Slashdot Mirror
Decode Your Barcode, Get Your Personal Info
Chris writes "The Swipe Toolkit is a collection of web-based tools that sheds light on personal data collection and usage practices in the United States. The tools demonstrate the value of personal information on the open market and enable people to access information encoded on a driver's license or stored in some of the many commercial data warehouses. Check out the Data Calculator, which shows how much your personal info is worth, and how the data brokers get it. It's all part of the Swipe Project, which will be on exhibition at UC-Irvine in March."
I saw this story as a subscriber before most everyone else did, so I go to the site and download all the software before the site ends up getting slashdotted.
I then download java, run the jar, scan my driver's license... doesn't work.
Then I rotate the image 180 and find out it doesn't work.
Then I go online and notice that California doesn't have a 2d barcode on the back of their licenses.
Which comes to the rule of the day, which is apparently applicable to myself:
You can be enough of a nerd to care about what's on your barcode, and still be a complete fucking moron
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Good thing I didn't throw it away.
Well, it would be, if I didn't live in my parent's attic and if I did actually have a driver's license.
Mod "Overrated" instead of replying "I disagree with you," you coward.
java -jar SwipeBarcode.jar
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
so, where can I copyright my own personal info and sue the pants off of all these freakers passing around unauthorized copies?
"Operating systems suck: you're better off using only the BIOS" --trainsaw.com
that's "Point of Sale"
When I worked at Peter Piper Pizza it was quickly learned you could exit the program handling orders to get to a prompt. You could then swipe any magnetic card through the CC reader in the keyboard to see what was on it. You just had to swipe it at the right speed to get everything.
Ben
Work Safe Porn
i already have my personal data, thanks.
So when will the first knock off site appear asking you for simialr information but actually keep an image of it on their server?
I make my face look like this and concerned words come out.
Once people know that essentially no one's a saint, we'll all be a lot better off without the sanctimonious holier-than-thou crap we get so much of today.
I am honest in all my dealings except the occasional shoplift from Barnes & Noble. I'd be fine with a lack of privacy, because everyone would be under equal scrutiny. The thing that bothers me is unequal privacy - which we're at right now.
Once everyone's life is part of a public record, we're all equally screwed and we can build our society around a new, more honest paradigm.
You can easily see that with a service such as MSN Hotmail, who already sells your personal info, your standard "I had best enter the correct info, or else bad things could happen" person can easily give them (as this project puts it) about $10 worth of personal info right in the sign-up boxes. MSN could then do a search through some of these free services and get even more money, as the information gains value if it is all stored in one location. We can then see how offering free email to the unwashed masses can be very profitable.
Accessing critical information is as easy as point-and-click. Using ChoicePoint Online's powerful search capabilities, you can easily search more than 14 billion records on individuals and businesses. Whoopdeedoo. Choicepoint and companies like them probably have more than you can spend your life trying to hide. Personally I blame it on utter laziness. Here's a day in the life of Avgjoe...
Avgjoe wakes up everyone morning and turns on the radio to hear the news while he gets ready for work. He uses XM satellite for news... (subscriber info sent)
As he gets into his car after getting ready he joyously turns on his car. "Welcome to OnStar" (userinfo sent). Driving over the Triboro bridge, Avjoe happily avoids crowds and goes through the EZPass lane. (info sent). Upon entering Manhattan he decides to fill up the tank at Mobil with his credit card. (info sent)
Driving down 1st avenue he eats a yellow light (snap snap go the cameras). Avgjoe is sent a ticket. "Hey I can fight this..."
Do the math if Avgjoe committed a serious crime he could be tracked to the minute if needed. If Avgjoe was Avgjoe do gooder who happened to be a politician who pissed off other politician, do gooder Avgjoe's information could also be abused.
You want what privacy or ease of use? Privacy? Dump your credit cards, and all other forms of digital clutter so you can complain less, unless you're just a whiner complaining while typing this with a what? UID... Ah yea a UID.
MoFscker
Some states encrypt the data before they put it in the barcode on the back of your license. It helps to prevent fake IDs. At least in Indiana, some of the liquor stores have scanners in them, through a deal with the state to read the back of the ID which has a PDF 417 2D barcode. That way when some 5'5", black hair, brown eyed underage person presnts the ID and the data on the back shows 6'1", blonde hair, blue eyes, they know it's a fake.
...how do we slashdot the sites?
I am a leaf on the wind
Your address alone is worthless. Unless they're specifically looking for you... a marketer doesn't need your address. If they've already got your name, then the address is free with the bargan. Your name and your address, associated with some random fact about you... you like golf, you TiVo "Friends" every week, you read Slashdot, you hate marketers, or you are 23 years old... starts to be come of value, particularly if presented in the form of a list of people who share the same attribute. That's where the direct marketer can come in, match that group up with a product that people who have that attribute would possibly buy, and send junk mail to that group. The more refined the profile, the better the ad is going to be targeted... and therefore the more sales that are likely to result per person bothered. Addresses alone are pretty worthless, but grouped together and with other information, that's where the value kicks in.
