Slashdot Mirror
The Trouble with RFID
wintermute42 writes "Simson Garfinkel, author of Practical Unix & Internet Security along with Gene Spafford and Alan Schwartz,
has an article in The Nation on RFID tags. They're not just for tracking stuff. They can track you too."
So how feasible is a "zapper" that will render RFID's useless? The idea is you come home and run your new purchases throught some sort of scanner...and poof! Normal merchandise again.
Any EE types that are familiar with what it would take to do something like this?
Anyone can track you. Really. All it takes is a notebook and pencil.
Get over yourselves. Jeez.
I have been pwned because my
No kidding. Life takes on a similarity to the chessboard. There are no surprises in chess, just players not quite working out all of the move combinations.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
In Soviet Russia RFID tracks you. Wait... that's not right is it?
Great. We'll have inboxes filled with "Track your neighbour" and "Generic RFID removal" in no time.
And what if "your" too stupid not to spot the one they hid in the button of the shirt, or the sole of your shoes?
Sorry, but my karma just ran over your dogma.
What happens if you collect about 1000 RFID devices
and carry them around with you. Will the readers
be able to read that when you pass by a scanner?
You're thinking about this all wrong. Take off your tin-foil hats, nobody really wants to 'track' you.
Now, what companies will really be salivating over is the opportunity to market to you. If they can track all of the RFID tags on and around you, they can know so much about you that they can tailor advertising to you specifically. Just like Minority Report, only not so cool.
Just think of it as value adding. You're adding so much value to the coffers of manufacturers and advertisers!
What is that quote? Man is born free yet everywhere he is in chains
I do not like the idea of having every last bit of privacy removed. Between the new camera's my state is installing on highways, with radar guns, that send you a ticket in the mail, to having banks sell personal information to thrid parties so they can call me at dinner to offer me a great price on a satelite dish, this is getting out of control.
While some may say that government will never, ever use any technology in an illegal way, I would just say they have done it in the past. Nixon broke into the dem's headquarters. Other presidents have bugged the phones of political groups like the black panthers. And this current president has the "Patriot Act".
It scares me to think what government could do. 1984 is looking less like fiction and more like a prediction.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Happy Trails,
Erick
http://www.busyweather.com/
RFID on slashdot many times. Solution to this problem is simple. Avoid holding actual personal details on a central database. Yes, lets track what people buy and where they go, but only as an alias. IE, last month, 1287 people visited XYZ store in New York and purchased ABC jacket and then 376 of those people left the state. No need to log WHO they were. Simple really!
O'WONDERWe're working on it.
I'm a triathlete and runner, we've been using RFID to track athletes for years. The main company doing this is Champion Chip. It's a small plastic device that you attach to your shoe or put on an ankle strap.
The tracking lets them do severl things. First, they get accurate timing and immediate results. They can also track where you've been to make sure that people haven't cut parts off the course. Some people are too creative, a few years back a women hopped on the subway for part of the Boston marathon, but she went "too fast", they got suspicious and reviewed the surveillance cameras in the subway.
The latest cool thing was in Ironman Hawaii. They had video cameras setup on the course and the chip strapped to your ankle let them know your location all day. Then, you could order a personalized DVD with video of your race. Pretty cool idea, though I didn't personally buy one.
Some may see this as big brother, or a harbinger of things to come. Some of us, however, have been happily tracked by RFID for years - voluntarily! I wouldn't want this to be 7*24, without my permission.
Alan.
Now I need a tin foil jumpsuit, boots, gloves and helmet.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
The problem is (as always was and always will be) how people use a technology.
RFID (or any other technology) is not necessary for a police state as demonstrated by many examples in the past.
You privacy can be (or most probably: was) violated without RFID too.
To protect your privacy you need a society that values privacy and have laws that express this. If you do not have that then you are swimming against the flow and your are doomed to failure, no matter if RFID is used or not.
I would like to point out Europe: there are privacy laws that basically say the following:
If you have such laws (and have them enforced) then there is no need to fear RFIDs - but if you don't have them, RFIDs should be the least of your worries.
Real life is overrated.
What you fail to address is that takes a vehicle and one or two dedicated people per person being tracked. This is the way it should be.
... ) gone will be the days that people could walk into a large store, take something off the selves and return it to the sevice counter ( it was a gift and I don't have a recipt ).
With RFID we are now faced with situation where a simple globally unique tag is assigned to each RFID tag and can be tracked with simple electronics. A store can track your every movement with a dozen carefully placed receivers by tracking the RFID tag embedded in the soles of your shoes.
Malls could track walking patterns the same way, and by consolidating and minimg the data, they can probably match up anonymous tracking data with an individual by looking for things like credit card transactions.
