558
Pay with Palm (infosec.pub)

I can only see this going into a very dystopian path. Based on their actions, I don't trust these companies, their security practices, nor their privacy policies. Why would I give them my biometrics? And my full palm, at that!? Hell no!

top 50 comments
sorted by: hot top controversial new old
[-] dan@lemm.ee 68 points 1 year ago

Shit no! You know what you can’t change if/when they inevitably leak your data? Your fucking hand.

[-] oldGregg@lemm.ee 8 points 1 year ago

I've got a bucket of golf balls and a 12ft 2x4 that says otherwise

load more comments (1 replies)
[-] Jaamulberry@beehaw.org 7 points 1 year ago

Uhh. Have you seen men in black? /s

[-] frustbox@lemmy.ml 60 points 1 year ago

One scar away from losing access to your ability to pay …

Biometrics can not really be changed. Except maybe through time or trauma (i.e. age or injury). They can be used to uniquely(?) identify a person - except maybe twins - at the expense of anonymity, which has it's own set of problems.

But because they can not easily be changed they're a terrible security feature. Once they leak, they're unusable and you're hosed. You can't issue a new palm print for your bank account like you could a new chip card and password.

Also, just because you waved your hand over a scanner does not mean that you approve and consent of the transaction. With tap to pay there were ideas of mobile point of sales devices just tapping on peoples backpacks in a crowded area. You don't even keep your biometrics markers in your pocket, they're just out in the open for anyone with a camera. This may be bordering on paranoia, but a few years back (2014) German hackers from Chaos Computer Club took iris scans from Angela Merkel (then Chancellor of Germany) and finger prints of Ursula von der Leyen (then Minister of defense) using nothing but press fotos. Cameras have only gotten better.

TL;DR: Biometrics can be used for identification but should never be used for authorisation.

[-] Blackmist@feddit.uk 10 points 1 year ago

Biometrics also aren't great and uniqueness. At least where computers are concerned.

Recently we had one of our customers install fingerprint readers on their points of sale, the idea being any staff member can log in just by touching the pad. Even with only a few hundred staff registered, you get people logging in as each other.

load more comments (1 replies)
[-] TWeaK@lemm.ee 10 points 1 year ago

Paying with your phone works on the presumption that your phone is locked and you accept responsibility for ensuring your phone wasn't breached. It uses contactless technology, but it's still effectively chip and pin as far as your bank is concerned.

Meanwhile, paying with a contactless card is processed as "cardholder not present" where the seller assumes de facto liability and must prove otherwise. Contactless payments were never a new type of card processing, it was a new method but is categorised the same as when mail/phone ordering from a catalogue. The same with online purchases. They were always a step below card & signature or chip & pin. Paying with your phone is the same as chip & pin though, where the onus is on you to ensure the transaction is secure.

Paying with your hand has all sorts of issues making it impractical. You would definitely need an additional confirmation eg PIN, but claiming that your hand is as secure as a traditional card doesn't lend well to pinning the liability on you. So banks are unlikely to use it.

[-] Dissasterix@lemmy.world 54 points 1 year ago

Its hard to believe anyone would use the thing. It'll be more problematic if/when its used for regulatory purposes. Sort of at the desensitization still. Today.

I had to take a State exam for licensure a few years back. I was told that I had to take a palm/vein scan to prove my identity. I informed her Ive never had one so it could not prove my identity-- but hey, Im the crazy one. Its on a server somewhere now tho... Modernity is pretty stupid, tbh.

[-] FReddit@lemmy.world 15 points 1 year ago

Then there's always the old, "Hey, I'll cut off this dude's hand and use it to buy stuff until he runs out of credit -- or rigor mortis sets in."

load more comments (4 replies)
[-] Guajojo@lemmy.world 8 points 1 year ago

The thing it these readers are so convenient, my only complain is I wish they would work as the password hash technology. But as of right now we don't know for sure if that machine is saving a "hash" of your palm or is directly saving a copy of the original biometric data that would allow it to "recreate" your biometric ID somewhere else

load more comments (1 replies)
load more comments (5 replies)
[-] ReakDuck@lemmy.ml 47 points 1 year ago

I hope this tech stays where ever the fuck it is and never touches Europe

May it die the death of a thousand deaths

[-] Ghostalmedia@lemmy.world 5 points 1 year ago

This is Amazon One. Amazon is rolling it out pretty aggressively in their American grocery stores right now. Looks like it’s moved out of its pilot stage and is getting a national US rollout.

https://one.amazon.com

[-] Catsrules@lemmy.ml 41 points 1 year ago

I didn't know paying in body parts was legal.

It's a brave new world, it seems

[-] Stabbywithsocks1@lemmy.ml 31 points 1 year ago

Body parts aren't secure. They're removable.

[-] Kolanaki@yiffit.net 6 points 1 year ago

Stop telling people their body is insecure. Everyone is beautiful!

load more comments (1 replies)
load more comments (1 replies)
[-] stevedidwhat_infosec@infosec.pub 28 points 1 year ago

Forget about privacy, this is just fucking dumb

One point of failure that can’t be replaced if stolen?

This won’t ever take off, and will most definitely die out quickly in favor of literally any other technique including just embedding an nfc chip and battery to your palm surgically. Which I probably still wouldn’t be thrilled about but

[-] 01189998819991197253@infosec.pub 9 points 1 year ago* (last edited 1 year ago)

I've see where you can pay with your fingerprint at some venders. It's a similar concept, in terms of single point of failure. Regardless, I hope you're right.

