Hacker News new | past | comments | ask | show | jobs | submit login
Mastercard investing in technology to identify commuters by gait, heartbeat (marketwatch.com)
331 points by kick 5 months ago | hide | past | favorite | 157 comments

I believe that these kinds of applications are central goals of the 5G deployment project.

This can already be done with ordinary WiFI hardware. Here is one of multiple papers about it:

- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5713643/

How much easier will "device free localization and identification" be with 5G's higher frequencies and beamforming antenna arrays?

Consider, why else would people be writing papers like these?

- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6929065/

- https://www.researchgate.net/publication/337698696_WiFreeze_...

- https://www.5gitaly.eu/2018/wp-content/uploads/2019/01/5G-It...

- https://dl.acm.org/doi/10.5555/3324320.3324370

- https://ieeexplore.ieee.org/document/7947692

I don't like the way 5G is pitched to the public. It feels icky. All the marketing is like "this will change the world and bring internet to rural areas plus you'll be able to watch netflix on your phone omg can you believe that!"

But in a few years they'll suddenly be saying "Awe golly shucks whaddya know, who knew 5G radios can also be used to spy on your aging parents breathing habits... how convenient! Now we can send an ambulance before you even call!" etc.

I've just sent this link to a friend with a comment which I consider too uncouth to post here. Needless to say, this stuff scares the shit out of me.

I'm far from being a tech Luddite but if this stuff continues to go the way its going without any public discussion and oversight and strict concomitant regulation then we humans will effectively lose all of our autonomy—we'll cease to be humans and become automatons who are scared of our own shadows.

Essentially, this tech has the potential to relegate the traditional authoritarian police state, the Stasi et al back into the kindergarten class—we won't know what's struck us if or when this happens.

There are evil techie shits in this world who dream up evil stuff like this, we normal techies need to rally against them before it's too late.

This is a prime example of why the study of ethics has to become a major and significant part of all science and engineering courses. It won't change human behavior but mandating it into courses will ensure that everyone understands the implications of their research and work.

That's to say that in future no techie would ever be able to use the Nuremberg Defense after they've caused the shit to hit the fan.

Blaming engineers for what is essentially a political issue will not solve the problem. There will always be smart people willing to work for either a lot of money or in the name of national defense.

If you want a change, work on and fix the political system. Get laws passed that will prevent this, and get oversight put in place that would prevent the under-the-table surveillance that seems to be more and more previlant.

No, absolving engineers from responsibility is the wrong move. People are responsible for what they make: hiding behind "oh it's the system's fault not mine!" is morally bankrupt. It's literally being a coward.

US is way behind europe in consumer protection which is ironic as US used to lead in this.

And there will always be strong young men willing to commit more immediately tangible atrocities and brutalize the weak, for money or national defense.

What would techies rallying against them even do compared to anyone else? I mean sinister half-mirror surveillance shit like this is bad but I don't see how them being against it is relevant to stopping it. Adversarial patterns maybe but that doesn't seem very effective as a counter.

Especially when sinister mass surveillance approaches tend to be big, dumb, and not caring about accuracy because it is incidental to their goals. We have been screaming at them about how fighting cryptography only hurts yourself and that their use of facial recognition at scale is illiterate but they don't care.

Techies like is HN users need to be more willing to accept less pay in exchange for it making the problem worse

Holy hell.

I used to be mildly pro-5G and vocally contra people contra to it, on the grounds that all the objections I've seen were a variation of "I don't understand what non-ionizing radiation is". But I see I didn't think far enough about what's possible with that tech - therefore I failed to apply my usual heuristic ("anything that's technologically possible and economically feasible will be attempted, no matter how immoral it is").

I'll be reevaluating my position on this (for what little it's worth now). Thanks for bringing it up!

It is kind of sad to see. The carriers saw "hey all these people are giving away WiFi for free and not giving us money", so they fixed the glitch and just made their own version of WiFi that they get money for when you use. Imagine a world where the WiFi alliance said "fuck it, 802.11 is dead, we're going to use modern technology" and just developed 5G technology but in an open way that anyone could use? Things would be a lot better. But here we are, with backwards compatibility for 802.11b that eliminates any chance of ever getting good performance (except in an RF test chamber), and so companies are just routing around the damage and turning WiFi-alike into a profit center.

At one point the mobile carriers were just planning to just flat-out steal the unlicensed band: https://en.wikipedia.org/wiki/LTE_in_unlicensed_spectrum

I haven't heard any arguments about how 5G is going to come to rural areas, however. I think the backhaul requirements are pretty heavy. So in Manhattan, probably going to work out quite well. In the middle of nowhere? We'll see about that.

>I haven't heard any arguments about how 5G is going to come to rural areas, however. I think the backhaul requirements are pretty heavy. So in Manhattan, probably going to work out quite well. In the middle of nowhere? We'll see about that.

Presumably it will come there by being built? Rural is a crap market that only sort of gets serviced, I don't see how anyone can make a good faith argument that rural users should hold out for... I don't even know what. There's political momentum around 5g which means that there's money on the table for a rural 5g rollout. Why would any industry player waste their time laying cable in the countryside more than they have to? 5g in cities is promising not for the reasons you mentioned but simply because it's a work around for local monopoly laws.

