Kroger Testing Fingerprint Payment System

MachineShedFred writes "CNN is reporting that The Kroger Company is testing the use of fingerprinting as means for payment at grocery stores. The article says that it has been well received by both college students and seniors. I, for one would love to see this rolled out to all of Kroger's stores, which include Fred Meyer, Ralph's, QFC, Fry's Marketplace (not the electronics stores), and others; however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues..."

Fraud?

[Mikeytsi]

What about how trivial it is to fake a fingerprint? I'd think that would be a pretty big concern.

Re:Fraud?

What are you worried about? Jackasses don't have fingers.

Re:Fraud?

[ceejayoz]

It's far easier to fake a check or counterfeit money, but people seem to accept them as valid payment methods.

Heck, to fake a fingerprint you a) need to know the person has an account at that store and then b) get a mold (with gelatin) of their finger.

Re:Fraud?

[mobius89]

Is it any easier to forge a fingerprint than a credit card? I don't think so. Besides, it's still fraud/stealing/whatever and you'd get busted because they'll have cameras and a person looking at you put your finger on the sensor. They have like 1 cashier per 4 lanes right now... it's easy to check a camera. Besides, Kroger doesn't even currently require signatures in the "express" lanes.

Re:Fraud?

[Mikeytsi]

It's easier to get someone's fingerprint than steal their wallet. You could get it from random joe walking out of the store. I'm thinking it wouldn't be entirely difficult to build a mold based off of a fingerprint transfer.

Re:Fraud?

[John+Hurliman]

While masking or changing your fingerprint is not extremely difficult, impersonating another person's fingerprint is a little more difficult. You would have to target a specific person with a fingerprint account at one of the stores, and get a VERY clean print of theirs. The print can be cut by various black market vendors on the net, but it would be much easier to clone their credit card and ID. The idea isn't to build an impenetrable system (go ahead, propose an unbreakable system of your own that is within the reach of your average grocery store), but one that deters fraud more than the current system. The problem is, security is only as good as the weakest link in the chain. Why would anyone try to dupe the fingerprint system when they can fraud checks, or credit cards? It's like building a fortress with a giant barricaded steel door, and an unguarded wobbly wooden door next to it.

Re:Fraud?

[blankmange]

If I remember correctly, don't I need a Gummi Bear to fake a fingerprint?.......damn, never one around when I need one...

Re:Fraud?

[Mikeytsi]

Oh yes, you'll "get busted", because the minimum-wage earning kid watching the camera is going to be able to match up every person's face with the correct identity. Get real.

It's not terribly easy to forge a credit card, it's far easier to steal it.

The idea that Kroger doesn't require signatures isn't something that I'd consider a "good" thing.

Re:Fraud?

[ceejayoz]

All Kroger would have to do to prevent that would be to couple an ID photo with the fingerprint. Photo comes up, cashier sees you're not the pretty blonde girl you stole the fingerprint from - problem solved.

And please, don't whine about "invasion of privacy" - if you've ever used a credit card or a cheque in a grocery store, they can already do it.

Re:Fraud?

i'm not concerned about faking fingerprints.. more concerned about thieves chopping off other people's fingers!

Re:Fraud?

[John+Hurliman]

Yeah, they'll just use that national database with every person's current face and facial features linked to their real identity and an SSN. It will match the blurry shot of the top of your head (or hat) from the security tapes several weeks or months old, when they realize what happened, along with the accurate description by the 16 year old minimum wage cashier girl recalling the exact instance.

Re:Fraud?

[GLX]

That wasn't Kroger's idea. That was the credit card issuing banks' idea, starting to be instituted in a wider arena.

If you live in a state that has Pay At The Pump gasoline, you know what I'm talking about - no signature needed, just swipe the card. Nowadays with instant verification, the fact that you have the physical card is generally enough to verify that you should be using that card. Signatures are too easy to fake for someone who *wants* to, and again, do you trust that "minimum-wage earning kid" to verify the signature exactly? No.

Signatures were the only way a small retailer could verify a credit card transaction ~10-15 years ago without actually calling the issuing bank. That's why you don't see imprinters anymore.

That's why a lot of stores (Home Depot and Lowes come to mind) don't even bother checking the signature panel on your card anymore - and let you swipe it yourself. Biometrics (fingerprints) are the next logical step in combating fraud.

Re:Fraud?

You might be thinking it, but you sure as hell couldn't actually do it.

Re:Fraud?

[ivan256]

Unless they didn't do any research, I'm sure that they're using a PIN along with the fingerprint. The fingerprint alone isn't sufficient. It's not any easier to copy your fingerprint and enter your PIN than to copy the magnetic strip of your ATM card and enter your PIN...

If it really is just fingerprints criminals shall rejoice.

Re:Fraud?

[JimBobJoe]

That's why a lot of stores (Home Depot and Lowes come to mind) don't even bother checking the signature panel on your card anymore - and let you swipe it yourself. Biometrics (fingerprints) are the next logical step in combating fraud.

Technically these two sentences are in opposition to each other. The vast majority of credit card fraud is online fraud, not in store fraud (which is dropping and continues to drop.) The reason those two places, in addition to many other places (Chipotle is one that comes to mind) are not checking the signature strip is because the in store credit card fraud is too unusual to care about it. That also answers the question why photographs on credit cards are not being persued--it simply isn't econommically viable/justifiable.

Having said that, Kroger is trying out this system as a nifty way (for them) of mating the kroger plus card with your bank card, all in one biometric.

Anyone else wonder if this is being done in Texas for a reason? Whenever I see grocery store biometric projects, they are either in Texas or California--two states that require that people be fingerprinted for their driver's licenses--so the vast majority of people in those states have been fingerprinted. That's not the case for the rest of the states.

Re:Fraud?

[jdh-22]

Here is a good article from Bruce Schneier that describes how Biometrics can be easily fooled, $10 worth of household supplies. Just go read the article.

Re:Fraud?

[MamasGun]

The fingerprint reader could have sensors on it to determine if what it's reading is a warm, live finger, or a cold inanimate object. If it's warm, it's accepted. If it's cold, it gets kicked back. This is not only good for the gelatin fake finger trick, it's also useful in the absolute worst case scenario where the finger was cut from a corpse, or a living person. Ouch! I believe that mil-spec fingerprint readers have this capability...those consumer-grade readers like U-R-U and the IBM laptop thingy don't have this kind of sophistication.

Re:Fraud?

[jaymz666]

Kroger does indeed require signatures in the express lanes. Of course, most of the time the cashier isn't even at the stand in the middle of the 4 lane checkout lines.

Re:Fraud?

[ceejayoz]

Not if it's coupled with a photo displayed on the cashier's screen, or a PIN.

Re:Fraud?

[gmack]

Not quite... the whole point of the Gelatin finger trick was to coat your finger with it.

So it's warm and it can even get by the the versions that check for a pulse that worldcom was in the process of buing right before they went under..

It's sad really. I had high hopes for that technology.

Re:Fraud?

[treat]

It's not terribly easy to forge a credit card, it's far easier to steal it.

Nonsense. There are no security features whatsoever on a credit card. They are trivial to forge.

Re:Fraud?

Use a sequence of fingerprints as the identfier, i.e. ring finger, thumb, index, index. I'll leave it to the mathmeticians to figure out how many permutations are possible.

Re:Fraud?

[geekoid]

Both Home depot, and Lowes check my idea when I use a card.
Only Arco has me use a pin number.

Having someone sign a credit card slip isn't verification, but it redues liability.
As soon as someone sues for damages because the store can't get a receipt and do a signature analysis, this will end.

Re:Fraud?

[techwolf]

Nah. You use a reader that uses biometric electricity to complete an electrical circuit through your finger.

Now all you have to do is avoid a static electricity shock that fries the unit.

Re:Fraud?

[Dudio]

Unfortunately, every year or two some investigative reporter on Dateline shows us hidden-camera footage of Best Buy clerks gleefully accepting Citibank Photo Visa cards from a balding white guy despite the Visa cards in question having pictures of dreadlocked rastafarians and 80-year old Chinese women on them. How is moving the picture from the credit card to the POS terminal going to make a $5.50/hour cashier care enough to look at it before hitting the enter key?

Re:Fraud?

[ceejayoz]

If it takes 1-2 years for them to get hidden camera footage of that happening, I feel perfectly safe. Dateline and its ilk will always find the worst cases possible - they don't do stories on clerks who do catch fraud, do they?

They show stories on doctors who cut off the wrong leg, but I still go to the doctor.

Re:Fraud?

For me a bigger concern is once your fingerprint is compromised (stolen) how do you uncompromise it? It's not like they can issue you another finger...

Re:Fraud?

[plover]

The gummy fingerprints defeated all the live finger detection systems handily.

The gummy mold is just an ordinary photo-etched copper-plated printed circuit board. (I made lots of them when I was a kid from stuff I bought at Radio Shack.) Take a photo of a fingerprint. Make a full size transparency of it. Expose the photosensitive circuit board using the transparency as a mask. Etch the circuit board. Pour ordinary hot liquid gelatin over the board in an even (3 mm or so) layer (the original paper gave a recipe, but you should be able to use any old recipe for "Knox Blox". It's just ordinary gelatin mixed with boiling water.) Harden it in the refrigerator. When it's time to use it, simply cover the tip of your own finger with the sheet of gelatin.

It passes live tests easily. The thin layer of gelatin is almost invisible. It's transparent, so your own skin shows through. It's conductive: it has a moisture content similar to your own body. And it's warm: your body heats up 3mm of gelatin quite rapidly.

And once you pass through the scanner, you just lick your fingertip and the evidence is gone.

Extensive testing of this was performed against eleven different fingerprint scanners earlier this year. EVERY TESTED SCANNER ACCEPTED THE GUMMY FINGERS, including those advertising "live and well detection", with acceptance rates varying between 65% - 100%. John Young's website has a copy of the paper here.

Biometrics, in general, are not sufficient for high security. They work best only in conjunction with other security measures.

Re:Fraud?

[mfarver]

I am not familiar with Kroger's system, but from the article it looks like they designed it correctly.

Fingerprint scanners are lousy at identifying you from a large database of scans, too many false positives (hash collisions). What fingerprint scanners are good for are _confirming_ that the scan is you. My guess from the article would be Kroger's is using the scans like a pin code, the user presents their club card and the scanner is just used as a quick verification that the customer at the checkout is the person who signed up for the card (and linked it to some payment system).

Privacy concerns are pretty minor (assuming you already agreed to let them track your every purchase by getting the club card) Most of these scanners use a system that hashes key features of the fingerprint, it isn't possible to recreate the actual fingerprint from the scan (it is possible to copy the hash, just like a pin, making it usless in an untrusted env). So the police will not have much use for this db.

Its sound like a good idea, much better than a credit card, which relies on a bored checkout clerk verifying a signature.

And thousands of times better than Speedpass, which AFAIK sends a unique id number (the secret, essentially) in cleartext over a radio link!. Mobil was too cheap to implement a system where the secret wasn't sent in the clear (some simple challenge response would have done it) Tragically Mobil patented the use of RFID for payment, so forget about releasing a better version.

Re:Fraud?

Most of these scanners use a system that hashes key features of the fingerprint, it isn't possible to recreate the actual fingerprint from the scan

No. This is wrong.

Discrete hash functions have an avalance effect. A small change in input yeilds a dramatically different hash value. Because a fingerprint scanner has to deal with slight variations in your fingerprint (due to the angle of your finger on the sensor, sweat, temperature, etc.) it can't use a discrete hash function. It has to use a continuous function instead. One of the fundamental properties of continuous functions is that they are invertable (you can at least approximate the inverse with as much accuracy as you want). Given a fingerprint 'hash', it will be trivial to generate an 'image' which can be printed and turned into a gelatin fingerprint with the same techniques used for etching circuit boards. Matsumoto used similar circuit etching techniques to make gelatin molds from latent fingerprints (Link, 3rd paragraph).

Re:Fraud?

[robb0995]

This is correct, as I actually participated in this program in College Station.

You could swipe your loyalty card or enter your PIN followed by the verification using the finger scan.

However, the PIN is your phone number, so this is by no means confidential.

Also, the scanners are optical, not capacitive, which makes the imaging process less secure.

What I didn't like about the system, though, was that it didn't add any real convenience or security to the process.

From the convenience perspective (leaving aside security for the moment), I would want a system that allowed me to walk into the store with nothing but my finger and draw upon any registered form of payment. However, I still had to key in my phone number, and due to banking regulations, when I wanted to pay with my debit card, I HAD to swipe it. Thus, totally defeating the purpose.

From a security perspective, I'll leave it to others to worry about the security of this method of verification, but the fact that the program was optional, means that anyone could still walk in with my credit card and elect not to be scanned.

Re:Fraud?

There is more smart card fraud than than there is mag card fraud. Some of the newer cards are very difficult to rerecord on as well. The old use a cassette deck head to rerecord seems to now work any more.

Re:Fraud?

[Kashif+Shaikh]

And once you pass through the scanner, you just lick your fingertip and the evidence is gone.

You have a point that such scanners are pointless to use in seclusion, but what if the cashier at the grocery store says:

"Please lick your thumb or submerge your thumb into this safe, bio-degradable green liquid before using the ThumbSafe Scanner Technology"

Not much you can do at this point, and before you know it they'll try running a scanner on your hand for any "sensitive" material...

Re:Fraud?

[OblvnDrgn]

Where I used to work retail, we were specifically instructed to always check signature or ask for ID if it's unreadable. I've been asked for ID at other stores too, just not that many of them, sadly. Even with "SEE ID" written in the signature box.

Oh, and we still had to imprint the credit cards there too, for the record.

Re:Fraud?

[Dudio]

Well, I don't have a photo-Visa, but I know how rarely store clerks bother to look at the signature on my credit card when I use it. Half the time, they swipe it and hand it back to me before the authorization even comes through. I would imagine they put about the same level of effort into looking at photos embedded on cards as they do the signature panel.

I'm not saying that we shouldn't bother implementing authentication schemes like signatures and photographs, but as long as the humanoid who is tasked with enforcing the authentication has no incentive to take it seriously, we have to expect the failure rate to be pretty high. Saying that a photograph will solve a problem elsewhere in the authentication process ignores the gaping holes that exist in the way these things are implemented in the real world.

Re:Fraud?

[ninewands]

Texas does NOT require fingerprinting for a either a Driver's License or a State-Issued ID card for those who do not drive.

The Kroger testing is probably being done in Texas because it, like California, is a LARGE, relatively homogeneous, market with a significant number of Kroger stores. This allows them to get comparative cost/benefit numbers (biometric vs.their current system) from stores serving populations that are demographically comparable.

Re:Fraud?

matter of fact I noticed the other day that a credit card I've been using regularly in stores for 3 years did not have my signature on the back..

not once did any retail clerk mention a thing (?)

Re:Fraud?

[Captain_Carnage]

What? Are you on crack? Current U.S. Treasury makes it incredibly difficult to reproduce a GOOD counterfiet bill. If you know what to look for, detecting most counterfiet money is easy. It's just that most people never look. My advice: look at all your money. You could find yourself (temporarily, in all likelihood) in jail for passing a bad note.

As for checks, well... FTC guidelines on bank drafts, if followed, make it almost as tough to produce counterfiet checks. Then there are those who want to print their own checks... This is legal, but were I a merchant, I probably wouldn't accept them...

Fingerprints are easy though. All that takes is balls. Take the example of this story: All I need to do to get fingerprints is watch some unsuspecting customer go through the line, pay by thumbprint, and then get them to hold something. This can be accomplished in any number of ways, if you're devious enough.

"Excuse me, but I don't have my glasses. Could you take a look at this glass I just purchased and see if it looks scratched? If it is, I'm going to go return it..."

For the really gutsy (or stupid), there's always the 'ol cut the finger off trick... Or break into the person's house and steal something with their fingerprints. Then, follow the directions posted in another comment for producing the gelatin. No problem.

Don't you people watch movies? Sure, they're fake, but that doesn't mean some of the tricks the bad guys use aren't real...

Re:Fraud?

[JimBobJoe]

Texas does NOT require fingerprinting for a either a Driver's License or a State-Issued ID card for those who do not drive.

I could show ya a million links to the contrary (like here) but it also helps that I've been involved with an organization, based in Texas, which is devoted to changing Texas law and prohibiting driver's license fingerprinting.

Kroger usually uses its home base of Ohio as it's testing market for new things.

Re:Fraud?