E: **mostly right. I won't embed anything in my skin for payments. CC or cash or phone NFC (and I don't like that one for it's security implications). That's it.

load more comments (5 replies)
load more comments (3 replies)
[-] ImFresh3x@sh.itjust.works 24 points 1 year ago

I like to do this at Whole Foods in front of my anti vax friends and tell them about how cool it is to have a chip that lets me pay by waving my hand.

load more comments (2 replies)
[-] user224@lemmy.sdf.org 23 points 1 year ago

Oh, that palm. I thought Palm introduced their own payment method for Palm phones or something.

load more comments (1 replies)
[-] thorbot@lemmy.world 21 points 1 year ago

spreads anus

“Wonder if this works”

load more comments (1 replies)
[-] Stoneykins@mander.xyz 20 points 1 year ago

I still think the idea of tech implants are cool but I've also reached the point where I wouldn't get one unless I learned to build it myself and was in charge of every single aspect of it.

Considering I lack degrees in medicine and computer science, I don't think I'll have them done anytime soon lol

[-] MonkderZweite@feddit.ch 5 points 1 year ago

You don't need degrees to hack stuff.

load more comments (2 replies)
[-] Sharpiemarker@feddit.de 18 points 1 year ago* (last edited 1 year ago)

Someone has 100% put their dick on that palm reader. Guaranteed.

[-] 01189998819991197253@infosec.pub 16 points 1 year ago

"payment unrecognized. Object too small or too far away. Try again"

[-] Narrrz@kbin.social 12 points 1 year ago

a lot more people will have touched themselves, then the palm reader, without first washing their hands

load more comments (2 replies)
[-] JoeBidet@lemmy.ml 18 points 1 year ago

Oh no! I trashed my faithful Palm Pilot (tm) years ago :/

load more comments (2 replies)
[-] Eyeuhnluuung@lemmy.world 14 points 1 year ago

Saw this at Whole Foods the other day for the first time and commented to the cashier that it was kind of creepy and her response was “I know right”.

[-] Famborghini@lemmy.world 13 points 1 year ago

I will forever refuse to do this. That RealID thing or whatever they’re calling it that the government is doing with the face scan gives me nightmares

Same here. It's called IDme and it's abysmal

[-] WtfEvenIsExistence@reddthat.com 11 points 1 year ago

Be careful not to raise your arm too high... 💀

[-] 01189998819991197253@infosec.pub 15 points 1 year ago

I think as long as you stay in the green zone?

[-] WtfEvenIsExistence@reddthat.com 5 points 1 year ago

Anything higher than petting pets is already too risky. Especially in modern day Germany.

[-] Glome@feddit.nl 10 points 1 year ago

Where is this?? Whole foods?

[-] JoYo@lemmy.ml 9 points 1 year ago* (last edited 1 year ago)

bro, come back to me when most stores accept touch emv payments. lol, like each fucking store is gonna know what to do with a fucking palm scan when emv is fucking forbidden magic.

load more comments (3 replies)
[-] Lucidlethargy@sh.itjust.works 9 points 1 year ago

I don't understand what this solves... We can use a card faster than this (a mere tap), and if we forget our card, it's programmed into our phones and even our watches as a backup.

[-] float@waveform.social 12 points 1 year ago

Its meant to save you a step. Before at whole foods you had to get out your phone, open the amazon app, scan your prime QR code, then get a card and pay. This just does all that with an enrolled palm.

I still don't trust it. I laughed at it when I saw it and even the clerk admitted it was dumb.

[-] wegettosss@lemmy.world 8 points 1 year ago* (last edited 1 year ago)

My dad who lives in a small village (around 5k people) has his account in a local bank. Nothing really differs this bank from big companies. Theyre just local. So my dad has this axcount and we are in a city nearby and want to do some shopping, spend some money on gear etc. But he looks for cash and its not in car. Then, ofc, he looks for his wallet with all his cards and he hasnt it too. So we are kinda fucked up and going back home and to shops would take an hour. (We were low on gas too.) So he withdraws cash with his fucking hand. Fucking hand. Pretty useful tbh but rather not safe.

[-] phase@lemmy.8th.world 12 points 1 year ago

And you trust the ower of the establishment, of the softwares, of the Internet, and the bank to not steal your data. Right. I wish you to be correctly assured. At least by your bank.

And don't forget, in case of data breach, change your palm.

load more comments (2 replies)
[-] phase@lemmy.8th.world 8 points 1 year ago

Someone took the novel "The Java Script Café" from "Stealing the network: How to own an identity" (page 141) and made a business model for it.

[-] Eheran@lemmy.world 6 points 1 year ago

Why not just with the phone...?

load more comments (2 replies)
[-] ArmokGoB@lemmy.world 5 points 1 year ago

These types of things never work for me because my skin changes so much 💀

load more comments (1 replies)
[-] TiredSpider@slrpnk.net 5 points 1 year ago

All this trouble and they didn't even make the scanner shaped like a hand so you can high five it. Waste of potential.

[-] Jmr@lemmy.world 5 points 1 year ago

LG did this on a phone. It didn't really work, at all

load more comments (1 replies)
[-] MediaActivist@lemmy.ml 4 points 1 year ago

"How about I pay with my blood?" Actually, sshh, don't give them ideas!

load more comments (1 replies)
load more comments
view more: next ›
this post was submitted on 04 Aug 2023
558 points (97.8% liked)

Privacy

32130 readers
1134 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS