Pay with Palm
I can only see this going into a very dystopian path. Based on their actions, I don't trust these companies, their security practices, nor their privacy policies. Why would I give them my biometrics? And my full palm, at that!? Hell no!
542
Comments120
Shit no! You know what you canโt change if/when they inevitably leak your data? Your fucking hand.
I've got a bucket of golf balls and a 12ft 2x4 that says otherwise
Damn, that's a deep cut type of joke, I love it!
One scar away from losing access to your ability to pay โฆ
Biometrics can not really be changed. Except maybe through time or trauma (i.e. age or injury). They can be used to uniquely(?) identify a person - except maybe twins - at the expense of anonymity, which has it's own set of problems.
But because they can not easily be changed they're a terrible security feature. Once they leak, they're unusable and you're hosed. You can't issue a new palm print for your bank account like you could a new chip card and password.
Also, just because you waved your hand over a scanner does not mean that you approve and consent of the transaction. With tap to pay there were ideas of mobile point of sales devices just tapping on peoples backpacks in a crowded area. You don't even keep your biometrics markers in your pocket, they're just out in the open for anyone with a camera. This may be bordering on paranoia, but a few years back (2014) German hackers from Chaos Computer Club took iris scans from Angela Merkel (then Chancellor of Germany) and finger prints of Ursula von der Leyen (then Minister of defense) using nothing but press fotos. Cameras have only gotten better.
TL;DR: Biometrics can be used for identification but should never be used for authorisation.
Biometrics also aren't great and uniqueness. At least where computers are concerned.
Recently we had one of our customers install fingerprint readers on their points of sale, the idea being any staff member can log in just by touching the pad. Even with only a few hundred staff registered, you get people logging in as each other.
I worked with Kronos, had their top tier biometrics in a 1,000+ employee company.
The data is only as good as the person loading the data.
Some people don't have good fingerprints.
It was bad enough that of you had a person with a bad fingerprint, Kronos would just take ANY input. It would even tell you if a persons fingerprint wasn't good enough. It happened fucking constantly.
So either it's so good you can't escape it, it is so bad you can't use it to identify anyone uniquely. It's literally either a threat or an inconvenience.
Paying with your phone works on the presumption that your phone is locked and you accept responsibility for ensuring your phone wasn't breached. It uses contactless technology, but it's still effectively chip and pin as far as your bank is concerned.
Meanwhile, paying with a contactless card is processed as "cardholder not present" where the seller assumes de facto liability and must prove otherwise. Contactless payments were never a new type of card processing, it was a new method but is categorised the same as when mail/phone ordering from a catalogue. The same with online purchases. They were always a step below card & signature or chip & pin. Paying with your phone is the same as chip & pin though, where the onus is on you to ensure the transaction is secure.
Paying with your hand has all sorts of issues making it impractical. You would definitely need an additional confirmation eg PIN, but claiming that your hand is as secure as a traditional card doesn't lend well to pinning the liability on you. So banks are unlikely to use it.
Its hard to believe anyone would use the thing. It'll be more problematic if/when its used for regulatory purposes. Sort of at the desensitization still. Today.
I had to take a State exam for licensure a few years back. I was told that I had to take a palm/vein scan to prove my identity. I informed her Ive never had one so it could not prove my identity-- but hey, Im the crazy one. Its on a server somewhere now tho... Modernity is pretty stupid, tbh.
Then there's always the old, "Hey, I'll cut off this dude's hand and use it to buy stuff until he runs out of credit -- or rigor mortis sets in."
This happened when car companies brought out fingerprint car alarms. Thieves would just cut your finger off and steal your car.
Holy crap, what? Can you point me to any articles or sources to read more about this?
BBC Link https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm&ved=2ahUKEwiBpPGe49uAAxUHLzQIHdJ-DrkQFnoECBUQAQ&usg=AOvVaw2udxqtgzunTpgN2H6uLfd9
No, I dont own a hard crypto wallet :3 plz dnt chop
The thing it these readers are so convenient, my only complain is I wish they would work as the password hash technology. But as of right now we don't know for sure if that machine is saving a "hash" of your palm or is directly saving a copy of the original biometric data that would allow it to "recreate" your biometric ID somewhere else
I dont think its even that convenient! It requires electricity, web connectivity and loads of digital logic. My state ID just tangibly exists.
Makes me concerned for our future. Given we have one, that is.
Naturally. But don't get black-pilled :] They want us demoralized.
I would probably use it. Sounds convenient, don't have to take out my phone or wallet.
Most folks probably would. Privacy is often at odds with convenience.
I just don't subscribe to the slippery slope arguments I am provided when it comes to privacy. I and I suspect most other people just prefer convenience to some hypothetical threat to what I am not sure.
I hope this tech stays where ever the fuck it is and never touches Europe
May it die the death of a thousand deaths
This is Amazon One. Amazon is rolling it out pretty aggressively in their American grocery stores right now. Looks like itโs moved out of its pilot stage and is getting a national US rollout.
https://one.amazon.com
I didn't know paying in body parts was legal.
It's a brave new world, it seems
Forget about privacy, this is just fucking dumb
One point of failure that canโt be replaced if stolen?
This wonโt ever take off, and will most definitely die out quickly in favor of literally any other technique including just embedding an nfc chip and battery to your palm surgically. Which I probably still wouldnโt be thrilled about but
I've see where you can pay with your fingerprint at some venders. It's a similar concept, in terms of single point of failure. Regardless, I hope you're right.
E: **mostly right. I won't embed anything in my skin for payments. CC or cash or phone NFC (and I don't like that one for it's security implications). That's it.
Yep exactly, a single point of failure that also canโt be replaced
{At the board meeting}
Alex: "I wonder if we could do this"
Blake: "Maybe we should talk about whether we should?"
[Blake gets thrown out the window]
{Several months later}
Moss: (sees device at a retailer) what the crap? Terrible idea!
Who needs an NFC chip when you can just place a nail shaped NFC sticker on them and gel paint over them? We don't need implantables; those could get copied anyways and cause the need for unnecessary surgeries to replace them as well.
Buy the tags; apply them to your nails and paint them any color you want; pair them to your phone and use appropriate username + password + 2FA + Fingerprint combos to authenticate to your financial institution.
Lost a nail? No big deal. The tags don't carry financial data; they just provide a URI to the merchant; which can ping your phone/smartwatch and ensure that you are:
Iโm still not understanding why we need chips when we carry a computer every where we go.
And you can rob people by pulling their nails out.
Body parts aren't secure. They're removable.
Stop telling people their body is insecure. Everyone is beautiful!
Except me.
And probably imitable, if not, soon enough.
I like to do this at Whole Foods in front of my anti vax friends and tell them about how cool it is to have a chip that lets me pay by waving my hand.
Embedded RFID? How is it like living with one of those in you? Deviant talks about how convenient they can be for cloning things like your hotel room key.
They let the early adopters get the happy water from the tap. Iโve been getting so much more done lately! Have wonderful day!
spreads anus
โWonder if this worksโ
A true hacker right here, talk about being a skid ๐
Oh, that palm. I thought Palm introduced their own payment method for Palm phones or something.
That's would be better hahs
I still think the idea of tech implants are cool but I've also reached the point where I wouldn't get one unless I learned to build it myself and was in charge of every single aspect of it.
Considering I lack degrees in medicine and computer science, I don't think I'll have them done anytime soon lol
You don't need degrees to hack stuff.
I'd want to get some type of learning before I started to cut myself open.
There's really a body hacking community!
Oh no! I trashed my faithful Palm Pilot (tm) years ago :/
I trashed the Pilot. But I still have the Pre and Pixi haha
Well, one of them has Android now...
Drop the Pilot. Try my balloon.
Someone has 100% put their dick on that palm reader. Guaranteed.
"payment unrecognized. Object too small or too far away. Try again"
a lot more people will have touched themselves, then the palm reader, without first washing their hands
You donโt hold your hand directly on the reader. The camera requires your hand to be about 2-3 inches away to work.
You're not wrong.
๐ฌ
I will forever refuse to do this. That RealID thing or whatever theyโre calling it that the government is doing with the face scan gives me nightmares
Same here. It's called IDme and it's abysmal
Saw this at Whole Foods the other day for the first time and commented to the cashier that it was kind of creepy and her response was โI know rightโ.
Damn, based on the post title I thought Palm Pilots were going to become useful again.
Haha sorry, mate. Yeah, I wish it was that. I'd whip mine out real quick.
I think as long as you stay in the green zone?
Where is this?? Whole foods?
Yup
Yup
bro, come back to me when most stores accept touch emv payments. lol, like each fucking store is gonna know what to do with a fucking palm scan when emv is fucking forbidden magic.
Haha! Good point. It's been "mandated" a couple years ago, right? It's barely anywhere
Interesting regional differences. It's incredibly rare that I find a store that doesn't support tap-to-pay
I live in DC and most groceries don't support it.
Whole Foods wants to use some qr code thing, probably precursor to the palm.
I don't understand what this solves... We can use a card faster than this (a mere tap), and if we forget our card, it's programmed into our phones and even our watches as a backup.
Its meant to save you a step. Before at whole foods you had to get out your phone, open the amazon app, scan your prime QR code, then get a card and pay. This just does all that with an enrolled palm.
I still don't trust it. I laughed at it when I saw it and even the clerk admitted it was dumb.
My dad who lives in a small village (around 5k people) has his account in a local bank. Nothing really differs this bank from big companies. Theyre just local. So my dad has this axcount and we are in a city nearby and want to do some shopping, spend some money on gear etc. But he looks for cash and its not in car. Then, ofc, he looks for his wallet with all his cards and he hasnt it too. So we are kinda fucked up and going back home and to shops would take an hour. (We were low on gas too.) So he withdraws cash with his fucking hand. Fucking hand. Pretty useful tbh but rather not safe.
And you trust the ower of the establishment, of the softwares, of the Internet, and the bank to not steal your data. Right. I wish you to be correctly assured. At least by your bank.
And don't forget, in case of data breach, change your palm.
I didnt say I trust them. Actually, i literally wrote "rather not safe". Aside from that, i validate ur opiniom
I understand the basic reaction. I don't see the safety problem. It would have been sad to have to drive back. I perceive the risk way too high in comparison to the damage.
Someone took the novel "The Java Script Cafรฉ" from "Stealing the network: How to own an identity" (page 141) and made a business model for it.
Why not just with the phone...?
I used my CC and for out of there with my cake.
Because my hands are filthy. I donโt want to get my phone all sticky/muddy/bloody or anything else you can imagine.
All this trouble and they didn't even make the scanner shaped like a hand so you can high five it. Waste of potential.
These types of things never work for me because my skin changes so much ๐
It measures your blood flow and veins using thermal and maybe infrared (?), so your exterior skin doesn't come into play.
LG did this on a phone. It didn't really work, at all
Theirs was camera. This one is camera and thermal. Creepypasta for sure!
Nah!
Smash it!
I'd rather not go to prison. If I were a billionaire, I could probably avoid prison with a good/sleazy lawyer, but, as it stands, I cannot.
"How about I pay with my blood?" Actually, sshh, don't give them ideas!
Peter Thiel is interested.
How is that any different than a credit card number? Itโs still tied to you.
If your credit card numbers get stolen, they can cancel it and give you a new one. If your palm print gets stolen, you dunk your hand into a bowl of acid and are forever known as โsmooth handsโ.
Maybe you can 2fa with an always on gps tracker so you have to be physically close to the POS.
When your card number gets leaked in a breach, you change card numbers. What do you do when your palm print gets leaked? You can't change your hand.
Now I'm curious. Let me know when you try!
Noooope
Looks like fujitsu's palm vein biometric scanner
Only works if the hand is attached with blood flowing, great for South American atms
I can think of several ways to outsmart them. Not easy ways, mind you, but still.
Whelp, it was only a matter time.
And bad legislation.
I've seen that in Lexx!
Whole foods is Amazon, so, kind of yea
Yup
Oh god
It won't be long now until we have the eye scanner things from Minority Report and the only way to protect your privacy is to become blind
I don't get the issue with it ? Why wouldn't fingerprint be the best way to pay for stuff ?
@Mojojojo1993
The #MythBusters know why this is not a good idea.
https://youtube.com/watch?v=MAfAVGES-Yc&feature=share9
@01189998819991197253
So nothing is safe. Therefore???!!
For the same reason this isn't a good idea. Privacy aside, when your biometrics get leaked (and they will), you'll have no recourse, because biometrics are literally a part of your body and you can't change them.
How do biometrics get leaked ? Can they 3d print my finger ? What difference does it make to all my dsta getting sold on the daily ? I don't see how it changes things
They don't need to 3D print anything, only to "side load" the hash (it's more complex than that, but that's the gist). If your ID is tied to your finances, and it gets leaked, you can't change your ID. Your finger/palmprint is always your finger/palmprint.
Right. But can't they do that anyway? Your ID is linked to your finances. You get people stealing IDs all day everyday.
Family Guy did an episode on it.
If I've got your records you I'd birth certificate your job numbers your state details. Address phone emails passport passwords. I'm you. Except I have my biometrics.
Biometrics cannot be forcibly taken. I can't rock up to the bank manager with a severed finger. Yet I can take out a loan in your name without the fingerprint.
For fuck sake our security relies on signature. A badly written name.
This makes me irrationally angry. I feel like if I saw that shit in real life I would have to put in effort not to smash it.
If you don't like it, don't use it. It's extremely presumptuous to assume your extent views on this matter is the only right view to the point you think it's ok to enforce that view on everyone else.
It's just part of the creeping evil of surveillance. Fuck giant corporations. They shouldn't be allowed to basically fingerprint their customers and put it in a database.
Why is surveillance inherently evil? Secondly if other people don't care about this, who are you to deny them what they consider a convenience and don't have a problem with? What gives you a right to impose your beliefs on others?
What part of creeping evil don't you understand? It's the boiling frog. As time goes on we have less and less privacy.
Because you haven't actually explained what makes it evil. Just claimed that it is. Also using a slippery slope argument is always a sign of bs.
Why is less privacy inherently evil of the people giving up their privacy is doing so willingly and don't care for it?
I assume you don't take showers in public. We all have things we wish to keep private. When we give up some privacy we never get it back.
If people paid me to, I absolutely would. As long as i get some benefit in return, I don't care for privacy.