Starlink is probably Rural's best bet.

What's wrong with 802.11?

Nothing at all! 802.11ax is fast and efficient!

Listen-before-talk instead of CDMA (or better).

That's scary. We're handing over great powers to the governments/corporates, needless to say it will be used against us.

Agreed. can we just live in a world where we can have a little bit of privacy. I'm OK using a card to pay for a journey, if that means it takes me a few seconds longer to take it out of my wallet.

Alot of this kind of technology is implemented without your consent, take facial recognition in airports. You have to go through the process with no easy alternative.

The comment 'if you have nothing to hide, then you have nothing to worry about' is so old and such a weak argument. People have fought for years to defend the freedoms of people and it is being thrown away and disregarded by corporations and governments.

How quaint. Extrapolate 100 years into the future... we live in a zoo ruled by AI and very few people if anyone in charge. No one can escape or make any meaningful choices of any consequence. Maybe they will partially be in a hive mind and maybe not.

And along the way, we were always saying “ooh, this will be used against us someday”. Well of course all this will be built and “used against us”. How you gonna stop progress?

As an individual, I can decide to not work on such things. Didn't Google employees take a stand against something similar? and Google had to backtrack.

I not only understand this sentiment but also live myself by these rules. But for every person who refuses to work on this type of tech there are hundreds ready to fill the gap and happy to defend and gaslight critics.

We've been playing this game since decades[1] and the pace has been accelerating (and keeps on doing so). There is no way to stop this because the state always plays the long game, and the odds are rigged against us.

[1] Jacques Ellul "The Technological Society" (pdf) https://archive.org/details/JacquesEllulTheTechnologicalSoci...

[2] James C. Scott "The Art of Not being Governed" (pdf) https://libcom.org/files/Art.pdf

[3] James C. Scott "Seeing Like a State" https://yalebooks.yale.edu/book/9780300078152/seeing-state / pdf: https://libcom.org/files/Seeing%20Like%20a%20State%20-%20Jam...

I will always upvote James C. Scott. More people on this site should read his stuff

Agree. I haven’t read all of Seeing Like a State yet, but it does contain quite a few hints about how to protect yourself from the power of states.

For example, states like to make their subjects “legible” to the state in specific ways, so deliberately becoming illegible is a defense mechanism.

Personally, I have been enjoying that the facial mask has surely been making facial recognition more challenging, though of course this is short-lived.

Not only have we been playing this game for decades, because of the ratcheting effect of so many privacy infringements, it's almost impossible to go back to a happier time.

If someone else works on it, then it will still happen. And what then?

Often there's a talent penalty to morally questionable projects.

That just means they're crude and oppressive as opposed to smooth and oppressive. If you're expecting the market to fix this problem, it won't.

companies are perfectly capable of compartmentalizing information and also adapt/evolve their messaging so it never looks as bad from the inside. this works for both very large companies and start-ups.

And rational, smart employees can still be gamed with the simplest of tricks, e.g. "What the Thinker thinks, the Prover will prove." -- Robert Anton Wilson https://www.seriouswonder.com/raw-what-the-thinker-thinks-th...

It depends on how you frame the "morally questionable projects".

There's no talent shortage for 5G.

I see no talent shortage for special forces that go in foreign countries to maim and kill all in the name of freedom and democracy.

Of course it will happen. It's like atomic energy, some physicists decided to not work on it and some did work on it. There's nothing we can do about it.

AI can’t even drive a car in the snow, I’d give it more than a 100 years before I’m in a zoo made by one.

> "this will change the world and bring internet to rural areas

while the reality is that if it is difficult (and expensive) to deliver internet to rural areas using 3G/4G, it will be more so with 5G with its higher frequencies...

Fascinating read thus far ( I have only gotten through device-free localization ). Thank you for sharing these.

I am somewhat concerned that even that overview paper lists law enforcement as potential future customers. The target audience is clearly well-defined.

At least in the usa, the elderly are a severely under served community. Predicting an emergency based on observed biometrics would be incredibly useful to many of them and these sorts of dismissals are exactly why the digital privacy movement has increasingly lost steam with regular people.

I'm not contesting that these technologies and services aren't also going to be used for dubious purposes but the idea that they have no social value is a meme for privileged people who earn enough to be dismissive of the potential savings.

> Predicting an emergency based on observed biometrics would be incredibly useful to many of them and these sorts of dismissals are exactly why the digital privacy movement has increasingly lost steam with regular people.

Nothing about predicting an emergency is incompatible with privacy. It could be done by your own device under your own control without disclosing the data to any third party. The only necessary third party communication would be the call for help, which itself would only happen in an emergency and not under normal conditions.

But that isn't how these things are implemented. Instead they typically upload your sensitive personal information to a corporation, which not only has no benefit to you, it commonly gets used against you as they use it to influence your behavior in ways that increase their profits (i.e. increase your costs).

Having a high resolution radio thing which is completely under your control can be an interesting feature. Having a high resolution radio thing which is in your living space but under someone else's control is an outrageous privacy violation that most people would strongly object to if they understood the implications. Which makes it little surprise that the purveyors prefer that people not understand the implications.

