In 2008, Boston’s transit authority sued to stop MIT hackers from presenting at the Defcon hacker conference on how to get free subway rides. Today, four teens picked up where they left off.
Unfortunately, that does seem to be the easiest solution.
Though how much that imposes on your privacy depends on how they implement it There is no saving privacy. If it was me, I would keep everything the same, except have the checksum tied to an account and it can be checked and updated remotely.
This way, most of your transport usage informed would not be stored. In theory they could still log when the checksum is checked or changed by an official machine, leading to a vague idea of when you travel.
The points of attack would then be:
Somehow spoofing an official machine to talk with the server and modify the stored checksum. Very difficult if done properly.
Cloning someone’s card and using their account credits. Relatively easy to do. To prevent this they would have to implement usage tracking so the users can check for fraudulent activity. And there goes privacy.
I appreciate your detailed reply, but I believe the fight for privacy is not over. It takes a lot of time, dedication and money to fight for privacy, but it must be done.
Unfortunately, that does seem to be the easiest solution.
Though how much that imposes on your privacy depends on how they implement itThere is no saving privacy. If it was me, I would keep everything the same, except have the checksum tied to an account and it can be checked and updated remotely.This way, most of your transport usage informed would not be stored. In theory they could still log when the checksum is checked or changed by an official machine, leading to a vague idea of when you travel.
The points of attack would then be:
I appreciate your detailed reply, but I believe the fight for privacy is not over. It takes a lot of time, dedication and money to fight for privacy, but it must be done.