Slashdot Mirror
Fingerprints Replace Credit Cards in Seattle
prostoalex writes "According to CNET News.com, Thriftway introduced biometric systems in its Seattle stores as far back as 2002. The customer would have to be identified first and submit his own fingerprints, as well as register credit cards with the grocery store. But then a Pay By Touch system became quite popular among the store regulars. According to CNET, "one man even drove 400 miles to use the technology". The store also reports 0% of such transactions being fraudulent."
I guess this is the future... I just hope such info won't be crosschecked for national security's sake.
Trolling using another account since 2005.
Geek
The store also reports 0% of such transactions being fraudulent."
I don't think anybody's going to let you buy stuff with a severed finger.
What it could also mean is that most people don't reconcile their statements at the end of the month, and that the people who use this system are even more likely not to bother, because they trust it more.
Or not.
But give it time, someone will figure out how to scam it.
Here in we've been using a similar system for unique biometric identification of customers for years. It works a bit like this:
1) Walk into stor
2) Say 'Hello Ifan' to Ifan, the shopkeeper
3) Ifan says 'Hello ' back if he knows you
4) Say '2 grenade launchers, one baboon, and a pint of guinness please, my good man'
5) Ifan produces the above, charges your account, takes payment later. Nice and easy. And if you don't pay....
6) Chop!
How is this a really good thing?
How well does it work on someone that does a lot of physical activity (woodworking/metalworking) who might not have very good ridge detail?
Is this susceptible to Gummy Bears?
While there may have been 0% fraudulent transactions, how many people were inconvenienced when the scanner didn't read properly?
I know someone like my mother would be the lucky one person who's standing there trying while the system refuses to let her use the credit card / account.
"No fair, you changed the outcome by measuring it!" - Professor Hubert J. Farnsworth
No, probably just somebody who thinks run-of-the-mill fingerprint scanners are reliable, and does not care for privacy implications.
Picture of a fingerprint, how could you "print" it out, complete with ridges? Laytex, or maybe silicone would be nice, something I could glue to my fingertips, temporarily. Also, what are the oldest fingerprints available, that would show up in a search? I'd like to be a 170 yr old, 90 yrs dead suspect, or, supposing celebrity fingerprints are available, George W. Bush himself!
And then for when I get caught, fingerprints with an embedded "Fuck You Pigs" logo that would show up on the fingerprint card....
Credit cards are trivial to track anyway, so no immediate extra privacy implications as long as the data isn't retained for too long.
This way, if someone steals your card info and puts their own fingerprint info on it (or onto the back-end database, or whatever), there is an immediate method to start tracking them.
Of course, there are ways to defeat fingerprint scanners, see Schneier for a starting point.
I therefore think that the danger here isn't in the fingerprinting itself, which is just another way of tracking usage. It is that cost/risk of fraud will be passed on from the banks to the consumer (or possibly stores).
to say thumbs up to privacy invasion!
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
You already give them your fingerprints at the customs, so I guess they exactly know where you are at every moment you buy something...
Now, if they want to arrest you, they will remove all your priveleges remotely so that next time you want to buy something you'll be retained by the caissier until the police comes.
</tinfoil>
Trolling using another account since 2005.
Someone may have more experience with this than I do, but this is a bit scary. Has anyone else read the book "Stealing the Network". It goes into some detail on the subject of synthetic fingerprints and just how easy they are to make at home. The book is at home and I am at work or I would post the links that they have as refereneces. I can see the usefulness of the fingerprint perhaps replacing the signature or pin number, but the whole credit card!!! I don't know about you guys but when I realize that I left my credit card sitting around in a public place I freak out. I guess I am going to have to wear gloves from now on, or carry around a bottle of cleaning solution everywhere I go.
Someone with more experience please comment, especially if you have the links from that book, I am curious to read up.
Thanks
Crawl This - http://darkry.net/test/test.php
Well, severed fingers don't work on optic fingerprint readers, so it doesn't really matter if the clerk is an idiot
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
Do they actually REPLACE credit cards?
"Pay over the internet with your fingerprint now!"
Damn hackers, intercepted my finger print. Could I block my account and get a new fingerprint, please?
News story about the poor bankrupt grocery...
"The store also used to report 0% of such transactions being fraudulent before the story was posted to Slashdot. Then the number of frauds by using "stolen fingerprints" skyrocketed."
Anagram("United States of America") == "Dine out, taste a Mac, fries"
1) Have sales of gummy bears experienced a dramatic surge in the area?
and...
2) Can I choose which finger to give them for my biometrics?
Maybe he just lives in the middle of nowhere and it was the nearest cashpoint...
But this is not surprising concidering the cost of a home finger print scanner of only 39$.
This technology would be a field day for law enforcement. Any and all crimes that happen in that area where they find a fingerprint but it's not in their database... the first thing they'll do is call up Safeway.
I've always wondered about this. So there's a thermal component to the readers that won't read a cold, dead finger?
Don't call me a cowboy, and don't tell me to slow down!
Fingerprint systems like this seem to work as well or better than most forms of ID. Most security on credit card purchases I've made has been limited to comparing my signature on the receipt to the one on my card, which can be forged pretty easily. They don't ask for picture ID any more on credit cards. A lot of them don't even keep my card long enough to check the signature, and automatic chargers like gas pumps will take your credit card without any cross-check. In that sense, using an account activated by your fingerprint is probably an improvement.
:)
Yes, there are concerns about the government tracking you through your fingerprints, but they could do that through your credit cards now anyway, so I'm curious what the difference would be. Besides, we're more at risk from all the commercial entities who have access to our electronic transactions. Unlike the government, they routinely do all sorts of things with the information they collect on our purchasing habits.
Here's my main concern: What if someone manages to impersonate you and establishes an electronic account that ties your financial information to their fingerprint. Someone could wreak havoc in a fairly short time if biometric systems are trusted blindly.
Then again, if the scammer impersonates a person with huge debts, maybe they'd get stuck with them.
Biometrics may be a miracle cure or snake oil. As with any potentially useful technology, which it becomes will depend on the implementation.
TLR
A man no more knows his destiny than a tea leaf knows the history of the East India Company
Bear with my bad SF for a moment. Western civilization seems to be converging to the point where citizens will have no choice, but will depend upon a handful of mega-corporations for their sustenance, while at the same time having to give not only their time and energy, but also their identity in return. By this time, privacy will have been successfully abolished and its last traces outlawed. Every adoption of RFIDs, DRM technology - as well as every merger between huge corporate actors is pushing the world nearer to a dystopic future.
Not a flamebait, just feeling the need to vent. Mod me a fool and placate me, please.
But I think your sentiment is spot on. Well, for the most part. I think this has the capability of being more secure, but it has the flaw of its users expecting it to be perfectly secure, which would actually make it less secure (see also Why Things Bite Back, by Edward Tenner).
Just like at least one reason Linux is more secure is that it is less used, fingerprint scanners will be unlikely to be a target for the next few years. If they become the primary means of verification, whether they become more secure than the current system depends on how much their shortcomings are acknowledged. (Naturally, most /. readers already know about the various ways to circumvent these systems.)
Ben Hocking
Need a professional organizer?
just check:n ?language=en
http://www.ccc.de/biometrie/fingerabdruck_kopiere
hacking of people's fingers so someone could buy nail polish remover at thriftway.
Sadly... some idiot will actually attempt to do something like that if this technology takes off. Just watch.
There is some bozo out there who will think that's a brilliant idea.
Let's think here. First off, not many people know about the existence of this new form of SpeedPass, which if you'll pardon me saying so, is a stupid thing.
More likely case: even if they had experienced fraudulent activity, they probably wouldn't know yet. Who is using the system? ANSWER: store regulars. They are the least likely to notice an extra charge on their accounts. Think coffee shop people. Would they really pore over their credit card bills enough to notice an extra $3.00 latte? Also, would their be enough incentive for someone to try to defraud anyone yet at the low dollar amounts and get caught or knock themselves out of a bigger score later?
Trust me. We won't hear of an issue with fraud until it's worth their while.
Now accepting PayPal donations!
I guess the barcode-on-the-forehead project didn't go so well.
A person with good slight of hand talent could easily use the gummi bear trick.
I also wonder if they allow this to very age for purchase of alcohol and tobacco.
"Plans are for fools! Oglethorpe, the plutonian (Aqua Teen Hunger Force)
If someone gets an electronic imprint of your credit card number, you call VISA and get a new number.