My point was that monitoring elderly people will be an early PR justification for mass, omnipresent biometric surveillance. And they'll act like it's some big surprise discovery that they're just now making even though it's been the main plan all along.

Plus, why would you need omnipresent biometric surveillance to do what localized monitoring could do just fine? By all means, use local mm wave radar if that's useful, but why impose large area biometric surveillance onto hundreds of millions of people without transparent opportunities for consensus?

And my point was that your comment came off as dismissive towards the topic of the justification. The parallel point was that presenting this sort of dismissal might fly on Hacker News but it's also why mainstream support has been iffy. I'm not arguing that the entire apparatus is good simply because it can service the elderly, I'm arguing that having a dismissive attitude towards these types of micro-issues, like helping the elderly, is why the movement has been losing steam with the general public. The general public has general needs and dismissing services because of lofty abstract principles might make for appealing tech-centric arguments but it totally fails to provide an alternate solution to the original problem. The topic is political in nature and so political desires can't be ignored or else support will wane.

Stating concerns about the ever increasing erosion of our rights is not a dismissal towards the elderly. Or the children. Or victims of crime. Or people living in the fear of terrorism. Or whatever other excuse that's used to justify abuses of power.

> At least in the usa, the elderly are a severely under served community.

A statement that requires qualification to be meaningful. Medicare, Medicare HMOs, and Medicare/Medicaid dual coverage add up to giving elders better healthcare coverage than any other demographic in the US.

Falling, and the injuries / changes in quality of life that falling brings, is a serious issue for seniors. https://www.ncoa.org/news/resources-for-reporters/get-the-fa...

A few years ago, I worked for a small startup looking to use wearable devices to detect early changes in gait as a means to effectively deliver early intervention techniques. The science around the topic is solid - there is good research backing which parameters of gait are most predictive and what therapies are most effective for any given scenario.

The problem we always encountered was compliance. Customers (senior living facilities, insurance agencies, etc) want to know that the devices are being used. Seniors are notoriously slow to adopt tech, and adding another device to daily life is the last thing most seniors that we spoke to wanted to deal with.

We got to interview with YC for this idea but were rejected. Skimming the companies from that batch I later found https://www.totemic.com/ They use back-skatter technologies to provide a compliance-free fall monitoring system. After spending two years in the problem space, I knew a superior solution when I saw it.


Making a throwaway account isn't license to be rude to people.

Do better.

not sure how pervasive biometric monitoring is supposed to address elder abuse, but "elderly are a severely under served community" is perhaps the most historically rootless and wrong-yet-unfalsifiable thing i've read this week. 'bad things happen to some old people' is not contrary evidence and has nothing to do with the medical attention and resources available for the elderly in our society in both absolute and relative terms.

The example was already given, biometric monitoring could be used to help elderly people who want to maintain their freedom instead of being shoe-horned into a home but it could also be used to decrease staffing costs as well if it can be done in a non-invasive (in the medical sense) fashion. I'm not sure what your grudge against the elderly is or why it's hard to comprehend that as people age their medical needs increase but nothing about this is news to people who work in a field that services older demographics. This whole line of dialogue is a red herring though because, regardless of if you agree or not, the point was that this sort of technology has real use cases that are driven by consumer demand. You can romanticize these experiences all you want but the reason that tech like this finds consumers is because it's meeting real needs. This idea that the populace at large is only okay with data collection because they don't understand it is just a way for privacy advocates to sidestep responsibility for any useful tech that their policies might render impossible.

You could also tag bad cardiological readings for a bad credit score. Elders would really love that. They cannot even hold back with their demand. This is why you hear screams of joy if you mention 5G in homes for the elderly.

This is at the "think of the children" level of argumentation.

Give them an apple watch, it'll do a better job as an emergency device, without compromising everyone's privacy, and at a fraction of the cost.

I read a (just okay) near-future cyber dystopia novel called "Little Brother" once. It had this interesting segment where gait recognition was being used to track people instead of facial recognition because it was more reliable (I'm not sure whether this is true in reality, but regardless).

Anyway. The main character had an easy way of breaking it: toss some gravel in one of your shoes. It'll disrupt your natural walking pattern in a randomized way without you having to even think about it.

I like to imagine a future where all pedestrians move about like they're from the ministry of silly walks to thwart gait analysis.

It would be humorous at least to know Monty Python was ahead of its time in more ways than one.

It's weird to think that Razor scooters or skateboards might be a privacy tool of the future.

Alternate dystopia:

The AI identifies anyone who has an abnormal gait (e.g. due to a handicap or physical deformity) as likely attempting to evade the system and therefore flags them as a bad credit risk.

Was it Little Brother by Cory Doctorow?


(he makes most of his books available for free download)

Yes, the setup was that the school implemented gait detection for students.

I think so!

This is a real technique from the espionage world. I heard the CIA's former "Chief of Disguise", Jonna Mendez, mention it in an interview a few years ago.

"gait recognition was being used to track people instead of facial recognition because it was more reliable"

Very possible today; it can be accomplished by using the accelerometer almost everyone has in his/hers cellphone. No camera needed, and who wouldn't give apps the permissions to access the accelerometer?