This is not stuff of Sci-Fi or intregue novels, stores want this kind of information and they WILL be using it. Unfortunatly with my buisness hat on I know that RFID will never go away, it just has WAY WAY too many advangtages for stores ( inventory, shrink reduction, fraud protection,
like Simson Garfinkel. First of all, it's not exactly a common-sounding name to me. Maybe it is in other parts of the world.
Second, can I withstand the desire to crack a Simon & Garfunkel joke? I mean, almost all the letters are there...
Hello R-F my old friend,
I've come to talk with you again.
Because the data softly creeping
I am just lying here weeping
Because a hacker
Just stole my identity...
And now my bank account is silenced.
Those little strips they put in US bills can be detected through walls... not too far of a stretch to go the next step...
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
Just throw everything you buy from Wal-Mart in the microwave for a few seconds. I'm sure the RF static from the microwave should be enough to fry any circuits in your clothes.
If you can read this then I forgot to check "Post Anonymously"
I don't think your new pet fish/hamster/whathaveyou would like that very much...
# fuser -v
#
The big question, which, it seems to me, gets deliberately fuzzed in all of these discussions, is this:
Is it acceptable to invade your privacy as long as it is for the purpose of selling you stuff?
Privacy advocates tend to emphasize the danger that systems put in place for the purpose of selling you stuff might later be used for purposes of political repression. This is a real concern, but a relatively remote one. It's a slippery-slope, speculative, "if this goes on" kind of argument. Yes, I know (mostly from reading Slashdot!) that there have already been instances of such usage creep.
Let's suppose--implausible, of course, but suppose--that you could somehow guarantee that RFID tags, and all the information that companies gather on you in all sorts of ways, could be freely exchanged by companies for the purposes of selling you stuff, but could be perfectly secured against any other kind of use whatsoever.
Would that be all right, or not?
"How to Do Nothing," kids activities, back in print!
This has been discussed. RFID-tags can be designed to withstand such treatment (shielding plus decoupling the antenna in overload situations). Besides, even if it worked it wouldn't save you: RFID tags will be embedded in things which you don't want to fry because you would destroy the useful function as well (_anything_ with electronics, your watch for example).
In this case, you willingly put it on in order to operate and interact with your community of runners. Basically, to see who is the best among you and to see what your time is for personal reasons.
In the scary case, WalMart puts an RFID tag on my tighty-whities and then I go to Target and over the intercom comes a voice that says, "John Allman, Welcome to Target. We have tighty-whities for sale."
Personally, I am learning to sew.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
But you wouldn't know unless you need to roll them all the way to the end.
--- Ban humanity.
My understanding, based on earlier articles that have been posted on this website, is that the RFID tags are specifically built to withstand these sorts of problems.
They disconnect their antenna if they sense a surge to protect their circuitry.
And it makes sense -- if you're using these for tracking merchandice, you wouldn't want some shoplifter taking the RFID equivalent to a tazer with them, shorting out the RFIDs, and then walking out with your product.
(personally, I didn't see anything new from this article than any of the other articles posted before on the subject. I don't think there have been particular suggestions of targeting window shoppers, but the general proximity issues have mentioned repeatedly before)
Build it, and they will come^Hplain.
Here's an idea for a new community project: Mega RFID Vest Library
Go to the dump where multiple people are throwing away RFID-laden products. Snag the lil suckers off discarded food products, garments, appliances, liquor bottles, baby food.
Sew them onto a vest.
Lots of `em.
When you walk through the scanner you'll be ...... 246 different people.
Then, trade vests with others in other cities, other countries!
"Provided by the management for your protection."
This group, CASPIAN - Consumers Against Supermarket Privacy Invasion and Numbering has information on RFIDs including Auto-ID: Tracking everything, everywhere. The group is also against loyalty shopping cards for similar reasons.
Maybe now, but think down the road a few years. You have an RFID tag in your jacket, shoes, pants, cellphone, carkeys, and wallet. You walk by a sensor, and it ties all thoes things together.
Sure, you change clothes, but what about your phone? What happens when you wear the same pair of shoes with different clotes? The data warehouse ties that serial number in with your profile and builds a profile of all the items you own. There's not an easy way to eacape that.
I work in datawarehousing. We have a system that processes about a billion transactions a day. Each record is far mor complex than than a simple RFID and station ID. We also tie multiple records together into transactions. The scenaro above could be very real.
What happens when you wear the same pair of shoes with different clotes?
The fashion police haul you away.
To-do List: Receive telemarketing call during a tornado warning. Check.
There are some great new product opportunities in the new RFID-enabled world.
RFID Super Scanner - Scan your surroundings and your stuff for RFID tags. Pinpoints the location exactly.
RFID Mega Zapper - A high energy directed radio energy impulse designed to fry the electronics in your RFID tags. Great fun for vandals in stores! Smack your enemy's wallet!
RFID Spoofer - A programmable device that returns the RFID code of your choice. Great for making a copy of you luxury car key! Or your neighbours. Have fun in stores after Zapping (TM) a RFID tag and replacing it with a Spoof(TM)!
RFID Data Miner - Build your own database of RFID tasks. Now you can do your own surveillance and track people. Also good in parking lots when you want to know what RFID code to feed into your spoofer for easy access to that nice car.
RFID Jammer - A fun little DOS device that emits radio frequences to blind RFID readers.
RFID Database Feeder - This device emits thousands of new random RFID codes every second. Great for filling the databases of those eager RFID code collectors.
I think most of these tools can be built easily and are not science fiction. If they can be built, they will.
Seriously, do you think RFID techniques makes the society more or less vulnerable for attacks?
)9TSS
Just throw everything you buy from Wal-Mart in the bin, save yourself the worry.
The 'myths' of RFID - from an industry group, but might be worth a read - even the people selling these things are only claiming ranges of 10-50cm.
I talked to one of the runners last year about it and we were laughing over the story. we also have a lot of ham radio operators in the city who broadcast results as they're anounced; i'm wondering what's next with RFID. Will hardcore athletes just have permanent chips in their bodies? Or will they be embedded in the sneakers?
"I'd say 'Have a good time,' but arson is still illegal.
Some are quick to say that the US Constitution guarantees no right to privacy.
But IMHO, the US Constitution embodies the 1793 State-of-the-Art of distrust of Government and other concentrations of power. That's the whole reason that there are three branches with checks and balances - mistrust of the institution of government. No matter how trustworthy those in power may be today, there's no guarantee that the next batch will be so. Checks and balances were put in place to provide trust - through mistrust.
Had the Founding Fathers been able to foresee the capabilities of electronic surveillance, they would have codified Privacy into the Bill of Rights. Instead, they did what they could, focusing on late-18th century concerns.
Had the Founding Fathers known of the potential concentrations of power known as multinational corporations, they would have codified some sort of separation of Business and State. Instead, they focused on what they knew, separation of Church and State.
The living have better things to do than to continue hating the dead.
It seems like a paranoid fellow can't even buy alumunum foil anymore without being monitored.
Now what'll I use to line my Official Area 51 Ball Cap?
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Has anybody ever thought of making a RFID tag detector? Something that simply emits whatever RF it takes to trigger the tag and listen for a response. (It is not necessary to decode the response, only to note that it is present.)
With such a device you could scan your things and locate and remove the tags.
It shouldn't be too hard for the hardware hackers out there to come up with something like this.
As a third-party public warehouse, my company is constantly looking at technologies to streamline the process of receiving, storing, and shipping material for our customers. Currently we receive inventory to our docks in two ways: 1. Material is received at the dock and put away in location by warehousemen. They record exactly what came in on a form and turn it in to the office staff who enter the information into the database. This relies on the warehouseman to count the material correctly, fill out the form correctly, then for the office staff to enter the data correctly. The system works, but there are many opportunities for data entry errors. One misread, miscount, mis-type and the data is bad. 2. Material arrives at the dock and barcodes are scanned. The data is uploaded to the system without any human interaction besides the original scan and a later check against the Bill of Lading that came with the load. Much better than the first method, but it comes with its own issues. For one, if the material is put into location, stacked high off the ground, reading barcodes for inventory purposes can be problematic. Also, it relies on a good quality barcode. A lot of our material arrives after long truck/train rides with the material rubbing and jostling against its neighbor resulting in many unreadable barcodes. RFID is the next logical step for us. For the material to cross from the truck/train to our dock and be read by an RFID reader without the warehouseman having to aim a laser at a possibly unreadable barcode would be nice. The customer would also be able to follow that particular RFID all the way from manufacturing through the distribution process. I understand privacy concerns, but in regard to the logistics industry I see RFID as a positive thing.
RFID scanner picks up the condom in his wallet
60inch Plasma Monitor: Greetings Mr. Smith, it's been 60 months since you last purchased that box of Troy Extra Super Ribbed, the one in your pocket has expired, would you like to purchase some more?
If you liked that item, you may find these appealing: Super Personal Lube 3000, Peanut Butter & Chicken Flavored body oil, Hustler Magazine, MIT:Technology Review, Kraft Macaroni & Cheese.
of course the only reason you came to the store in the firstplace, was to bring your grandma to get some fix-o-dent (of course she is seeing and hearing all of this as well, along with your local spiritual advisor, your wife(who never knew about the condoms), and who knows whom else.
For a scant few bucks an hour, I will take your RFID tags out for a walk about the town. Spend a few more dollars, your RFID tags get to go to the opera, making you appear a very sophisticated gent. But skimp on the tip, and your tags spend a half hour in an alley known for prostitution and drugs.
This month's special - your RFID tags get a tour of the White House! And maybe even a chance to meet the president's RFID tags. Register soon as there are only a few openings available each year.