I can only see this going into a very dystopian path. Based on their actions, I don’t trust these companies, their security practices, nor their privacy policies. Why would I give them my biometrics? And my full palm, at that!? Hell no!

68 points

Shit no! You know what you can’t change if/when they inevitably leak your data? Your fucking hand.

permalink
report
reply
8 points

I’ve got a bucket of golf balls and a 12ft 2x4 that says otherwise

permalink
report
parent
reply
2 points

Damn, that’s a deep cut type of joke, I love it!

permalink
report
parent
reply
7 points

Uhh. Have you seen men in black? /s

permalink
report
parent
reply
60 points

One scar away from losing access to your ability to pay …

Biometrics can not really be changed. Except maybe through time or trauma (i.e. age or injury). They can be used to uniquely(?) identify a person - except maybe twins - at the expense of anonymity, which has it’s own set of problems.

But because they can not easily be changed they’re a terrible security feature. Once they leak, they’re unusable and you’re hosed. You can’t issue a new palm print for your bank account like you could a new chip card and password.

Also, just because you waved your hand over a scanner does not mean that you approve and consent of the transaction. With tap to pay there were ideas of mobile point of sales devices just tapping on peoples backpacks in a crowded area. You don’t even keep your biometrics markers in your pocket, they’re just out in the open for anyone with a camera. This may be bordering on paranoia, but a few years back (2014) German hackers from Chaos Computer Club took iris scans from Angela Merkel (then Chancellor of Germany) and finger prints of Ursula von der Leyen (then Minister of defense) using nothing but press fotos. Cameras have only gotten better.

TL;DR: Biometrics can be used for identification but should never be used for authorisation.

permalink
report
reply
10 points

Biometrics also aren’t great and uniqueness. At least where computers are concerned.

Recently we had one of our customers install fingerprint readers on their points of sale, the idea being any staff member can log in just by touching the pad. Even with only a few hundred staff registered, you get people logging in as each other.

permalink
report
parent
reply
2 points

I worked with Kronos, had their top tier biometrics in a 1,000+ employee company.

  1. The data is only as good as the person loading the data.

  2. Some people don’t have good fingerprints.

It was bad enough that of you had a person with a bad fingerprint, Kronos would just take ANY input. It would even tell you if a persons fingerprint wasn’t good enough. It happened fucking constantly.

So either it’s so good you can’t escape it, it is so bad you can’t use it to identify anyone uniquely. It’s literally either a threat or an inconvenience.

permalink
report
parent
reply
10 points

Paying with your phone works on the presumption that your phone is locked and you accept responsibility for ensuring your phone wasn’t breached. It uses contactless technology, but it’s still effectively chip and pin as far as your bank is concerned.

Meanwhile, paying with a contactless card is processed as “cardholder not present” where the seller assumes de facto liability and must prove otherwise. Contactless payments were never a new type of card processing, it was a new method but is categorised the same as when mail/phone ordering from a catalogue. The same with online purchases. They were always a step below card & signature or chip & pin. Paying with your phone is the same as chip & pin though, where the onus is on you to ensure the transaction is secure.

Paying with your hand has all sorts of issues making it impractical. You would definitely need an additional confirmation eg PIN, but claiming that your hand is as secure as a traditional card doesn’t lend well to pinning the liability on you. So banks are unlikely to use it.

permalink
report
parent
reply
54 points

Its hard to believe anyone would use the thing. It’ll be more problematic if/when its used for regulatory purposes. Sort of at the desensitization still. Today.

I had to take a State exam for licensure a few years back. I was told that I had to take a palm/vein scan to prove my identity. I informed her Ive never had one so it could not prove my identity-- but hey, Im the crazy one. Its on a server somewhere now tho… Modernity is pretty stupid, tbh.

permalink
report
reply
15 points

Then there’s always the old, “Hey, I’ll cut off this dude’s hand and use it to buy stuff until he runs out of credit – or rigor mortis sets in.”

permalink
report
parent
reply
3 points

This happened when car companies brought out fingerprint car alarms. Thieves would just cut your finger off and steal your car.

permalink
report
parent
reply
1 point

Holy crap, what? Can you point me to any articles or sources to read more about this?

permalink
report
parent
reply
2 points

No, I dont own a hard crypto wallet :3 plz dnt chop

permalink
report
parent
reply
8 points

The thing it these readers are so convenient, my only complain is I wish they would work as the password hash technology. But as of right now we don’t know for sure if that machine is saving a “hash” of your palm or is directly saving a copy of the original biometric data that would allow it to “recreate” your biometric ID somewhere else

permalink
report
parent
reply
3 points

I dont think its even that convenient! It requires electricity, web connectivity and loads of digital logic. My state ID just tangibly exists.

permalink
report
parent
reply
4 points

Makes me concerned for our future. Given we have one, that is.

permalink
report
parent
reply
3 points

Naturally. But don’t get black-pilled :] They want us demoralized.

permalink
report
parent
reply
0 points

I would probably use it. Sounds convenient, don’t have to take out my phone or wallet.

permalink
report
parent
reply
9 points

Most folks probably would. Privacy is often at odds with convenience.

permalink
report
parent
reply
2 points

I just don’t subscribe to the slippery slope arguments I am provided when it comes to privacy. I and I suspect most other people just prefer convenience to some hypothetical threat to what I am not sure.

permalink
report
parent
reply
47 points

I hope this tech stays where ever the fuck it is and never touches Europe

permalink
report
reply
6 points

May it die the death of a thousand deaths

permalink
report
parent
reply
5 points

This is Amazon One. Amazon is rolling it out pretty aggressively in their American grocery stores right now. Looks like it’s moved out of its pilot stage and is getting a national US rollout.

https://one.amazon.com

permalink
report
parent
reply
41 points

I didn’t know paying in body parts was legal.

permalink
report
reply
8 points

It’s a brave new world, it seems

permalink
report
parent
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 4.8K

    Monthly active users

  • 3K

    Posts

  • 79K

    Comments