CampaignSMS

MTA Website 'Feature' Lets You Track Subway Riders' Locations – Slashdot

Become a fan of Slashdot on Facebook




The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
NYC Subway Website ‘Feature’ Lets You Track Riders’ Locations
If you already have access to someone’s credit card (that they use to pay for subway access) you can track when and where they used it to pay for subway access…
Um. Yeah. I guess we should be outraged over this?.
/nonstory
I feel like this isn’t exactly “great”, security-wise. Yet I can also see how some people just want to get on the subway and get from one place to another. They aren’t interested in yet another login and password to remember, and the hassle of another account to set up.
The easy solution is probably not to provide any kind of trip history unless you have an actual account set up first? But realistically, this isn’t a situation where you can’t secure your trip info from prying eyes because they simply don’t m
It’s bait to convince people to sign up for accounts and give personal information to ‘secure’ their information. Otherwise /anyone/ could be tracking you.
A lot of people would not choose to opt in to tracking and setup an account to register to do it. Why do most people need it would be their logic. So they went the opposite route, so they can sell that information with actual details since they can’t sell the identifying credit card information.
Harder to validate that it’s tracking the same person and rea
The solution to that would be to fix credit cards.
The whole concept does not have the slightest security. You give out all that you need to charge your credit card to the pizza delivery guy!
Granted, when credit cards were designed, you were supposed to show the physical card at the point of sale, but still the whole strategy was to have fees high enough to cover for all fraud because that was still cheaper than adding any actual security.
…the whole strategy was to have fees high enough to cover for all fraud because that was still cheaper than adding any actual security.
This may explain yesterdays article regarding Visa and Mastercard raising Credit-Card fees.
https://news.slashdot.org/stor… [slashdot.org]
OK, make it require a 2FA text message as well. But I question calling the existing system “without any authentication.”

Ehh, the access codes for my money (such as credit card numbers) may be the most well-protected information I possess.

Ehh, the access codes for my money (such as credit card numbers) may be the most well-protected information I possess.
Most people give their credit card numbers to everyone they make credit card payments to. Which is usually a lot of people. They’re not well-protected at all.
The OMNY website will be rebranding to OMFG.

The telco doesn’t provide that info to any member of the public who happens to know your CC # and expiration.

The telco doesn’t provide that info to any member of the public who happens to know your CC # and expiration.
If someone “happens to know” my CC# and expiration, I have bigger problems to worry about, you absolute turnip.

The MTA decided that unlike every other transit agency in the world, it would not used stored value cards.

The MTA decided that unlike every other transit agency in the world, it would not used stored value cards.
This is wrong in both directions: The MTA does use stored value cards in addition to credit/debit cards, and many other transit agencies in the world also use a combination of stored value and credit/debit cards. For example, I was in London a couple of weeks ago and used contactless credit card payment (both with a plastic card and my NFC-enabled phone and watch) for bus and tube rides all over the place. It was very convenient.
The problem is that if you create an account, then MTA etc can track you by name (or at least e-mailaddress).
There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.
Microsoft Is Discontinuing Visual Studio For Mac After Major Overhaul
EPA Removes Federal Protections For Most of the Country’s Wetlands
Testing can show the presense of bugs, but not their absence. — Dijkstra

source

Leave a Reply

Your email address will not be published. Required fields are marked *