Here in Ohio I've actually got a few legislators entertaining the idea of introducing (or at the very least co-sponsoring) legislation to prohibit machine readibility on driver's licenses.
I've done it by convincing them that machine readability will cause more fraud. How?
The experience is that when a human has a machine that does scanning, the human will take a quick glance at the photo (or no glance at all) and then swipe/scan the card...and the card will say X and the human will believe it. Based just on that, remagnetizing the card or even an overlay sticker over the barcode can be very successful.
Indeed, the only thing separating the cheap plastic card from being an other cheap plastic card is the hologram and other visual/tactile elements that humans detect, but machines don't. If humans have to examine the card in depth before scanning it, then there is little reason to actually have the scanning machinery.
Which is cool...because the Ohio BMV does pay a touch extra for the plastic card blanks with magnetic stripes, so getting rid of the stripes saves a touch of money...at least enough to keep the conservatives listening.
And then I hit the privacy arguments...which I save for last.
These things take time incidentally...especially here in Ohio where legislators are deathly afraid of making a mistake, and the full year calendar means that they can take their damn time doing things.
But I was quite honored the other day...as I walked by one of the senior administrators of the BMV she stopped talking...she didn't want me to hear anything she was saying. Quite the compliment.
Machine readability is also discused on my New Jersey driver license privacy site, listed below.
Mine does too. So the first thing I did with it after I got it was to lay it on a steel table at work and take a whacking big speaker magnet and just go to town on that thing. I've had law enforcement question me about the lack of data on that stripe, but so far a doofus look and a shrug of the shoulders has seen me on my way. Your mileage will vary.
Is it fascism yet?
Yeah, but the definition of a compliation isn't going to cover facts about one person. The only compliations that are going to ever get protection are those about multiple people or multiple thing... think 2 or more database records in a table. If it can be properly expressed in one record, it's not going to make it.
:)
Remember, it's the people who compile lists of data who are behind the effort to make sure copyright protection extends to what they do. They're not gonna be dumb enough to propose a law that puts themselves out of business.
Always register for customer loyalty cards under phony names: Ted Nugent, Harry Truman, and John Cocktosen are favorites.
Need a fake SSN for your long distance service? (Really they don't need this) use 078-05-1120. It's an Eisenhower era specimen number that works 99% of the time.
Wired has a great story that these are pulled from. See it here
gzipped jar here
I've always wanted to see if my school's MS only infrastructure could stand up to a good pounding...
-theGreater Slacker.
PS: They say to scan your license in so that it's between 1500 and 2500 pixels long, or between 1 and 2 MB in size. I don't have a scanner, though. Or a job.
My barcode decodes to "THX-1138"...
Actually the first digit doesnt always tell what kind of card it is. You can also work the checksum algorithm from simply the numbers (This is called the Luhn alogrithm). The way credit cards are usually handled is as follows:
(where the numbers are the first numbers of the credit card number)
Visa - 4
Mastercard - 51-55
Discover - 6011
Amex - 34
In fact credit card companies have a specific range of numbers to pull from, clubs have another range, and there a few other number ranges that are broken up... see:
http://www.merriampark.com/anatomycc.htm for a better indepth overview.
I was working on an application where the client wanted to be able to swipe a drivers license and get all the user data - name, address, height, weight, etc for quick data entry. We investigated and found that each state has different formats, and not all states put all that info on their cards in mag or bar code formats. We hoped to get all of this info quickly when people test drive a car.
:)
We would have had to develop a different format for each state and in some cases resorted to scanning and OCR. In they end they decided they can type it in themselves rather then pay for development.
I did learn that serveral states were considering a standard format. Believe me that marketing companies are DROOLING over the day when every person has their Multi-Pass type card.
Very interesting to see the dollar amounts though. There should be a column for that on the 1040's.
BTW, to the person who mentioned a use for cue-cat - I have about 50 of them and they don't work that great. They are about 5 bucks on ebay, or free if you take the left overs from your local radio shacks.
- Bankruptcy: $26.50
Court records bring in some big dough:- Felonies: $16.00
But the biggest payoff comes for Military Records: $35.00.When I got out of the military in the early 90s we were strongly encouraged to take our DD-214 (summary of military records) and submit them to the county clerk when we got back home so they'd become public record, that way if we ever lost it we could go look it up. I'm REAL GLAD(tm) I worked with Privacy Act information for my whole career and developed a healthy reluctance to hand out the juicy tidbits contained on my DD-214, e.g., SS#, DOB, education, and of course your whole military career.