If I remember correctly they had implemented gait recognition in the school because facial recognition was not allowed, not because it was better.

Until they isolate the gravel in shoes gait.

Theoretically it would shuffle around and be different sizes each time, so it would never be quite the same. And you could alternate shoes to mix things up a little more.

Of course if you're the only one with gravel maybe that would stand out. Which is why we need to get everyone on the same gravel-based onion network :P

We could make a shoe that shifts water around in the sole over time.

Kind of like active suspension in a car, it would randomize your gait but I suspect it won't be so easy and that a certain arms race of detection vs confounding / mimicking would ensue.

All this is heading towards a small fraction of the human population controlling and watching everything the rest of us do, with no way for us to do anything against them, and I cannot help but hate the engineers who are helping to make that dystopia happen.

Western developers who work for such surveillance tech (and that includes "mere advertisers" like Google and Facebook) should really go get an honest taste of life as an ordinary citizen in authoritarian countries like China or the rich Middle East.

I would like to opt out of this, but how? I don't think my life has improved in the least since my bus pass stopped being a piece of paper I replaced every month. Physical cash is a good concept, it works and it would continue to do so until the sun burns out. Even before we get to all the derived socio-political consequences of all of this, it's just not necessary at all.

> I don't think my life has improved in the least since my bus pass stopped being a piece of paper I replaced every month.

Did you use the bus a lot when they only took cash? Hope you carry small change because the driver won't take a 20. Hope you like waiting whilst someone counts out coins. Hope you enjoy watching an argument when someone is 10pence short of fare etc etc etc.

Contactless payments are in general significantly easier and quicker. I reckon the time for 10 people to get on a bus now is less than half what it used to be on average.

Some places only took paper - prepaid tickets you (possibly) validated in machines and paper monthly passes. Other places would have a driver and a conductor for paying/checking tickets. Neither of those involved the bus waiting for people to pay, and many of these systems are still used today.

I liked when my train started offering digital tickets. I switched to using their app immediately. The first of the month would have very long ticket lines and you would have to arrive early. Not to mention their system always having load issues on the first of the month. Using the app, I could buy my ticket as I sat down on the train.

I feel your comment, perhaps inadvertently, really describes the whole issue. Privacy has been traded for convenience, bit by bit, app by app, and very few seem to still care about what has been lost along the way.

I include myself in this, I signed up for my auto-renewing subway pass as soon as I could. I worry about this culture of acceptance of convenience over privacy, and I don't feel there is much I can do to stop it even in my own life. All of my friends have Venmo for example; am I going to be the one person they can't easily split bills with? and look like a tin-hatter all the while?

On our train network, you can buy paper ticker anonymously, or you can buy e-tickers with your name on it.

They don't really need your name to reasonably prevent fraud / reuse, they don't even check your name/id. GDPR says you shouldn't collect PII without good cause, yet noone cares to do anything about it.

This dystopia is more about convenience. Losing freedoms for convenience. Nothing you can do but opt for the least convenient systems. And be looked on by others as backward.

Or ask for government to allow and prohibit such systems. But then you will have to give government the key. You will have to trust one entity.

People create things like cars. But they trust society to regulate those instruments. Don't blame the creator.

For those who wonder why Mastercard would look at biometric options when we already have things like NFC based payments, here’s a reason:

Most payments require at least two factors, e.g. you must be in possession of a card AND know the PIN. Or you must be in possession of a phone AND have it unlocked with your passcode or FaceID, etc. It works well but it’s not perfect.

Biometrics like unique vein patterns give you two factors in one. You must be physically present and alive, otherwise your veins would have no blood flowing and there was nothing to capture and secondly your vein pattern must match the “fingerprint” which is you. That’s much stronger authentication than many other schemes and if it was linked to some sort of payment method and potential even identity service then you could not only pay with your biometric but you could also pay for age restricted goods such as alcohol since it would be physically impossible for someone else to use your hand to buy stuff.

It’s possible for a kid to use your card and pin or phone and passcode though. So there’s the case for biometrics in the future.


Also something like a vein driven biometric would also solve the problem of proving that the person was physically at the point of sale and could hugely reduce disputes and fraud.

There’s loads of value in these new biometrics if they turn out to work well.

I'm not a security expert, but I really don't think "a living thing walked through the ticket stall" counts as a second metric.

A couple of more general objections:

First, you're assuming that biometrics can't be faked. This is not a safe assumption to make -- most biometrics can be faked: DNA, fingerprints, even facial recognition. It is entirely possible that gait recognition and vein patterns also fall into that category.

In a world where biometrics can be faked, they are strictly worse security than a near-range NFC device, because your biometrics get broadcast all over the place all the time, you can't turn them off, and you can't easily change them if they get compromised. Think about why social security numbers are so bad for security. That same reasoning is why stuff like fingerprints are not a good authentication method except as a (very limited) second-factor.

Second, security is only as good as its weakest link. Even if biometric authentication was more secure than an NFC chip, it doesn't matter, because you can't get rid of the NFC chips. Biometric authentication like gait analysis fails for people in wheelchairs, it fails for people wearing dresses, and it fails for anyone who stubs their toe or gets new shoes with different support. Regular people will need to regularly fall back on another authentication method, which is probably still going to be NFC.

Biometric authentication works well when it's provided as an authentication shortcut. The real authentication on my phone is the password, but because I'm not too worried about my phone security, I let myself bypass that password with a (less secure) fingerprint reader.

You can 3d print vein patterns trivially

> You must be physically present and alive

nice, this will finally solve that extremely awkward present-but-dead user flow.

That was never an issue with credit cards. With their margins they could easily afford a fraud here and there, instead of making card usage more burdensome.

Yeah.. It's most definitely to protect their customers from kid-thieves. The biometric data will certainly be used only for authentication and nothing else.

To be fair some biometrics give you the same level of privacy as your bank card. Mastercard doesn’t know any less when you pay by card or NFC. They know where you were, what you buy, how frequently, etc., it doesn’t give them any more or less “tracking” information wether you paid with chip and pin or my scanning your hand.

The latter just gives you as a consumer more fraud protection, something which can’t be stolen or forgotten and something which is more convenient. For example you can go to the beach without your wallet. I personally think there is a future in here which is a win for both parties.

>> I personally think there is a future in here which is a win for both parties.

Let's hope that is the future they're after.

So passwords are also two factors because you must be physically present and have a text input device?

Most people I know now access their phone with fingerprint and can transfer fairly significant amounts of money from a banking app on that phone by doing a second authorisation with the same fingerprint.

I'm honestly surprised that I've yet to read an account of this attack vector being exploited, but it doesn't seem safe to me.

> So passwords are also two factors because you must be physically present and have a text input device?

No, password is 1 factor. An input device <> YOUR input device which you had to specifically configure/authorise to enable for NFC based payments or banking on your app. You cannot log in with your FaceID on any iphone which has your bank’s app installed and then do payments. You must have the app on your device and initially authenticate with much stronger credentials before your phone is then permitted to use FaceID subsequently. This is only allowed on the premise/assumption that you would have never done it on a stranger’s device and therefore your personal device or to say the possession of it is seen as an additional factor after initial setup.

Someone could find out your password and use your card. Doubt someone can perfectly steal and use your vein pattern and gait.

Remember, biometrics are not supposed to be a replacement for passwords, they are supposed to be an extra auth factor.

>There’s loads of value in these new biometrics if they turn out to work well.

And terrible consequences if it is used badly, AND IT WILL BE USED BADLY.

Basically is the barcode tatoo of the Nazis. Something that serves to identify you when they want(on the street, bus station, even using telescopes or 500 Megapixel aerial cameras) without you giving your consent, all the time, but automated with computers.

I have actually worked on systems like that, IKEA for example tracks their customers with cameras, and it is extremely creepy.

I am from Spain and I was drinking moderate alcohol since I was 11 years old, like wine and Cider on the table with my parents. not a big deal.

Most of my friends did the same and none of them is alcoholic. On the contrary, we did not need to get drunk in order to feel adult, like all the UK, french, American and german kids(18-22 years old) drinking and fucking in Magalluz like there is no tomorrow because they were repressed all their lives.

Your comment portray two main ideas: 1.This is good because "Think of the children".

2.All the problems are technical.

Idea number 1 is consequence of a puritan idea of the world, that is debatable.

Idea number 2 is the CSI idea, totally wrong. Having worked in security, most security problems are not hackers cracking codes from their computers, but social engineering.

Things that happened to us: The boss of a company telling us to improve the security of the company, then this boss using sticky notes with the passwords. Someone telling his-her lover. Prostitutes being hired as spys. Bad people disguised in order to access the system. People on payroll coming from bad guys giving access.

In the real world, most problems are not technical. If a kid wants access pornography or alcohol, he will find a way. Like drugs, if demand exist, supply will appear.

France and Germany have pretty healthy relationships with alcohol. America yes, because of the 21 year old thing and college campus environments. But I'm French and had the same experience as you: drinking red wine at the table once in a while, a sip of this and that, never felt the need to get drunk, alcohol was never a big deal as I grew up.

I'm comfortable with Apple implementing biometric authentication, for convenience, because I trust them to let me retain control over my data. FaceID data doesn't leave the secure enclave.

The For Convenience part is essential: FaceID is a liability to security. It improves usability of the security, which means people will actually use it, but it does not improve the security itself.

It does mean that you can use a longer passcode (encryption key) because you only need to enter it on reboot and after enough negatives. (You can also squeeze both top buttons to disable FaceID)

> because I trust them to let me retain control over my data.

Don't. Any corporation is an unaccountable leadership change away from a total 180 on privacy, and they absolutely will do it if they start to miss their growth targets consistently.

Sure. I won't buy an iPhone without first understanding how it handles my biometrics.

Right now they are trustworthy, and I'm happy to hand them my money and use FaceID.

Though I'm an optimist in general; I do expect morality of Apple as a corporation. They have shortcomings there, particularly around iCloud backups and China.

I wouldn't say I'm naive, I research this stuff a lot, and Apple in particular is a different breed than the likes of Microsoft. Microsoft being a distinctly amoral corporation like a lot of others, as evidenced by not being able to do an offline install of Windows 10 after you've taught it your wifi password (you have to turn off your router or take the computer out of range). Amazon is an example of an even more fucked up corporate organism.