[monthos]

with all that work, its so much easier to just ask for id along with there credit card. why add all this techno-crap into the mix when it comes down to adding steps to get the same amount of security as the traditional "can i see your id?"

Re:Fraud?

[pyrote]

NO biggie, have an account yourself.... I doubt they ask your name or for any ID. the goal is to eliminate the middle man and get you out of the store Fast. so if they have you lick yourself or dip in the jar, you pay for the groceries, no fraud... heck, if the inital scan fails to match you up to anyone in the database say, "stupid post-office cheap gummy crap*insert favorite messy crap that could be on fingers*" and lick your finger...wham your off scott free from fraud.

the point is without secondary verification (which makes fingerprints useless) the method simply makes it easier to get away with it.

Re:Fraud?

[wjsteele]

Krogers knows that they can't just rely on a fingerprint. They need a second part of the security equation (Remember, a good security system has at least 2 of the 3 basic parts of any security system, "Something you have", "Something you are" and "Something you know".) The "Something you have" could be the fingerpring and the "Something you know" part would be a PIN number or something like that. That way, if someone "steals" your fingerprint, they still can't do anything with it.

Bill

Nightmarish abuse

[joeszilagyi]

This isn't a good thing, and is a step away from National ID Cards stamped with our ID numbers.

Re:Nightmarish abuse

[Night+Goat]

When you buy groceries with a check or with a credit/debit card, they have you identified in the same way they would if you were to use a fingerprint scanner.

Re:Nightmarish abuse

[joeszilagyi]

Except that credit/debit cards aren't the beginnings of common acceptance of tools that will allow the government to track our every move, thirty years down the line.

Re:Nightmarish abuse

[ramirez]

Well,

Soon the Dept. of Homeland Security will have many sources of information with which to cross-reference their data on all of us.

At least when they hunt you down for this anti-american post they will be pretty sure that you are you.

Re:Nightmarish abuse

[damiangerous]

My girlfriend is responsible for grocery purchases of our shared expenses. Sometimes if I need to run out to get some things, I grab her debit card, since I know the PIN.

Re:Nightmarish abuse

What do you think your social security # is? Was never supposed to be used that way, but it is now.

Re:Nightmarish abuse

[ceejayoz]

They're not? The government can easily track your movements by tracking your credit card purchases. If you use your credit card in a Florida gas station, it's a pretty safe bet that you were in Florida at that time.

Criminals have been caught by the FBI tracking their credit card trail. It's helping in the D.C. sniper cases, too.

Sounds like you've already accepted a tool that lets the government track your every move, and you don't even have to wait 30 years for it!

Re:Nightmarish abuse

If you've ever handled a penny, the goverments got your dna. Why do you think they keep em in circulation.

I ususally give them a finger, anyway...

[Hormonal]

When I'm buying rubbers, and I get 'the look' from the cashier, she gets a finger...

no print, tho.

fp?

Re:I ususally give them a finger, anyway...

[j_kenpo]

Unless your buying K-Y Jelly, Wine, and an enima to with those condoms, I dont think you have anything to worry about from the cashier, they only see about 50 other people a day buying condoms....

Re:I ususally give them a finger, anyway...

[jaymz666]

sounds like wishful thinking to me

FP, I'm Bad

First Freakin Post -- whoda thunk it

Re:FP, I'm Bad

Except that you are actually fifth, my not-as-bad-as-you-thought friend...

Not sure if this is possible...

[VudooCrush]

Anyone here see the movie Gone in 60 seconds? They had these rubber fingerprints made that went over their own fingers. Not sure if this is possible or not, but this would definitely make me not want to give Kroger's my info..

Re:Not sure if this is possible...

I forget which James Bond movie it was (with Sean Connery), I remember him plucking a fake set of thin rubber prints off his fingers after he used them to impersonate somebody. All the way back in the 60s... nothing new I guess.

Re:Not sure if this is possible...

[Ageless]

Damn, if it was in James Bond it must be real!

Re:Not sure if this is possible...

[ceejayoz]

I seem to remember an invisible car in the recent Bond flick. That must mean we have that in real life today!

Re:Not sure if this is possible...

[friedmud]

A better movie that shows what is possible with finger print fraud (and Biometric fraud in general) is Gattaca. In this movie - your biometrics ARE you, in that if something is physically (mainly genetically) wrong with you you are descriminated against.

They use various forms of Biometrics testing to figure out if you are you - so in order to become someone else you have to fake a lot of stuff (hair,blood,urine,skin,fingerprint).

Kinda scary - but this is not out of the realm of possibilities for the future.

Derek

Re:Not sure if this is possible...

[dolphinuser]

Diamons are forever. Plot Here

Re:Not sure if this is possible...

[radon28]

Anyone here see the movie The Wizard of Oz? They had those flying monkeys that were very efficient. Not sure if this is possible or not, but this would definitely make me not want to go to Kansas.

Re:Not sure if this is possible...

[WhoDey]

As if you needed a reason not to go to Kansas

Re:Not sure if this is possible...

[Aquamouth]

and where are the flying pigs they promised us?

The Finger of the Beast

[Mittermeyer]

Oh great we won't even need the apocalyptic mark of the beast to be tracked, they'll just need our fingerprints.

I cant wait

[Lolaine]

for a CSI episode based on this :D

Descrimination Possibilities

In all seriousness, this technology won't be accessible to some, such as disabled people and burn victims.

Buying Rubbers & Posting to Slashdot

I'll take "Things that don't happen for $1000 Alex"

Re:Buying Rubbers & Posting to Slashdot

[Hormonal]

Heh. All right, the wife takes a pill every morning, so I don't have to buy them.

However, back in the day, I was always scared of the old evil eye while checking out. I bought a lot of useless shit, in an effort to disguise the purchase. What a dumbass.

Re:Buying Rubbers & Posting to Slashdot

I once heard that the cashiers at Long's Drugs are specifically told never to laugh at any combination of purchases, even if it consists of rat poison, contraceptive foam and little umbrellas for Tiki drinks.

Re:Buying Rubbers & Posting to Slashdot

[jaysones]

No offense, but we didn't have to wait very long for the obligatory "I'm married" or "I have a girlfiend" post.

CSI is gay

Along with the rest of TV

Oh great

[st0rmshad0w]

This does sound ripe for all sorts of shady things.

I'm beginning to wonder if I'll live to see the day when using actual cash is against the law.

Re:Oh great

This does sound ripe for all sorts of shady things.

It certainly does. The gathered database of fingerprints will be shared with other entities. Certain law enforcement agencies have been dying for years to get a database of _EVERYONE_'s fingerprints. This is a step in that direction.

Re:Oh great

well, try to buy stuff that cost more then 100$
whit cash and every one look at you as if you where
a theif.

using cash is not yet ilegale. but honest pepole
use credit card and bank card....

i use bank card only to get cash on ther own
automatic cashout machine. snif readers in
store is easy and will allways be.

-The real Bob

Re:Oh great

[Dudio]

Yeah; the "Fingerprint Your Child" programs run by local police departments are a good example of this. Once they get a child's prints, they go straight into the federal database, never to be removed.

Re:Oh great

[spacefrog]

It's pretty close to that already. If you get pulled over and searched and you have a lot of cash without a receipt, the police will take your cash until you can document it. Whatever happened to innocent until proven guilty is beyond me.

Order something FedEx COD sometime. FedEx will not take cash for a Cash-On-Delivery shipment.

It is only a matter of time before retailers decide that keeping cash on premises is too big a security threat.... It will happen, it's not a question of "if", but "when".

Re:Oh great

[dnewlander]

What about the little words on those green pieces of paper in our wallets?

This note is legal tender for all debts, public and private

FedEx not accepting cash may be a great security device for their delivery drivers, but it would seem to be against the law to me, especially if you give the driver exact change... the fact that someone has already shipped the goods to you implies that you're in their debt.

Anyone have more information on this? Has this been taken to court yet?

Re:Oh great

[plover]

The local "fingerprint your kids" had the parents doing the card impressions with their children, and then keeping the cards for themselves.

Very few people would voluntarily give their childrens' fingerprints to the police "just in case." This program worked because the police officers helped ensure the parents got a useful working set of fingerprints, and the parents kept the cards in their possesion at all times.

You don't need to whip up anti-police state fears any more than necessary. Just posting DMCA / USA Patriot / SSSCA is enough to do that.

Re:Oh great

The debt isn't with FedEx, it's with the shipper. FedEx doesn't even cash the checks, etc. It simply delivers them to the sender, so in effect they are just refusing to transport cash, not refusing to accept it for a debt.

Re:Oh great

[ratamacue]

If you get pulled over and searched and you have a lot of cash without a receipt, the police will take your cash until you can document it.

You can chalk that one up to drug prohibition. Keep in mind, the policies implemented by private business are (and should be) completely independent from the policies implemented by government, unless we are talking about government-mandated regulation. There is no reason why FedEx (or any private business) shouldn't be able to implement a credit-only policy (or cash-only for that matter). If the market doesn't approve of the practice, then the market won't support that policy. There is plenty of reason, however, why government shouldn't be able to outlaw cash transactions. Government has the unique ability to restrict your freedom; private business does not.

Re:Oh great

[Dudio]

Hmmph. I seem to have jumped to an unwarranted conclusion. I found all kinds of sites that back up your assertions. I did find a Tenessee state site that indicates there is a provision for the state to maintain children's fingerprints, but it is solely at the discretion of the parents, and there is another page on the site indicating that any such prints held by the state are to be kept in a separate file to be purged once a year of prints belonging to people who have turned 18.

Thanks for pointing out my erroneous assumption.

Re:Oh great

There is actually a big problem trying to make a digital "anonymous" cash equivilant. I have been working in crypto-commerce for over 8 years and have participated in the development of multiple secure, anonymous digital payment schemes. The government will simply not allow it.

The excuse: Money Laundering.

The truth: Taxes and tracking.

We need to rise up and fix this problem eventually. Our liberty will ultimately depend on it.

huh, what?

[sweeney37]

college kids + midnight kroger trips + fingerprinting = easier drug busts!

Mike

Re:huh, what?

huh

oh great

[stinky+wizzleteats]

Now personal privacy concerns will include painting all my door handles with matte paint.

Not to mention what happens if

[Choco-man]

You cut or burn your fingers.

It's well hashed out how easy it to to fool fingerprinting biometrics, so let's not have at that again. It's a neat concept, but flawed system. To easy to fool and not bulletproof enough to allow for every day accidents that happen in the kitchen (heaven help me if i cut my finger cutting veggies AND burn it on the stove..)

Re:Not to mention what happens if

[NixterAg]

It's well hashed out how easy it to to fool fingerprinting biometrics, so let's not have at that again. It's a neat concept, but flawed system. To easy to fool and not bulletproof enough

That's why it'll never be a viable consumer product. However, Kroger is able to control both the biometric hardware and methods of bypassing the hardware, so it then becomes more viable in that atmosphere. It also allows them to become their own check verification clearinghouse, so no more outsourcing fraud prevention.

If Kroger can cut down on payment fraud while also making it easier to get in and out of the store, everyone wins (assuming you aren't paranoid about them having your fingerprint biometric). A perfect solution would be nice but they'd be happy with just something better than what they currently have.

Re:Not to mention what happens if

This is not meant to replace existing methods of payments, it is just an additional one.

Even if you can fool it, you can fool pretty much all the other technologies too. I could easily take someone's credit card and use it in the self checkout line.

People are forgetful. I've forgotten or lost my wallet before, but with this technology, it wouldn't matter.

Re:Not to mention what happens if

[poot_rootbeer]

Yeah, that would be a critical disaster if you weren't able to use your thumbprint to buy groceries and had to revert to using a piece of plastic or little pieces of green paper.

I don't see how this system would make things any worse for anyone, even if it doesn't work perfectly.

Re:Not to mention what happens if

[mark_lybarger]

making it easier to get in and out of the store

they could start by staffing the fricking checkout lanes. and having baggers who can bag the groceries too. what's the point of having 20 lanes if there's ever only 4-5 of them open? i just don't get it.

we have the self scan express checkouts at the local kroger/meijer stores. they're not really faster than having someone else scan your groceries. more than half the time something doesn't want to ring up right, and you have to call that non-english speaking person to come over and help, or some kids end up bumping the weight tray and the machine keeps yelling "put the item back in the bag".

they could also let you pre swipe your card when checking out so as soon as the scanner person presses the end order key, the 10 second card authorization starts.

they tried a 4-6 p.m. all lanes open at the local kroger (i don't know if they still do that anymore at all), but guess what, most people don't do their weekly shopping at 4-6p.m.. they are most often just getting a few things they forgot for dinner that night and plan to get the weeks stuff later that night or the next. maybe this is when the 14-16 year olds could legally work around here and they had plenty of disposable cheep labor to use.

Re:Not to mention what happens if

[j-turkey]

It's well hashed out how easy it to to fool fingerprinting biometrics, so let's not have at that again. It's a neat concept, but flawed system. To easy to fool and not bulletproof enough to allow for every day accidents that happen in the kitchen (heaven help me if i cut my finger cutting veggies AND burn it on the stove..)

I've read the documentation that you speak of. Yes -- its not invulnerable, but is it better than our current system? I'm sure that its easier to fool a credit card reader with a piece of casette tape than to contruct a gelatin finger. My point is that our current system is far from perfect, as is the alterntive, but maybe its a step in the right direction. Maybe if we used fingerprinting biometrics instead of a signature for credit card purchases it would weed out some of the fraud.

To address the non-bulletproofness of the fingerprint biometric scanning...why not keep more than one fingerprint on file? What is to stop you from making a quickie phone call to have your fingerprint re-scanned? Its not like sirens will blow and the FBI special operations team will descend from the ceiling when there's an error.

Just an idea

--Turkey

Re:Not to mention what happens if

That was actually amusing in its stupidity.

Re:Not to mention what happens if

The most important difference between our current system and biometrics is what happens when the system fails. Currently, if someone steals my credit card number, it sucks until I get it all sorted out, but my credit card company can issue me a new number.

On the other hand, no one can issue me a new fingerprint. Once it's compromised, it's compromised forever. This is a serious problem with all biometric identification.

Re:Not to mention what happens if

[ceejayoz]

what's the point of having 20 lanes if there's ever only 4-5 of them open?

Sounds like you've never been to a grocery store the day before Thanksgiving.

They have 20 lanes for the busiest of times, not for 3 AM when you get the munchies.

Re:Not to mention what happens if

[moncyb]

we have the self scan express checkouts at the local kroger/meijer stores. they're not really faster than having someone else scan your groceries.

Self scan checkouts aren't there to help you get through the store faster. They're for saving the company money. You're doing the labor for them.

Less paid labor = less expense = more company profits.

Re:Not to mention what happens if

[scrytch]

there's an old joke about crooks who burn their fingerprints off: the cops say "pick up the guy with no fingerprints".

you have to seriously disfigure your finger to "fool" the system, and you know what? you just redo it with your burned fingers. bigger problem if you have a band-aid on your finger, actually. personally i haven't used my actual safeway card since i got it -- i just enter my phone number.

i wouldn't have a problem with biometric authentication -- if it were something like my credit card and i wanted to switch off all the other forms of authentication (god knows CC companies don't want you to be able to do that though). but i don't see how it's convenient to give up a token that i can give to my family and not have to deal with flakey slow readers with dirty screens.

rant mode: screw it, i'll spend a few extra bucks to shop at andronicos or something, guess that's the expense of not getting tagged and cataloged like an animal in the 21st century.

Re:Not to mention what happens if

[DataPath]

A lot of people are whining about how easy it is to fool a finger printer, but I think combined with a PIN or something, it'd be pretty reasonably secure - you can't just casually pull people's prints and just charge things to the print, you'd have to study your victim, and manage to get their pin, too. It'd just be an easy way of substituting your finger for the plastic. Stealing credit card numbers is easier than stealing someone's finger print, anyway.

Re:Not to mention what happens if

So does that mean next time I'm at Safeway, I should try one of these five numbers?:

• (650) 508-0xxx
• (415) 776-7xxx
• (650) 348-5xxx
• (650) 851-3xxx
• (415) 771-5xxx

(Yes, I have the missing digits. Just for you, I chose not to type them on Slashdot.)

I could probably have narrowed it down much further to probably one or two of the above numbers, but I wanted to spend less than five minutes researching this post.

You have already been tagged and cataloged. Please step aside to make room for the next animal.

Re:Not to mention what happens if

[Elwood+P+Dowd]

Better yet, enter in (510)843-7226. That is, (510)THE-SCAM.

Me and my friends all enter in the same number. Hopefully that way, our information will be less useful to them.

Entering in false info only works if you never use plastic...

Re:Not to mention what happens if

i've just used all 5 of my mod points. please someone mod parent up, thanks. because this is the real problem why any fingerprint verification system is a bad idea, not all the crap posted here before this post.

Re:Not to mention what happens if

You still have pin a number don't you? Someone having a copy of your finger prints does NO GOOD if they dont also have your changable pin number.

Remember, good security is a combination of somthing you are, something you have, and something you know. You can change 2 out of 3.

Re:Not to mention what happens if

[avdp]

Or like my local store claims, it's because of a staffing shortage (apparently they can't find enough people willing to make $6/hour - what a shocker) and therefore since the self-checkout lanes are in ADDITION to the regular lanes, it allows them to have more lanes open than normally. See, helps everyone!

As a side note, I love these self checkout lanes. Well, except when the person in front of me has a 10 year old kid and decides that it should be the kid's job to scan.

Finger Print?

I just got an HP iPaq 5450 with biometric fingerprint reader. I thought the finger print security feature was pretty sweet until I let my brother try it. After 4 finger swipes, it let him through thinking it was me.

I doubt Kroger will use the same technology, but still cause for concern. Is fingerprint scanning technology really ready for mainstream use?

Re:Finger Print?

[xagon7]

WTF?

Re:Finger Print?

[ceejayoz]

How big's the scanner? On an iPaq, I'd imagine the sensor is quite small, since the iPaq itself is small. I'll wager it doesn't take a full-finger print.

After 4 finger swipes, it let him through thinking it was me.

BTW, what the heck are you "swiping" your finger for? That's what you do with credit cards, not fingers... :-p

Think about where this leads

And how much longer will it be before the Kroger will check my fingerprint, see that I was arrested years ago for demonstrating a political debate, and refuse to sell me eggs, tomatoes, or anything else that makes a mess when thrown at a candidate.

Re:Think about where this leads

[bryanp]

And how much longer will it be before the Kroger will check my fingerprint, see that I was arrested years ago for demonstrating a political debate, and refuse to sell me eggs, tomatoes, or anything else that makes a mess when thrown at a candidate.

My God, you're right! Because of course Kroger is all about politics, it's not like they have an interest in selling you stuff in a quicker and more efficient manner so they get your business and make more money than the next grocery store! Nah, couldn't be. Has to be some Grand Conspiracy. Ye Gods people, grow the hell up.

Re:Think about where this leads

well, the OP was stupid.

but.

Kroger making more money includes selling my info to advertisers with profiling data.

which is bullshit.

Re:Think about where this leads

[istar]

Politics and money go hand in hand, which should be common sense by now.

I think it is something we need to worry about since, which this should be obvious as well, policitcs get their funds in many different ways. I think they will not hesitate if there is money in selling it to the government. What about future companies that will use it for security? What about the FBI and CIA? A new tracking system will be taken, as it already is with fingerprints.

Of course you could say 'but why worry if you hav nothing to hide..'

And I would answer 'Because there is a line between worry, and human morality towards privacy'

Re:Think about where this leads

[koa]

Uhhh.. Not like they can't already do that if they wanted to, everytime you use a credit card- or grocery store card (stop&shop) they do data mining.

if you want to avoid this, just pay cash.

Re:Think about where this leads

[geekoid]

I see your point, naturally, efficency(i.e. cutting costs) is why Kroger implemented it.

However, what happens when this is common place?
I could easily see this (U.S.) Administration forcing stores to give up certian information that would indicate(to them) you are a muslim, or to track a certian profile they feel is dangerous.

I can also see them being in a situatiun where a government body tells the a person can't buy somthing.
we live at a time where protester are gathered up behind fences, blocks away from the event there protesting.
In the 70's and 80's I can remember America would give the U.S.S.R a hard time about not allowing protesters, or free speech. The U.S.S.R. would reply by showing footage of protesters. It alway turned out they were far away from what they were protesting, and behind fences.

Sounds Good; Ban Little Plastic Bags Next

[reallocate]

Sounds pretty good. It'd certainly move people through the lines faster.

Now, if they'd just do away with those little plastic bags.

Anyone with privacy concerns should use cash.

Re:Sounds Good; Ban Little Plastic Bags Next

[ivan256]

Now, if they'd just do away with those little plastic bags.

What's wrong with the plastic bags? What would you use instead?

Re:Sounds Good; Ban Little Plastic Bags Next

[drDugan]

in genl, i'd agree

one problem I see as we push forward with the "if you have concerns, use cash" is that after some time, it will be suspicious to protect your privacy. People who use cash will be singled out for scrutiny simply be not conformign to the technology that enables scrutiny.

Re:Sounds Good; Ban Little Plastic Bags Next

[Jonny+Ringo]

Explain to me how this would move the lines faster? The only diffence is swiping a card and hitting the yes button for the total. You will still have the same latency for the rest of the process. So its possible that you may saved up to 2 or 3 seconds. Big freakin whoop. If it helps getting you out in traffic sooner I guess.

Re:Sounds Good; Ban Little Plastic Bags Next

Shops sell bags that you can take with you when you go to the market. Much less waste that way.

Just a suggestion! :-)

Re:Sounds Good; Ban Little Plastic Bags Next

[reallocate]

They're too small, the handles break or the bottom drops out, and, worst of all, everything in the bag rolls out onto the car floor as soon as you take your first turn.

Gimme big solid paper bags with handles.

(On the other hand, the plastic bags come in handy as raingear in different parts of the world.)

Re:Sounds Good; Ban Little Plastic Bags Next

[reallocate]

I was thinking about grocery discount cards. Seems to always be my luck to get behind the guy who can't find his. Most people ought to be able to find their fingers.

Jello

How long until Jello fakes out the system and causes it to be scrubbed?

great....

[eyeball]

Now someone will steal my thumb instead of my wallet.

Re:great....

[theLOUDroom]

Exactly.

Anyone ever see the movie Demolition Man?
There's a scene in it the explains very simply why biometric authentication is a bad idea:

Snipes, needs to bust out of this high-tech future prison, but they have a retinal scanner on the door, so he just takes the eye of some guy he just killed, stick it on a pen and holds it in front or the scanner.

No thanks. I'd rather be able to surrender my credit card to a mugger and then make a phone call and have the account shut down. If everything goes biometric I have to be a hostage, or loose a body part for them to get what they want. And then...

What do I do if someone "steals" my fingerprint? I can't exactly go get new ones and shut the old ones down, now can I?

There are lots of other good reasons why this isn't such a wonderful idea, either. I can send my girlfriend out for a pizza with my credit card, but not if everything is fingerprint based. Then there's the false positive/negative rate problems, the what happens if you hurt your thumb problem, etc. And I don't think I'll even get started on the privacy concerns here.

The next "credit card" type of system we need, is one where the cards themselves have computers in them and all transactions use encryption. When someone asks me for $5 I can give them an encrypted message for my bank authorizing a one-time transfer. Then I don't have to trust them not to overcharge me (right now they can say they're charging you $5 and charge you $500), or to keep my number safe from 133thaX0rs (see ford for an example of this problem).

Re:great....

[dracken]

Philosophically, this statement is much more important. It is a thumb rule in cryptography (pun unintented) to "Never use something to authenticate that cannot be discarded". Passwords, if stolen can be discarded. Smartcards if stolen can be discarded. Finger prints stolen and you are screwed for life. Now you might wonder - "How the heck is someone going to steal my finger prints ?". Just one rouge finger print reader, record the signals - well then use your imagination. This system is scary.

Dracken.

Re:great....

[JedKivi]

Demolition man was a movie.. and movies are FICTION, if you stab a pen through an eye, how is the retinal scanner going to work?

Re:great....

[JohnFluxx]

I believe you can check the temperature of the eye/thumb to check that it is still attached to something alive, or check for pupil dilation or something with the eye.

Re:great....

[ceejayoz]

I can send my girlfriend out for a pizza with my credit card

Not legally, you can't. If she gets caught, the pizza store could easily get her charged with fraud.

Then there's the false positive/negative rate problems, the what happens if you hurt your thumb problem, etc.

You use cash, cheque, or credit card. Until the technology is perfect, there'll always be an alternative method of payment. Credit cards haven't phased out cash, have they?

Re:great....

[thammoud]

Does the thief who has my eye/thumb in his hand know that ??

Re:great....

[exhilaration]

I think he meant "rogue finger print reader", unless he was accusing some finger print readers of being communists.

Re:great....

I can send my girlfriend out for a pizza with my credit card

Not legally, you can't. If she gets caught, the pizza store could easily get her charged with fraud

Not if she signs her own name and has your permission to use the card. If she signs your name, that's illegal. This is why good pizza stores check the signature.

Re:great....

I believe you can check the temperature of the eye/thumb to check that it is still attached to something alive

You can, but it's not hard to keep a thumb warm. Specific mplementation of this exploit has been left to the reader.

Re:great....

What do I do if someone "steals" my fingerprint? I can't exactly go get new ones and shut the old ones down, now can I?

Exactly

Consider some evil clerk that puts a sniffer between the fingerprint reader and the rest of the payment system. He can collect thousands of signals for those fingerprints which he can replay later as authorization.

Re:great....

[attobyte]

Just stab it part way through. So not to block the retina. :)

Atto

Re:great....

[JedKivi]

The eye is filled with fluid, and the retina is the whole back half of the eye. So if there was a hole the retina would look different. So the idea doesn't work, unless it's in a movie.

Re:great....

[thogard]

There is no fraud because she has permission to use the card. All they can do is tell her to pay cash or a card with her name on it. If they take the card, the owner is very likly to show up demanding the card and never deal with them again. If you a pizza place, would your risk running away one of your better customers? I think not. Credit cards are a balacnce between consumer ease of use and security for the merchant. If you make them harder to use, then they won't get used and the banks lose out.

Re:great....

but the idiot that rips your eyes out doesn't know that until later. You are still out a couple of eyeballs in the process.

Re:great....

[Asgard]

Well, the credit card people may not agree. Most cards say that the card is the property of the issuer. They gave *you* permission to use it, but that permission isn't necessairily transitive in their eyes.

Re:great....

[dasunt]

I remember hearing an interview with one of the war gamers for the United State's Department of Defense. She was told that part of the reason why some of the US military uses retina scanners is that they don't work after death. Fingerprint scanners do, but retina scanners do not.

Unfortunately, a quick google search isn't returning any information about this. Perhaps someone can illuminate us further on this topic

Re:great....

So I have to remember to keep the eyeball-key under my armpit for a few minutes?

Thanks for the info!

Re:great....

I work for a large electronic security systems integration firm, and work with biometrics. I doubt a retina scanner would read an eye that was removed from a person. When the eye is removed, the blood would run out, and the blood vessels would constrict.

Re:great....

[phatboy22]

This type of system already exists.....its called "smart" chip technology.....it is prevalent throughout europe......

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >> >>The next "credit card" type of system we need, is one where the cards themselves have computers in them and all transactions use encryption. When someone asks me for $5 I can give them an encrypted message for my bank authorizing a one-time transfer. Then I don't have to trust them not to overcharge me (right now they can say they're charging you $5 and charge you $500), or to keep my number safe from 133thaX0rs (see ford for an example of this problem).

Re:great....

[Q+Who]

Anyone ever see the movie Demolition Man? There's a scene in it the explains very simply why biometric authentication is a bad idea:

Snipes, needs to bust out of this high-tech future prison, but they have a retinal scanner on the door, so he just takes the eye of some guy he just killed, stick it on a pen and holds it in front or the scanner.

More than a year ago journalists were allowed into NSA building. The filmed data and interviews were shown on American TV and were available on some news site (NBC, if I am not mistaken).

They show there one of the authorization systems at the entrance, which happens to be a retinal scanner, simultaneous for both eyes, which also measures distance between eyes and such.

They say specifically that the system only works for live person.

Obviously, your logic regarding biometric authentication being a bad idea is wrong.

Re:great....

There are methods of determing if the organ or tissue is actually alive (pulse, pupil dilation, etc). That's not to say that the curent technology is foolproof. However, there will be viable solutions to counteract the old "pull the eye out of the socket and hold it up to the scanner" ploy (and hey it's just a friggin movie anyway man)

Re:great....

[theLOUDroom]

Yes, obviously my logic must be wrong, since you only attempt to refute a single point I made (out of many) and fail to understand the point of my post.

Since just about every reply has been someone nitpicking about retinal scanners and failing to get the bigger picture, I might as well respond to everyone all at once.

I'm sure the NSA has badassed retinal scanners. That doesn't mean they're foolproof and the NSA knows this. I'm sure they also have guys that stand near the retinal scanner and make sure there's no funny business going on. This is also why a retinal scanner was only "one of the authorization systems at the entrance."

I wasn't saying that Snipe's character is a genius. I was using a humorous anecdote to illustrate one of the follies of this technology. It was a freakin' movie, sure sticking a pen into and eye is going to mess it up, but it was a funny scene wasn't it?

The point I was making by bring that up was the biometric authentication is fallible. You can steal someone's body part, you can make a fake body part, etc. No one has replied with an answer to the "What do you do when someone steals your fingerprints?" question? That's a real problem with biometrics. They're awfully hard to change. There has already been at least one story on /. about someone figuring out a way to defeat fingerprint readers with gelatin. Once someone has a gelatin copy of your fingerprint, what do you do?

I don't think biometric authentication is a totally bad idea, but I do think it is to use only a single biometric as your authentication scheme (at least for anything more serious than a screensaver password).

Re:great....

[theLOUDroom]

I know europe is really into smartcards. They had half a building full of smartcard related stuff at Cebit last year.

Smartcards are only a partial solution. You still have to trust others more than you really should have to, given the current level of tech. we have availible. Smartcards do not have any displays or buttons on them. As a result, you don't get one of the key things I was talking about: The ability to only authorize a certain amount of money to be transferred.
With a smartcard, the retailer (or whomever) is talking to the smartcard for you, and you have to trust them not to change 20 euros into 200 euros before they send the info to the card.

I suppose it would be possible to put a smartcard into your trusted device and tell in to only authorize up to 20 euros for the next transaction that occurs, but it seems to me that that is not the way smartcard tech. is being implemented, and it would require an additiional trusted device.

Old news

[BIZKeT]

This was first being tested in Texas earlier this year. They found that it was way too easy to fake a fingerprint. There is also a grocery store in the Seattle area that was trying this tech, and if I remember correctly has decided to bail on it because of the ease of fraud. BIZKeT Mmmm... First post

Re:Old news

[marius]

FYI, it's being tried in three stores in the Bryan/College Station area here. I've not seen any indication they're found it easy to fake, cause they are still in operation. (Walked by the machine yesterday in fact.. Did I use it? Nope.)

-marius

Re:Old news

[ceejayoz]

MSDOS was found to be too hard for the average person to use. Thus, we've abandoned all work on new operating systems. Work on something better? What a stupid idea!

</sarcasm>

Ever cross your mind that (gasp!) it's possible to fix problems and make a better fingerprint scanner?

Re:Old news

[Cid+Highwind]

Ever cross your mind that (gasp!) it's possible to fix problems and make a better fingerprint scanner?

Even if you can build a perfect scanner, that doesn't fix the fundamental flaw of fingerprint ID. You can't revoke a compromised fingerprint. It seems to me like we need some major innovation in fingers before this will work, not just the scanners! ;-)

(Don't even start about PIN numbers. I bet you would have new ATM cards made if yours were stolen, not just hope the theives couldn't guess your PIN. A 4-digit combination may be strong enough for locking my luggage, but it alone isn't strong enough for protecting my life's savings.)

Re:Old news

[ceejayoz]

You also can't revoke social security numbers, but they're still used.

As for innovation in scanners, that can help stop compromised fingerprints. How? Well, obviously, you can't graft someone's fingerprint onto your finger, so you're going to need to use something (like the famed gelatin technique). A scanner that can detect the fake fingerprint (temperature, perhaps? or a dermal scan in addition the the fingerprint scan? or just make the surface sticky so it pulls off the gelatin?) would stop fingerprint fraud.

No, you can't revoke a fingerprint, that's true. But you can certainly stop people from using someone else's fingerprint fraudulently.

Re:Old news

You also can't revoke social security numbers, but they're still used.

err... Yes, you can.

