OT - credit card upgrade question

Is that bad?

It depends on the power of the transmitter. The FCC regulates reader's output power. The biggest ones I know of are the ones mounted above EZ-Tag lanes, good to about 25' with LOS. Those require a licence to deploy.

Perhaps the government has access to higher power ones, but then you and me will be complaining about high-frequency energy being shot through our bodies.

Do you have a reference to normal consumer grade RFID chips being read at 50' though concrete?

In larger stores and ATMs that are frequented by tourists, yes. In smaller stores, restrauants, kiosks and unattended gas pumps, no.

| Certain high-tech companies use all three of those examples to track | your whereabouts in their buildings.

His arguments are not about information or logic. It's the classic ostrich argument: "I don't want to have to worry about this, so it's not true! If you claim it is then I'll shout you down."

Herbert Marcuse had a fun term he called the "toilet assumption", which underlies the feasibility of most all corporate and government surveillance today, online and off: If you can't see it, it's not there. :)

| Actually, my face book page has been showing | me ads for business cards printed online and | shipped. Since I looked online a couple days | ago. Not sure how FB found out. |

If you don't make a specific effort to block them then Facebook will be setting a "1st party" cookie on most websites you visit. Their button appears to be an image, but the image is loaded in an iframe, which is an HTML method for embedding one webpage within another. So you actually visit Facebook with most sites you visit. Google/Doubleclick and other mega-advertisers do the same thing.

On any given webpage, if you forced borders and scrollbars to be visible, you'd probably see about a dozen mini-browser windows, give or take, with images or ads in each. Each of those is a webpage that can set a 1st-party cookie and run script because you've been tricked into visiting their site.

Due to that design, iframes are also one of the biggest security risks online, allowing a technique known as cross-site scripting to enable attacks from domains you've never heard of but have inadvertently visited.

The design also directly undermines the original design and intention of cookies. They were designed in such a way that any given domain could have no knowledge or control of cookies in other domains. The tactics now commonly in use entirely eliminate those safety/privacy measures, so that a dozen different entities could be watching you as you move around online.

And of course that's not even counting the direct cooperation between companies. Google

*is* Doubleclick, which is one of the biggest online ad companies.... And Google also sells ads directly.... And they also track most webpages via voluntary addition of google-analytics code to webpages. Then there's Facebook, Twitter, Instagram, etc. Any or all of those companies may also be buying and/or selling data with "uber dataminers" like Axciom.

All of that begins with you 1) using a for-profit corporate product to mediate your own social life [Facebook, gmail, etc] and 2) allowing total surveillance of your online activities.

I really enjoy watching my extended family grow up in various parts of the country with daily pictures and videos on social media. It certainly is a great improvement over the past when we mailed black and white photos in our letters. I'm willing to pay the advertising price for the privilege. YMMV.

Surveillance?

You're just bits in somebody's computer. Do you really think a human somewhere is following your tracks in Google's hundreds of millions accounts?

True. And your Shell gas card does not work at Shell stations in Italy, maybe the rest of Europe. Most times, you get better deal paying cash anyway. Tax evasion is the most popular sport in Italy.

bob haller posted for all of us...

Sure and then the card issuer jacks their fees and rates up. The customer pays for everything!

| >and 2) allowing total surveillance | >of your online activities. | | Surveillance? | | You're just bits in somebody's computer. Do you really think a human | somewhere is following your tracks in Google's hundreds of millions | accounts?

The point is they're spying on something that's none of their business. Humans can connect into that at any point they like. Companies like Google like to say that the data is "anonymized", and people like you believe them. In actuality it's an Orwellian claim. The whole point of their spying and data analysis is precisely to prevent anyone from being anonymous. The point is to know who you are, what you've done and what you're doing at all times.

I know that many people don't care about this, but it's not without cost. So I post info for the sake of those who do care.

Currently the NSA is pushing for a "front door" into web properties like Google, Microsoft, Yahoo, etc. They're trying to make the case that they should have that access. It's a blatant denial of the 4th amendment and a threat to free speech. (There's a reason that librarians traditionally won't disclose what books someone has taken out.) What the NSA wants to do is no different from asking for a key to your house and access at will to your briefcase. The only difference is that collecting "cloud" data is non-confrontational.

** The NSA is only able to make their case at all because so many people like you have accepted the TOS from companies like Google in exchange for some little convenience. ** You're helping to set a legal precedent that you don't have any right to privacy from total corporate/govt surveillance, by officially agreeing to give up privacy for a pittance.

"Mayayana"

+1 .... Freedom ain't free

AT&T just launched their Gigapower Fiber to the Home in my city. Unless you pay them an extra $30 per month, they are doing deep packet inspection of your data in order to be able to serve up advertising that reflects your web usage. Ad blocing and anti-tracking software won't help. VPN will stop them but that will slow service.

| AT&T just launched their Gigapower Fiber to the Home in my city. Unless | you pay them an extra $30 per month, they are doing deep packet | inspection of your data in order to be able to serve up advertising that | reflects your web usage. Ad blocing and anti-tracking software won't | help. VPN will stop them but that will slow service. |

Interesting. I hadn't heard of that. I looked it up just now. It appears to be similar to Google's cheap plans. But in the first page of links I didn't see any indication that people are concerned, or even that they know, about the terms of the deal. I wonder how that fits with the fledgeling FCC enforcement of Net Neutrality.