If someone gets an electronic imprint of your finger print, you'll be chasing down fraudulent purchases FOR THE REST OF YOUR LIFE because you CAN'T change your finger print.
Ticketmaster, 5 years later, "I'm sorry sir, but you *DID* buy 10 first-row superbowl tickets. Our computer says you did it over the internet and we have your finger-print scan on file to prove it."
RUN, don't walk, when someone in a store asks for a scan of your finger-print.
Sam
Of course, let's not mention that, if they wanted to do that now, all they'd have to do is.. well.. revoke or suspend your credit cards. It doesn't sound like they refuse cash, or even that they could (foodstamps, etc). Just, if you want to use a credit card with them, you use your thumb instead of signature as proof.
Rather it be "I keep my ccard number until I come into the store and sign my transaction with my fingerprint" rather than "Here's my ccard information, let me authorize it by only ever showing my fingerprint." The former is more secure. The latter opens the possibility for their systems to be broken into (internally or externally) and lots of credit card info stolen.
Hey, no problem... you just keep the severed finger in your mouth to keep it warm until it's time to perform the deed. Always works for me... uh, I mean, I've heard that it works ok...
Amazon: "I'm sorry sir, you *DID* buy 20 copies of the first season of STAR TREK: ENTERPRISE. We have your finger-print scan in our computer to prove it."
If you are using a finger-print scanner to make ANY purchase, get ready to spend the rest of your life tracking down fraudulent purchases.
Sam
A fingerprint check might be secure and convenient. But what guarantees that the fingerprint, and the ID of its owner, will be used only in that authorized transaction? We have copyright control over our personal info. But our rights to restrict distribution are not explicit in law. The Congress must pass a law making such personal info copyrights clear and current. We need at least the same protections we give to copyrighted corporate info, like songs and music. Or corporations will own all our info, too.
--
make install -not war
... when try pry them from my cold dead fingers.
Biometric is not EVER revokable... despite being accompanied with a PIN or other form factor authentication.
Once your biometric is stolen, nothing can replace it.
When is general populace going to get a clue, like us esteemed Slashdot readers do?
It is interesting to see things like this, as innovations.
I lived in Mexico where my father had a ranch, he used take us there every saturday to pay the pawns for the weekly job (harvesting, cleaning, etc) and he had a book where he annotated down the money he gave to the workers (like a spreadsheet). He used the fingerpirts of the workers (with ink) so that the people who didnt knew to write could sing.
Ubuntu is an African word meaning 'I can't configure Debian'
Oh yeah it probably will, but the large corporations making the devices will have an 'easy' button hiddenon the underside for the Republican supports to press when things look like its going bad for them.. :)
Isn't fraudulent activity, though that's a concern.
I just don't understand why people want to hand over their credit card information in an on-going basis to these companies. Same as with those 'Speedpass' things (those I don't trust at all).
If I use my credit card at a store, they do the transaction and they're done. Having a company keep as part of its corporate records and stuff they track about a consumer including their credit card info seems kinda scary.
I guess there'll always be people not phased by this, but I suspect I'm not alone when I say I wouldn't use it.
Lost at C:>. Found at C.
The truth shall set you free.
The Internet's nature is peer to peer - 20050301_cs_profs.pdf
IIRC there was a company developing a product that used a separate technology in conjunction with the optical reader to measure the bloodflow in the finger. That way you couldn't just heat up a finger and have it pass, it'd actually have to have blood running through it at the right temperatrure.
It seems that technology like that would make it near impossible in practice to forge.
Why, o why must the sky fall when I've learned to fly?
I think that there is confusion over the distinction between "Identification" and "Authorization".
A good secure transaction would require both.
For example: To withdraw money from an ATM, you have the bank card (identification) and the PIN (authorization).
So.... I think a distinct likeness like DNA or fingerprint would make a reasonable form of identification, I do not think it is reasonable as a form of authorization.
IMO, a monetary transaction which involves a fingerprint will still require the user to enter a pin number for authorization.
Just my 2p worth.
-- The universe began. Life started on a billion worlds...
-- Except on one where stupidity was there first.
There's a Pick N Save grocery store downtown, that's not quite like a normal Pick n Save in that it has lots of high priced specialty foods. Anyhow, it's had this pay by touch system for months now. I'm not willing to use it, nor is anyone else I know. But sure, it's a neat idea?
From an article (reg req'd) on identity theft:
True story? Who knows, but the moral of it is not to put all your faith in technology, and never underestimate criminals. Some may not be very bright, but that's more than made up for by their cunning.
details here
and probably on slashdot somewhere.
Bottom line - you can use concentrated gelatine to make a fake fingertip. as seen in the movie Gattaca
But he would drive 400 miles,
And he would drive 400 more,
Just to be the man who drove 800 miles
To be a big lo-ser.
(apologies to the Proclaimers)
Those exist, but they're more expensive. The problem is that a dead finger should be used immediately, because after a short time, the fingerprint kind of fades and becomes very difficult for a reader to recognize it.
/. readers know that there's absolutely NO 100% secure system. Such thing doesn't exist, the goal isn't to render fraud completely impossible, but to reduce it as much as we can. Fooling a fingerprint reader + magnetic card + signature, etc is simply harder than doing the same on non-biometric systems. Other advantage is agility and simplicity, on some systems, you might authenticate just by placing a finger on a reader, instead of using maybe more annoying solutions, and in such a case you might gain some security (a lot in fact, just not 100%) but you also gain in simplicity for the users.
Anyway the real point here is that biometrics, specially fingerprint recognition is a very good and mature solution, which can be used for lots of things. Of course it could be fooled eventually by someone with enough determination and resources, but I would think that
There are no magic cures, the real problem with biometry is not that it doesn't work 100% perfectly but to make people aware of the fact that while it's more secure, it *could* eventually be fooled, and contingencies have to be considered too, just like with any system.
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
Right, everyone knows Thriftway is just a front for secret government projects. Watch out for seven-11, too. Your Slim-Jim preferences are being logged into the anti-terrorist database. And don't even THINK about buying gas there. Then they'll KNOW about your ties to Al-Qaeda.
Disclaimer: all tongue-in-cheek; no attack on parent
Exactly.
As I said before, never put all your faith in ANY system, you can tighten security with technology, and fingerprint recognition does that fairly well, but of course nothing is 100% secure. You have to consider contingencies.
"Luck is my middle name," said Rincewind, indistinctly. "Mind you, my first name is Bad." -- Terry Pratchett
Maybe he's just assuming that anyone who wants to have a message etched into their fingers is has enough disrespect for authority to make it a negative message.
How many people are going to have their fingerprints replaced with "Thank you for all your vigilant efforts to keep each and every one of us safe"? Though, I suppose if enough people got a long message like that etched using the same process, font, etc, it would be a good snub at the idea of using fingerprints at all. =)
Gummy fingers can even fool sensors being watched by guards. Simply form the clear gelatin finger over your own. This lets you hide it as you press your own finger onto the sensor. After it lets you in, eat the evidence.
The five second rule doesn't apply here.
You must be pretty brave to eat something that just touched something that everybody else has touched and probably has some amount of everything else they had touched on it.
I would be wary even putting my finger on there nevermind eating off of it.
I bet he just lost his credit card...
Yes, because will all know how much more secure a little plastic card is.
Seriously, did you just make that up hoping no one would notice that you don't know what you are talking about?
But my assumption is that once forging fingerprints begins to cost companies some money, improvements will be made to make it harder to forge. I'm familiar with that experiment where every fingerprint scanner at a specific expo was fooled (or at least every one that would allow itself to be tested), but I don't think that means that the scanners can't be improved - just that the designers underestimate the ability of the scanners to be fooled, or the ability of crooks to fool them. Eventually, I expect (based on no evidence whatsoever, and very little meaningful information) that fingerprints will be harder to forge than a credit card, due to improvements in scanners.
As for getting new fingerprints, I anticipate that the problem in the future is that rather than emulating your fingerprints, crooks will hack the database storing your fingerprints and convince the database that the crook's fingerprints are in fact yours (and/or vice-versa). The headache will be convincing the fingerprint companies that you are who you say you are. Naturally, one safeguard might be to prevent two people from having the same fingerprint - on file, that is. I'm assuming (quite ignorantly I might add) that nature has already prevented it from being the case in reality.
Ben Hocking
Need a professional organizer?
A friend of mine works on a stock exchange as IT manager. He could unlock a workstation of a trader using his own fingerprint (without any further hacks). Local security didn't believe him untill he demonstrated it.
It is not as airtight as you may think...
Sig (appended to the end of comments I post, 54 chars)
I think the point of the parent was not that a little plastic card is more secure, but rather that a card is not permanent.
If a credit card gets stolen... you get a new card (with new numbers). If your fingerprint gets stolen... do you get new fingerprints???
Unfortunately, just like any other group of people, it's not the "good cops" that stand out from the crowd and get noticed. Those tens of thousands officers will never be recognized by the public. It's only those officers who get in trouble and make it on the news that everyone hears about.
It's when cash is no longer accepted that I leave the country.
I've only got 9 fingers, you insensitive clod!
If someone gets your credit card number, you call VISA and get a new card.
If someone gets an electronic imprint of your finger-print you can't change your fingers. Hence, "get ready to spend the rest of your life tracking down fraudulent purchases".
Sam
So to commit fraud, all you have to do is go to the subway and take fingerprints from some surface, isolate the thumbs, create cheap replica thumbs using high-technology (digicam, gummibears and photo-sensitive printed-circuit board) and try them out.
The only way to have this thing "secure" is to wear gloves all the time.
Actually the fraud is so obvious, I am really shocked that anybody is so stupid and believe that the system is secure. The police is taking fingerprints for over 100 years already and that's not a secret either.
Yes, but a fake skin replica that fits tightly over your real finger can fool any machine any time. It has warmth, it has blood flowing under it, and it has the right pattern. Remember, what you have, what you know, and something you are. But nowadays that last one is becoming just a weaker version of something you have, because you can never trade it out if it gets copied.
how many will be driving 400 miles to use it now it's been on /. ?
---
We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience
gives a new meaning to the term giving them the finger.
Fingerprints are unique. That's about all. They aren't "granted" to be unique but certainly they are more unique than md5sum :)
The problem is, they can be copied. Current systems can't tell flesh apart from silicon or such. The readers can be easily fooled with copies of somebody's fingerprints. And you can't replace your compromised set of fingerprints with a new one...
So, no. they aren't reliable.
Anagram("United States of America") == "Dine out, taste a Mac, fries"
In a couple episodes of CSI, the perpetrator made rubber hands that had fingerprints from a live person. (Admittedly, his own, but that's a plot complication I don't feel like explaining.)
Extend that concept to rubber-mold gloves.
tasks(723) drafts(105) languages(484) examples(29106)
Due to limited availability of this technology, it's not surprising that they have no fraud. Start putting this on something gas pumps where you can buy something most people need on a regular basis and don't have to interact with people, and the fallability of this process will become much more apparent.
Stores will be suspicious of anyone buying Gummi Bears
Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
The store also reports 0% of such transactions being fraudulent.
OK, so a voluntary system that requires you to submit your fingerprint and no criminals have tried it out, even for malicious purposes? That's incredible! I hardly think that this counts as an endorsement of this technology. If it were to become more widespread it might be worthwhile for the "bad guys" to come up with ways to defeat it, but as it is they will just go down the road to the place that uses the good old credit cards they can get out of a stolen wallet.
THIS SPACE FOR RENT
I only have 8 fingers you insensitive clod!
Caesar si viveret, ad remum dareris.
Maybe after I finish waiting in line for the next Star Wars film.
From Demolition Man:
Lenina Huxley: That is correct, money is out-moded. All transactions are through code.
John Spartan: All right, so he can't buy food or a place to stay for the night. And, it would be a waste of time to mug somebody. Unless he rips off somebody's hand, and let's hope he doesn't figure that one out.
"...At the end of the day"..."when everyone goes home, you're stuck with yourself." RIP Layne Staley
I ask because at the science museum in London, there is an area where you can experiment with several computer based activities and save the results using your finger print. I had to try several fingers before I found one which wasn't incorrectly identified as someone else's.
I would guess that the technology used in this situation is not as accurate as that which would be used for credit cards but still it is still a rather worrying thought that someone else's fingerprint could be mistakenly thought to be mine by a creid card system.
I wish to remain anomalous
The only finnicky part is getting your fingerprint pattern key (the raw info is not sent, it gets crunched down by the scanner,) into the database on somebody ELSE's account. HE will be the one stuck with the bill.
You can then run the scam the same way.
Actually it takes less balls to do it because either it works and your laughing or it doesn't and your mutter something about a new scar on your fingerprint to a clerk.
You don't have to worry about getting caught because you're going to have created a false positive (doubling the key) rather than replacing a real record.
Your fingerprint is essentially worthless for security when you've got access to a scanner and to the system.
The trust-worthyness of the original scanner and scannee is the key. The more paranoid you need to be, the more data points you pick, and the more tightly you control the access to the system.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
I recall a review of some new biometric-enabled mice that came out, and the trivial way to trick them - cup your hand over the sensor, and breathe softly on it.
The existing oils will pick up the water vapor to form the pattern of the last finger on it, and the heat of the breath triggered the sensor to read it.
What amused me the most was I went to tell my boss at the time how these researchers had found such a simple way to break it, and he said "Oh... I just bought one of those yesterday." Heh.
Especially as in TX, where they require (I believe the right) THUMB print only. One is not allowed to use other fingers for authentication.
Yeah, right.
I don't know about you, but I've never once had a CC stolen/lost. I don't know -anyone- who has had 10 CCs stolen/lost, much less 10 cc's stolen sequentially (which is a better analogy, since one print id's all of your CCs here).
"Stumble before you crawl"
Unfortunately, just like any other group of people, it's not the "good cops" that stand out from the crowd and get noticed.
Au contraire. I'd say that, just like any other group of people, there are always some people that are so itching to bitch about everything that the only thing they can see (or talk about) are the grossly distorted (usually, by the media) aberrations that they point to as the source of their discomfort with the entire universe. People like that hate "the pigs" because they hate the hard work of seeing what's good and why to make more of it.
Don't disappoint your bird dog. Go to the range.
Before anybody gets up in arms claiming that this is a hideous privacy infringement that is frighteningly Orwellian, let me soothe your tinfoil-infected brain by pointing out the obvious: you're dropping your finger prints all the time on everything you touch! Unless you wear gloves all the time like Jacko or have burned off your fingerprints in some tinfoil-cult ritual this is nothing to worry about.
The preceeding paragraph was of course complete fuckery, because of course this is a terrible idea! I don't even use freaking customer benefits cards because I don't want my purchases tracked to my name. Us slashdotters know how big a database can be, and we also know how easy it is to link databases. Would you feel comfortable with some giant database buried deep within a missile silo that tracks your every purchase, has your dna and fingerprint on file, and is searchable by library book!? Yeah that sounds just freaking dandy.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Monkeys attracted to bright shiny objects. Weee fingerprint instead of swiping a card and signing a piece of paper which sucks up a total of less than one minute.
Register your credit card? Did I hear that right? I can safely say that my response to that is go fuck yourself and the grocery cart you rode in on.
Wait lemme guess what the Starbucks crowd in Seattle wants next.....
Pay using Paypal from my Blackberry. Yeah that is the shit. I will be massively more 1337 than you !!!! Weeeeeee !!!
does everything have to be an evil conspiracy? Is it not possible that bio-metric devices could be used for pure good? Do you really think the gov't needs your fingerprint to track your credit card purchases?
I mod down so you can mod up. Your welcome.
High Tech Burrito in Berkeley used a thumbprint reader as an optional payment identification system back in 1998. It was a pilot program for SmartTouch, a Berkeley biometrics company which later changed its name to VeriStar then apparently went out of business.
The problem with biometric payment then was the barrier to entry. Most people didnt want to fill out a form with CC info just so they could easy-pay at one store. What they wanted was their burrito.
Still, when there's a confederated system (sign up once, thumb around anywhere) I'm sure we'll see a lot more uptake.
Kevin Fox
tm
Support TBI Research: http://www.raisinhope.org
If I lose my credit card, I phone up and get another one. I am inconvenienced for a week or so while they send me a replacement, but I take care that I don't lose the next one. AND I can get cash from the ATM in the time being. However, if I cut my finger, then I can't use my credit card, OR an ATM, etc, until they allow a second finger to be used. In the meantime - no food, petrol, whatever. Depending on what your job is, you will cut your fingers, get splinters or just wear away those fingerprints. It's fine for companies trying to improve security, but when it could so easily get in the way of normal (lawful!) day to day life, something needs looking at.
That means there's a one in 100,000 chance that someone has the same hand. Unless you mean hex.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
If it was required (fingerprint)...I'd almost be willing to drive 400 miles to AVOID shopping at this store...
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Or you can only use the fingerprint in person, or you need to use it with a secret pass-code. It is much better then a credit card option (and harder to manufacture).
Your statement was made to just scare people.
I mod down so you can mod up. Your welcome.
"does everything have to be an evil conspiracy?"
Only on Slashdot.
What if someone was at a doctor's office or pharmacy getting medicine because they have a fever?
They can't buy it because their temperature would be off.
to break their system
"When the only tool you own is a hammer, every problem begins to resemble a nail." - Abraham Maslow (1908-1970)
...because you CAN'T change your finger print.
Hrmf! Telling me I can't change my finger prints?
*revs up the workbench sander*
I'll show you! ARRRGGHHASDFWDasdfsdaf12~!!!
sea i cntoo chadnfge my ow ow ow fignr prnits ow ow
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
How do they avoid the common problem of fingerprint scanners: too stringent or too loose settings. If you set it too stringently, you get false negatives (rejecting people it should accept). In the other direction, you can get false positives.
I did an implementation at a hospital that used fingerprint scanners for the drugs in the unit. The nurses constantly complained that it wouldn't take their fingerprint when it should. This was partly due to settings and partly due to the scanner getting dirty and scratched.
I'd be interested to know how Thriftway is getting around those things.
Funny? Not really. While thriftway isn't a branch of the government, the government could easily seize the database from them and add it to their own. How long before there are laws that force companies like thriftway to allow the FBI to search the database as often as they like? How long before companies like Thriftway are forced to send database updates directly to the FBI?
Think it can't happen? Take a look at the Patriot Act. Did you hear the President's speech? Did you happen to catch his statements about improving IT infrastructure for law inforcement? If you have nothing to hide, then you shouldn't be worried. Right?
Very good point. That immediately brings to mind the folks I know who take every little thing and make it into a much bigger, dramatic (and by that point, wholly distorted) problem, then spend the rest of the day "warning" everyone about it.
While I still think it's much more difficult to find "good" people in the news, and as a consequence many of them never get noticed, I agree that your point probably also accounts for a large portion of the problem, as well.
When will people learn that identity factors are not the same as authentication factors?!?!
A Fingerprint is something you are
It would be a whole different story (and different pros/cons) if this was about a store requiring a fingerprint bio in place of a signature (something you do) on a Credit Card transaction.
The biggest deal here (not mentioned very much in these
That makes their DB such a huge target
Who would ever capture the CC info and then try to make fraudulent purchases at a grocery store anyway? They'll go for the high-end merchandise instead, using a totally different transaction service.
And let me guess, each customer signs an agreement (without reading it- legal jargon, bah!) stating that you release the company from any liability of storing your CC info!
Remember: Anytime biometrics are used singulary (without another form of authentication) it is for convenience and NEVER Security.
Yesterday I fixed my ripped shower curtain with seam sealer glue and I got some on my thumb when I pinched the edges together. Right now, I can't feel anything with the tip of my thumb because it's covered with extremely strong glue. If all purchasing eventually goes by fingerprint, then I assume folks like me will occasionally not be able to purchase anything! Maybe that's a good thing. Seriously... I can't get this stuff off!!!
I remember hearing how gelitan gummy can be used to fool a fingerprint reader. I thought it was kind of cool. If someone questions you, just eat the evidence. read the story here
There's no place like ~/
So the fingerprint recognition could be total vaporware, and it would still appear to work.
Even if it's real, typical Equal Error Rates for fingerprint systems are around 5%. So if you have a list of customer phone numbers and access to a fingerprint terminal, you should be able to crack the system in about 20 tries. Then you have access to someone else's accounts.
I think you meant to say "made up for by their evil" rather than cunning. I totally agree with you....
"Lack of technical competence coupled with the arrogance of power, as usual, leads to no good end."
Is is me or is this an assinine program. Who in their right fucking mind would volunteer their fingerprints to #@^#& GROCERY STORE?
They can have a stool sample if they like, wrapped in a flaming paper bag for effect.
My wife has fairly severly eczema on her fingertips and they are often dry and cracked, especially in the winter. Sometimes she bleeds and has to wear a band-aid. The probability that a biometric device could make sense out of her fingers is zero.
---Technology will liberate us if it doesn't enslave us first.
This is one reason that I hope people don't start using biometrics as their only form of authentication. Banks, for instance, should at least still require a PIN (or actually let a person enter a password with a normal keyboard). If a criminal knows that they still need a PIN/password then chances are they won't steal a finger. It'd merely increase security without (much) impact on ease of use. Of course, on the other hand, if someone severs your finger you will know about it, so you can have your bank lock your account.
Also, what are the oldest fingerprints available, that would show up in a search?
The movie "Gone in 60 Seconds" had a moment where one of the senior car jackers was putting on gloves and the kid says he doesn't need them and gives him some fake fingertips with other fingerprints. Said if they came up they would come up with Elvis's (as in Presley) fingerprints. Already been thought of and used.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
No, I hate the "pigs" because they let thier power go to their head. You do realize that cops are just the bullies from HS...and now realizing they suddenly have to actually do work but have no real skills, they sign up to be cops. They get accepted because they have just high enough a score to pass thier little test, but not too high that would have them thinking for themselves. Yes, I know of someone turned down b/c they scored too high. They want someone with an average of a 6th grade education.
I hate them because twice now I've been pulled over for a cop wanting to make a DUI or just ticket someone. The first case I went to court to fight it; the state pled me down to a bad muffler. In the second case the cop had NO proof whatsoever (claimed i was doing 55 in a 25...except there are huge speed humps every 250 feet that would have ripped my car's underside off). He said he could technically ticket me anyway, based SOLEY on 'his knowledge and experience' that lead him to believe i was going that fast (never mind that he was much younger then me...). A third time I was harrassed by cops for supposedly breaking into a store and robbing it...in the end, it turned out they spelled the last name of the real person wrong. But 'applogies are against dept. rules.' Bite me.
" 'cos the Bush voters living in "Jesusland" would refuse to use it, going on about the Book of Revelation, man's mark required to buy or sell, etc."
It's only "flamebait" if you're a member of Jesusland, moderator. Actually, the threads on Slashdot are stuffed with fundie geeks going on about Revelations and the Number of the Beast vis-a-vis electronic ID. But I don't think the fundies will have a problem with it in the long run, because they are very Calvinistically pro-business. What's good for making money is good for Jesus.
Is it not possible that bio-metric devices could be used for pure good?
First give me an example of ANYTHING that has been only used for pure good.
Sorry bud, human nature makes abuse inevitable.
-Don.
Cwm, fjord-bank glyphs vext quiz
Ice cream
I mod down so you can mod up. Your welcome.
I disagree. Figerprint readers can use two forms of IR. One verifies it's producing heat, the other makes sure it's skin. We've done facial recognition that could tell the difference between a person and a Hollywood mask of that person. It wouldn't even enroll the dummy head as its own person.
Plus, I'll wager that more CC theft is a result of lost/stolen wallet or the card itself. It's much more difficult for your typical criminal to steal your fingerprint, esp. if it requires having a decent educational background just to understand how the biometric device works.
- Sig
I know several people who have season passes to Disney World... when you enter the parks, there is a fingerprint reader for season pass holders.
I've borrowed 3 different season passes before and never had a problem getting past the scanner, it just isn't reliable.
I bet a warm hotdog would work too.
While that is true, what impact does it have? The same arguments being made against this type of technology could be made against using any kind of technology that contains personal information. So go close your bank accounts and get rid of your computer! I'd rather have the requirement to use a fingerprint to authorize purchases on my credit card than what exists now, which is authorization without any form of ID at all. Anyone who get your card can go buy gas, groceries, and make online purchases without any type of identity authentication! I do agree with someone else's post, though, that the store itself has no business keeping a database of my credit cards, or even my biometric ID. The scan of your fingerprint should be sent as part of the credit authorization process. When I worked for company that required security, I was trained that security measures will never completely eliminate a breach of the security. They only make it more difficult and, when possible, more noticeable.
Certified Novell Bigot!
Few problems with your theory:
Identification forgery is a problem for all systems, not just fingerprint systems. Identification forgery can be accomplished by hacking or social engineering. If a criminal stole someone's credit card statement and changed the account PIN (by calling customer service), he would be able to accomplish the same level of fraud as if he had changed a fingerprint on file.