Good idea

[andyring]

In theory, this is a good idea, I think. Looks like ./ covered this back in May. That post also describes a way to fool it with gelatin. Another submission talks about Thriftway stores doing this back in April. And, back in Oct. 2001 a post described use of fingerprint IDs on Acer laptops.

So, this is really nothing new, but it looks like this may be one of the larger rollouts of such technology. Really no different (from a practical standpoint) than things like automatic toll booths or Mobil's Speedpass method of buying gas, although fingerprints would be inherently more secure. If we had Kroger stores around here, I'd be willing to sign up, but I don't think they have a presence in Nebraska, at least not in the Lincoln area.

Re:Good idea

[Mothra+the+III]

Agreed. I think the interesting thing here is using Biometric technology for identification. Even if a fingerprint can be forged somehow, there are other technologies - retinal scanners, hand scanners, etc. Its good to see if this is even feasible in a store setting.

Re:Good idea

[watchful.babbler]

The "gummy finger" paper is here. It effectively points out how easily compromised a fingerprint-only system is.

For anything involving financial transactions, I'd want a token+knowledge system (credit cards and checks technically fall into this category: card/check + signature) or at least a way to limit my exposure beforehand (toll tags: you purchase a set number of "clicks"). A fingerprint scan may be convenient, but without some sort of backup verification, it's the thin edge of the identity theft wedge.

Re:Good idea

[akad0nric0]

It's important to remember that Kroger owns food stores other than "Kroger"-labeled stores. I'm not sure which other chains they own, but I know they're a nationwide company and I only seem to see "Kroger"-labeled stores in the Cincinnati / tri-state area. This is a very large company.

Re:Good idea

[fermion]

In theory it not a good idea. Proper security requires some redundancy. An ATM requires a token and code. To cash a check you have to have a special document, and usually two forms of identification. I know from recent experience that if it has been a while since you cashed a check at Krogers, they call corporate for verifications. Credit cards are less secure, but the CC companies and vendors take those losses as a business cost. This system has no redundancy, and no verification that the token(fingerprint) belongs to the correct person.

In this case, Krogers appears to linking the customer fingerprint to a credit card or bank account. SVC, which would make a lot of sense, is not an option. There are so many ways to hack this system, some without the victim even noticing. The weakness is that once you have the token, the fingerprint, a publicly available piece of information, you have cracked the main security. After that, you are at the mercy of the investigators. The bank may in fact say the problem is yours and not give the money back.

Re:Good idea

[avdp]

Well, they are supposed to verify the signature with the one in the back of the card. Granted, they rarely do in the US and either way, store clerk are probably not handwriting experts, but in theory the signature is the "code".

As a funny story during a trip in Taiwan a department store (Sogo) clerk refused to accept my signature! I looked in the back of my card and sure enough it looked a bit different - I guess after about 2 years my signature had evolved ever so slightly. She made me re-sign the slip at least 4 times before she gave up and let it go.

I don't get it

Slashdotters should be proud of the fact that they are getting some (unless it's for gay sex, let them burn in hell with the HIV)

Re:I don't get it

HIV isn't exclusive to gay men. Look at conditions in Africa.

Cool

I'd love to see it too...a little gelatin and I've got free groceries! =)

Great, and I just got a job at Gattaca!

[TinCanFury]

So, now when my fingerprint is on their file they can check every product i touched as i thought about purchasing it.

What I really can't wait for, is when someone steals my fingerprint and starts charging their purchases to me. Cause we all know how easy it is to get a new fingerprint...

Re:Great, and I just got a job at Gattaca!

[forgeeks]

I wonder if the police will be able to tap into this system. If so that worries me. If you don't have your finger prints done as a child and you have no record chances are you are not on file. If you shop at Kroger you will be on file *somewhere*. Scary

New MO at the register

[vudufixit]

Bill 'em, bag 'em, book 'em.

some?

[Jonny+Ringo]

however I'm sure some /.-ers will have privacy concerns as well as law enforcement cooperation issues

SOME! Shit I already have a problem with the current system. Every time I get asked if I have one of their cards for "saving", I just say "Sorry, I don't join cults"!

Re:some?

I just say "Sorry, I don't join cults"!

I'm voting Green in 2004!

Oh the irony.

Re:some?

[Xerithane]

Every time I get asked if I have one of their cards for "saving", I just say "Sorry, I don't join cults"!

I can understand saying no, that's perfectly reasonable. But a cult remark just makes you look like a psycho-dumbass. No offense to you at all, but if I was a grocery store clerk and someone said that I'd definitely mark them as being a complete sociopath.

Just an outsider point of view...

Re:some?

[Jonny+Ringo]

If voting is being in a occult, then don't vote.
The GOP (Grand Old Party) sounds like more of an occult than any other party.

Re:some?

[Jonny+Ringo]

Actually they always laugh, because unlike some people they can get a freakin joke.

Re:some?

Please refrain from voting Green until the threat of fascism is over. It's really sad to see this country repeat the same mistakes that were made in Germany in the early thirties.

(I'm posting as AC as a hint that I will ignore the shitstorm resulting from this comment.)

Re:some?

[Xerithane]

Actually they always laugh, because unlike some people they can get a freakin joke.

Good to know the grocery clerks in your area have no sense of humor as well...

Re:some?

[Jonny+Ringo]

wait a second, I told you that they laugh and then you say they have no sence of humor? oookaaay.

Re:some?

[LordYUK]

Oh please. I am Mr Smith at 6969 Blowme St in Upyerass North Dakota.

and I still save 30 cents on toilet paper.

Just because you dont want to give them YOUR information doesnt mean they cant get a false identification.

Not giving them your address, understandable.

Spending more than you have to because you are a fucking dumbass, inexcusable.

Re:some?

I guess great minds think alike.

Break time's over Greenie, get back to register 12.

Re:some?

[nolife]

"Sorry, I don't join cults"!

Huh? Anyway.. Why not use a fake address and phone number?

I wonder how long it will be before medical insurance companies start purchasing the detailed buying history of perspective applicants from grocery stores.

Beer, cigarettes, and Oreo's..
Three strikes and you're out.

Over age 65 and you start buying Tum's and Depend brand undergarments your account gets flagged as -Do not Renew-.

Re:some?

[JedKivi]

And getting a card that acts as coupons is being in a cult?

Re:some?

[Jonny+Ringo]

it is a joke, its funny fucking laugh.

Re:some?

If it were just plain funny, although weird, or even made sense (how is it a "cult"??) that would be one thing... but those people who make comments like your "cult" comment just sound like freaks who have this whole weird theory built up and don't have anybody who cares so they tell some person making $6 an hour who couldn't care less. And they wonder what the heck you mean, but don't intend to ask because then you would proceed to tell them way more than they cared.

My guess is that if they laugh it is because the only other option is to pretend they didn't hear it or have some sort of awkward "okaaaaay...." moment. I used to work in retail and I definitely ran across people who made freako comments. I learned quickly that if you just give them a quick courtesy laugh that you can just put it behind you. Don't act interested, and don't act confused or annoyed.

It would be as annoying as checking out and having the cashier say "Is this Butterball turkey yours?" and you say "no I don't believe in the torture and slaughter of animals". Not the most tactful forum to give a summary of your weirdo manifesto.

Re:some?

[LordYUK]

Yet you are a member of slashdot...

talk about the pot calling the kettle black...

Re:some?

[geekoid]

The cards save me too much money to not use, however, since my cat has one, I just use his. ;)

Re:some?

[ceejayoz]

They're laughing at you, not with you...

Re:some?

[*xpenguin*]

Actually they always laugh, because unlike some people they can get a freakin joke.

Can you please explain the joke?

Re:some?

[LineNoiz]

Most stores don't give a rats ass about your personal information. In fact, in response to public outcry against divulginf personal information, major chains that use the cards proclaimed "Just give us fake info! We don't care!"

The major problem with savings cards is that they use them to demograph their highest spending shoppers. According to a study in the late 90s, 75% of a supermarkets revenue comes from 30% of their customers. These cards let them know what those 30% buy (with or without knowing who they actually are), and to tailor their store to this group of people. The rest of us are screwed.

Here is a site (albeit with an agenda of their own) that has pretty good info about these cards. Check it out if your are at all interested.

Re:some?

[Little+Brother]

I have a better method, I ask for a new card, every time. I've put some pretty fun information on the forms to. They sure can't trace me by it, and if enough people did this, Kroger would get the hint and discontinue the card system...

Re:some?

[Tom]

Please to meet you, Mr. Smith.

Now, you may be thrilled to learn that the store doesn't care for 5 cent about whether or not your street or last name is bogus. It still gets a perfectly working customer profile on you.

During the Chaos Computer Camp in Berlin, 1999 (I think), we came up with a better idea to thwart these systems: Swap cards. It's simple, it's fun, and it will mess up their profiling.

Good day, Mr. Smith. And hey, haven't you forgotten those candy bars you always buy?

Re:some?

I shop at Kroger almost exclusively. When I signed up, they didn't ask for any information at all. The guy activated the cards, scanned them so that I could save on my current purchase and then gave them to me. I have 3 cards, one credit card sized and two keychain sized.

I am very brand unloyal and always buy whatever is cheapest. If Kroger wants me to buy the name brand over their generic brands, fine by me. Oh, and I save about $.03 per gallon of (otherwise competitively priced) gas.

That said, there is no way in hell I'll ever use my fingerprints to buy groceries.

Re:some?

[SN74S181]

And I am worried that they know 'Mister Smith' always buys that particular candy bar for what reason?

Seriously, you fellows have far too much time on your hands if this is the kind of thing you spend your life fretting about.

Re:some?

The insurance compaines already do buy that data.

Not sure what this gains you...

[rmayes100]

In Colorado at King Soopers (a Kroger store) we already have self checkout lines. I don't really see how this is going to be that much faster over being able to scan your groceries, swipe a credit card (or pay in cash) and be on your way. It seems like the major time constraint is scanning the groceries not the payment process.

Re:Not sure what this gains you...

When I first read this post i thought it said King Snoopers ala a "savings club" card thing.

I'm somewhat disapointed...

[ar1550]

that there are no Kroger stores in my area. Chainmail gauntlets would have made the perfect match with my tinfoil hat.

Thumb Payments

[forgeeks]

I see nothing wrong with using finger prints to pay. We already trust Credit Card and/or ATM Cards at these places so why not your thumb? Just imagine calling to report your thumb lost or stolen. I don't think it would go unnoticed for very long like a credit card would.

what's wrong with cash?

[cascadingstylesheet]

It can even be automated, if you really want to, with bill and coin accepters.

I wonder at what point all this information becomes wastful. You just know that because this information can be tracked, it will. But imagine if we suddenly switched back to an all-cash system. There would be so much less data to store, transmit, transform, mess up, validate, etc. There's a certain economy in that, isn't there?

Re:what's wrong with cash?

[gabec]

Corporate tracking methods aside, there's another reason why The Big Dogs want the populous to stop using cash: cash is untrackable and tens of thousands of dollars a year simply disappear into granny's' matresses across the country.

Further--and more importantly to the government--it allows for sales of goods to go UNTAXED. How many of you here on /. have ever paid tax at a garage sale? Or how many of you have ever paid taxes to the gov't for the money you made off of your own garage sales? Not to mention all the other [il]legal transactions that the gov't doesn't get to pilfer.

Re:what's wrong with cash?

Hell, I don't pay tax on the big sales I get on eBay. And it's becoming my primary source of income.

Re:what's wrong with cash?

Many states exempt garage sales from state sales tax (assuming the state even has one). Most garage sales income is low enough that it doesn't have to be reported on the federal income tax form which implys that it won't need to be reported for state income tax either (assuming the state even has one).

Re:what's wrong with cash?

[gl4ss]

why cash sucks:

you have to get it from somewhere.

do i really want to go out of the bar to pick up some more cash from automat in -20c weather? no. do i want to drive 40km to the automat to do shopping at the store that is 2km away? no. do i want to walk around with all the money i got in my pocket, or have it in my house ready to burn? no.
(not to mention that the smallest amount of money drawable from automat in finland at the moment is 20 euros, roughly 20$. however, with bank card i can easily get every cent out, without extra costs per transaction, as a student this is very important. note that bank card is not credit card, or like visa electron. visa electron would be nice but not all places accept it yet, if your not familiar with it visa electron acts like bank card except that your account is checked every time you make a transaction, thus being available easier than bank cards, with bank cards the account is checked only with bigger transactions, going over ~100e)

which gets quickly to why bother with cash at all.
i trust the places i use my bank-card enough, if they abuse the information(rather, access it at all more then necessary, as we do have laws against abuse of such logs), the individuals responsible are going down.

oh, and moving bits is cheaper than moving actual physical bills and coins. and when moving big amounts of money guards and other logistical necessities pile up. getting that money to the cash withdrawal automats isn't cheap in rural areas.. exactly the reason why only 20e and larger bills are available from automats in finland.

ever sent money in a letter? why bother when bank transaction is free, fast, and more secure.

i know it's very easy to copy my card, but i also know it's relatively easy for somebody to get enough personal information of me to open up a loan in my name. there's other ways to steal my money too, but thats why we have laws that forbid frauds.. i do think it's('plastic money') safe enough for me(and i do take care with it, the biggest risk though is losing it and failing to notice immediately).

I just got my Kroger Plus Card

[MicroBerto]

Of course, I lied about all of my information. They might begin wondering why some kid in the dorms is buying all that beer!

Re:I just got my Kroger Plus Card

[neekap]

I used to work at Kroger, and it seems like all of the Plus Cards are generic and you don't have to fill out any information at all. When you ask for a card, the check can scan it right then without any "activation" and it works. I got my card and never filled out the card or any of that, and have used it for months and it has worked just fine.

Looks like they just take those applications for the cards and toss them into the trash, trying to fool you into thinking they care enough to enter all that information into their database.

Hygiene, plz

Lets not overlook the health issues. A whole population filing through touching the same surface again and again... can you say 'spreading germs as fast as the plague'?

Re:Hygiene, plz

[BFaucet]

Yeah, and cash is so much cleaner... I know I throw all my bills and change in the washer.

heh... money laudering... heh...

Re:Hygiene, plz

[SparkyMartin]

It's not hygenic, but we already touch so many objects in our daily lives that are touched by hundreds of ppl every day, one more wont make a difference-doorknobs, buttons on ATM's, handles on a bus, door handles, pens used to sign your name when paying by credit card, debit card scanners, elevator buttons, just to name a few.

Re:Hygiene, plz

[Ouroboro]

Lets not overlook the health issues. A whole population filing through touching the same surface again and again... can you say 'spreading germs as fast as the plague'?

Let's not be a paranoid jackass. I don't want to make it any worse for the clean freaks, but you touch the same doorknob as other people when coming in and out of the bathroom. So regardless of whether or not you wash your hands you are touching a spot where someone, who may not have washed their hands, just touched. Or how about something even more mundane. When you buy your groceries, how do you pay. Well if you are like 99.9% of us, at one point in your life you've used cash. Guess what... That nice new $20 bill in your pocket has probably already been touched by 50 people, and at least one of them probably had a cold. Oh you say that you use your credit card, then who's pen did you sign with? So you used your own pen, did you touch the receipt? How healthy did the cashire look?

I guess my point is that unless you live in a bubble, or in a shack in Montana, you are likely to be exposed to someone elses germs/virii/bodily fluids. Get over it. In fact, if you weren't, then your immune system becomes lazy, and you are likely to get sick from something really silly like the common cold.

Re:Hygiene, plz

[DynamicBits]

And so many people die each day. What's the problem with killing one because they cut you off in traffic? What may not seem important to you can be quite important to others.

When I leave a bathroom, I try not to touch the doorknob/handle. If possible, I use a paper towel and then throw it away after the door is open. I know this is not foolproof, but it helps.

Think about the guy in line in front of you scratching his balls before he puts his finger on the reader. One more won't make a difference, right?

what about the kroger plus card?

[havaloc]

Will your 'print' also act as your Kroger Plus card (their loyalty program) as well? I know that a lot of you won't even fill out those loyalty card applications, or swap around with your friends. Bring in the finger print technology though (shiny technology), and you're all for that.

Re:what about the kroger plus card?

[rela]

Fill those out with completely fake information. It's not hard to make up contact information that seems plausible but is worthless.

Re:what about the kroger plus card?

safeway has a similar system where I live

and sometimes I am forced to shop there because they are the only ones with product XXX that I want.

so... I fill out a new app EVERY time I shop, I lie on it blatantly, and discard it in the trash as I exit with my purchase --
(at an amazing 10-30% lower cost that if I did not do this.)