Capitalism has morphed into something awful after we stopped expecting morality. I think your pessimism is useless, and serves as an indulgence.

Please don't take my previous comment as some kind of indictment. I appreciate you being conscientious about your decision.

> I think your pessimism is useless, and serves as an indulgence.

Nah, it's a defense mechanism, and a simplification of my life. One less thing to worry about. I got enough things to worry about, so this actually saves me mental load and reduces the number of dependencies in life.

> Apple in particular is a different breed than the likes of Microsoft

They are publicly traded companies and if the value in the data can be legally leveraged, it will be done at some point. The same happened with Google. I think you are just influenced by their marketing, which is admittedly pretty good.

I think expectations towards any morality are shaped by experience. But in any case, why should I make myself dependent on Apples morality? Personally I wouldn't do that for convenience. FaceID just doesn't solve any problems I have.

FaceID let's me use a numeric passcode that takes >5 seconds to input without it being a sacrifice to daily life.

To be clear, Apple does not give itself access to the biometric data. I'm not trusting them with it, I'm trusting them not to take it.

And yes, there exist companies that don't try to eke out every bit of information possible about you. Google was doomed from the start because of their business model. Microsoft can start respecting users any time, they're choosing not to. It's good business to, I don't give a damn what the stock market says today.

> There’s loads of value in these new biometrics

For consumers, not so much. (consumers are already protected from fraudulent charges, and decreases in fraud will not pay off monetarily for them).

the cost of that protection is passed over to the consumers one way or the other, I'm sure

Costs of ubiquitous surveillance will be passed too, as it already is, in a more insidious and harder to track way.

Maybe? I would actively resist any attempt and/or never use a thing that required my biometrics to a private party without good reason. Once somebody has them, you're screwed. For life. You can't change that about yourself. Why are we incentivizing people to spoof / fake them? Why are we encouraging people to use these things? Please no. No more biometrics. I will not do it.

Although you are making great points I think you are double counting.

Vein biometrics aren’t any more “two” things than most other biometrics.

This exists, it's called BiyoWallet:


And here, it’s called Fingopay: https://fingopay.com

And, more generally, one specific instance is called UnifyID: https://unify.id/

I guess that the two factors requirement depends on location, as here I can swipe my card anywhere, and at most I need to do a small squiggle and I'm good.

Also, on the net I'm free to use my card, no squiggle required. I do have to provide PII beyond what's on the card, but nothing that is really secret to anyone but me.

There’s 3DS and other secure schemes to move away from weak card payments such as the one which you described. Merchants are being penalised with fees for accepting non 3DS or Verified by Visa secured cards at the moment.

I had to search for what 3DS means. You can see in the Wikipedia article that the protocol is still far from being implemented globally .


This is just so hilariously absurd. Transit ticketing is a solved problem. You don't need fuzzy gait recognition when a $2 NFC card works 100% of the time.

Your mistake here is assuming this has anything to do with transit ticketing... </tin foil hat>

we're in 2020, get a faraday hat for goodness sakes.

also, ever notice those new stair gates with the large screen ads on elevated MTA stops lately? wonder what kind of sensors are running in there.

Data Science applications expand to fill the available labor pool, I guess.

If they need people to work on useless shit for 6 figures, I'm definitely available.

Can we have ethics yet?

Who needs ethics when we've got big business?

It does indicate MasterCard's lack of confidence in smartphone NFC security. I will never enable it because it's too vulnerable to exploitation.

What type of exploit are you talking about? Makes you think wifi/bluetooth/gsm isn't vulnerable as well?

640K is more memory than anyone will ever need.

I don't understand what you're getting at.

It's not just that ticket scanning solves the problem at low scale, it solves it permanently. At the point where the number of passengers on a train/subway scale to the point where it's infeasible to ask each of them to scan a card, it's also scaled to the point where you need to build new trains and more terminals -- at which point scanning paper cards becomes feasible again.

I'm wracking my brain trying to come up with a scenario where tickets don't work better than gait recognition, and I can't come up with one.

It's not that tickets are enough, it's that they're better.

> I'm wracking my brain trying to come up with a scenario where tickets don't work better than gait recognition, and I can't come up with one.

When the profit to be made is from ubiquitous surveillance, and doing it for public transport ticketing is just a convenient justification.

>It's not that tickets are enough, it's that they're better.

Especially if you want any sort of anonymity/privacy in public...

> a scenario where tickets don't work better than gait recognition, and I can't come up with one.

"How many Amazonian trees are cut for yearly need of tickets in London?"

If you're worried about the environment, recyclable paper stubs and small plastic/magnetic strips all seem pretty preferable to building, maintaining, and replacing hundreds or even thousands of high-precision sensors across a city.

The power draw from a camera is probably always going to be higher than the power draw from a short-range NFC reader. And the NFC reader is also probably always going to be less delicate and last longer, which is good because the environmental downsides of throwing away paper are negligible compared to the downsides of sticking electronic components in a landfill.

Honestly, probably zero. I'd be surprised if many corporations are making paper out of anything other than farm grown softwoods.

Heh, and remember to think about all those children needing to fell those trees.