At some point, some time ago, there was a report about the bars in Boston scanning in the 2D codes on the back of licenses and then using it to send junk mail. The bars in New York City do the same thing. They won't let you in without "scanning" your license to be sure it isn't fake. They place it under a blacklight in a reader and it gets scanned. The club then has a record of every person, their address, description, birth date and drivers license that entered the club. On commercial licenses in some states, your Social Security Number is also encoded, so they'd have that, too.
Remember that, and think twice if the place you're about to enter really needs a complete copy of all the information on your driver's license. I've refused to provide it and taped over the back so noone can scan it quickly before I realize they're trying to. I haven't been refused access to anywhere yet.
Portable versions of Firefox, GIMP, LibreOffice, etc
I took my DL and dropped it on the concrete, stood on it and twisted it on the concrete to render the bar code un-readable.
Then I took a LARGE degausser and nuked the mag-stripe into absolute oblivion.
And everytime I present my DL to any institution at their request/demand, I degauss it all over again, just to be sure in case they reprogrammed the mag-stripe.
When I go to the bank they have to use the phone and verify my license by reading the numbers over the phone since it is no longer machine readable.
Same thing when Mr. Busy Body policeman pulls me over to see if I have illegal farts in my pants or something. They tell me my license is "not working right" and that I need to have it replaced. I just tell them yeah, I dropped it and it got ran over in the driveway and that I am going to take care of it right away.. Yeah right.
Soo sorry, I don't play their game, I play the game my own way..
Also, if I were stopped by the police on the way home this data could declare me guilty of DUI before proven innocent. Pretty bad since my girlfriend coaxed the beer away for herself before I could drink it.
I got a barcode of my DOB and SSN tatooed on my leg, I needed a 'cover up" tat for scar and (Yes I did the unimaginable and had my Ex's name tatooed on me :) Anyhow about 8 years ago I wanted to get the mess on my leg covered up, I thought about all kinds of stuff but needed something fairly solid, Soooo, barcode it was , (my cuecat will even read it :)
What we're saying (and what Libertarians, Objectivists, Capitalists, and generally people of such bent have been saying for decades) is that people are NOT equal in terms of: intelligence, looks, motivation, parental fortune, geographical accident, etc.
Do yourself a favor, it will take only 5 minutes of your time. Carefully read the following blockquote and its link.(shamelessly copied from the Idea Channel)
Part of the Second American Revolution!
I'm surprised these 2D barcodes don't have digital signatures encoded in them to verify the authenticity of the data. I think it'd cut down on the number of fake IDs used.
d 000630.pdf (2000 edition) or http://www.aamva.org/Documents/stdAAMVADLIDCardSpe cs_092003.pdf (2003 edition). Among other things, it also spells out recommended security measures.
Many places are now using the 2D barcode to verify your age, but in many jurisdictions (such as Oregon), when you change your address, they issue you a plain STICKER with your new PDF417 barcode printed on it. Anyone with knowledge of the AAMVA standard could create their own barcode sticker, making them any age they want. This is precisely why digital signatures are needed.
When someone asks for your ID, they'd scan it into a device, which would use the issuing jurisdiction's public signature to verify the digital signature on the barcode. Assuming the data is authentic, it'd then display the encoded data on a display. The person checking your ID would compare the data on the display to that printed on the front of your ID. If both match, you can be fairly certain the ID is legit.
Of course, there'd probably have to be a law prohibiting places from storing your personal data without your explicit consent.
If you're curious about the exact data format of the barcodes and magstripes, check out the AAMVA DL/ID standard at http://www.aamva.org/Documents/stdAAMVADLIDStandr
I live in South Africa - one of many countries that use the GSM mobile standard. Here I have a pay-as-you-go SIM card, meaning that I am almost anonymous.
Going on a month business trip to Australia - I plan on doing the same thing - get a pay-as-you-go card, so I take my GSM phone over.
Go to the corner store - "Starter pack please".
"Sorry Sir, we need you to fill out all this information - Gov regulations, sorry."
Name, passport number, other phone numbers, drivers licence, DOB, blah blah.
I fill it all out.
"After they verify the information, your SIM card will be turned on"
Every single piece of info was wrong, yet my phone came on the next day.
Cheers, Andy!
Andy Rabagliati
And you'll get it. After a while some of the cops are going to know you by name AND face - "Yah that one with the broken card again". Plus the cops always have to pull your records from the online database for checks - so you might show up in a DB statistic/log somewhere. They can't just go - "Cards ok, looks like just another Joe, move along now".
If you want some semblance of anonymity, you hide in the herd. Or you go move somewhere else totally.
You don't hang around the herd looking and behaving different from everyone else, unless you want to be singled out on a regular basis. If the herd is chewing cud, you don't go around stomping unless you want to attract attention.
The NSA etc don't give a damn about the 80-90%. It's the unusual ones they watch.
The marketeers are interested in the 80%, but if you behave just like everyone else and hide the bits where you are different, you vanish into one of the Common categories.