Identity theft

I've seen some responses that talked about how easy it would be to fake a finger print. These people must not have read the article. A Drivers license and a finger print must be provided to make a payment.

Didn't Crypto Diety Bruce Schneier poo poo this?

[TerryAtWork]

Yes he did! In his book 'Secrets and Lies'

He pointed out that if it was compromised, they'd have to issue you a new thumb....

There are alternatives

[Night+Goat]

I imagine they will have alternate forms of payment, to prevent themselves from being hit with an "Americans with Disabilities Act" lawsuit. People without arms or hands would be rightly able to sue the grocery store. I don't see credit card readers or checks being refused in the future.

Re:There are alternatives

[carlos_benj]

People without arms or hands would be rightly able to sue the grocery store.

Would that just be the people without left arms or hands who would be rightly able to do that?

Re:There are alternatives

[shepd]

And people without arms are going to reach for their wallet with what, exactly?

Or do they expect the cashier to grope about their erogenous zone to find it...

Re:There are alternatives

It's time for some cripple jokes:

"What do you call an armless, legless man in a swimming pool?

Bob."

"What are words to the tune the quadrapedic ex-Harley rider is humming?

Born to be mild."

Re:pot pie

Yet another slashdot-sophisticant checking in here. I sure am glad that I have found a place on the Internet to have intellectual conversations about the "stuff that matters" and still work in the phrase "pot pie in your eye bitch" somewhere.

Which finger?

[rknop]

The folks at the Kroger closest to where I live are very unfriendly and frequently downright nasty. I hate to think what the work environment must be like for everybody there to want to lash out at anybody who comes into the store... as a result, usually my wife and I drive a bit further to go to a different store.

But, if given the option of using my finger to pay, I might go back to the mean Kroger, if I had the option of choosing which finger I got to stick out at them when paying....

-Rob

Re:Which finger?

rather than using my thumb, I'll just place my dick on the reader.

i'd love to see the look on the checkers face.

Re:Which finger?

[Megna]

The folks at the Kroger closest to where I live are very unfriendly and frequently downright nasty.

You must live near me. I have called their corporate headquarters so many times I am sure that they have my number on speed dial.

When I buy a house I am seriously going to consider which supermarkets are nearby before I buy. The QFCs around here suck, the Safeways really only carry booze and Whole Foods do not have Coke. It is a trial just to get food for dinner.

Re:The Finger of the Beast

Even worse, fingerprints are NOT unique. Contrary to the old claim, people do in fact live who have identical marks. And they aren't related. Also, these machines have been shown to be easily fooled with some salt water and mucus. Worse yet, the next time you get mugged they'll chop off your finger. At least they won't be taking your eyeball(s) (c.f., Minority Report).

Plastic Bags = Too small for cribs.

[Hormonal]

The problem with the plastic bags is that they're too small to line a full-size crib with.

At least with the paper bags, you could make masks, cool cookies, and other crap with them.

Now I have to pay good money for trash bags to line cribs. Pain in my ass.

Re:Plastic Bags = Too small for cribs.

[ivan256]

If they're going to make them bigger they need to make the damn handles stronger. :)

How do you make cookies with a paper bag?

Re:Plastic Bags = Too small for cribs.

[Hormonal]

You cool cookies on a paper bag. Cut the bag down the seams, lay it flat, and put the cookies on the bag. Let them cool. Eat them, but don't spoil your appetite for supper.

And yeah, a lerger plastic bag of canned goods would most likely destroy the handles attached to it, unless they were infused with admantium, Wolverine-style. Snikt, Snikt, Berserker Rage.

Another store to not get my business.

[jackb_guppy]

I and my wife, do not sign electronic tablets - your signatares are the last line of defense from fraud.

We do not use Mobil's / Mc Donald's speed pass.

We use a debit cards attached to an account different from our main account - to protect against on-line fraud.

Our local transit system tracks you by smart card use. So we do not use these.

We will not fly anymore because of the tracking and security there. (anyone wantto hand out free chocolates to stop the scanners?)

Our free country is becoming Russia of old, maybe even Germany? So who really won those last wars?

Use cash. That will keep the lines moving!

Re:Another store to not get my business.

[Overt+Coward]

We use a debit cards attached to an account different from our main account - to protect against on-line fraud.

Which means you could still lose the entire amount in that account to fraud -- a regular credit card will limit your liability to $50 (or less).

Use cash. That will keep the lines moving!

I agree with the idea of using cash, but it will certainly not "keep the lines moving" since so many cashiers appear to not be able to count properly (or in some cases, at all).

Re:Another store to not get my business.

for me = =

electronic tablets -- I draw a stright line across the pad.

no speed pass, no debit cards, no smart cards

recently I moved, and I no longer use my home address for ANYTHING.

The newspaper, addressed to 'resident', is the only service to arrive there. (to solve this, I had a frind buy me a gift subscription to the newspaper and paid them back) private mailbox services are most useful for privacy. At this point the only way someone could figure out where I sleep would be to (1)follow me home or (2)track and triangulate the signals from my cell phone (both possible I know, but there are at least some barriers) or (3) interrogate my friends who know not to give it out.

I think weare already in a police state, most people just have not realized it (yet).

Re:Another store to not get my business.

[kdgibson]

How can you seriously be that paranoid? Do you have some kind of disorder? I think there's medication for that....

Re:Another store to not get my business.

I and my wife, do not sign electronic tablets - your signatares are the last line of defense from fraud.

What? Is it real hard to scan it from a piece of paper? They'll get a higher resolution copy that way anyway.

Re:Another store to not get my business.

Uhmm.. Are you exactly aware of what information is transmitted in a Credit Check and general Banking information nation wide?

The reality it is, This is a lot less then what is already publically tracked by International Finance Companies.. THis is why police immeadiately go to Phone/Credit Card abd Bank records to figure out your where abouts.

If you are that concerned, I sincerely hope your using the Money in the matress and pedal a schwinn with a trunk around.

Re:Another store to not get my business.

[geekoid]

I'm faster with my debit card then most eople are with cash, espcially if they try to figure out exact change.

Re:Another store to not get my business.

[Anixamander]

The parent raises a very good point...

At what point does sensible security end and raving paranoia begin?

Re:Another store to not get my business.

well -- when our governement kicks in YOUR door with a secret FISA warrant and cart you off to an interment camp, then I'll feel very sorry for you.

http://mediafilter.org/caq/Caq53.court.html

Re:Another store to not get my business.

actually that article has very old info, dating back to Clinton years

the powers of the FISA court were greatly expanded in recent months by the USAPATRIOT act, and resulted in the first ever appear by the judges on the court itself. the appear was rejected by the Justice department and the terror goes on unabated.

"police state"
"police state"
"police state"

Re:Another store to not get my business.

s/appear/appeal/g

oops

Re:Another store to not get my business.

[LostCluster]

The LEGAL SYSTEM is your last line of defense against fraud.

Hate to tell you this, but the waitress who has a palm-size scanner on her belt can scan your credit card and get enough information to make signature-less transactions. Even though you sign for the meal, the fraud transactions can still get posted.

Even if you never get a credit card, you're still not safe from anybody who knows your social security number and can get to your mailbox before you. They can apply for a card, and you'll take longer to notice because you don't check your credit. Yeah, you'll likely notice something's up when the first bill comes, but that'll be quite the surprise.

What protects you is the law. If you accounts get compromised, the most you can owe by law is $50, and Speedpass and most credit card issuers will even forgive people that in an effort to prove that there's no liablity at all if their system goes haywire.

Re:Another store to not get my business.

so here is a snapshot on how these fucks think:



"If you don't violate someone's human rights some of the time, you probably aren't doing your job," said one official who has supervised the capture and transfer of accused terrorists. "I don't think we want to be promoting a view of zero tolerance on this. That was the whole problem for a long time with the CIA."



found this in a quick search in TODAY's news. if you are not paranoid about our government, you're not listening.

http://www.washingtonpost.com/wp-dyn/articles/A379 43-2002Dec25.html

Re:Another store to not get my business.

[fermion]

This is something I have thought about and it seems to be the compromise between privacy, security and liability.

I have no credit card linked to my bank account, so I use electronic tablets. I use a bad signiture, and all my cards say check ID. Any money stolen is the problem of the credit card company.

I don't use the special store cards, but that is just mostly a protest against bloat. If you use a credit card the store can track you just as well.

I only have an ATM card, and I don't keep an excessive amount of cash it the account. I use this only for ATM machines because if the money is gone, then it is my problem. I am out the cash and have to fight to get it back.

I am sorry you metro uses smart cards, That really sucks. We have stored value cards, which are not linked to the rider.

I agree with you though. I stopped using Krogers when they jacked up thier prices and required the card to get a discount.

Re:Another store to not get my business.

[kdgibson]

Is our government getting too big and taking too much control? Yes, I think so too. But I'm not going to get overly paranoid about using a Debit card or not using my real address. I'm not doing anything illegal or wrong so I have nothing to worry about.

Re:Another store to not get my business.

[jackb_guppy]

You are right to point.

By not using tablets, then my signatore is not on an electronic file to be digitaly copy.

Any store that says they have my signatore in elecetronic store... I know it is not my signatore.

So when I tell it to the judge, and call them lairs and show my proof.

I am leaving an audit trail in paper to show how I do business. So the day I need the legal system I am ready.

Are you planning ahead?

Re:Another store to not get my business.

[LostCluster]

That still doesn't quite connect. Your history of avoiding electronic tablets in the past does not disprove the theory that the day in question was the day you broke down and agreed to use one for the first time.

It's more reliable to tell the judge that there's no way you made a purchase at the Best Buy in Syracuse because you were in another state at the time.

Re:Another store to not get my business.

[MikeVx]

Which means you could still lose the entire amount in that account to fraud -- a regular credit card will limit your liability to $50 (or less).

Some banks will do this as well. I have an account just for a debit card for the reason of isolating my main account while giving me a non-credit way of making remote purchases. I told them when I opened it that I was using it for a debit point, and they had no problem when I explained my logic to them. It seems that these bank employes had never considered that charges from check payees for bounced checks could dwarf the $50 limit the bank caps the direct loss at.

Re:Another store to not get my business.

[fucksl4shd0t]

I'm not doing anything illegal or wrong so I have nothing to worry about.

My mom says "Why are you so worried about protecting your privacy? What do you have to hide?"

My answer: "Nothing."

Having nothing to hide, or not doing anything illegal, is no reason to allow the government or anyone else access to your stuff. I haven't done anything illegal in years, and the illegal things I did were morally right, IMHO. (statutory rape is about older men taking advantage of girls not old enough to properly stop them. I liberated my wife and helped her become a free woman.) However, if I didn't protect my privacy, there could very well come a day when the stuff I did that wasn't worth hiding could incriminate me, even if it is morally right and even legal at the time.

Do you change your oil when your engine runs fine? Why? "Preventive"....

Re:Another store to not get my business.

[kdgibson]

First off, you liberated your wife?!? That immedeatly signals that you live in a time before woman had the right to vote and that you are already old fashioned thinking. IMHO, I think that you are over reacting. Yes, I think that the government has already stepped too far into our personal and private lives. But given the current events of the world, I expected it to happen. History repeats itself, no big surprise. But living my life in a nutshell and trying to hide from everything is no way to live. What exactly are you afraid of? Getting shipped off to an internment camp? I realize that things aren't right in the government, but when will/were they ever be? I wasn't saying that just because I have nothing to hide makes it ok for them to dive into my personal life. You and I know that the government snooping into lives is wrong, but what is wrong with a grocery store using fingerprints as a form of an IOU? The purpose is to aid those who don't have the cash needed or have a credit card they want to use. It's not like "you buy a book about flying airplanes with your fingerprint and were gonna ship you off to an internment camp". Seriously, I think that too many of you /.ers are way too paranoid.

Re:Another store to not get my business.

[fucksl4shd0t]

First off, you liberated your wife?!? That immedeatly signals that you live in a time before woman had the right to vote and that you are already old fashioned thinking.

For this I have to fall back on some of the more annoying words strung, "You don't know what you are talking about." It's a long story that involved a certain amount of abuse, drugs, gangs, and so forth in my wife's childhood, and at the age of 15 she met me. In a world of adults that cared about her, but she didn't trust, I was arguably the only one in a position to help her. I did so, and it is rightly termed "liberation". If we split up, she will not return to her previous lifestyle, she will continue to pursue a better one, and that is liberation.

But living my life in a nutshell and trying to hide from everything is no way to live.

This isn't at all what I'm talking about. SOrry. I won't attempt to explain further, I don't consider it "necessary".

You and I know that the government snooping into lives is wrong, but what is wrong with a grocery store using fingerprints as a form of an IOU?

Ah, if I had only read the article. You see, I followed a link from a different discussion and was thinking in terms of the previous discussion. If this statement of yours is correct, and grocery stores are using it as a form of identification, or somehow it simplifies our lives, then I would consider it "ok" for as far as that goes. I do like to be able to purchase with cash when I prefer anonymity, but I rarely find it necessary to do so. In any case, some additional comments:

I don't have a problem with private (or publicly owned) organizations requiring personal information as a part of doing business. For example, when you write a check they want your driver's license number, home phone number, and so forth. This is for their protection, and since it is also useful to me (ie if I write a bad check, they'll tell me and I can pay it) I willingly give it to them.

If a company wants personal information, I have to know what it is to be used for before I give it to them. If they chose not to reveal this to me, I chose not to reveal my information.

Since that appears to be all this article is about, my comments are over. :) I'm still not reading the article, I'm not interested. Fingerprints DO change, they CAN be faked, and they are not especially reliable. Useful as a tool, yes, but not especially reliable. More useful than photographs, because they're harder to change, but they can be changed or disguised or what have you.

Not that much of a problem

[SoVi3t]

Keep in mind, you DO have 10 fingers (well, 8 and 2 thumbs). You would need to have all 10 cut/burned in order to mess this up, and also, fingerprints can still be accurate with cuts and nicks on your fingers. Criminals have burnt their fingers in acid, to avoid being caught, and still they're found due to patterns that exist on the finger. One little cut, or even ten, would not affect it by much.

Re:Not that much of a problem

[orangesquid]

The tendency to get skin warts on the hands runs in my family, and at the moment I have---count 'em---no less than 15 on my hands. Most of 'em occur on the pads of the ends of my fingers... and they come and go, so does that mean I would going to Kroger headquarters every two or three months to get new prints added to their database? I also tend to burn my fingers a lot, and I play bass and guitar but my practice schedule is irregular, meaning that callouses come and go...

Re:Not that much of a problem

I bet you're a big hit with the ladies.

Re:Not that much of a problem

Go see a doctor, dumbass.

Re:Not that much of a problem

[orangesquid]

Go see a doctor, dumbass.

Why? My father has asked his doctor about them, my sister has asked her doctor about them, and they all say the same thing (detailed below).

Warts are caused by viruses; some people have immune systems that are poor at preventing these viruses (these immunodefeciences are usually genetic). Warts tend to occur right after breaks in the skin or damage to the top layers of skin (burns, cuts, etc). The typical medical treatment plan is: do nothing. Why? Wart removal is usually more trouble than it's worth, and warts have a very good chance of coming back. If they are a problem because of their location, usually creams are tried first; if this is not successful, warts are frozen and then surgically removed (however, the success rate of this procedure can be argued to be somewhat low, as this breaks the skin and increases the chance of a wart growing there again).

While some slashdot users may appreciate your cynicism, please, in the future, keep it to yourself.

It may be easier, but...

[CrazyDwarf]

if you want to spend more of their money, you have to do it again. If you have their finger (why bother making a fake one, just cut theirs off, or does it detect heat, too?) you can keep going back and using it over and over, with no repeat effort.

Re:It may be easier, but...

[eingram]

I think the cashier would notice you holding a bloody finger. ;P

Re:It may be easier, but...

[D+iz+a+n+k+Meister]

No, No. Just drain the blood out first. Then duct tape it to the bottom of your corresponding finger.

Re:It may be easier, but...

They never have before. :-)

Re:It may be easier, but...

[ceejayoz]

Of course, that only works until the person who's fingerprint you took notices the excess charges and reports them to the company and/or the police. Once that happens, you get to find out how wonderful security cameras can be.

All that's irrelevant, though, if the store takes the simple precaution of coupling each fingerprint record with an ID photo displayed on the cashier's screen.

Re:It may be easier, but...

[damiangerous]

Once that happens, you get to find out how wonderful security cameras can be.

And the original victim gets to find out a high-res scan has been uploaded to the net and that it's very difficult to get a new thumb.

Re:It may be easier, but...

[ceejayoz]

The original victim will also find out that it's not very difficult at all to change the PIN associated with your account. Unfortunately for the unscrupulous, that fingerprint scan just became useless.

Re:It may be easier, but...

[Fapestniegd]

So I just need to find someone who resembles me to replicate, then he gets arrested for filing a false claim.

Re:It may be easier, but...

[ceejayoz]

Add in a PIN or a password for your account, then.

You're grasping at possible problems, but ignoring the simple solutions to those problems. Try being a little logical :-)

Re:It may be easier, but...

[damiangerous]

Hardly. A 4 or 5 digit PIN is hardly the most secure thing in the world. And the fingerprint can never be revoked. You have to constantly worry about your PIN being compromised, rather than being able to call the bank and get a new account number if you have even a reasonable suspicion of compromise. It's a step backwards from a more secure system to a less secure one.

Re:It may be easier, but...

[pyrote]

at 3 am they barely notice you exist...or for that matter if you ask a question.

Re:It may be easier, but...

[Fapestniegd]

If you have a pin or password, why even require biometric data? Why not simply put a keyboard at the counter and let me use al login and password.This way It would be just as secure and Admiral Poindexter woun't have my fingerprints in his Total Information Awareness database.

Re:It may be easier, but...

[ceejayoz]

Username and password just as secure as fingerprint and password? Hardly. It's a lot harder to steal a fingerprint than it is to steal a username.

Re:It may be easier, but...

[Fapestniegd]

You must wear gloves everywhere you go. Or do you write your username on everything you touch? You leave your fingerprints everywhere. All I need to do is lift them with a kit and etch them with a computerised etcher, make a gelatin mold and I am now you, forever. And you can't change them. I can change or invalidate a username a lot easier than you can replace your thumb. An etcher is a rather expensive piece of equipment, but not as expensive as limb replacement sugery.

Re:It may be easier, but...

[Pig+Hogger]

I think the cashier would notice you holding a bloody finger. ;P

(You watch the sixth day too much...)

You laugh, but 35 years ago, my father was employed by a large empire-wide life insurance company. One day, they decided to honour their oldest pensioned ex-employee. They found him out in India, where he used to be working at the branch office there. At the time, he was 110 years old.

So they sent for him, doubtlessly wondering what secret Indian method he'd been using to prolong his life so much.

Turns out that the guy was illiterate (he was a gardener - this was the time when companies would not outsource menial tasks), and he had been dead for nearly 30 years. Since he was illiterate, he was endorsing his cheques with a fingerprint. When he died, the family simply cut off his thumb and managed to preserve it...

Don't support this

[dnoyeb]

The hell if I will support an automated money sucking store that is too greedy to even pay a dang cashier...

No, im not bagging my own groceries! Its better to pay people to work even if the job is simple. Far better than to pay taxes to support these same people on welfare...

Good ole Clinton and Engler (Governor) kicked so many off welfare even as corporations sought to fire even those they currently employed.

All the while the politicians continue to insist Greed is good for capatalism. (contrary to Christianity)

Safeway has this

[humina]

Safeway already has this. It's called a safeway club card. Other stores have club cards too. Instead of giving out identification about yourself that is on your body (fingerprint or retena etc.) you give out other information. I would rather swipe a card than swipe my fingerprint. Of course my phone number that I gave them might end up in a phone bank's database (I don't know their privacy policy)

Re:Safeway has this

did you even read the article? This isn't about saving $0.35 on that jar of Peanut Butter, this is about ACTUALLY PAYING FOR GOODS. Read, man; READ!

Re:Safeway has this

Then do what I did - ask for a anon card. They give them out of their pockets. All I miss out on are the Starbux points.

qz

It's not....yet....

[MortisUmbra]

Reason being is that fingerprints are so fine and so hard to manipulate that, for exmple the latex glove they used in GI60sec the oils in your fingers would wear through the gloves enough so that your own prints would probably show through. There are various other attempts made in the past by people trying, and failing, to mimic other peoples fingerprints, all of them failed due to one reason or another (perceptable changes in the prints due to the small nature of them is a big factor).

Re:It's not....yet....

[plover]

Hello...are you even reading the other posts in this thread? Have you read this research paper showing that every fingerprint scanner system on the market today can be defeated in your kitchen with about $10 worth of crap you can buy at any Radio Shack and Krogers?

You can post a dozen reasons why nobody will ever be able to fake them. You can probably invent and post a hundred different reasons. But that doesn't even slow down the people who ARE faking them today.

Arguing a negative is usually pretty worthless. But it's even more worthless when the positive has already been proven.

government

[noldrin]

With stories like these, it starts to become obvious how much the government is holding up progress in personal security. People are often scared to give info like finger print to Id people because they are either A: scared of companies abusing the info (which can be solved by contracts) or B: scared of the government looking for info which could accidently incriminate them(which can be solved by limited the scope of government). Secuirty wise they also need to ask for a pin so that a print can not be faked and be a safeguard against errors in the system.

Anonymity? never heard of it.

[Whatthehellever]

Who knows who they're sharing this info with. Think about it.

They associate fingerprints with all other personal information.

This information can be given to anyone including law enforcement. Does law enforcement have EVERYONE'S fingerprints on file? Now they do!

fingerprints

I'd rather pay with my implanted microchip,
see www.infowars.com for more interesting opportunities for invasion of privacy....

There already was one....

[Viewsonic]

They had an episode where a horror latex costume designer made a copy of his arm/hand and sold a few hundred of them. People were killed and finger prints were left all over the scene with the fake rubber arms/hands .. But as it turned out, it was the guy who made the arms/hands in the first place.. So... But yeah, they've already done something like it .. sorta

My bank already does this

[IWantMoreSpamPlease]

You know what I tell them? "No fucking way, you are NOT the FBI, you do NOT get my fingerprint. If you don't like it, I'll take my checking account, savings account, IRA and mutual fund account elsewhere."

You know what they say? "We're sorry sir, here's the money you are requesting."

Only one place (that I am aware of) in the world has my fingerprints on file, the FBI, and there's damn good reason they have them.

A bank? A grocery store? KMA.

reader refused

[CrazyDwarf]

I've never tried to pay my grocery bill with a credit card reader. They usually already have at least 1 for each register. (Realizing that wasn't what you meant, I will move on...) There are already places that do not accept checks or credit.

Maybe not foolproof...

[Whatthehellever]

For example, if they REQUIRE that you use your right thumb for scanning, and this digit happened to get blown off years ago in a freak fireworks accident, are you refused the ability to pay at that store?

Re:Maybe not foolproof...

[ceejayoz]

Of course. Because, as everyone knows, when credit cards came out, all stores stopped accepting cash and cheques.

Oh, wait.

BTW, if they did require your right thumb and refused service otherwise, they'd have a big fat ADA lawsuit on their hands. So no, the situation you describe will never happen unless the laws change.

IN SOVIET RUSSIA

The store fingerprints you! Or is that in the USA now?

obvious security concerns

[drDugan]

Customers can register for the voluntary program by presenting a drivers license, an index finger and a method of payment -- either credit card, debit card or electronic check

The concern I have is whether random company X will be smart enough to protect payment methods data and fingerprint data, both (most likely) linked to personal info.

A relative worked in a co for a few years back that implemented the software to get supermarkets to accept CCs. The implementations always prevented the merchant from keeping/tracking the payment info. I think this intentional (data anyone?) on the part of the CC companies -- and it's why supermarkets use the 'bonus cards' 'rebate cards' etc. instead of just tracking your purchases with which CC you use. The supermarkets typically don't keep the cc numbers/ name etc. after purchase is complete (I think).

Regardless -- Under this new system, KROGER has to use/implement some IT system that tracks all the users payment methods and prints. While Kroger may do this fine, the assumption is that any company that wants to implement this kind of system, has to either implement or access a (possibly centralized) repository of fingerprint payment method mapping DB, with personal data. This is an enormous hacking target. I work under that assumption that anything that people access can be hacked, and therefore people should alway weigh the benefit of putting datasources together that create a risk for being stolen.

While that arguement does not really apply for one company, as more and more companies start to do this, the question becomes will the systems be secore enough to justify the benefits and costs?

Re:obvious security concerns

[ignipotentis]

I'm sorry to say that most merchants do keep records of individuals and what they purchased and how they purchased it. The only way around this is to pay with cash. I worked for Marshall Fields and if you lost your reciept and didn't pay with cash, all i needed was a little personal info and i could look up your purchases for the past 3 months. If it was longer than that, a little call to retailers national bank allowed a much longer history to be uncoverd. They deemed this as the personalization of shopping.

Its a typical practice and i'm sure other's are doing it, have been doing it, and will continue to do it.

Re:obvious security concerns

[Quill_28]

The above is one small reason I pay with cash. The other big reason it that I hate credit companies and find it helps my budget to not use cc's.

Re:obvious security concerns

[drDugan]

I agee that many retailers keep purchase records -- but do they keep payment methods with enough details re-enact a payment?

-- which for CC is at a minimum the number and exp date -- with more advanced auth systems asking for lastname and zip, and more recently the 3(or 4) digit code on the back.

Re:obvious security concerns

[monkeydo]

Target now stores your CC purchase history. You can make returns without the reciept, and they can look it up with the CC you used. I can only assume that they are storing some hash of your CC# and not the number itself, but stupider things have been done.

Everybody seems to be missing the point though. This isn't meant to be MORE secure than credit cards, it is intended to be as secure as credit cards, without the card. The fingerprint is a token just like a card, the problem is that I only have 10 of them (2 if we're talking thumbs) and I can't replace them if compromised. The weakest point of a biometric system is almost always the database, and if we are using our right thumb and a PIN for verification everywhere, a compromise of any one of those databases knocks the whole thing down. You might as well just stick with the PIN.

Forget about stealing fingers, what happens when someone hacks the database and replaces the biometric for your thumb with theirs? Better yet, a script which substitutes the hackers fingerprint for a different real user each time the biometric is accessed. You wind up with a lot of individuals with one fraudulent charge each. Even if they notice it would be very hard to track.

Re:obvious security concerns

[thogard]

Most compaines just store the entire card number. A hash is useless unless its a unique hash for every card and it provides no additional real security. Now dig out a samll c program that counts from 3.e15 to 7.e16 and md5's each of them. How long does it take? The last time I did this it took about 5 minutes but that was on a fast pc years ago.

Re:obvious security concerns

[Trekologer]

When you "swipe" a credit card, the POS (point of sale) system reads more than just the card number and expiration date; it gets other "MSR data" that "proves" that the card was in the store for the purchase. The 3 (or 4) digit security code is now being used in place of that extra data read off the magnetic stripe for mail order transactions where the card will never in the store.

Authentication for a credit card transaction requires two things: proof that the card was in the store (either by the MSR data or an imprint of the card) and proof that the cardholder was in the store (the signature). If the merchant doesn't have these two things, they risk losing a chargeback if you contest the transaction.

Asking for the security code and making sure that the products are shipped to the cardholder's address are a precaution for the merchant but not total protection from credit card fraud.

Re:obvious security concerns

[Trekologer]

I don't think that was a design requirement as much as it was just simplier to implement. Most POS (point of sale) systems do not have credit card authorization built in; they're add-ins to the store system. So the main application which is running the checkout service passes the request to process a credit card transaction to the electronic payment application which then tells the checkout service if it was approved or not (and if not, why not). This way, you can use the same electronic payment application on multiple POS systems without needing much changing (and use multiple electronic payment systems on a single POS system). The EPS program doesn't need to "know" anything about what items are in the transaction, just the card number and how much the charge is for.

But as for "tracking" purchases, most stores that have loyalty cards and collect transaction data do so "anonymously" (that is, by card number, not the name associated with that number). Let's say Kellogg's wants to get you to switch to their Corn Flakes from Total Corn Flakes (made by General Mills). They'll usually tell the store that they want to send coupons to customers that have purchased Total Corn Flakes regularly over the past few months. So, either you'll get a coupon in the mail or printed at the register (if the store has coupon printers there).

Re:obvious security concerns

A relative worked in a co for a few years back that implemented the software to get supermarkets to accept CCs. The implementations always prevented the merchant from keeping/tracking the payment info. I think this intentional (data anyone?) on the part of the CC companies -- and it's why supermarkets use the 'bonus cards' 'rebate cards' etc. instead of just tracking your purchases with which CC you use. The supermarkets typically don't keep the cc numbers/ name etc. after purchase is complete (I think).

Where I work (Hint: We recently got /.ed when we stopped asking for names and addresses with every transaction) any employee can get the full card # and expiration date of any card used in the last 90 days. And they'll hire anything that has the right number of limbs and breathes. (Don't forget to cheat on the lengthy 'honesty' scantron you have to fill out at the interview.)

Not really privacy concerns, more general security

[ConfusedMongoose]

but no more than I already have about those electronic signature tablets currently in use at a growing number of retailers. Still, I'm sure the security and auditing procedures to maintain their electonic copy of my personal moniker are excellent.

What a horrible idea....and what do YOU gain?

[MortisUmbra]

As if swiping a credit card and pinning your ID in was too hard, most local grocery stores out here (MO) have begun rolling out automated checkout lanes, even quicker, and most of those also have one of those speedpass style devices where you just wave it and go. Which seems to me like a hell of alot better method than fingerprints!!!!

Whats most shocking to me is the apparently overwhelming eagerness of the poster to see this wide spread....what the hell is wrong with you? combine this with something like TIA and then, you can't even buy cereal without the government being able to know. What about advertisers? A 100% accurate method of tracing INDIVIDUAL purchases, I can lend my roomate my CC, or my g/f or a family member to go to the store but I cannot lend themmy fingerprints, so they KNOW it's me, they absolutely KNOW I purchased item x, I purchase it x amount of times, etc. etc. HORRIBLE idea, through and through, and I love the tone of "I know some /.'ers will have problems with this" um, yeah, duh, if its a stupid retarded idea which doesn't save you any real time but risks your identity and privacy, yeah I would assume most people here would have a problem with it.

Already here in Texas...

[dcr]

As previously reported on /., this has been tested here in Texas for several months. Despite Kroger's PR, it does not seem to have been well-received in this town, which is about 40% college students. The little terminals don't seem to be getting a lot of use here. They're at every register in the 3 Krogers here, but I have yet to see anyone actually use their finger.

When they first started doing this, Kroger requested fingerprints for checks and credit card purchases. It wasn't manditory, as I was able to refuse and still purchase. Apparently, I was not alone in this - I saw a very pointed letter that was posted on a register that threatened a boycott. Soon, they backed down and stopped even asking.

I have to agree that this attempt is another in a series of steps in trying to get us to a national identity/credit card. I can only hope we think about it seriously. As others have pointed out, it's very hard to get a new set of fingerprints issued. I have to think that the odds of someone being able to hack a database and screw up my records are better than me getting new fingerprints.

Re:Already here in Texas...

What if a fingerprint system is implemented in the same manner as the "Kroger Card"? They would raise the prices on everything, offering a discount to those who submitted to the new system.

I'd been avoiding Kroger's already when they'd implemented the identification card. Their food seemed kind of nasty at times. And now I only go there very rarely. If they do the fingerpriont thing in my area, I won't go ever again.

What worries me, are all the people who will submit. You get enough people in a town who tolerate stuff like this, those who don't end up having to pay more for things. The ignorant and submissive poison the waters for everyone else.

What worries me even more, is the realization of ignorant, submissive types, being in the majority for a lot of places. It won't be long before folks will have to relocate to avoid this sort of oppression. And you can be assured that a community welcoming one form of oppression will not be averse to welcoming others.

What are you supposed to do? You can't pick up a map and find a legend telling you "this place is free, and this place is not".

Re:Descrimination Possibilities ..Concrete

People that work with concrete ALOT would have trouble with this scheme if only because the mud takes your fingerprints off your fingers after a period of time of working with this mildly acidic building material.

Suspicion of those who opt-out

[Nfnitloop]

A fellow mentioned the look he got when he goes in to buy rubbers.
Like the evil eye he feels like he gets, what's going to happen if you don't want to do this? Most average joes will like the idea, be reminded of Back To The Future 2 and sign right up. But people who are worried about privacy, failure rate, and law enforcment entanglements could automatically be up for suspicious looks if they *don't* fork over a thumb (or any other finger).

Also, since people have been talking about how easy it is to fool a fingerprint biometric scanner - how does this compare to retinal scanning and what are the problems behind *that* method? Visions of the mall scene in Minority Report come to mind.

Not as secure as you think

[hypersqurl]

I for one would not trust this system with my credit card or atm card. The system can be quite easily fooled with some super-glue, a pcb board, and gelatin.

Bruce Schneier wrote an article about the process and which also has link to the presention given by the Japanese professor who came up with and tested the process.

Re:Not as secure as you think

[SN74S181]

Bruce Schneier writes a lot of articles.

The thing people seem to forget is that Schneier is just a crypto hacker. That means: he has done a lot of experimenting and hacking of crypto code.

That makes him a cryptography hacker. It does not make him a security expert. His outspokeness makes him a security pundit but that's really just the hacker community's equivalent of the 'foreign policy pundits' with the bad hairpieces on the Sunday Morning talk shows.

Not really secure

[danimrich]

A scientist from Japan(?) demostrated that many fingerprint scanners can be fooled quite easily in a couple of different ways:

• by placing a plastic bag filled with warm water on the sensor (the warmth and moisture activates the scanner, the sweat and grease left from the last finger is interpreted again)
• by taking a finger print in plaster and using it as a mold for a gelatine fingerprint
• (more methods)...

I think there was a german article quite a while ago in c't.
While these scanners may be quite secure when their use is monitored by a cashier, I would not want to don my fingerprints to the system if it's unmonitored. Besides, to what extent can the system distinguish similar fingerprints? If the whole US signed up for the program, how many close matches would be there?

Worried about the cards? Make yours a co-op.

[Akardam]

That's right. Most stores, you don't even need the actual card. You just key in your phone number. So setup a card with someone's phone number (it doesn't even need to be a valid number), and give it out to all your friends. The more it is used, the more you get savings, and if you give it out to enough people, the demographics become to skewed to be of any use.

*shrug* It's what me and my family do, and we don't seem to have any problems with using it.

Re:Worried about the cards? Make yours a co-op.

Well...at all the co-ops HERE, the number is just a random number they assign you, AND you get no savings when you use it. Your saving come at the end of the fiscal year, when they divide up all their profits between members, based on what percentage of the goods you purchaced. That's why it's called a "Co-operative" And yes, you DO have to give them your real address. Or else they can't send you the cheque!

The idea behind it was originally that if enough people got together, they could buy wholesale and save money. It USED to be way cheaper, but with the huge size of the major gorcery chains, its now only competative.

In conclusion, sharing your co-op number with friends only saves YOU money. And it doesn't if you faked your information, because then you won't get the cheque.

Let's not forget bacteria.

[imag0]

Just a thought, really.
Come cold and flu season you will have hundreds, if not thousands of people slapping their hands in the same place every day- a haven for germs to pass along from person to person.
If it's all the same to you, i'll pass.

Re:Let's not forget bacteria.

[ceejayoz]

So, do you wash all the coins and bills you get? How about the pen used to sign credit card receipts? Or the shopping cart handles?

Or, you could just refrain from licking your finger after using the fingerprint reader.

You're far more likely to get a cold or flu from the person standing next to you coughing millions of water droplets containg bacteria into the air than you are from touching a fingerprint reader.

How it works (in case you don't know).

[I'm+a+racist.]

Here's a quick overview of how this sort of technology works. I'll leave the typical transaction stuff since most people know that. Instead, this is about the image comparison algorithms...

There are two basic schemes for doing the comparisons. They are the minutiae and correlation methods.

• The minutiae-based technique requires a high-quality image. It finds and makes a relative map of points of interest, then does map comparisons. Basically, this will only look at the ends of ridges.
  
  
• The correlation-based technique uses a more global metric, but is then sensitive to image placement and translation. This technique will take into account details such as ridge count and distribution.
  
  

There are also some classifiers used to group fingerprints and prune database searches. Some relevant techniques are GCS (growing cell structure) neural networks, K-nearest neighbor, hard/soft margin SVMs (support vector machine).

Disclaimer: I don't know anything about this field and have never worked in it. I just did some quick Google-whacking. I have done a little AI stuff, but not for this purpose.

And Yet....

We're one step closer to The Mark of The Beast technology.

Will we soon see signs in store windows that read: "Fingers Only?"

No real worries

[supabeast!]

"I'm sure some /.-ers will have privacy concerns"

Paying by fingerprint is far more private than handing over a check with my bank account, address, phone number, and in some states my social security number on it. It also beats generating credit card receipts containing my account number, which can still be used online.

"As well as law enforcement cooperation issues..."

If law enforcement is tracking you down, they have better ways than working with a retailer's fingerprint database. This is a case where the only people who need to worry really ARE the criminals, who could just pay with cash anyway.

Re:No real worries

[swordgeek]

"Paying by fingerprint is far more private than handing over a check with my bank account, address, phone number, and in some states my social security number on it. It also beats generating credit card receipts containing my account number, which can still be used online."

These are all good points, but what happens when someone compromises your fingerprint?

Bank accounts, credit cards, even social security numbers are all changeable and replaceable. Fingerprints you're stuck with for life.

Re:No real worries

[supabeast!]

Why not just use a PIN with the fingerprint? A fingerprint does not need to be the only step in the process.

Re:No real worries

[LostCluster]

How exactly does one compromise a fingerprint? It must be attached to a living human in order to be acceptable, even the dumbest checkout operator can understand that one.

Re:No real worries

i am 50/50 on the idea. one major drawback i see is if you were wanted by the police. bought something at kroger, using your fingerprint. computer searches and find your wanted. cops show up to meet you at the door.

i know this sounds good, but it's not. sounds very big brotherish to me. what if it's wrong and the cops show up

Re:No real worries

[swordgeek]

I imagine you've seen how easy it is to do this by now, but in case you missed it:

http://www.counterpane.com/crypto-gram-0205.html #5

Re:No real worries

what happens when we go cashless? but i will say it is and has been to end up with a form of chip implant. everything else is just a stop gap to get us there. it can`t be lost or stolen considering what the Bible says in the hand or forehead some people don`t have hands but if your alive you got a head.

Snake Oil

[MenTaLguY]

Such a system relies on two major assumptions:

• Your finger is unique and physically secure (hopefully true)
• There's no "your finger" equivalent that someone could use (patently false and hopelessly naive)

The problems with such a system:

1. It's easy to falsify. It's actually almost trivially easy to fool a fingerprint reader and fake someone else's fingerprint. (note that the type of gelatin Matsumoto used is seaweed based -- a little stiffer and a bit different than what we use in the states, but I'm sure you can find it here in an asian grocery store or similar)
2. It's not verifiable. There is no challenge-response method possible with your finger to verify that it's even your finger, unless you want to add an embedded subcutaneous microchip, as in a smart card (but then why a fingerprint at all?). Worse, no such system actually checks your fingerprint; it computes a numeric hash of some sort from key features. Any hackery that can get you into the system behind the fingerprint reader means you just use the numeric hash (VERY easy to copy!) instead of a fingerprint. Consequently, it's no more secure than a credit card number in this respect.
3. It's not unique. Two words: hash collisions. Not such a big deal for authentication, but a real problem for identification.
4. It's not revokable. Given the above, if someone steals either your fingerprint or its hash, it's not like you can just get a new one, like you can a credit card number. You'd better hope the system at least allows you to switch to a new finger (and hope you don't run out of fingers). In the worst case, then, it's actually LESS secure than a credit card.

Re:Snake Oil

[angle_slam]

Plus, don't forget the Arnold Schwarzenegger film, The Sixth Day, where Arnold cut off someone's hand and used the severed hand to fool the fingerprint detector.

Re:Snake Oil

If someone slices off my fucking hand, having my grocery money stolen is probably the least of my concerns.

I could probably win a lawsuit if any cashier allowed a guy to pay with a severed hand, anyway.

Re:Snake Oil

[pesc]

And:

5. Your fingerprints are not secret. You are leaving thousand copies of them daily on objects you touch. Combine this with item 1.....

Re:Snake Oil

[avdp]

That wouldn't look one bit suspicious in a grocery store... I can just see someone pulling a bloody hand out of his pockets to pay for the pack of tic-tacs...

That's why I kept getting looks

[Hormonal]

See, I used to get the stuff as a package deal. It'd be like, "Oh, here comes Hormonal. Someone should tell him we moved the enemas (note spelling) to aisle 6."

When I got a new gf, it was all like, "Hey, aren't you forgetting something? All you've got is condoms, man."

Re:That's why I kept getting looks

[Monkeyman334]

I'd have to go with the AC. They know you by your handle AND you're buying condoms at the same time? Those things just don't go together, man.

In Soviet Russia

Fingerprinting systems pay YOU!

Even better..

[Stonent1]

"Sorry, I have no fingers. Do you mind if I provide you with a semen sample instead? Nahh, that's ok... Keep the change."

Re:Even better..

If you have no fingers, how are you going to supply the semen sample?

Re:Even better..

[Stonent1]

I may not have fingers, but I've got nubs!

Americans with Disabilities Act

OK, so how are people with no arms supposed to use this?

Re:Americans with Disabilities Act

[MachineShedFred]

That would be one reason why it is voluntary, rather than manditory.

If you can come up with a fast-pay solution that every single person can use that no one would have privacy concerns about, I'd love to hear it.

Whether it be a retina scan a la Minority Report where people steal your eyes and have eye-replacement surgery or a pinprick / DNA match, there will always be people that bitch about 'my privacy this', or 'quadrapolegic can't do that'. This is why there is still Cash, Checks, Credit cards, Debit cards, Green Stamps, Traveller's cheques, wire transfers, etc. How easy are any of these solutions for people with no arms? When someone is designing a system, they design it for the maximum feasible amount of users possible, because it would be insanely expensive and convoluted otherwise, not to mention the fact that such a system would be made mainly from "unobtanium" as I cannot easily think of ANY system that would accomodate every single ailment or disability that can possibly occur to a human.

Re:Americans with Disabilities Act

What about if you are in an iron lung? You can't use it then either, the insensitive bastards!!!

Grocery stores are where the technology is at...

[VudooCrush]

I currently work for one of the largest grocery chains in the US. We're trying all different kinds of things -- ie automated checkout's, online grocery stores, pda based ordering in the deli, super carts which tell you when your passing a good deal, and other things. We've had wireless access points in our stores for years. All of the guns the stores order with are wireless. Some stores have more Cisco equipment in them than a small ISP does. And the great thing about grocery chains is they don't go bankrupt like so many dotcoms have. It's like McDonald's disapearing, it's not going to happen.

I don't trust Kroger

[xombo]

With those cards you get from them, they take the money from your social security funds. They are fradulant scumbags, and I will not use any service from them, WalMart, etc. Next thing you know, we will have to scan our thumbprint to activate windows!

Re:I don't trust Kroger

Oh, I've got to hear what POSSIBLE PROOF you might have that your Social Security has been somehow ripped off by signing up for a frequent shopper card.

I think that if that was the case, they might ask for your social security number when you sign up, don't you think?

Oh, and don't you think that the FBI would have something to say about the largest grocer in the nation (according to the article) conducting a massive fraud scheme to pilfer the coffers of millions of retired Americans?

Please use your brain as a filter before posting.

Re:I don't trust Kroger

Oh, and don't you think that the FBI would have something to say about the largest grocer in the nation (according to the article) conducting a massive fraud scheme to pilfer the coffers of millions of retired Americans?

I don't know about that--those guys in the Capitol are all still roaming about free. Of course, they're busy looting the money that belongs to future retired Americans, so that's technically different.

~~~

Great idea! But...

[BFaucet]

Once again, an excellent technology that has great potential. However, someone will abuse it. Be it criminals that are faking your print, gov't spooks, or even *gasp* companies.

It sucks that people can't just be honest.

Personally, I think I'll stick to cash when making purchases I don't want others to know about. And I'll wait for a number of years on the fingerprinting... see what problems might arise.

repeat after me

Practice these phrases and have them at the ready. most useful:

"there is nothing you will ever do or say that will make voluntarily allow you to search my car."

"there is nothing you will ever do or say that will make voluntarily allow you to take my fingerprint."

"there is nothing you will ever do or say that will make voluntarily allow you to violate my rights granted under the US Constitution."
{{ see http://www.billofrightsinstitute.org/ }}

people are asleep, and it makes them most uncomfortable to shake them a bit towards a wakeful understanding of the issues.

Can't make No sense of it.

[budalite]

Why do I need to sign the credit card receipt at restaurants, grocery stores, etc., but don't need to sign it at gas stations? Gee, Vern, someone could steal my Exxon SpeedPass and gas up New Jersey. (insert NJ gas joke here). How many other "inconsistencies" are there? Just curious. :})||

OMG!

[Jonny+Ringo]

Ok, yes I'm replying to my own message. Because for some reason a bunch of you think I actually believe that becoming a member of a grocery store and getting a card for coupons is actaully joining an occult.
My post was a joke! Yes I have actually said this to cashiers and they laugh, because its funny. You should laugh to. Don't be a robot.

Re:OMG!

[LineNoiz]

There is a difference between a cult and the occult. You are using the terms interchangably. You shouldn't do that.

Re:OMG!

[Xerithane]

My post was a joke! Yes I have actually said this to cashiers and they laugh, because its funny. You should laugh to. Don't be a robot.

Just because you intend it as a joke doesn't mean it's funny. It's obvious that you don't mean that, and if you did you have much worse problems in life. What may not be obvious to you that it is just a plain stupid joke, and as someone else pointed out.. laughing at, not with.

Re:OMG!

[Jonny+Ringo]

Thanks. I thought there was a difference, but I wasn't sure.

Finger of the Beast IS Mark of the Beast

Rev 13:16-18
And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads
And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number [is] Six hundred threescore [and] six.

Re:Finger of the Beast IS Mark of the Beast

The Greek may imply GIVE instead of RECEIVE. This would then read "give of a mark on their right hand or on their foreheads....." Even more scary!

Driver's License in GA

[clustersnarf]

Getting a Drivers License in Georgia requires you to provide your finger prints. I am wary of this and still expect my conformity to come back and haunt me. Seems that the DMV is just a way to get more finger prints to compare against in crimes.

I've watched enough 'Law and Order' as well as 'Forensic files' , 'The New Detectives' and others. Seems to me that just a FEW hits on your fingerprint is enough to convince people that it was really yours. Until I commit a crime, I don't want the state having my Fingerprint. Much less a grocery store.

This is something, along with the 'bonus cards' that I hope to never give in to. I do believe that these finger ID systems will just be another way to track people and their movements. I mean if Hardcore right wingers want to talk about 'the mark of the beast' and such in relation to people being BarCoded, how are they going to react when they hear that EVERYONE HAS A SERIAL NUMBER ENCODED INTO THEIR FINGER PRINT!!??!?!

This is truely a step towards total population control.

story from April

[drDugan]

a story from April 2002 showing a Seattle area Thriftway inplementing a similar system


http://seattlepi.nwsource.com/local/68217_thumb27. shtml

would it be fraud to

fake and use copies of your own fingerprints
yourself? Or would it simply violate the
DMCA?

Try someone else.

[PrimeNumber]

Kroger tries to pilfer enough personal information via their Kroger Kard (tm) as it is.

These cards are used to pilfer personal spending habits. What the consumer (AKA a person) gets in return is a discount on an item that was probably marked up anyway. Randalls has also implemented this scheme. What all of this means is that people willingly whore their privacy for a small discount on overpriced goods.

The whole point of this is that retailers want to be able to amass a large database of consumer spending habits, and sell these to the largest bidder. The days of suckering people into a store with double coupon days are rapidly becoming a relic of the past.

Kroger et al. can stick this fascist crap up their collective corporate asses.

I will shop at HEB instead.

Besides I hope they do try this, I have a feeling even the most clueless drooling consumeroid will have reservations about using this system. Besides, they will probably lose money on this as most places I have heard about using this type of technology always abandon it, as it doesn't work worth a damn, and requires multiple scan attempts to read a fingerprint correctly.

Re:Try someone else.

[geekoid]

it(the cards) can only track you if you give it correct information.
I have several cards, two for my cats, one for the president of the US, and one for Bill gates. SO I just use theirs ;)

I save about 250 bucks a month using those cards. If I ever did have to give accurate information, I can't say whether or not I would, but even if I did, I would find away to make them either outlawed, of open the store up to liablilty. Perhaps religious discrimination. I believe its the mark of the beast, and its agains my religeon to have one, you are charging me more money for not having one, therefore you are discriminating me.
HA!

I'm glad I'm not known to be too rich..

[haggar]

('cause I'm not), so I have a reasonably good chance to keep my fingers.

how to fake

explicit instructions on how to fake such a system are here:

http://www.itu.int/itudoc/itu-t/workshop/security/ present/s5p4.pdf

going AC because I'm sure some gevernment asshole will consider this a terrorist threat.

Re:how to fake

his paper is here, copied from a SPIE journal

http://cryptome.org/gummy.htm

Impact of Artificial "Gummy" Fingers on Fingerprint Systems

Safeway/Vons does indeed allow their cards...

[MamasGun]

...to be used as payment in their stores. Basically your card gets hooked up to your savings or checking account, and they basically get their money via an Electronic Funds Transfer. Here's the info on the Vons site: http://www.vons.com/smartcheck.asp. Actually Vons has been doing this for quite a while, but they are relaunching the service.

Your soul

[humina]

It's also about selling your sould to the people. They want your drivers license, fingerprint, and a payment method (probably credit card). Your grocery store should not need all these things. And my point was that Safeway already tries to collect information about it's customers with it's club card. The information just happens to be less sensitive, and implemented better using a card instead of your fingerprint.

Already here...

...this attempt is another in a series of steps in trying to get us to a national identity card...

It's called a passport.

You forgot something:

The obligatory:

5: ?
6: Profit!!!!!!!!!!!

Sorry, I had to...

Re:You forgot something:

The obligatory:

7: ?
8: Profit!!!!!!!!!!!

Sorry, I had to...

Re:You forgot something:

The obligatory:

9: ?
10: Profit!!!!!!!!!!!

Sorry, I had to...

Re:You forgot something:

The obligatory:

11: ?
12: Profit!!!!!!!!!!!

Sorry, I had to...

Re:You forgot something:

The obligatory:

13: ?
14: Profit!!!!!!!!!!!

Sorry, I had to...

Re:You forgot something:

The obligatory:

15: ?
16: Profit!!!!!!!!!!!

Sorry, I had to...

Re:You forgot something:

The obligatory:

17: ?
18: Profit!!!!!!!!!!!

Sorry, I had to...

"that paranoid"???!!!

I am getting there myself.
It's just getting scarier every day:
1) Department of Fatherland (oops Homeland) Defense formed.
2) National database built to pretty much track everything we do.
3) Mainstream companies building biometric databases.
Where is this all leading?

Kroger's Is Fronting For The CIA: +1, Informative

Fools! Kroger's is doing this for Total Information Awareness

Be Patriotic: Impeach The Cheney Rumsfeld Administration!

Cheers,
W00t

Re:The Finger of the Beast

[gmack]

As funny as that is.. referring to the mark of the beast as a chip is simply a technophobic misinterpretation of the Bible.

Hint: hand and forhead reference is a reference to the original giving of the law of Moses.

You forgot something

The obligatory:

5: ?
6: Profit!

Sorry, I had to...

Re:You forgot something

The obligatory:

7: ?
8: Profit!

Sorry, I had to...

Re:You forgot something

The obligatory:

9: ?
10: Profit!

Sorry, I had to...

Re:You forgot something

The obligatory:

11: ?
12: Profit!

Sorry, I had to...

Re:You forgot something

The obligatory:

13: ?
14: Profit!

Sorry, I had to...

Re:You forgot something

The obligatory:

15: ?
16: Profit!

Sorry, I had to...

Re:You forgot something

The obligatory:

17: ?
18: Profit!

Sorry, I had to...

Re:Didn't Crypto Diety Bruce Schneier poo poo this

[ceejayoz]

Or a new PIN for your account with them...

Simple common sense solution, eh?

Er... that's not exactly what I meant...

[Akardam]

Sorry if I was confusing. I used the term co-op purely in the sense of "lots of people in a common goal", not that I thought they should start using these kinda cards at co-op grocerey stores.

You forgot something:

The obligatory:

5: ?
6: Profit!!!!

Sorry, I had to...

schmucks

I posted this yesterday and they didn't take it. Now they take it from this other punks. Insensitive clods.

Already in Seattle

It's already being used in West Seattle. The problem is, you can buy what the store clones believe is perfectly good cheese when in reality it's 3 months over it's sales date and a health hazard.

With that kind of brillance, I'd never trust them, with anything.

So there *is* an "eye" in "team"

[Katravax]

That was from a Dark Angel episode, where she did essentially the same thing.

Link to the Matsumoto Paper (fake finger)

[The_THOMAS]

This is a link to the Matsumoto example (.pdf) of creating a fake thumb from gelatin.

fair use

[Unregistered]

What if i want to use a different finger. Will the system allow this. What if i want to send someone else, can i do this. I think this a horrible example of DRM. This is Kroger saying if i lose my thumb i can't get food.

the biggest problem is this

Assume 100% accuracy.
Now, all of these work in some way by communicating some sort of hash, right?

If the hash is compromised, what are your options? Have your finger transplanted?

Give Kroger the finger!

[base3]

And shop somewhere else.

Pre-Minority Report eyeball theft

[OOMatter]

In Demolition Man a criminal escaped from prison with a warden's eye on a stick...

not a serious security system

[Tom]

Any serious book or article on biometric access mentions that biometrics is a good part of a security system, but should never be the only part.
All biometrics available today, and all imagined for the near future have already been broken. In fact, all systems on the market today are exactly as easily broken as you see in the movies, if not easier (some iris-scan systems have been fooled by photographs. I mean, come on!).

What biometrics is good for is simplifying access controls. For example, you could use your fingerprint instead of your credit card at the ATM machine (but you would still have to input your PIN). But you wouldn't have to carry a dozen plastic cards with you anymore, and be afraid of losing them.
By combining something you are (biometrics) or something you have (credit card) with something you know, you get good security. Never rely on a single point of failure.

Re:not a serious security system

Just be afraid of losing your fingers...

Re:not a serious security system

[drDugan]

it was my understanding that it was nearly impossible to fake/crack the blood vessel patterns on the retina.

can you back up te claim that "All biometrics available today, and all imagined for the near future have already been broken."

what exactly do you mean by broken?

Re:not a serious security system

[Tom]

You don't have to fake the retina. You just have to fool the scanner. As I wrote: At least one of the commercially available retina scanners can be fooled by a picture of the retina in question. Good news for you: The bad guys don't have to plug out your eye anymore.

In the not too distant future...

[Skapare]

In the not too distant future you might be turned down for health insurance. Why you might ask? Because your grocery buying habits should an excessive proportion of fatty foods that cause high cholesterol, as well as the tobacco products, and all those pain relievers. They track you in the stores now, especially if you have a savings card.

Other uses...

[juanca]

I work for a bank in Guatemala, and we've been experimenting with fingerprint readers with the objective of giving our customers easier access to financial services.

You have to understand that my country has a very high illiteracy rate (40%+), so our primary goal was to reach that sector of society. Normally, they would have to bring a literate witness to verify their identity, which is very demeaning. Now, by using their fingerprint, they can deposit or withdraw money without hassels.

We're not trying to give them an excuse to remain illiterate, we want to give them a little sense of dignity instead. So far, we've had great results, it has also been a great experience for everyone involved.

Re:Grocery stores are where the technology is at..

[Trent_Alkaline]

Agreed, our local store (which happens to be a kroger store) is already testing a few of the methods you have listed. We have automated and self check out lines which I personaly love. It cuts out the small talk that is basically required with going through normal casheer lines. It cuts off at least a few minutes from the shopping trip. Now if I could go through an automated or self checkout line, and instead of having to dig through my wallet for a card, just swipe my finger across a scanner it would be even faster and easier. A lot of you people are being way too paranoid. Sure fingerprints can be copied, but how likely is that going to be in this case? It would be a lot of hassel just to steal groceries don't you think? Now I can see the paranoia if this tech was used like an ATM or whatnot, but groceries?

Which account??

#(*@!! I tied my thumbprint to my savings instead of checking!!

Actually this is the Mark of the beast

"in their right hand or on their foreheads: And that no man might buy or sell, but he that hath the mark."

This refers to fingerprint and retinal ID.

Mod Parent Up

Genius!

fingers

[tacocat]

What if you have a tragic accident and lose your fingertips from fire or industrial accident?

It just sounds awefully easy to spoof. And what happens to the entire shopping line if you have grubby fingers and muck up the works?

Please wash your hands before you pay

OT Re:some?

[ahoehn]

Every time I get asked if I have one of their cards for "saving", I just say "Sorry, I don't join cults"!

Wait to stick it to the man. Your socially abrasive behavior is a pinnacle to which all of us geeks should aspire.

The truth is that most people will simply find this system convenient. The majority of the populace isn't terribly concerned with their right to privacy. While there will likely be shortfalls with this system, it seems to be generally a useful good idea, especially if other payment options continue to be available. I'd rather carry around my finger than my credit card.

SWEET!

[ShieldW0lf]

Time to get the gloves on and start shaking hands with politicians :)

How about a website full of photos of politicians fingerprints? Lets go shopping!

I can see it now

The ads saying "What's in your wallet?" will have the answer: "Someone else's thumb."

This will save me a lot!

Cool! Now I can get all my groceries for free just by cutting off other people's fingers!

[ mod parent up please ]

[MenTaLguY]

Yes! Cannot be overemphasized.

Damn Right We've Got Privacy Concerns

[tom's+a-cold]

The potential for abuse of such fine-grained information on your consumer puchases is not just restricted to the government. One goal is for merchants to be able to develop custom pricing structures for each consumer. That is, the current "club member discount" scam (really charging a higher price to those who don't want to be tracked), only more tailored to their estimate of the depth of your pockets. And of course this information will find its way to direct marketers, other merchants, and (if Poindexter isn't put back in his cage) to the Feds.

Look at www.nocards.org for more detail. Even when you discount the advocacy-hysteria that sometimes erupts on that site, there remain serious grounds for concern. The ability to conduct anonymous exchanges is one foundation of a free society.

Whether the means of tracking your identity is based on biometrics such as fingerprints, on RFID tags, or some other technique is irrelevant. It's the level of detail and intrusiveness, as well as the increasing difficulty in opting-out, that's the real problem. This kind of privatized totalitarianism needs to be shut down. Once the data stream is out there, it will be abused.

Discount cards (was:Re:some?)

[MikeVx]

I am a privacy nut myself, but I do use some cards under some circumstances. Anyone who needs the records from my bookstore or dvd store to work out my tastes in either category is likely more dangerous to themselves than to me. Figuring out those patterns is not difficult if you talk to me for a few minutes. If I want something not to appear on any records, I use a different branch than usual, pay cash and deny having a card. Simple.

As for groceries and such, I have stores nearby where I can get better prices than the cards get you at the chains, and I don't have to give them any info at all.

Re: Box at a mail agent

[MikeVx]

To drift onto a tangent for a bit...

private mailbox services are most useful for privacy

The lack of a direct address has its uses, but my primary reason for using one of these is that I order lots of expensive things that arrive by assorted couriers (USPS, UPS, FedEx, carrier turtle, etc.) and instead of getting a tag to pick it up, or having it left on my doorstep or with neighbors who may not remember right away, it gets signed for when needed and is watched by paid mail-watchers until I pick it up.

The largest item to date through there has been a large TV. I was able to leave it there for a few days while I made my own arrangements for pickup, and I was not at the mercy of the delivery service as to when to be home.

This also limits the damage caused by kids stuffing snowballs in the mailbox. :-)

HRmmm

This can be iether very good, or very bad

Very good if: Makes the use of them redidulous CD prosumer keeper outers go away. (A routine finger print lifting scheme for example)

Gets rid of them cameras in bathrooms based on prior argument and makes for a alternate way to sebtle store debts

Very bad if:It uses linux, implemented by Linus ____ official of political power installs it, used as yet another way to ensure getting a false positive " " on drug tests (in halers, stims such as steriods for week - underdeveloped frames etc)

If your a law officer gel molds would be a headache

Do I get my finger back?

[Newer+Guy]

Customers can register for the voluntary program by presenting a drivers license, an index finger and a method of payment -- either credit card, debit card or electronic check. I wonder if they return the customer's finger when they're finished with it.

Re:Grocery stores are where the technology is at..

[mzo23]

The main concern is privacy not identity theft. See places like CASPIAN for examples of why identity linked databases for shopping tracking could be(and are being) horribly abused by these chains. The reason the finger print is even worse then the cards is that the finger print is linked directly to you and only you (barring forgery of finger prints of course) whereas with some cards you can put false or no information on signing up (although some require ID when signing up). If these fingerprints are correlated with any other database (IAO program anyone?) then suddenly anyone with access could know way more about you then you can imagine (think of the detectives that go through peoples trash to learn all kinds of neat things for an example of what I mean). The fact that your fingerprints are being linked to something as seemingly "irrelevant" as groceries is much worse then an ATM as it shows how pervasive we will allow this kind of tracking to be. Being paranoid doesn't make me wrong.

Re:The Finger of the Beast

[hesiod]

Okay I have no idea what the heck you are talking about, but it sounds interesting. Not to pull you into an off-topic (and potentially karma-killing, if you care) conversation, but what is misinterpreted, and what does it have to do with his finger?

Re:The Finger of the Beast

[gmack]

A frighteningly common american religious right interpretation of the mark of the beast is that it's a chip or some other embedded tracking device. "666 chip" Before that they thought it would be a tattoo.

These are the same sorts of people who go around looking for satanic symbolism on products and demand boycotts of corps like proctor and gamble because they think they once printed something on thier boxes that looked like it could be a satanic symbol. Apple was also once a victim because they ran an ad for a $666.66 computer kit. (Woz later said that he had *no* idea tht number had religious meaning to some people" Even Intel is afraid of these people as proved by their clocking up by 1 mhz to 6667 mhz a few years ago.

The finger of the beast comment was a hilliarious play on that sort of thinking.

PS no I don't care about karma.. much I'm capped anyways and it never takes me long to get it back.

Re:The Finger of the Beast

[gmack]

oops that's 667 mhz.

back to the future part 2

Now this reminds me of back to the future part 2. Part of my favourite movie trilogy btw. :) The scene where old biff gets out of the taxi cab and pushes his thumb into the scanner as a credit card as payment. If we can fix the security issues with finger print scanners, then we're pretty much set. Cause then the only way to use someone else's finger print is to have their finger with you.

Re:Grocery stores are where the technology is at..

[Jeremiah+Cornelius]

So,

Where in Safeway do you work? :-)

Kroger:groceries as AOLTimeWarner:media

[MMHere]

Kroger seems to have bought up grocery properties like your favorite corporate behemoth bought up media properties.

I, for one, don't like the results evidenced by my local Fred Meyers stores. Product-line consolidation/elimination has begun, presumably for cost reduction.

Example: These cheddar-heads no longer sell milk in cardboard cartons. Except for the small quart-sized ones, all milk is now sold in plastic containers. These are the translucent ones, which let UV light in, which damages the milk, which makes it taste "funny." I also dislike the way in which plastic containers' screw-on caps collect dried, cruddy "milk dust." Every time (after the first) you open that sucker, dried milk crumbs fall all over, and into the milk container. Blech!

I wrote to Kroger's customer service to complain about these containers. While they did send me a coupon for a free half gallon of [plastic-enshrouded] milk (which I happily used), this simply served to remind me how much I dislike these containers. The rest of the letter I received from Kroger essentially said: bugger off then, we don't want your kind!

As a result, I generally avoid Freddy's for groceries -- especially if I know I need milk.

Last Post!

[alpg]

A Severe Strain on the Credulity
As a method of sending a missile to the higher, and even to the
highest parts of the earth's atmospheric envelope, Professor Goddard's rocket
is a practicable and therefore promising device. It is when one considers the
multiple-charge rocket as a traveler to the moon that one begins to doubt...
for after the rocket quits our air and really starts on its journey, its
flight would be neither accelerated nor maintained by the explosion of the
charges it then might have left. Professor Goddard, with his "chair" in
Clark College and countenancing of the Smithsonian Institution, does not
know the relation of action to re-action, and of the need to have something
better than a vacuum against which to react... Of course he only seems to
lack the knowledge ladled out daily in high schools.
-- New York Times Editorial, 1920

- this post brought to you by the Automated Last Post Generator...