Comment by vostrocity
Comment by vostrocity 4 days ago
I like to go running with nothing on me besides a house key, and it's useful to be able to stop by Whole Foods after the run and buy a snack without a phone, watch, or wallet.
Comment by vostrocity 4 days ago
I like to go running with nothing on me besides a house key, and it's useful to be able to stop by Whole Foods after the run and buy a snack without a phone, watch, or wallet.
Most of my lunch hours, I take nothing more than a five dollar bill.
A slice of cheese pizza is $2, and a bottle of water is $1. Then I sit in the park and watch life happen in front of me.
Very therapeutic.
Wear an NFC ring on your finger.
Unlike your palmprint, you can get a new ring with a new private key if yours is compromised.
It all boils down to the tradeoff between convenience and security. I don't think it is particularly easy to replicate a living hand with all the blood vessels. And it is not particularly easy to get a NFC ring with a secure element compatible with payment terminals.
I thought that the engineering team at Amazon did a great job with Amazon One. I wish someone could pick up the tech and carry on.
Yeah 25 years ago people said stuff like that about fingerprint scanners, and then they got hacked by literal gummy bears:
https://www.theregister.com/2002/05/16/gummi_bears_defeat_fi...
For 2020's-era palm scanners you don't have to replicate a 3D hand -- just like a video chat doesn't replicate my 3D face. You just have to emit photons (some of them infrared, yes) in the correct pattern. The hack won't look like a 3D-printed hand, it'll look like a display panel that works beyond visible wavelengths. It'll probably be some device developed for a totally unrelated market, and then one day "whoops, all those palm scanners are 0wn3d" (natürlich auf Deutsch) will be a talk title at CCC.
But all this is academic. The real problem with biometrics is that when your password is a body part, you can't change your password.
I agree and I get it. But at the same time, it is only used for payment and discounts at grocery store. Payment with a card is even less secure here in US. So, I do not think that Amazon Go was particularly unsecured since it was just for credit card payment.
If someone manages to replicate my pulsing blood vessels from my hand and trick the scanner, that would be fine. I would dispute the purchase, and the store would not even pull the camera footage, and just refund.
Amazon Go was not used to hold access to bank accounts or crypto wallets. I think it was a good technology and balance between convenience and security, for the purpose (grocery loyalty and payment).
A twin or even sometimes a relative (son and mother) can open an iphone and its banking apps using the facial recognition. That is more concerning to me than Amazon Go palm scanning for groceries.
I've consciously reduced my pocket contents from car keys+wallet+phone to driver's license+phone. I'd love to be able to get rid of the phone sometimes.