Once the identification token has been swapped within the merchant's system, the original customer would get an error when he next tried to use the system (because the authentication would no longer match up). This would lead to a customer support inquiry, which in turn would result in the identification of the problem.
Once the merchant realizes that identification forgery has been committed (by the presence of a non-matching fingerprint or fingerprint key in the system), the merchant would proceed along the normal paths of fraud response. Most likely, the customer would not be held accountable for charges associated with the fraud.
When the merchant resolves the issue and removes the forged identification token, the hacker then loses all ability to access the customer's account. The danger has been eliminated because the hacker has "inserted" a foreign object into the merchant's system; the hacker has not "stolen" a customer's object from the system.
If a merchant was really worried about fraud, it would keep the customer's fingerprint scan on file within the database. The database would regularly (in a weekly batch job, perhaps) rehash the fingerprint and compare the new fingerprint hash with the existing fingerprint hash. If a mismatch was detected, fraud response would occur. This architecture would require the criminal to submit his own fingerprint into the system in order to forge identification, which I would argue is infinitely more risky than stealing credit card numbers. The fingerprint database could be securely isolated from the purchasing system, so that the danger of hacking is reduced.
The scope of access granted by a single fingerprint identification system is quite limited. If a criminal performed identification swapping at GAP, the criminal would only be able to commit fraud at GAP, and would not be able to walk down the street and commit fraud with the customer's Abercrombie & Fitch account. Therefore, as soon as any given store identifies a fraud occurrence, it would probably implement additional security measures such as requiring photo ID for a particular customer. This is similar to security measures that are required when a customer's credit card has been compromised.
Many new fingerprint scanners (used in security installations) measure biometric electrical conductance/resistance capacity in addition to the fingerprint. This means an 160lb man with 12% body fat and a healthy heart can't chop the finger off a 180lb man and stick it up to the scanner.
Regarding your comment about muttering something about a new scar on your finger, let's see how funny it is when you refuse to provide photo ID to the clerk, walk out of the store, and then the clerk hands over the security camera footage to the police.
Yeah, but now you're going to get the n00bs who can't remember their passcodes writing it (the passcode) on sticky notes or whatnot. Except, instead of just losing a single credit card, those n00bs will lose their one and only identification system.
We all know what to do, but we don't know how to get re-elected once we have done it
I'd have to agree completely, unless the government were trying to make people fat by allowing the purchase or iced cream products. Thus controlling them by making them go on fad diets and buying diet pills... oh it's all a conspiracy...
and don't forget that if you commit the fraud and walk out. They now have you real fingerprint on file which they can just turn over the police.
It has been statistically shown that helmets increase the risk of head injury.
A bad cop is a good cop who doesn't like YOU.
I'd be more concerned about my fingerprint data being stolen. I can get a new credit card if one is compromised.
I thought it was bad when almost everybody volunteered to get a grocery store club card and surrender their privacy for a reduction in the newly jacked up prices. Finger print biometrics at the grocery store? What's next? Am I going to be forced to give a DNA sample to buy Mt Dew and Fritos?
>> My ultraviolent Linux switch video.
>
>...and before someone else says it:
>I've only got 9 fingers, you insensitive clod!
"How about I take from you the finger, and you give me my phone call?"
your finger print pops up a picture on a small lcd screen.
Yes and now we will go back to the movie with Sandra Bullock where her entire life was modified. There is always going to be a nay-sayer, there is always going to be a con - but you gotta outweigh the cons with the pros.
Here is a great example - last friday I was robbed at gun point (really I was). They got my money, drivers license, credit cards. Now, luckily, I have a passport (many people do not) - but I do not have access to my credit cards, even my bank gave me problems briefly (i used to work at that bank and know their rules so i shut the teller up quick).
Now if my fingerprint could get me direct access to my money, credit card, drivers license, etc I would 1) not have lost anything 2) not have been robbed since there is nothing to rob. A great benefit that in my opinion outweights the potential that the gov't might look at my bank transactions (which they can do anyhow), or me forgetting my pin number (which i still have a fingerprint)
I mod down so you can mod up. Your welcome.
A scan is just a scan.
It depends on the security of the authentication database for verification.
Extremely secure databases could be set up and answer just a "yea' or a 'nay' for subsequent accesses.
Subsequent acesses may be secure as secure as required.
You could have to do it in front of staff, which implies collusion between you (the 'scan'mer) and the staff (the 'scan'me) who would allow you to use a fingerprint defeating technique.
An ATM could depend on several authentication techniques, such as a video recording the 'scan'mer when the scan is made, in addition to the scan itself.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
In the James Bond movie, Diamonds Are Forever, James uses a thin latex-like piece of fake skin that he puts over his own finger to pass as someone else. This movie came out in the late 60s/early 70s. I wonder if this could actually be done now.
Even worse, we could feed icecream...lots of it...to enemy combatants and wait for them to get a brain freeze. We could then use the momentary lapse of physical ability to strike! The real meaning of ICBM is Ice Cream Ballistic Missle! They had them all along!
Quick someone call the papers its definatly a conspiracy!!!
*twich* *sudder* *twich*
And when the police take *your* fingerprint pattern key, and match it with either your fingerprint (on file, remember) or the key on your original file, making you suddenly an identified felon with prints. Frankly, if you can get access to the system, just take credit card numbers instead. If the system uses debit, you might be able to get the PIN as well, giving you quite a bit of easy cash.
I know a guy with the serious misfortune to have had 7 of his credit cards stolen, at different times. The poor guy spent nearly 5 years cleaning up the mess. He didnt do anything wrong, was just bad luck and being in the wrong place at the wrong time.
10 times wouldnt be infeasible...unlikely...but it can happen nonetheless.
Wow, I bet you get hit by lightning a lot, too.
No, I hate the "pigs" because they let thier power go to their head. You do realize that cops are just the bullies from HS...and now realizing they suddenly have to actually do work but have no real skills, they sign up to be cops.
Know a lot of cops, do you? Personally? I do. I've met one, ever, that was personally abrasive (he talks a lot like you do, actually). They all work unbelievably hard hours, get paid squat, and are universally disliked by people until it's their house that's broken into, or their neighbor that's trashing their yard, or their business that just got ripped off, or their kid that just got killed by a drunk driver.
Yes, I know of someone turned down b/c they scored too high.
Bullshit, and you know it. These people have to have degrees, and when that education is coupled with very high scores, they typically become aware that they can shoot for a fast track towards a detective's job, or work for a state or federal agency (or a DA's office, etc) for better pay. Those people don't work for local police jurisdictions because there isn't the money to pay what they can get. It's the same reason that poor school districts can't get the best teachers.
He said he could technically ticket me anyway, based SOLEY on 'his knowledge and experience' that lead him to believe i was going that fast (never mind that he was much younger then me...).
So, is there anything in your professional life that you can size up at a glance? Do you know, when you see a certain type of server activity, that it's heavy load from a DoS attack? Or, that a certain sluggishness on a web browser is a bloated cache or some malware eating up performance? Are you at least in the neighborhood, making quick observations about things like that? Any chance that someone younger than you could, doing the same things all day, every day, for a few years, also arrive at that sort of observational skill?
Put it this way, if I drove past you at 25, and then did so again at 40, or 55, would you have a pretty good sense of it? I know I can spot it, and patrol cops are in their cars driving in traffic for 30 or 60 hours a week. Every week. Assume thirty, and assume two weeks off a year. That young cop has spent 1500 hours on the clock, watching vehicles, usually on very familiar roads. That's more hours than a lot of pilots have ever spent in the air, and for cops, it's every year. They know what they're looking at, and if they're wrong, it's not by much.
Now, combine that with the fact that some of them are shot dead during traffic stops by people that have something serious to hide, or that one out of a couple dozen stops involves people who aren't licensed correctly, don't have current registrations, are impaired in some way, or actually have warrants out... it's no wonder that bad taillights, obnoxiously loud exhaust, or just crappy driving are what get people pulled over. A traffic stop is what caught Timothy McVeigh after he just killed 300 people. But the same cops that have to look for situations like that are the ones that are called into domestic violence fist-fights in lousy neighborhoods, or that are there to give even cop-hating ingrates CPR at the scene of an accident.
Maybe you should wear a t-shirt or carry a card that says, "Don't look out for me, my family, my property, or my life - I don't like the way a cop treated me." I'm sorry that you don't have a way to avoid paying the taxes that pay for law enforcement, in exchange for getting none of the benefits. Or, would you be willing to pay more in taxes so that 160 IQ PhDs in psychology (who also happen to be in physically good health, can handle a 300 pound angry drunk, and are willing to risk their lives for you) will take jobs as cops?
Don't disappoint your bird dog. Go to the range.
Nah, not really, but the reliability of fingerprint scanners does give me the creeps... since "wasn't me" won't help you with protesting charges in your credit card anymore.
(Yes, I have had to reverse charges in my VISA. Imagine if they say your fingerprint is good enough and that's that, even though fingerprint scanners have been proven to be not too reliable *shudder*)
It's not about conspiracy, it's not about "Mark of the Beast" it's simply a flawed concept.
How many of you have your credit card numbers written on the doorknob of your house? How many of you have etched your social security number on the handle of your car door? Perhaps you've taped a copy of your drivers license to the glass you drank from last night at that restaurant?
I guess you implicitly trust every person who has access to those things if you think this technology is a good idea.
-Don.
Cwm, fjord-bank glyphs vext quiz
http://www.sheriff.co.st-clair.il.us/sexofax.asp/
Child molesters use ice cream to gain the trust of children.
You truly are an innocent person.
-Don.
Cwm, fjord-bank glyphs vext quiz
with fingerprint, add a pin number and your picture....so when you use your fingerprint the merchant see's your picture. When you use your fingerprint you enter your pin number. Now if the criminal can bypass all of these - you better be slapping your mindreading evil identical twin sibling.
I mod down so you can mod up. Your welcome.
We can just steal your credit card.
If they ask me why I'm not using the scanner I'll say my finger is injured and bandaged. (Note : For extra effect actualy bandage the finger. )
Of course, removing your fingers would have the added effect of making it dificult for you to use your handgun for revenge. So I guess both ways of doing it have their advantages.
This is slashdot, he's probably reading this...
ON the other hand perhaps he just drove 400 miles so that they wouldn't track where he got the severed finger from...
.sigs are for losers
This problem appears to have been worked out.
http://www.aavextechnology.com/newsletter/031504/i am less worried about the govt. having my fingerprints than Thiftway Inc. and Pay By Touch. i can't really think, out side of spy novelish type things what the government would do with that info., i can think of many annoying, fumbling, ways that marketers and advertisers could use them.
also, was grocery store fraud so rampant at some point that the only solution was giving your thumb for your dorritos?
which has been in use a lot longer
That's a good point. There is a safe way to do this. Link fingerprints to a DB of credit cards and photographs. When you scan your finger, it brings up your photo on the clerk's computer, so he can verify that it is you. This way, if someone steals your fingerprint and makes false ones, it won't help them one bit. And this is just as convenient for the customer.
Fingerprints being used as the only means of authentication are a bad idea, though. But if it is implemented correctly, it is a good idea, and a hell of a lot better than using paper signatures.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
They should combine your choice of fingers with a voice password and hash them together. Basically you imprint your finger, and provide a voice password and together they link to your credit cards, bank accounts etc.
A thief will not be able to reliably pick which finger you use and will not simultaneously be able to provide a voice pass phrase as well.
I doubt it's that sensitive. Not everyone has the same core body temperature, much less the same temperature at their extremities (hands).
I just read the Pay By Touch web site - they appear to be using the finger print as an authentication method - linked to a credit card. If this is the case, you would have the same capability of challenging a charge as if you used plastic to make it.
Also they state that they don't capture the image but an unreversable token based off of the print characteristics.
I tend to agree with others statements - a severed finger would be easily recognized at a Albertsons checkout line. And some super-spy glove would contribute to such a low percentage of transactions, it would not be considered more dangerous than a piece of plastic with a magstripe.
Thats why i pay with cash.
---- Booth was a patriot ----
They all work unbelievably hard hours, get paid squat, and are universally disliked by people until it's their house that's broken into, or their neighbor that's trashing their yard, or their business that just got ripped off, or their kid that just got killed by a drunk driver.
mmkay then, I call bull. Those "hard hours"? sitting in a car, driving around in a car, writing tickets, not doin' much of anything. Cops are like this everywhere. Chicago (where I live now), the country (where I used to live). When it's time to write you a ticket? lickity-split, there's your ticket! When you call the police for some illegal activity? 1 hour, 2 hours...on and on.
So, is there anything in your professional life that you can size up at a glance? Do you know, when you see a certain type of server activity, that it's heavy load from a DoS attack? Or, that a certain sluggishness on a web browser is a bloated cache or some malware eating up performance? Are you at least in the neighborhood, making quick observations about things like that? Any chance that someone younger than you could, doing the same things all day, every day, for a few years, also arrive at that sort of observational skill?
Aye, 'cause reading a person is exactly the same as reading a computer. The cops sure seem to think so: racial profiling, age discrimination, "the cop's always right". No, it's not that the cop in question here knew what he was doing, it's that he refused to admit he was wrong; just like all cops-their ego is so huge, and they have such a fascist mentality, that they cannot possibly admit they were wrong.
Now, combine that with the fact that some of them are shot dead during traffic stops by people that have something serious to hide, or that one out of a couple dozen stops involves people who aren't licensed correctly, don't have current registrations, are impaired in some way, or actually have warrants out... it's no wonder that bad taillights, obnoxiously loud exhaust, or just crappy driving are what get people pulled over. A traffic stop is what caught Timothy McVeigh after he just killed 300 people. But the same cops that have to look for situations like that are the ones that are called into domestic violence fist-fights in lousy neighborhoods, or that are there to give even cop-hating ingrates CPR at the scene of an accident.
And where were the cops when Timothy and co. were putting together and executing their little plan? Obviously they weren't doing what they were supposed to; but hey, as long as we can catch them and punish them after the fact, it's all okay right? Frankly, whenever I see that a cop has been killed, I laugh my ass off; then I say out load: "he/she deserved it." I've never been protected from anything by a cop, but they certainly enjoy harrassing people. I'm not going to have sympathy for a moron who joins the police knowing full well that he could get killed. He decided to join, he can suffer the consequences.
I will admit that Chicago police have given me slightly more reason to respect cops, but the police that actually do their job properly will never make up for all the inadequate, self-serving dictators found in the suburbs and rural areas.
(\(\
(^.^) INFECTED
(")")
well security programs could be gov't regulated "Ahh thriftway you are limited to seeing the persons first and last name and their picture. Approved or disapproved for the sale" It links up (like a mac machine) to a central database (heavy encryption), retrieves the information.
Now there are companies that might try and misuse this information - and to help give incentive for them to NOT utilize this data heavy penalties could include jail time, and some hefty fees (i.e. 50% of your companies value)...i think marketing firms will be quite reluctant with someone going to jail and hte company losing 50% of their value.
Either way - marketing firms can get your data as it is right now very easily...fingerprint method will only give them fingerprint data on top of what they already know.
I mod down so you can mod up. Your welcome.
In the book One Of Us there is a black market for the fingers of dead people as they allow access to the dead person's bank account and any funds left there. They had devices attached to the base of the finger which allowed the finger to remain "alive". Once we have perfected that technology then we need to worry. ;-)
Then they developed the new ignitions that require a key with a transponder chip. (I think this was a demand by auto insurance companies.) So, as a result, instead of stealing cars, thieves are now carjacking people in order to get the car with the key in it, with the resulting increase in danger to the owner. Doesn't matter to the insurer as they are only liable for injuries in the case of an auto accident, not for robbery, unless you have supplemental medical coverage as part of your auto policy, which I suspect most people don't.
If this sort of thing becomes popular, it could trigger thieves cutting people's fingers and stripping the fingerprints. I am reminded of a horrid example in the movie "Fighting Back" where a thief wanted to steal a ring from some woman, but she couldn't get it off her finger. So he used a pair of tin snips and cut her finger off. Can't very well damage the ring, can we?
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
The analogy fits very well. Just like it's only the idiot Windows users who are vulnerable to the idiot script kiddies, so will the complacent and ignorant biometrics users be the victims of thugs who learn to copy a trick created by someone with the skills to create the exploit.
Fun with Anagarams! LADS HOST, SHALT DOS. HAS DOLTS. AD SLOTHS, HATS SOLD. ASS HO, LTD.
Your kowtowing to the police is quite frankly, rather amusing. I'm guessing you're either a.) related to a cop or b.) a cop yourself. I know cops, I've seen cops, I've been ticketed by cops, I have friends who are related to cops.
I'm not a cop, I am not related to any cops, and I've been ticketed by cops, more than once. You should really consider yourself lucky that you've never actually needed the police yourself. I've had cars broken into, friends assaulted, or been working in a business that was in the middle of being robbed - all with positive experience when it came to the cops. My last experience was with my seeing two jerks stashing stolen motorcycles in a neighbors' shed while the neighbor was out of town. This involved numerous long interviews with beat cops, detectives, and local sherrif's office staff. Every one of them was professional, while also being haggard and doing too many things at once. I've got a friend who used to be a county copy, then a detective... and is now a US Marshall. His duty with the county kept him working very long hours, saw him dealing day in day out with the most obnoxious, violent, and deceitful people you can imagine, and had him more than once tied up in court with lenghty cases involving everything from illegal immigrants carrying stolen property to stock brokers hiding stolen children. He never had a ticket-writing quota, and how many he did or did not write never had anything to with his pay, his promotions, or his daily activities. That all came down to reviews of his actual performance and his handling of what he ran into every day.
If that man were killed, he'd deserve it, from your point of view? That's funny to you? I'm guessing that you're of the opinion that every street gang uses murder and rape by new members as right of passage, or habitual drunk driver that's on his second manslaughter... screw it, we don't need law enforcement for that!
Cops are a deterrent. They cannot be everywhere to intercept every bad thing that might happen to you (and if they tried, you'd complain about that, too), but to suggest that they've never protected you from anything is complete crap. If you think there aren't violent people more than willing to bash in your brains for your wallet, then you're a naive little girl. If you think that the problem of people like that would go away if we got rid of transit cops on subways, highway cops checking truck stops, and county cops showing their vehicles in dark mall parking lots after closing, then you're completely out of touch with reality.
I'm guessing you've never owned a business, or known anyone that has? Never had the need to get stolen property recovered, or an embezzler stopped?
Aye, 'cause reading a person is exactly the same as reading a computer.
No, because making a quick judgement about a complex set of variables is a skill. I thought you might be sharp enough to understand an analogy, but my mistake on that one.
Don't disappoint your bird dog. Go to the range.
Wow, I bet you get hit by lightning a lot, too.
Says the author of a -1 post. Its rare i have to lower my threshold to see a reply. Congrats, you are one of only 5 posts with a -1 moderation. Must be proud.
I'm curious why you would think I'd just make up these incidents. You don't really know me, what gives you the right to just say 'bull?'
Know a lot of cops, do you? Personally? I do.
Three. Well, technically two...one became a prison guard in hopes of using that experience to become a cop. And yes, all three are dicks I'd rather not know.
They all work unbelievably hard hours, get paid squat
Ya, I see them working hard, camped out at known speed traps. Or the bagel shop. Occasionally I'll see them drive up or down our road. Mostly those are chasing speeders though. Hate to break it to you, but there's not a whole lot of crime here.
and are universally disliked by people until it's their house that's broken into, or their neighbor that's trashing their yard, or their business that just got ripped off, or their kid that just got killed by a drunk driver.
Hmm...but you HAVE to call the police, because any power you had to take care of these things has been taken away from you. Regarding being killed by a drunk driver...its usually not a big mystery to find said person.
Bullshit, and you know it.
Nope, I saw his test. Their words to him were that he was 'overqualified' and would quickly bore of the job.
These people have to have degrees, and when that education is coupled with very high scores, they typically become aware that they can shoot for a fast track towards a detective's job, or work for a state or federal agency
Wrong. Your average beat cop has at most a HS diploma.
(or a DA's office, etc)
Usually lawyers work at the DA's office, not cops..
So, is there anything in your professional life that you can size up at a glance? Do you know, when you see a certain type of server activity, that it's heavy load from a DoS attack? Or, that a certain sluggishness on a web browser is a bloated cache or some malware eating up performance? Are you at least in the neighborhood, making quick observations about things like that?
I can offer an educated guess, never say for sure until I do some investigation though. You're also forgetting that in order to convict someone you need, you know, actual proof. Punishing someone based solely on someone else's word is totally against our idea of justice.
Any chance that someone younger than you could, doing the same things all day, every day, for a few years, also arrive at that sort of observational skill?
Maybe, but there was a rather large age gap between myself and the cop, and I'm willing to be I actually had more experience than he. Again, you're forgetting thought that convicting someone of a crime requires PROOF, not someone's 'best guess.'
Put it this way, if I drove past you at 25, and then did so again at 40, or 55, would you have a pretty good sense of it? I know I can spot it, and patrol cops are in their cars driving in traffic for 30 or 60 hours a week. Every week. Assume thirty, and assume two weeks off a year. That young cop has spent 1500 hours on the clock, watching vehicles, usually on very familiar roads. That's more hours than a lot of pilots have ever spent in the air, and for cops, it's every year. They know what they're looking at, and if they're wrong, it's not by much.
Again, I'm willing to put money down that I had more experience. I bet you'd guess wrong most of the time. For the third time though, and estimate isn't good enough..he needs PROOF. Never mind that it'd be physically impossible to drive that fast down that road without destroying my car. Please, feel free to email me, I'll tell you the exact road, and you can take a Honda Accord down it going 55 to see what happens. Going over
... 4,000 years ago.
OMFG Bob did you see the new security on the chief's safe? He's using a key.
What an idiot, thats so easy to forge, with the key he could so break in.
Yeah I wonder if there was an increase in metal casting sales in the region.
When was the last time we had a secure security protocall? Credit cards sure arn't.
Has anyone ever heard of the drug called bextra [valdecoxib (val deh COCK sib)]? It's an arthritis drug. It also has the side effect of making your skin so smooth that you stop making finger prints. I may take awhile for the drug to have this effect, but it sounds interesting.
Old people have nothing to worry about.
Grandma could you get the phone. Oh, it's a telemarketer. Do whatever you have to so they go away.
That is, of course, the flip side of the coin. Digitally encoded biometric data that cannot be changed (fingerprint, retinal scan, etc) but can be fed to a computer in some manner or another can be used to falsify your identity. At a cashier's lane, this is kind of difficult to do, as you are under scrutiny. Online, or any place you can use it where you are not under scrutiny, or any delivery method that can be made transparent even when observed will break this kind of authentication scheme, with no way to undo the damage once its done (think DeCSS except with your entire life at stake).
I had actually thought about the theft of biometric data previously (past few weeks), but apparently forgot it when writing. Credit card numbers are changable. Fingerprints, not so much so. Such stores would need both files on hand to do proper authentication, and frankly, I just do not trust any computer system to be 100% unbreakable at all times
I had my eBay password compromised when an online service I was using to snipe bids was hit with the Slammer Worm. I was lucky. A lot of people who trusted Windows IIS servers became victims of identity theft and had big credit card bills and a lot of hassle to straighten out the mess and get on with their lives in the wake of Slammer and similar Windows security exploits.
>> My ultraviolent Linux switch video.
Says the author of a -1 post.
What the hell are you talking about?
I'm curious why you would think I'd just make up these incidents
I didn't say that, or mean it. My point is that you're describing lots of bad luck, and seem unaware that all sorts of bad things are not happening to you from one day to the next. Some of those bad things not happening are not happening to you because at least some bad people have been caught in or after the act by a cop, and can't be bad to you any more. But your opinion of hundreds of thousands of people in law enforcement is driven by bad luck (whether or not you've done anything in your driving habits to push that bad luck along somewhat).
And yes, all three are dicks I'd rather not know.
But, I've encountered dozens and dozens of dicks in other places of authority (regulatory, legal, college professors, supervisors, etc.) and of course run into people on the road every day that are complete jackasses. If you know three asses that happen to be cops, you're just in the wrong orbit of humanity (or only looking at a small slice of it). Don't get me wrong - I think that the vast majority of humans are asses. But there's a reason that cops undergo psych reviews all the time... so that the true wack jobs are out of a job. Wish that were true of some college professors, utility workers, and some IT people I've come across, too.
you're forgetting thought that convicting someone of a crime requires PROOF
Actually, the way that most jurisdictions handle traffic violations is to consider them the breaking of a regulation, and the training that the cops go through is considered adequate for them to testify (if it comes to that) about what they saw. It's sort of like you pressing charges if I were to hit you in the head, but without any witnesses. If you tell a judge a convincing enough story (absent anything else to go on), the matter is (legally) considered "proved." Of course, a lot of jurisdicions are getting away from even having to squabble about it by using radar guns that are coupled with video cameras, etc. Pretty hard to argue with the picture of your car in the intersection with the light red.
According to the officer that was unsafe
One of the tickets I got was for "operating the vehicle in an unsafe manner" (weather related, in my case - we had a difference of opinion on whether my 4x4 could handle the snow) - no need for proof beyond his assesment that I wasn't being safe. Sort of like a health code violation in a restaurant. The inspector doesn't like it, and you get cited.
Hmm..not here they don't.
What, give CPR at an accident? Come on, now you're just being dramatic. Cops don't stand there and watch accident victims die. They spend days in EMT training for that reason, and the number of them that have been credited with birthing babies, restarting hearts, pulling kids out of ponds, and so on, is a lot higher than, say, the number of sanitation workers that do the same.
I'd still be subjected to possible abuses of power
Just like you are subject to any government official's whims when no one is looking closely enough. I'll take a cranky cop over an IRS agent any day of the week.
The state has no interest in saving lives, it does have an interest in using fines to pay for more police and traffic court.
Where do you live, China? Any cop that demonstrably saves a life is going to get a huge career boost. The PR that the entire department gains is worth 100 burglary busts, and every department chief knows that. Never mind that decent people are decent people, too. Before people think you've got the tinfoil hat thing going on, you should mix with a few people outside of your normal sphere - not everyone with a badge is perfect, but neither are they, as a group, "fascists." More often, they just reflect the personalities and experiences of the whole town in whihc they live
Don't disappoint your bird dog. Go to the range.
I'd be more concerned about my fingerprint data being stolen.
I'm pretty sure I leave my fingerprint info around quite a bit.
I can get a new credit card if one is compromised.
And I can get a new finger if one is compromised. What's your point?
Huh?
My point is, I can generally control where I leave my fingerprints. I have no control over some grocery store with no concern for my personal data, running some cheese ball Windows IIS server software and the next release of something like the Slammer worm, my fingerprint data is released to who knows who.
Grocery stores do not need to keep a computer file on me containing my name, phone number, date of birth, social security number, address, credit card number, and MY FINGERPRINT DATA.
Can this concept be any clearer?
>> My ultraviolent Linux switch video.
I would think the "I can get a new finger if one is compromised" comment would make it clear enough that I was not being overly serious.
You are lucky that you have not had your card confiscated. The standard merchant agreement signed by almost all merchants specifies that the card can have only two legal states, 1) unsigned, which they must ask you to sign before you are allowed to use it and 2) valid signature.
Any other deviation and they are required to confiscate and destory the card. Most minimum wage clerks have no clue about that requirement and of those that do, few wish to risk confronting the customer. But there are a few who are informed and don't care about the risk, you will eventually run into one and find yourself without a valid credit card.
you'll be chasing down fraudulent purchases FOR THE REST OF YOUR LIFE because you CAN'T change your finger print.
You'd have to be pretty unlikely to have your finger identity stolen more than 10 times in your lifetime. Sure your index finger may be the easiest to put on a scanner but I don't see why you couldn't just use another finger. Hell, for that matter you could combine two fingers, assuming the scanning device is large enough. You get comprimised, you swtich it up. Done.
"Kapioski added that one man even drove 400 miles to use the technology."
What a tool.
I heard a rumor that one's fingerprints can be faked by using a gummy bear.
The power of Christ compiles you!
What the hell are you talking about?
I see there is a reply to my post but when i click on it, I just see my post. I have to change my threshold from 0 to -1 to your replies to me.
I didn't say that, or mean it. My point is that you're describing lots of bad luck, and seem unaware that all sorts of bad things are not happening to you from one day to the next. Some of those bad things not happening are not happening to you because at least some bad people have been caught in or after the act by a cop, and can't be bad to you any more. But your opinion of hundreds of thousands of people in law enforcement is driven by bad luck (whether or not you've done anything in your driving habits to push that bad luck along somewhat).
Its not bad luck when its a policy. EVERY time I've gone to traffic court (which, BTW 3 times) the judge doesn't ask to hear my side, askes if I'd lr ike to accept anothecharge instead which, invariably means no points, but the same fine. Their intrest is not in improving safety, its generating revenue. The fact that I personally have been hit few times does not mean that others aren't.
But, I've encountered dozens and dozens of dicks in other places of authority (regulatory, legal, college professors, supervisors, etc.) and of course run into people on the road every day that are complete jackasses. If you know three asses that happen to be cops, you're just in the wrong orbit of humanity (or only looking at a small slice of it). Don't get me wrong - I think that the vast majority of humans are asses. But there's a reason that cops undergo psych reviews all the time... so that the true wack jobs are out of a job. Wish that were true of some college professors, utility workers, and some IT people I've come across, too.
Yes, but of all the other places you encounter these people, cops are the only one that can have you fined or even jailed (for a short amount of time) for no real reason. And that doesn't even begin to talk about laws that punish you even when you have not harmed anyone else (i.e. speeding laws). The physc reviews cops undergo are only to make sure they don't go nutty and start randomly shooting people. I doubt one was ever told 'well, you have too much ofa power rush, so we need to let you go.'
Actually, the way that most jurisdictions handle traffic violations is to consider them the breaking of a regulation, and the training that the cops go through is considered adequate for them to testify (if it comes to that) about what they saw. It's sort of like you pressing charges if I were to hit you in the head, but without any witnesses. If you tell a judge a convincing enough story (absent anything else to go on), the matter is (legally) considered "proved." Of course, a lot of jurisdicions are getting away from even having to squabble about it by using radar guns that are coupled with video cameras, etc. Pretty hard to argue with the picture of your car in the intersection with the light red.
Wrong...if there are no witnesses, its basically a 'he said, she said,' and nothing will come of it. Its not considered 'proved' at all. Are you sure you're from the US? The reason we require actual proof is because going on word alone gives the speaker way too much power. GEt a clue. Oh, as far as those cameras go...you might want to google about the ones in NYC...you know, where the private company that runs them will start mailing tickets to anyone going through a YELLOW light. With today's technology, even pictures must be studied carefully.. My final point is this; just b/c thats how most jurisdictions do it does NOT make it right, either morally or legally.
One of the tickets I got was for "operating the vehicle in an unsafe manner" (weather related, in my case - we had a difference of opinion on whether my 4x4 could handle the snow) - no need for proof beyond his assesment that I wasn't being safe. Sort of like a health code violation in a restaurant. The inspector doesn't li
This reminds me of a security conference I was at a couple years back. One of the presenters was talking about using retinal scanners to identify tank gunners only allowing certain personal to fire the weapon. A young lady stood up and asked "what would stop me from cutting of my enemies head and using his eyeball to fire the weapon?".
The presenter responded, "you miss, have a great future in military weapon design!" His point, you have to think a little out of the box. Most optical scanner actually require blood running through the eye in order to perform the identification. A severed head wouldn't get you anywhere.
While it would be possible to lift a finger print I believe it would difficult to use that finger print in scanners that require you to have a certain temperature (wouldn't work so well up here in Canada at the corner gas station) or measure your pulse for instance.
Some design options also combine "what you have" (a card) and "who you are" (biometric). If either one doesn't match up, you're rejected.
Why think when you can just BLOG.
It's not thriftway or seven-11 that we should be worried about.
It's RADIO SHACK!
Most towns have more Radio Shack stores than walmarts!
And how often have you seen anyone SHOP there?
They have got to be a govt front.
This isn't at all hard to believe, if you've ever read anything about the details of handling fingerprints.
There are a number of good texts on the subject. One of the first things they typically do is disabuse the reader of the Hollywood/TV cop-show idea that fingerprints are unique. This is done by mentioning that identifying fingerprints is mostly done by examining the "loops" and "whorls", and noting that the main way to characterize fingerprints is by the "points", i.e., the intersections in the lines caused by the loops and whorls.
Then the text simply shows prints that contain no points, loops or whorls. They are simply an array of wavy lines without any real distinguishing characteristics. In most finterprint identification schemes, these all map to the same code. Such fingerprints aren't all that common. I don't have any. But they're not really rare, either. Chances are that a number of readers of this message can respond by saying "My ___ finger on my ___ hand is like that".
Your friend and the IT manager probably had an index finger like that. Less likely, but still quite possible, is that their index fingers do have points, but the patterns are the same and map to the same code in the software.
Distinguishing fingerprints in such cases takes careful examining to detect subtle differences in the curves or thicknesses of the lines. This often can't be done at all, even with high-quality prints, and in any case is very difficult to program.
Anyway, don't take my word for any of this. Go find yourself a text on the subject. You'll learn a lot about how complicated and unreliable fingerprinting can be even in the best of controlled conditions.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.