so-often-visited part of town? I've lived in Seattle for nearly a year now and I didn't even know about this Thriftway.
Club cards are intrusive and Big Brother-ish, but fingerprint scanners are a great technological innovation?? Boycott these stores for great justice, or a day may soon come where fingerprint scanning is the only accepted method of payment.
Call me old fashioned, but I remember the days when the checkers knew me by my first name, and all I had to do to put the bill on my tab was give the checker my phone number. As a matter of fact, there are some grocery stores, even in Silicon Valley that still do this. Los Altos Hills comes to mind.
If this becomes widespread, then fingerprint laundering would become widespread. Don't hold that drinking glass at the restaurant too tightly - the waiter may decide to lift the prints and sell it to the Mafia for money. So people will start wearing gloves. Buy stock in glove copmanies!
Here's a mirror of the article in question.
What do you think of MusicCity now?
Position the fingerprint scanner well within the center of a set bear trap. If the fingerprint doesn't match the database, the electromagnetic latch on the bear trap would release, and SNAP!, it would catch the thief in place until the police arrive. Oh, wait...
WAR CRIMES AGAINST PALESTINIANS
"If we can come up with a payment method where there's no opportunity for fraud, then the fees come down," Kapioski said.
That's what they said about ATM's.
That's what they said about Net banking.
Its all cheap and rosy until its mainstream and then BANG up jump the fees.
The technology might be cool, it may be convienient, but dont be fooled into thinking that it will be cheaper.
I'll think of a funny sig later on
Robber: This is a stick up! Give me all the cash NOW
Clerk: Ok sir.. But I'll need you to place your finger on the scanner so that the change drawer will open and i can get the money for you..
Robber: Err, umm.. nevermind
That is interesting once, for some time now, it's known that, contrary to popular belief, fingerprints are not unique. If I can use an analogy, the same applies for network card MAC addresses. Btw, the chances of finding similar fingerprints are greater then MAC addresses.
Now, I wonder why people continue to use non unique data as identification methods. It really scaries me, then I think about the kind of trouble one get get into on these issues.
morcego
No, the main advantage is easier tracking of the customer.
If I've been chowing down while shopping, say on some Doritos or Cheese-Puffs, will it still work? Or will the artificial flavoring interfere?
How about pudding? Sometimes I just need to open one of those little packs up and stick my fingers in. I guess I could suck the pudding off before I reach the register, though...
Verifying the identity of the customer would be absolutly key here.
(from the article)
"It takes about one minute to enroll," Kapioski said.
I somehow doubt that these people are carefuly examining multiple forms of identification in less than a minute. Also:
"Employees underwent 15 or 20 minutes of training in the system this week."
The system itself might be secure, but identity theft the issue that it seems to be today, I would be most worried about these "18 year old clerks" that can't be trusted with cash taking a 15 minute training course and being put in charge of registration.
I don't understand what the point of this system would be. Most people still need to carry their credit card(s) so why not use them here anyway. Furthermore, by using this system you just open yourself to more risks-eg somebody breaking into their sytem (they are a grocery store...you think they have the top-of-the line security measures?) and taking every credit card number.
"They love it because it takes the cash out of the hands of 18-year-old clerks," Nickerson said.
Because, of course, everyone knows that 18-year-olds can't count.
It's beyond me how anyone would trust their biometrics to random companies (or other entities). Hell, I wouldn't trust the government with mine (they can take prints from my dead cold hands).
The problem is, that they are not just creating a "hash" from your prints - they need to store the exact print in order for the recognition to work. This means, any script kiddie lucky enough to get into their database, will have the prints.
The next logical step is, to hook this system up to the feds and interpol (post sept-11 this is not fiction!)
The real problem will be, that people trust technology blindly. When I "check out" of the store, putting my thumb on the reader, and the alarm bells sound (and the big "armed and dangerous, shoot on sight" sign starts flashing), guards, police, whatever, will trust the damn machine.
Now if one could trust that the responsible parties would (and could) ensure "absolute security" around their biometrics systems, there really wouldn't be that much of a problem. But believing that IT departments in regular companies (or even government agencies) who all live with finite budgets will ensure that their back-end systems are un-crackable is naiive.
Luckily, the iris scanning in the airports is still optional (and actually sold at an extra charge, as some sophisticated "luxury" - hah!).
To sneak into the supermarket after-hours and replace the fingerprint scanners with those from the movie Men In Black, that will burn your fingerprints off, just like they did to Will Smith. Boy, that would be funny.
+RANT
Wow, isn't that great. We've seen this done to so many, possibly very important, new inventions: patents! If maybe Indivos could put their greed aside for a while, they could spend time on making products that are competitive and dont need suing. I dont mean to sound like a flamebait (but i probably am), but the fact that this is mentioned in only two sentences in the whole article irritates me: has it really become that commonplace to sue for patent infringement?
-RANT
The actual technology is extremely secure for the moment: everyone will noticed the guy with the photocopy taped to his finger. By the time people start to try to abuse the system, it will already be upgraded, unless it suffers from the same problem as RAMBUS!
I listen to dune, do you?
except now we'll have chainsaw-wielding crackheads cutting peoples' hands off and going on days-long fingerprinting sprees.
maybe they should do a combination fingerprint/retinal scan. a head is a lot harder to get off and carry around.
This serves as no benefit to the consumer, cards and cash are quick enough. I'd love to see the server that they store all these figerprints and CC#'s get hacked to cause the panic and for people to stop giving up their rights to use this sort of thing.
...I'm sure the checkout lady won't mind you holding up a drinking glass to the Thriftway fingerprint reader.
I would love to have more stores adopt something like this. Though I always have my wallet I would love to not have to carry it. You are more likely to get mugged on the way to the store than have someone fake your fingerprint and buy things!
My feeling is that they are going to track us any way they can (except for cash) and the less that I have to carry around the better.
Just last night, I accidentally sliced off a slab of skin from my index finger (trying to cut frozen butter for popcorn). Would the casier say something like "Would you like to try another finger?" Like how they now say "Would you like to try another card?". ?
"Would it kill you to put down the toilet seat?" -- Maya Angelou
The government got your prints when you were in elementary school and you took that field trip to the jail? Then they gave all the kids there "way cool" fingerprint cards? Don't worry, they got a copy, too! And they've been tracking your every move ever since -- even that time when you did that thing in that place over there. Yeah, you know what I'm talking about!!! See, even I could find out about that from your fingerprints!
...on how many naoseconds will pass between this and the time when law enforcement agencies decide to link this checkout system with thier fingerprint databases.
"Your superior intellect is no match for our puny weapons!"
I live in florida but just from the name Thriftway i don't picture a store with this level of technology. (Yes you can argue its basic, but it still more tech then the consumer normally uses at the such a store)
To keep him safe, she gives him away!!!
FUck you west coast, east coste kicks ur ass.
Comment removed based on user account deletion
FUCKING DAMN IT!
I've tried to post and gain karma, but every single FUCKING moderator has modded down my posts no matter how much time I spend on them. How the FUCK am I supposed to contribute? I have a higher initial post as a FUCKING Anonymous Coward! WHAT THE FUCK! Can someone please explain this FUCKING system to me so I can finally FUCKING participate in this FUCKING community!!!
-Fed up Poster
How soon before this becomes a legal requirement for purchases?
Perhaps they will require it for booze and tobacco first. My friends, that will be the year I leave the United States.
Ok.. seriously.. i've seen a few postings on identity thefts, the inherent fallacies of fingerprinting technology, the lack of three dimensional recognition... but what really scares me is...
THESE BASTARDS ARE GONNA AD-TARGET ME!
On a serious note though, I'd be more concerned about targetted marketing and advertising from the supermarket itself than identity theft and mistaken fingerprints.
Think about it.. they'll have your name, your address, and your shopping habits. my gramma asks me to nip down to the grocery store for her.. next thing you know, i'm getting samples of preperation H and Depends shipped right to my door.
That time of the month? Don't worry, we've been tracking that too! This handy dandy sample of Playtex tampons will show up JUST IN TIME! (oh wait.. that one could actually be useful).
Gah. No thanks.. think i'll skip the fingerprinting and keep paying with cash. At least til they come out with a wrist chip implant...
Moral indignation is jealousy with a halo - H. G. Wells
Chill out and shut up, you moron.
"Citizen #31842785 purchased one gallon of milk, one bottle of aspirin, and.. oh wait, a pornographic magazine! Let's get the warrant quickly so we can protect this citizen's neighbors from his deviant activities. While we're waiting for the warrant, let's bug his phones, interogate his lawyer, and have his house searched so he can't expose anyone else to his sick mind while we're waiting for the warrant so we can bring him to the Thought Purification Center. You know, we really shouldn't need a warrant for this, it's for the good of the nation."
-This has been a John Ashcroft production.
All events in the preceeding story are fictional, until we can get around this ridiculous Bill of Rights with a new law entitled, "The Patriotic, Being Nice, Love, Protection, Good Feelings Act." (or any other name that sounds too warm and fuzzy to vote against.)
(mod me down if you like, but this is exactly what some people would like to happen. 1984 isn't just a book any more.)
-- "Government is the great fiction through which everybody endeavors to live at the expense of everybody else."
Here's a mirror
Take it easy there partner.
*click*
Ah fuck.
Slashdot requires you to wait 20 seconds between hitting 'reply' and submitting a comment.
It's been 15 seconds since you hit 'reply'!
I design software for biometric systems and although I don't know where they are installed at, the US Gov. is our largest client. *NO* current systems verify a third dimensional component. The neural network that IDs the print is fed many parameters. Amongst them is color (as you stated), thumbprint temperature,ambient and outdoor temperature (because the human extremity body-temperature is so dependent upon the environment), plus many more features from the actual 2-Dimensional image. There is no 3-D component.
You might argue that the angling of the scanning lasers adds a third dimensional component (a shadow) to the 2D image, but this is still something that could be duplicated given an image.
A very basic components analysis of the Neural Network will show that the thumb temperature is an ineffective means of classifieing the print, yet where I work, marketing insists that we continue to use this. That is why we have tried to increase the temperature importance by also including ambient temperatures, but mostly, the temperature is useless as a classification feature.
As far as taping a photocopy of somebody's fingerprint to the scanner this won;t work. Our scanners are color images, and the light from the photocopier has to come in at the same angle as the lasers. Using a pane of glass, a red light angled in the right direction, and a camera, we have been able to create photos that pass for fingerprints ~97% of the time. The percentage would be slightly increased if you kept the image in your pocket (body-heat) until placing it on the thumbprint scanner. This number approaches the number of false-negatives that you get with any thumbscanner.
Using biometric information creates a *real* problem for identity theft. Bruce Schneier points this out in his second book. If the advanced criminals can't reproduce your thumbprint, then they might as well intercept your biometric going from the scanner to the computer and reproduce that on all subsequent machines.
This is something that I will definitely opt out of in the future. Using a pseudo-random key generator on a cel-phone and having it transmit the key would be more accurate than a biometric.
Bringing irony to the Slash-masses
Will they chop off my finger if my purchase is beyond my credit limit? I guess I'd better watch my limit.
I can see my credit card bills stating I owe them one finger each. Ouch.
You can take my PowerBook from me when you pry it from my cold dead hands.
"They love it because it takes the cash out of the hands of 18-year-old clerks," Nickerson said.
Okay, I'm all for new conviences, but I think this is quite a bit unfair. I ran a cash register for Marshall's starting when I was 16, and ending when I was 19. My highest drawer variance was 13 cents, and the most expensive thing i took home was a pen from a register.
During my time there, 13 people where fired for dishonesty, and there was no trend in the age- people of all generations got canned for theft, including a 63 year old lady.
Really, I'm 23 now, but is there that much a problem with the youth being dishonest nowadays, moreso then anyone else? Please, do tell me.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
Be silent, you fucking idiot. No-one gives a shit about you or your stupid posts.
It may be a bit difficult to make the copy of the fingerprint but you got to remmeber that you leave them everywhere. And we all know that a little bit of money is more than enough for people to find out how to make the copy.
Maybe I am unclear on this, but I use the same debit card 95% of the time at the Kroger I visit for my groceries. Do they have to agree to something saying they won't just use my unique cc number to track my purchases? And even still, is it technically against the rules to grep the data from the card for my name that is encoded on the strip and use that to track my purchases?
Furthermore, most stores have the "happy consumer tracking" card that many of us keep on our keychain, and to complicate the "tracking" argument further, the fingerprint thing is completely optional, as all of the methods I mentioned are today--
JUST USE CASH PEOPLE!!!!!
El Karma: excelente(principalmente la suma de moderación hecha a los comentarios de los usuarios)
A bit of advice for trolling- change your name to something like:
Ray Juzaitis
Associate Laboratory Director
Weapons Physics
Los Alamos National Laboratory
Los Alamos, New Mexico
http://www.lanl.gov
He's a real guy, so it has to be believable.
Sorry but los alamos is not in nevada - but NM. New Mexico
Ha haha, that is rather funny.
Be cautious of posts like this!!
Does the government sanction the revealing of specific security measures? How does one know a post like this isn't just trying to troll for useful information that can be used for devious purposes?
Just consider the consequences before posting, mmm'kay?
Note to the masses: if the government or an evil corporation really and truly wants to track you they won't have to come up with some lame grocery store checkout scheme. You aren't as anonymous as you think and you never were. It's time to embrace a convenience for a change without worrying that you are compromising your pretend anonimity.
A march on Washington will be required. And it's coming.
And while we're there we should have some other things to bring their attention to. The time to prepare for the march is now. We are at a point that escalation of the governments unreasonable behavior is not merely an eventuality, it is one that will be hear far sooner than we think.
What would be some other good issues to bring forward in such a march?
mine doesnt.
Amazed that a man would live so long, the London head-office naturally sent for the old man.
But they found nobody: turns out that the guy died some 30 years before. As he was illiterate, he endorsed his pension cheques with his thumbprint. When he died, the family "forgot" to notify the company, and they still cashed the cheques with his thumb, which was neatly mummified right after they cut it off...
Angela Taylor, PhD
Los Alamos National Laboratory
Los Alamos, Nevada
Ms. Taylor - might wanna check your geography. Los Alamos, Nevada, eh? Someone mod "Ms. Taylor" down, plz... this isn't "Informative", it's made up.
btw, I've tried out the photocopy thing (on a $99 thumbprint scanner from Staples) - didn't work, it was rejected. If a $99 system can figure out the difference, I'm sure that the government has a comparable or better system.
Think again.
"First lesson," Jon said. "Stick them with the pointy end."
Maybe they just want us to think it is in New Mexico...
A related article on using fingerprint technology to protect sensitive information can be found here. Worth a read... discusses low-cost biometric authenticators... testing notes and info.
Moral indignation is jealousy with a halo - H. G. Wells
false negatives are annoying, but any word on the rate of false positives?
They'll be using biometric not because it is better, but because it has "oh wow" factor.
I'm against any authentication system that encourages criminals to commit violent crime against individuals in order to steal. You can hand over a credit card, and you lose money. With biometrics you either lose a body part or you are forceably told to use the scanner.
Even using cash can seem unsecure if you are parinoid enough. For instance, you withdraw 50$ from an ATM in the mall. Cross reference that with the purchaces made in the next 50 minutes and then filter anything >$75. They can quickly build a list of possible purchaces which will become increacingly accurate over time. The mall has the ability to do this as they probably own the ATM or have access to the log.
Ok, so now you are to the point where you can no longer withdraw cash form the mall ATM. You may be thinking, "I'll just use the QuickieMart ATM down the street." In time, and with better AI software, the places where you get cash annonymously will shrink. Right now, I consder the counter at my local bank the only place to get cash and not have my name cross-referenced to an ammount and then published to the world. But who knows what kind of deal your bank may have with local merchants. Even if they don't share your info, someone clever enough can find your pay scale, subtract your bills, and target you for specific advertisements based on what you will likely buy. Even knowing that it really isn't difficult for a 3rd party to find out how much free cash you have every month can scare the hell out of you.
I'd rather you do it wrong, than for me to have to do it at all.
If I ever find-out that someone is getting free groceries from them and is registered under the finger print system, I will kill that person (or not), cut off their hand, and bring that hand with me everytime i go grocery shopping.
Anybody got ideas on how I can conceal the fact I got a decaying hand with me?
Revelation 13:15-18 incorporated herein by reference.
Yes but an eyeball fits quite nicely in a shirt pocket. I _knew_ I'd be able to re-use that pocket protector ;-)
In the movie The 6th Day, Arnold Schwarzenegger uses a cut off thumb of a bad girl to get access into the secret lab. Imagine people stealing and cutting thunbs to get a carton of milk and some potato chips!
blog & fiction: jd87
when they take them from my cold, dead hands.
Wait a minute -- this makes credit fraud potentially lethal, instead of just extremely inconvenient!
deus does not exist but if he does
The main advantage of the new system, Kapioski said, is the security. People no longer have to worry that their cards will be lost or stolen and then used to run up hefty charges.
What bugs me about this is that people shouldn't have to worry now--credit card fraud (which is not identity fraud) is covered by the credit card issuers. Even that $50 thing which is talked about is usually waived.
The only way this helps with fraud is that it reduces the amount of times the credit card is pulled out--obviously when your card is pulled out someone could quickly read the number and expiration date. (Hopefully all the merchants you go to no longer print the entirety of the credit card number and expiration date on the card. I just spoke in front of the Ohio General Assembly about passing a law to prevent that here.)
The vast majority of credit card fraud is online credit card fraud--which is an issue, by all means. However most companies have address verification now, and if the fraudster gets your address, then you got another problem altogether.
Fraud with a card in a store is too expensive and personal, and is generally avoided. It does happen (a fake credit card printed with your credit card number and expiration date, a fraudster's credit card remagnetized with a new credit card number, and in unusual situations, a stolen card with a new signature strip.) The least likely is someone just using a stolen credit card as is.
I think what's funny is that, as I said, credit card fraud is not identity fraud. However, by tying the credit card to your fingerprint, suddenly subverting the system becomes identity fraud. That's progress for ya.
Unfortunately this opens up the possibility of simply taping a photocopy of somebody else's thumbprint onto my own thumb.
No, it doesn't, because you're BUYING GROCERIES.
It doesn't have to be impenetrable. There are easier, and less detectable, ways to fraudulently buy groceries. You think nobody on line behind you is going to notice you walking around with a photocopy of a fingerprint TAPED to your THUMB?
The supermarket is not your lab, Dr. Biscuit.
Moderated as offtopic! Meaning it's true, but off-topic.
Or they'll just cut of your thumb, keep it nice and warm and have nice and easy access...personally, I'd rather just have my keycard stolen
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
No, no one gives a shit about YOUR FUCKING POSTS, it's fuck wads like you moderating the good people down.
Now can someone help me figure out how to not get FUCKING moderated down by the FUCKING crack smoking FUCKING moderators?
The uniqueness of fingerprints is important when considering criminal convictions where there's little or no other direct evidence besides latent prints, but it's not a big concern here.
A far easier attack here is to swap out the record in the database. If it doesn't have good auditing, it would be trivial to swap in somebody else's prints, make a large purchase of easily fenced goods, then swap the original prints back in without detection.
You could probably even just add additional prints as an additional purchaser. But that's risky since those prints could then be used by investigators.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Otherwise...
Keep in mind any time you let the store handle the financing, and don't use cash, you are paying more than the price of the item.. you are paying with your privacy.
A company I work for has hosting at Globix in Manhattan. I was told, when they gave my ID/access card, that the fingerprint scanner will only work if the machine detects a pulse. I was told this because I joked that somebody would cut off my index finger to gain access, and was politely told that that wouldn't work. I'm sure in 007 land that wouldn't be too tough, but for mere mortals I think it's sufficient.
rooooar
Welcome mates,
/. ecosystem.
DrBiscuit is a new form of troll interesting I caught it after it's 3rd post. Posing as a female los alamos empolyee the troll seems to have an agenda of seeing if the false id can garner support. An interesting addition to the
Join me next week as I Mongoose the troll hunter search for the elusive first poster
Crikey!
I see one now!
So let's hope that the criminals are up to date in the latest advances of fingerprint scanning and are also aware of this small problem.
While I was semi-joking in my previous post, I gotta wonder how many people will get fingers cut off when fingerprint scanners become commonplace. A digit could be worth a lot of money for a couple of hours at least. And somehow I doubt grocery stores will go for the very advanced and secure systems that would be able to detect anomalies such as lack of pulse or body heat.
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
No. you are a stupid idiot who will never have anything interesting to say. why don't you keep your brain dead posts to yourself in the future, weasel face.
Quick! There has been a MURDER in the Seattle area, most specifically near this store. We believe the criminal may have used your system to buy groceries. We hereby demand your fingerprint database in the name of the law to search out this criminal.
A month later..
Store owner at police dept: No sir, we didn't find the criminal. Yes sir, we have deleted the prints we borrowed from your store.
Move faster
Does the government sanction the revealing of specific security measures? How does one know a post like this isn't just trying to troll for useful information that can be used for devious purposes?
Because people who actually WORK at national labs, tend to know which state the lab is located in.
So you are using a neural net for identification? I am quite curious what kind of neural net you use and what preprocessing you do. I would you appreciate if you could describe it briefly.
to the finger cutting-off problem. Simply use an anal print instead of a fingerprint.
/. has become I'll immediately get put into the 72 hour penalty box...
Imagine the scene at a grocery store: you pile up your stuff on the conveyor belt, you walk up to the cashier, turn around, pull down your pants and press your ham against a plexiglas window, where the cashier bends down to wave a 'bar code' scanner at your rectal ID.
People like Mr. Goatse.cx effectively have something like an unforgeable signature, if you will. Or unlimited credit, depends if the diameter is related to the balance, which will give new meaning to: "I got shafted".
Then the biometrics people CAN add a third dimension: smell.
Now, go ahead and mod me down, seeing how sensitive
What is to prevent someone from making a wax/plastic copy and then applying this overtop of their actual fingerprints??
This method solves the texture problem (if done correctly), the color is easy to duplicate, and the pulse...well the imposter also has a pulse so getting around that is piece of cake!!
Iris scans are also vulnerable by using a similar approach...one takes the iris image of the victim and imprints it onto a contact lenses and then wears them...how would an iris scanner be able to tell the person is a imposter...it probably wouldn't...so much for biometrics.
And that's the problem...many people assume that biometrics are fullproof, but in reality they are far from it...
Now one may say..."nothing is 100%, but biometrics is very secure"...that may be, but in those instances where a system is compremised, there is then NO WAY TO REVOKE AND REISSUE A NEW KEY since biometrics by their very nature are difficult to change unless one wants to undergo very expensive surgery.
Bottom line is that biometrics, like any security method is not fullproof and needs to be used wisely; or in some applications should not be used at all.
It failed because most people didn't what there fingerprints scanned.
> Unfortunately this opens up the possibility of
> simply taping a photocopy of somebody else's
> thumbprint onto my own thumb.
THAT won't look suspicious.
...and I'll have 20 pulse generators built. Just cram the outlet hoses into the main arteries, snap the return hose around the sloppy end of the digit, and turn the pump/warmer on.
Give me a month and I'll work out a way to keep the hand lifelike and realistic for a couple of days, and tug the right tendon to extend the finger, so you can have the whole hand poking out of the sleeve for a quick scan, even with people watching.
Any physical key can be stolen, including a body part. If you doubt criminals would go to these lengths, you haven't looked at how an auto-theft ring is run.
Right now, they track all sorts of stuff (I used to work at a grocery store that implemented a loyalty card program) ... with biometrics it's even easier.
On the plus side, since biometrics are perceived to be "more secure" than a loyalty card, let's add the possibility to store your payment information in a Windows IIS Server that is located at the central database.
Now you can even pay as well as sending your buying habits ...
I've worked with biometrics ... once you get past the bullsh^H^H^H^H^H^H white papers ... its actually one more piece to go wrong with the system.
Karma? Karma? I don't need no stinkin' karma.
We're not talking about the govt. This is Theftway.. i mean.. Thriftway.. you're stupid
You fix it.
I don't know where you buy food.. but at my store.. no.. nobody is going to give a rats ass what you're doing.. rich white people make me want to vomit.
You fix it.
No, it's much easier to "hack" into the database, or even easier, just bribe some entry-level tech support flunky, no black hat required. Now you've got the ultimate "trusted personal identification", and the theft victim is triply screwed:
As another poster pointed out, if my Safeway card # gets stolen, they may find out an embarrassingly great deal about my grocery purchases, but if my fingerprint data gets stolen, that's automatically identity theft.
Why wouldn't a thief just grab some scotch tape or whatever device is similar to what forensics labs use to lift prints?
:-)
Just notice what finger the purchaser in front of you uses, when you buy your groceries you lift the print, then go home and transfer that to some vinyl/rubber/whatever mold/model, and apply to the apropo thumb.
Then you just shop at times when the store personnel aren't likely to know the person you've stolen the print from, or even another store completely. If it doesn't work (I'm sure that even for the real person this might happen occasionally) just pay with cash and be on your way.
Like others have noted, Schneier wrote about the downsides of biometrics in "Secrets and Lies". I was ok with them as an id device until that book.
Of course, I've just tagged myself as a subversive element in the Echelon database. Let's just hope they don't have a Tempest surveillance system on me as well.
"Excuse me sir, may I borrow your finger? I'm hungry, but there's been an account screwup. ... What? You won't do this for me? I've got cash right here!"
11:00 News: "A homicide victim with a missing index finger was found behind Safeway tonight..."
Anyone remember the original Batman movie (the Adam West one) where Penguin has his fingers encased in plastic to get into the Bad Cave? I know it was more complicated than that, but it was funny.
"I don't know who you are, so I'll take you to my super-secret hideaway to discover your identity. What, you're a super-villan? I never would've guessed. Your disguise was transparent but strangely effective."
Triv
They have the same thing here in Texas in a few select Krogers. Everyone I hear says it's pretty neat. I think you have to enter a pin number though, so you can't just grab someone's thumb and get free food. They have self-checkout lanes as well.
Walk up, scan your groceries, place your thumb, enter a PIN, walk out.
Cashless society? Heh, it's not even plastic anymore...
As far as I know the crossover accuracy ratio for finger print biometric techniques is low.
The few systems I've encountered, fingerprints are not used to uniquely identify people, just as a verification - people still need to swipe a card or enter a pin, then the fingerprint is used for verification.
Do they have a new technique? There's nothing on the Indivos or Bioscrypt websites stating the crossover rates etc.
exactly.
you're too easy. it's way to easy just to check for an actual pulse on the fingerprint. any security person worth squat knows this. (you could check the pulse either electrically or optically, electrically being cheaper)
Being a seattle resident. . . .
.), those the local store for a while was hosting some sort of cheese festival, it was a paid admittance thing. Ugh.
Thriftway, despite there name, is an establishment that caters to the middle and upper class portions of society. Their customers tend to be retired citizens or soccer moms.
Besides the very fact that I get damn nearly nauseous just going in there (no seriously, I think that they sprayed the damn place with "odor of extravagant spending" or something ), candy bars alone have a 200% price market from the local safeway. Ouch.
They rarely have any sales (or at least any that reduce prices to something halfway decent) and have 'guided tours' of their stores (what the hell ever. . .
Annyways, as I way saying. . . . ok actually no point to this message other then to say that the middle and upper classes suck. -_-
--- teh classissist
Need help treating your acne? Come here!
How about the cashier? I read a previous poster's comment about how he doesn't care about ID or signatures. I'm sure he'd perk up right quick if you were waving around a bloody stump of a thumb, though.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
Even worse, dose the government sanction the revelation of one of their major secrets? That Los Alamos is located in Nevada instead of New Mexico? I think they'd be most upset about that one.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
Types more here in order to avoid the lameness-filter post-aborting thingy...Types some more. And some more. This lameness filter is lame.
As this is a blinding *ucking obvious use of biometrics (I had a discussion in 1999 over coffee on this exact topic) does it suprise anyone that a patent was applied for in 1999 and granted in 2001?
United States Patent 6,269,348 Pare, Jr. , et al. July 31, 2001
Tokenless biometric electronic debit and credit transactions
Abstract The invention satisfies these needs by providing a method and device for tokenless authorization of an electronic payment between a payor and a payee using an electronic third party identicator and at least one payor bid biometric sample. The method comprises a payor registration step, wherein the payor registers with an electronic third party identicator at least one registration biometric sample, and at least one payor credit/debit account. The payee registers a payee identification data with the electronic third party identicator. An electronic financial transaction is formed between the payor and the payee, comprising payee bid identification data, a transaction amount, and at least one payor bid biometric sample, wherein the bid biometric sample is obtained from the payor's person, in a transaction formation step. The payee bid identification data, the transaction amount, and payor bid biometric sample are electronically forwarded to the third party electronic identicator. A comparator engine compares the bid biometric sample with at least one registered biometric sample for producing either a successful or failed identification of the payor. The comparator engine also compares the payee's bid identification data with a payee's registered identification data for producing either a successful or failed identification of the payee. Once the device successfully identifies the payor and payee, a biometric-based authorization of an electronic payment is issued without the payor presenting any personalized man-made tokens such as magnetic swipe cards or smartcards to transfer funds from the payor's financial credit/debit account to the payee's financial account.