The problem with magnetic stripes is that they encode the user information, and anyone who gets their hands on the card can used a small card reader to copy it. Which has and does happen. Clerks and servers can carry small scanners, take the customers cards and drop them, bend down, discreetly swipe the card, then hand it back to the unaware customer.

Magnetic cards are less secure than chipped cards, which is why the majority of credit card data theft occurs in the US, the last major bastion of magnetic stripe credit cards.

I have no idea who this person is you're referring to. It certainly isn't me. I'm simply noting that your concerns are somewhat misplaced and based in part on erroneous assumptions. Pardon me for being pedantic. I'm going to point out when your assumptions about how certain form of data collection work are incorrect, because I'm picky that way. One of the reasons I am is because it drives me fricken' batty how many people get up in arms over perceived (and usually not quite correct) privacy issues with one or two things in their lives, while airily dismissing the rest. They'd rather focus on a couple of details instead of the big picture, which is data collection and dissemination. People have to understand how it is being collected and what risks it entails before they can make any decisions as to what they're willing to share, and how, in exchange for what benefit.

I've been educating people on security and privacy issues since the mid-1990s. It is a labor of perpetual frustration, since from the individual to the organizational level, the majority of persons either cannot or will not take even rudimentary steps to protect their own or others' private information unless/until they are forced to do so. It's "too hard".

While ATM skimmers and clerks scanning cards under the counter are occasionally a problem, they aren't the source of a huge amount of card fraud.

The source of most of the card compromises are card terminals and company servers that support those networks, not the mag stripe on the back of a card.

The reasons card issuers have been reluctant to go from issung cards that cost .20 to make to cards that cost $1.20 to make is that there are multiple security issues with the end to end payment system and each problem needs to be addressed. Many will argue that unauthorized card use (which happens with cloned cards) can easily be addressed by smart processing. I know that I already get calls and txts like this from my bank:

Bank: "Did you just attempt purchase flowers in New York?" Me: "No." Bank: "OK, cut your card up. You'll get a new one tomorrow."

EMV cards are not a silver bullet. They solve some specific issues: card cloning, offline transaction authentication, and if programmed properly - support tokenized transactions. The latter being where the card number is not exposed to the merchant. All the merchant sees is a one time transaction code that can't be reused.

You might jump up and say that last feature is why everyone should get EMV cards and the merchants should all install EMV readers. The thing is that same functionality could (and will) be implemented in a smartphone app and simple scanner. Then all those hundreds of millions of dollars invested in EMV cards and readers are thrown away.

| > His arguments are not about information or logic. | > It's the classic ostrich argument: "I don't want to | > have to worry about this, so it's not true! If you | > claim it is then I'll shout you down." | | I have no idea who this person is you're referring to. It certainly | isn't me. I'm simply noting that your concerns are somewhat misplaced | and based in part on erroneous assumptions.

You said RFID chips are only used for access to restricted areas. They're used for all sorts of things. The same chip that identifies stolen items at a store entrance can also be used to track shoppers around the mall. The same chip that allows payment of tolls via EasyPass can be used to track personal whereabouts in general. And as G. Morgan pointed out, they can be and are used for inhouse tracking. Why wouldn't they be?

You said iPhone location tracking is necessary for GPS services. Only a single GPS reading is necessary for that. It doesn't need to be stored. Here's just one example -- there should be plenty, easy to find, online -- of *involuntary* privacy intrusions in cellphones:

Here's one example of the iPhone location tracking story. Apple provided no credible explanation for carefully tracking and storing data they have no possible use for.

You conflated proximity-read chips with EMV chips. I don't mind a better card chip to replace the strip. I'm only concerned about reading the card at a distance, which is unnecessary risk.

You ventured that my employer probably sells my personal info. I'm self-employed.

You explained that being tracked by cookies online is the same as being tracked and ID'd in public by RFID scanners. It isn't at all comparable. And I don't enable cookies. It's not inevitable that one has to be watched online by multiple entities, but it is what's happening to people like yourself who don't bother to adjust settings like those for cookies, and who think it's all not worth worrying about.

In other words, you've used a series of glib, spurious arguments to tell me I'm overreacting and that I don't have any privacy, anyway, so why worry? That's the argument used by Google in court cases. That's the argument used by the NSA in requesting "front door" access to online services. That's the classic ostrich logic used by anyone who doesn't want to deal with something. ("I've been eating snack foods for years anyway, so there's no sense worrying about my weight now.")

They also have been known to install the unauthorized scanners inside gas pumps and on the front of ATMs. You do the best you can to stay aware but you still may fall victim. Fortunately for me there is no loss for any unauthorized charges on my card so I don't lose much sleep over it.

A handy service.

Amex allows me to set up my alerts online. I am immediately notified by email for all transactions over $100 and all card not present transactions.

You pay taxes? You're on those safe government computers? 8-O

I do the same thing for a less fraud aware family member.