Between ubiquitous Oyster cards and being able to pay-as-you-go with a regular contactless credit/debit card, I suppose it's close to zero.

In most places you get a reusable NFC card.

It could potentially be used to prevent people boarding without a ticket.

I'm not sure I agree. People board public transportation without tickets because they can jump turnstiles -- the authentication mechanism doesn't really factor into it.

The way you prevent hoppers is you add a full gate that only turns once a person is authenticated. And then separately you authenticate at the gate using a sensible system like an NFC chip or swiped card.

Now, maybe the plan is to get rid of all of the gates then automatically bill hoppers later, so it won't matter if they board without a ticket. Let's ignore the fact that this would require a city-wide database of biometric data for everyone using the subway. Even assuming a city can pull that off, you really don't want to be using an authentication mechanism that can be circumvented by a burqa/hoodie/mask and a dress/crutches/pebble. So gait analysis isn't even particularly good for after-the-fact identification of hoppers.

I think a better plan would be to just make public transportation free. Now you eliminate the problem of trying to prevent people without tickets altogether. Decrease pollution & congestion, reduce friction in travel, and make the economically disadvantaged more equal.

> It's not that tickets are enough, it's that they're better.

Only slightly sarcastically: you’ve got it backwards here. If tickets are better then biometrics that’s why biometrics will win.

I went to London recently. The mass transit there supports both an old-fashioned NFC Oyster card and a contactless pay-by-phone option. Culturally, it seems like the whole city is shifting toward the latter option. There's a huge convenience advantage in minimizing the number of objects that you have to carry, retrieve, and put away in your day-to-day life. In China, this trend is even more advanced: payment by facial recognition is widespread there. Is that such a bad thing? Think of how much more fluid life must be without commercial friction.

I already pay by facial recognition: I look at my phone, and then wave it at the kiosk.

I would prefer not to replace "something you have and something you are" with just "something you are", I consider that a regression.

As an anon on Twitter likes to put it, it's inconvenient to rotate your face after a data breach.

Gait detection for payment is some ableist bullshit.

Sprain an ankle? Walk on it, because you can't use the subway. Tear some ligament in your knee? No bus for you. Pull a muscle in your lower back? Sorry, Quasimodo, you're out of luck. Sciatica? Stop trying to steal services, you fraud!

At the least, these systems have to be backed by some other system that would need to be kept in place. So maybe just use that for everyone.

This tech won't be used for payment processing. It will be used for governments to get a decent idea where people are going while being able to track them if they switch to a new card.

This is a fluff piece about some project MasterCard has thrown a bit of time and money into. The whole interview could be set up to validate the projects very existence. I remember one a while ago about Microsoft researching if it was possible to measure someone’s level of frustration though their mouse and offer custom help/support wording based in that.

Of course gait recognition/biometrics isn’t going to replace ubiquitous NFC payments for transit, just as windows isn’t ever going to tailor its help messages depending on how hard you are gripping the mouse.

But sure, invest a bit of time into it, you never know. I believe the term is throw enough shit against a wall and see what sticks?

I have no visual memory. I’ve spent a bit of time thinking about how I remember people and how they move is a big part of it. I know a man who is very still. Like abnormally still. He was married to a dear friend who passed away and use to regularly visit a place I use to work. I never remembered him. I knew I was supposed to know him but got it wrong every time, until u realized he was really still and when I saw someone who was still, I knew it was him. Not just walk, but breath. I thought it was pretty neat the first time I read about identifying people by their gait.

What a bunch of nonsense. If they cared about fraud, they would have ditched magstripes in the US a long time ago.

Good luck using gait recognition on crowds of thousands of people per hour, many being partially occluded, in a reliable manner. I can't see it comparing to RFID cards anytime soon. Best I can tell, current state of the art is still limited to a single individual, in the centre of the frame, in a perfect profile shot.

This comes off as a puff piece devoid of any critical thinking.

Perhaps they just mean to use it at point-of-sale instances. Instead of entering your PIN, you now have to prance around in front of a camera for 10 seconds.

Deploy countermeasures: administer the silly walk!

I use an electric wheelchair. I'd like to see them try to identify me by gait. (yes, I'm likely more identifiable by other means)

Future Supreme Court ruling: "You have no expectation of privacy in your gait or heartbeat while walking in public."

> "You have no expectation of privacy in your gait or heartbeat while walking in public."

Well, yeah. What would gait privacy even mean? That the law would prohibit you from using your eyes to notice that someone is walking a particular way? That's absurd.

Okay, my original comment was probably more vague and snarky than HN deserves, so let me elaborate on my thoughts:

1) This will develop to the point that someone sues over this, but gets smacked down because it's based on publicly accessible information.

2) It underscores that current jurisprudence is out of line with our intuitions about what constitutes norm-violating invasions of privacy.

3) Yes, it would be absurd to expect others to shield themselves from noticing your gait. But the problem is, like with all the other things we don't have an expectation of privacy in, it feels a lot more invasive when it's collected by a machine and aggregated in the large and correlated with every other data point about you. Jurisprudence, in America, doesn't seem to have a language for capturing that and so doesn't recognize it.

(Heartbeats, for that matter, are something humans don't directly observe by default in normal everyday encounters.)