Yes, I think nobody would notice. Not if you were discreet about it, and the photocopy was small and colored the same as your finger.
I don't care if it's 90,000 hectares. That lake was not my doing.
I go to a pretty crappy-ass grocery store. If the people in line didn't notice the fake thumbprint, maybe the cop watching all the registers would. Smartass probably-wealthier-than-me kids make me want to vomit.
There should be a moratorium on the use of the apostrophe.
Max V.
NeXTMail/MIME Mail welcome
Not swearing helps. . . .
:) )
:) ) and still get modded up + something or other.
It is not the time spent on them if you are just spewing out of your rectum, you have to CONVINCE the other side that you are right.
Think convincing arguments back from your primary education.
What? Weren't paying any attention in Elem/Mid/High school? That could be your problem right there. . . .
Seriously though, my ass capped out at 50 karma soon as I started COMPARING and CONTRASTING Microsoft and Linux, hell I didn't have to go out and bash either one of them, I just had to state how it was (or at least how I saw it and then convince others that is how it was.
Take some basic improv classes, they always help, and then some poetry classes, Blicken Lights always help, even if they are just verbular. (damnit I am having fun bastardizing the English Language tonight.)
And above all else, fuck, just say whatever the hell you want to say, shit some of the idle pure CRAP that I have posted has gotten modded up to +5, even the shit that has been buried four or five layers deep in a thread has gotten modded up before.
Oh yah, and ALWAYS, I repeat, ALWAYS read the article first.
Learn to speed read if you must, trust me, it helps.
Read other comments before you post yours, odds are that witty retort you thought off will get a -2 redudent because it is exactly that, redudent along with the 4 other people above you who have already said it.
It is easier to get a +5 ---> 2 ---> +3 starting a thread, and to get a +4 staying at a +4 replying to an already existing post. You have more of a chance of sounding half assed intellgent if you already let somebody else do the thinking for you, all you have to do is follow the post to its logical conclusion (or even a bit beyond, heh) and then you can pretty much spout off whatever propaganda you want to (great for spreading Memes which is what I see being online as partialy being all about anyways.
Especialy if you restate your base underlying "who the fucking hell could possibly disagree with that" opinion at the end of your post yet again.
Swear less.
Need help treating your acne? Come here!
hello, can we say pulse detector? why not just require a pulse with the finger print?!? bam, cutting off fingers problem solved.
Hunh... An interesting idea, but what if someone had their fingerprints burned off? I guess we could go to retinal scanners, but I've never liked sticking my eye up to some random machine. DNA scanners would need blood, voice recognition differs too much with attitude and health, and facial recognition is in its infancy.
Maybe, if someone could develop a system with, say, a two by three inch plastic card with someone's name on it, we could circumvent the whole deal. Yeah, it would be great! No more worrying about whether the machine would work, or your fingers were dirty, or someone had your prints - just slide the card and go through. We could even put a strip with bumps or - no, I've got it - a _magnetic strip_ with information identifying that person! As long as you didn't lose it - a far easier eventuality to avoid than, say, accidentally leaving your fingerprints on something - security would be perfect.
You think it'll catch on?
What if you have artificial hands? The way things are going, everything will eventually goto Biometrics, leaving the physically disabled out in the cold. Also, with new advances in the future, technically you could have everything that biometrics checks for be an artificial part. What's next DNA samples? Or are artificial limbs going to have generated fingerprints?
No, it's not true. Talking about some clueless trolls. Marx wouldn't give Taco the time of day. If you were halfway observant, you'd notice that all of Taco's posts are like the fucking home shopping network for overpriced crap.
you must be in biometrics, but you're not very smart. looking for temperature?!? how about just a pulse?!? either an eletric sensor or just use the same optics in your already existing sensor. easy as cake. no more bloody fingers being chopped off.
Fortunately I posted it AC...
That's fucking odd, the main reason I prefer Slashdot to the more mainstream news discussion sites is that you can use adult fucking language without getting fucking edited out as inappropriate for the save the fucking snotty assed kids campaign. I see plenty of posts with high karma that use fucking filthy language. I think your advice fucking sucks.
What are you talking about? There are tons of small banks, as well as big banks. Unless you're not in the US.
sulli
RTFJ.
Dude, where's my finger?!??
Petru
at woolworths in australia we are meant to sign in and out for work using a fingerprint scanner. the scanner has been down for two months so everyone signs in on a sheet...ahh technology...then again probably no-one has bothered to ring up to get it fixed...ahh people
Recently, I saw a similar thing in local Kroger (College Station, TX). They have advertisements and no system yet but they claim they are going to have it by May. I don't remember the name of the system but they are serious about it since they already put several u-scan machines.
Since this biometrics system is taking my pulse rate and tempature reading.
Cashier: I'm sorry sir we can't sell you that red meat today, your heartrate and temperature are way to hi, we suggest you see a doctor, we are not responsible for any damages caused by our produce. Thank you come again and have a nice day.
Or perhaps this device (with a little tweaking) could be used as an instant online/checkout lie detector.
Cashier: So you say you never shopped at Thriftway before eeehh....
The number of input nodes depends upon the length of the feature vector, which varies from machine to machine (and with firmware upgrades). The output layer also varies from machine to machine, depending upon if we want a confidence measurement, and a few other factors. The hidden layer is dependent upon the training. for preprocessing, a PC uses a backprop/simulated annealing/GA combo. The genetic algorithm only changes the number of nodes in the hidden layer and picks from a small subset of the features, thus it isn't much of a GA. We figure, this way the GA can remove the temperature features without the marketing people bothering us about it. The simulated annealing is because the training is rerun on the PC whenever a new thumb is entered into the database, and a IMHO, every trainer should use simulated annealing to speed things up. Especially on low-end hardware.
Pretty much all biometric tools work this same way. We've reverse engineered some competitors, and found similar systems, so I'm not really giving away any trade secrets here.
Bringing irony to the Slash-masses
We have some room for error for false-negatives, but I agree that those are annoying.
Bringing irony to the Slash-masses
Pardon me, but as, for example this document, and multiple others state. Fingerprint ID has a false positive identification rate just under one percent. And gross biometric accuracy of 1:500.
:))
Simple mathematics applied, when the store gets some success, and it's customer base exceeds 500 or let's say even thousand - you are likely to always match someone else's fingerprint.
Sincerely, fingerprints were not made for shopping.
Is sharing your fingerprint with their "partners" because you didn't know you had to opt out before you were born.
The less people who have access to biometric information from which they can infer genetic information that they could then use to discriminate against me, the better.
"I'm sorry sir, but our partner Thriftway provided us with information that indicates that you have a genetic predisposition to liver cancer; we are going to have to deny you medical insurance."
What when (and note that I don't say "if") some unscrupulous criminals will decide to "steal" the authentication token? That means, they cut the poor guy's finger! That's why in many high security institutions fingerprint authentication is frowned upon.
Voice is a bit safer, password is the safest.
Sigged!
If they insist on my fingerprints, I'm outta there.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
who'd use a chainsaw for such a task? i dare say something like a machete would do a better job, given the greatly decreased likelyhood of alerting the victim. also, the serrated, rotating blade of a chainsaw simply isn't going to make a clean cut. you can't avoid a struggle unless the victim is immobilized or simply unconcious, and the fact remains that it's just going to end up being a huge mess to clean.
...do you still think me mad?
"Life is great; without it, you'd be dead." -Harmony Korine
The methods needed are slightly obscure, but its not difficult. You can lift a fingerprint off a glass and make a silicone mold with cheap fotographic equipment and some ingenuity.
... but if they rely on purely optical means anyone with enough time and money can probably fake em with nothing more than a glass with a nice clear fingerprint from his victim.
This will allow you to make 100% accurate new fingerprints (to frame somebody) and has been proven to fake a lot of identification machines. Obviously these machines can make more accurate checks, silicone aint skin
The two big problems with this are the likelihood of misidentification and the fact that you can't just get a new fingerprint if somebody gains the ability to buy stuff with yours. (I feel the tracking problem is less severe because people are already tracking us with credit/debit card numbers and the world hasn't ended)
The identification problem is a very hard. As our pal Schneier likes to point out, a system that answers the question "is this person who they say they are" with impressive accuracy isn't necessarily any good at answering the question "who is this person". The accuracy drops fast as the number of people in the system increases. But don't throw out this system just yet. Is the base accuracy high enough, or can we keep the population low enough for the error rate to be acceptable? When Phil in L.A. is scanned at the supermarket, do we really need to consider Joe in N.Y. as a possible match(*)? Can we weed out more people with other checks before the fingerprint match is performed? I don't know the error rate of the best fingerprint matchers, but I need to know that, and the population size, and do the math if I'm going to reject a fingerprint id system on grounds of the misidentification risk.
The other big problem is devastating to your ability to use a biometric id system, but not to anything else. A stored reading can be marked as compromised in the system so an attacker can't use it any more. You won't be able to use it either, but you haven't lost anything you had before the system was put in place (unless some pea-brain decides that this shall be the only way to pay). You haven't even lost everything you gained when the system was implemented. You now have a choice to dictate that only a debit card + a finger print is enough to make a puchase with your account, which is safer than the credit card alone, although no more convenient.
Please, truly consider the benefits and liabilities of any new system and the system it replaces. At the very least, it'll make for more stimulating discussion than an endless stream of "this is bound to fail catastrophically" posts.
* And when Joe travels to L.A., we know where he is because we tracked his ticket purchase ;->
Fuck the system? Nah, you might catch something.
Fingerprints aren't secure! Haven't you ever watched Babylon 5, Dark Angel or The Outer Limits? All it takes is for someone to dust your Red Bull glass or spray glue on their palm and shake your hand, and BAM, they got your 'prints. I read it on Slashdot / saw it on sci-fi, respectively, so it must be true.
;D
Wait, this gives me an idea. Excuse me for a moment, people... I just have to, uh, go buy some, er, glue at the supermarket. If anyone sees CowboyNeal before I return, tell him to wait up... I'd really like to buy that guy a drink and shake his hand
"13 points on the finger through a formula, and stores the encrypted information on indivos servers."
THERE ARE 13 CHARACTERS IN A UNIX PASSWORD
it scans fingerprint just like a black and white photo copier at k1nk0s then it md5's the image file and uses the first 13 bytes of the md5 output
Lets just do this the simple way and enbedd chips into people, which will act as ID and as credit cards.
To make it simple we just do it in one of the arms or maybe the forehead.
Couple this with active bar scanners and all you would need to do is place the items in your bag and walkout of the store, and you would have the charges automaticly removed from your account. This fingerprint stuff add an unnessisary step.
you're too easy. it's way to easy just to check for an actual pulse on the fingerprint. any security person worth squat knows this. (you could check the pulse either electrically or optically, electrically being cheaper)
Will it work under all circumstances? ie: at an outside ATM on a hot/cold day? With greasy/dirty hands? While I'm using one of those electric exercise devicess that zap my muscles?
Pick your nose in line conspicuously and deposit the gem right in the middle of the pad. When people see/feel the booger, they'll freak out and not use it.
Faster, and cuts down on the false positives, too. I think there was discussion of using PIN codes, too.
does this have anything to do with the latest post?
Well, if you kill someone and chop his hands off, he's not going to be calling and canceling the account anytime soon.
I go in there all the time, I will check it out, but I doubt I will use the system (The last post mentioning the odds scared me :)). With another form of ID like a card or PIN it could be secure enough and convienient if quick, only now are the credit card/debit reader systems getting fast enough to be useful (ever notice that every store has a different reader? - and that clerks always get huffy and hit keys for you if you have to look at it for a second). I'll wander down there, grab a brochure or something and report. sometime today
I recently fell victim to check fraud, someone stole a checkbook and wrote $1300 in checks to grocery stores in Seattle. A few of the checks were to Thriftway. Assclowns obviously never checked the id of the person writing checks in any of the stores. Bah.
"America, I smoke marijuana every chance I get."
gives a new meaning to 'caught red handed'.
You think on-line transations get expensive after they become mainstream? That strikes me as odd. Credit card rates that should be have been criminialized were in place long before the net went mainstream. In fact, it's not unreasonable to suspect that exact issue might have been one of the big reasons e-commerce didn't fly. It was starting out the gate with a tax going to the card companies, and for what, money handling? Isn't the government supposed to provide the currency.
According to the Constitution that's how it was supposed to go.
Net banking fees emerged AFTER it went mainstream?
Sorry, that's factually incorrect.
This should really be one factor of a two-factor authentication scheme. You should identify yourself by keying in a pin, then confirm with a fingerprint, or vice versa.
One factor, a biometric, shouldn't be the whole authentication before your account is debited.
What's to stop every single person not enrolled in the program from giving the finger scanner a try before they pay with their own money? It's like a lottery where you win free groceries one time out of every few thousand tries.
Y'all try this out for a few years, and let me know how it goes....
;-)
do you ?
.. they need to store the exact print in order for the recognition to work.
paranoic moron - go read how digital fingerprint matching works.
they never store complete fingerprint image - only (what you called) a hash and original fingerprint is no way reconstructable from this hash. it's plausible that that shop may've selected to optionally store the image, but that's easily verifiable by looking at the hardware they use. not many of scanners will even optionally allow to do that.
3.243F6A8885A308D313
i was thinking from the crackhead point of view. but, yes, i think it's almost impossible to live without a head.
You don't need the whole head. Just the eyeball.
And, since people can get by with one eye, this is much more humane than lopping off index fingers -- which they need for holding things.
Mugging ? I don't think so --- bang ... who's next ?
Or The Eighth Day...
MjM
XKCD:Xeric Knowledge Comically Dispen
FYI--Seattle had a bad spell of check fraud a few years ago. Lotsa people ramming cars into mailboxes to get checks out, washing them, etc. This is probably the result of that.
Not sure if this even really addresses check fraud at all...but combined with "no personal checks", it might do it.
Thanks for explaining. I am familiar with the tools but mostly from the theoretical point of view so it is very interesting to me how they are used in "real life". It is amusing that you are using GA (i guess any relevant feature selection mechanism could work) to remove the temperature features which are (presumably) useless but for some reason look good on paper.
I'm sure the checkout lady won't mind you holding up a drinking glass to the Thriftway fingerprint reader.
As AC noted previously, it's straightforward to make a mold from such a glass and then cast a glove from that. Then you can go to Thriftway and steal soda, snacks, and petrol.
Will I retire or break 10K?
Well, that cheeses it. First they carjacked us, now they'll be thumbjacking us for cases of bheer at the local Thriftway.
Brings a new meaning to the term "hitching a ride".
-
--- Will in Seattle - What are you doing to fight the War?
I would hack upon this idea yet and make it scary. If you use a debit or credit card you've already tied your purchases to yourself. I don't mind if the police or the store knows I buy the cheap Zippo fluid and not the real thing.
Sometimes people actually don't care about privacy - they want technology to work for them to make things like shopping easier.
The problem I have is when you have to give them a fingerprint for food. Just because this system has been "invented" doesn't mean we must become evil. That will be up to us.
Get your Unix fortune now!
8 Fuck's in 6 sentences might explain it.
yeah.. you're right.. the police escort thats assigned to the grocery store would probably notice. Except theres not one. When you leave college you might figure out that off duty cops arent working pro-bono. but thats not on the test... so you dont care.... smarty.
You fix it.
Great... more biometric tracking horseshit. Chip implants, forced vacinations, etc.
I can't beleive how willing people are to let themselves be treated and herded like livestock.
Why not just brand everyone, clip on a big plastic eartag with their SSN on it and tattoo everyones lips.
------- "A Communist is just a Socialist with a gun in a hurry" - unknown
It is very difficult to ensure that your financial habits are not linked to you. Right now the only way to truly ensure this is to use cash, and to not use any membership cards or even coupons. Any other method of payment ties your name to the purchase. VIP cards tie your name to the purchase. Coupons could even tie you to the purchase, depending on how you got them.
But even cash may not be safe after some time. Some Euro coins are already implanted with ID chips. This means that banks, retailers, etc. can track the flow of each individual coin.
That means if you get two coins from a bank, spend one with a VIP card at a grocer, and spend the other at a bookstore with no VIP card, the book purchase could possibly be tied to you. What happens if US currency is made with these? (Could they have this already? They have the stripe in all bills from $5 up...) Or what happens if people just start tracking the serial numbers en masse?
You can protect yourself from cash-tracking schemes by always exchanging cash with other people. Withdraw cash, and don't spend it until you trade it for cash from another person. Only spend the traded cash. For the ultra-paraniod, come up with a scheme where you trade with as many different people as possible. This scheme also works for individually tagged coupons and VIP cards; just trade with a friend after every use. Try not to use the same VIP card twice.
LAMP hosting on Debian, SSH, no bandwidth cap, PayPal accepted - http://secondbrainhosting.com/