The way you use data is taken in to consideration by the law. If I take a photo outside and you happen to be in it then thats legal. If I follow you around every day with a camera pointed at you then its not legal anymore even though its the same data.

> If I take a photo outside and you happen to be in it then thats legal.

In the U.S. Other countries, however, have decided that private individuals should not be subjected to having their face stored in a permanent record without their consent. Thus the photographer is required to take the extra step of anonymizing the photo (e.g. by blurring faces) before publishing.

The issue isn't a given person observing you, it's organized surveillance augmented by technology.

Hey, I bet this shit will be done exclusively for the good of us their customers!

I was thinking in the context of SARS-CoV-2, in a world where data collectors were trustworthy, it would be useful to be able to track the movements of people. We already carry homing beacons, and technologically there's nothing restricting our phones to record their locations.

So a scenario where if someone is sick, everyone who was near them in the last 3-4 days could be notified. Or this traceback could also find the person who infected them and where they did it. Just to make it more accurate, the phones could also be able to scan (e.g. with Bluetooth) which devices are nearby, at any time.

It would be technologically awesome, but obviously it's not something I want in the hands of the authorities of today's world.

China uses CCTV instead: https://www.reuters.com/article/us-china-health-surveillance...

>It would be technologically awesome, but obviously it's not something I want in the hands of the authorities of today's world

not only do I not want it in the hands of authorities, I would want it even less in the hands of citizens who will go into paranoid neighbourhood watch mode. The ring doorbell is already the prelude to this. Ubiquitous surveillance by suburban soccermoms is an even more dystopian scenario than the Chinese Communist party

Measures like this make me think that a lot of modern privacy advocacy is misguided. Each of us is unique in a huge variety of ways. We have unique fingerprints, unique iris patterns, unique genomes, unique gaits, unique writing styles, unique speech patterns, unique hair, unique teeth, unique sweat composition, and even unique coding styles that survive compilation and optimization [1]. What are you going to do --- use a combination of social pressure and regulation to prevent people analyzing any of these things? We're moving toward a world in which you can be identified if you go out of public. Instead of trying to plug an increasingly leaky dike, we should just learn to accept this new future and take advantage of the upsides.

[1] https://arxiv.org/abs/1512.08546

> We're moving toward a world in which you can be identified if you go out of public.

... I think you mean, "We're moving toward a world in which you can be identified by machines if you go out in public." (My friends can identify me pretty easily out there.)

We are choosing to move toward that world. We could choose something else. And just because other people are choosing it, doesn't mean you or I have to.

Personally I have gotten weary of every single company/organization I deal with collecting more information about me than they need to meet my needs... to such an extent that I now have started looking for opportunities to deny them that information (including simply avoiding them).

Personally, I can see several significant downsides (being manipulated by targeted propaganda, punished for socially unpopular behavior, taken advantage of, etc.) and virtually no meaningful upsides.

Personally I think the main issue sociologically is that the implementations are "half-mirror" society instead of fully transparent. The half mirror is inherently abusable.

Imagine a sci-fi world where anyone can view anywhere in the past at any time and any depth. It would be disconcerting but it would put people on equal footings and prevent many forms of deception and abuse as well as making criminal trials binary but fair. Corruption would be harder to get away with when every backroom meeting could be audited and verified by everyone. It would force some very uncomfortable questions about social norms and laws as a society in withdrawl from expected hypocrisy.

Compare that to one with it just in the hands of authorities to abuse.

Obviously not the same but the analogy should be clear how even if both are disliked they are quite different and one is worse.


Mastercard had an API from which you could get the full postcode of people likely to purchase a luxury item of more than $500 in the next month with 80% certainty. Never got out of alpha and required a deposit of $5000 to use.

There needs to be boundaries for companies pursuing profit with immoral activities.

Was somewhat curious as to why a credit agency would want to track peoples commutes, though I can see the perspective as to why, it does feel like a solution that fits around privacy upto the point that it works and then becomes part of the privacy debate itself.

Though my main train of thought would be - if you sprain an ankle, hand, get a new larger phone etc - this would just compound your bad experiences in life. Though they do say trouble comes in threes, it's not something we should be enforcing by creating issues that would compound such common `edge cases`.

Identify -> track. Which means things are going to get very Monty Python when some enterprising Hackernews implements a federated, cloud-based Registry of Silly Walks to help people thwart this system.

I was looking into using gait for authenticating users. The false positive and false negative rates were extremely high compared to using fingerprints. Wasn't really viable.

It seems like most credit unions issue MasterCard debit cards. Does anyone know how I can get rid of mine and still be able to use ATMs?

My ATM card from a major bank came with MasterCard/Visa attached, but I asked for one without it and they sent me one.

Simple question: why is this not a crime?

Because the crooks are in charge.

If it’s legal, then they aren’t crooks.

What do you call people who rig the system to favor their own interests?

The headline brought visions of a sillywalking John Cleese telling the camera "Identify this!":^)

I was really disappointed Google glass was cancelled, I wanted a pair to have real life ad blocking...

I hope the irony of this isn't lost!

do we need a ministry of funny walks to teach people how to avoid being tracked irl like they are on the web

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact