823
submitted 10 months ago by Ninjazzon@infosec.pub to c/privacy@lemmy.ml

A set of smart vending machines at the University of Waterloo is expected to be removed from campus after students raised privacy concerns about their software.

The machines have M&M artwork on them and sell chocolate and other candy. They are located throughout campus, including in the Modern Languages building and Hagey Hall.

Earlier this month, a student noticed an error message on one of the machines in the Modern Languages building. It appeared to indicate there was a problem with a facial recognition application.

"We wouldn't have known if it weren't for the application error. There's no warning here," said River Stanley, a fourth-year student, who investigated the machines for an article in the university publication, mathNEWS.

you are viewing a single comment's thread
view the rest of the comments
[-] CaptDust@sh.itjust.works 122 points 10 months ago

Why in the ever living hell would a vending machine need local-only facial recognition...

[-] MajorSauce@sh.itjust.works 95 points 10 months ago

My guess is to associate which product is best selling to which demographic to better target them.

So ingenious 🤮

[-] CaptDust@sh.itjust.works 12 points 10 months ago

I feel like it'd be tough to find a chip powerful enough to capture demographic attributes while also cheap enough to ship in vending machines? But admittedly I've little context on embedded systems and their capabilities

[-] MajorSauce@sh.itjust.works 42 points 10 months ago

While I have no idea how much a computerized vending machine costs, I found this article about a age/gender classifier that runs on a Raspberry Pi 4.

Looking at the machine's big touchscreen, I think this classifier would fit on the SBC or require a relatively small upgrade.

[-] CaptDust@sh.itjust.works 12 points 10 months ago

Yikes, smh... Yep that'll do it. I hate this timeline.

[-] LWD@lemm.ee 8 points 10 months ago

Same Raspberry Pi foundation that hired a cop with a background in surveillance tech as their "resident maker"?

[-] Flumpkin@slrpnk.net 5 points 10 months ago

The error message says ".exe" and looks like a dot net namespace.

[-] LinkOpensChest_wav@lemmy.blahaj.zone 9 points 10 months ago

Would it be significantly more costly than some of the features vending machines already have, such as card readers? I think these things are pretty costly already, but the profit margin on snacks and soft drinks is extremely high, so I'd imagine they'd recoup their cost pretty quickly.

[-] CaptDust@sh.itjust.works 3 points 10 months ago* (last edited 10 months ago)

Well I thought so, but apparently we have good enough software that can run on a rasp pi now, so clearly the hardware requirements are much much lower than I understood.

Geez, I remember needing to use cloud services just for simple OCR not that long ago...

[-] RagnarokOnline@programming.dev 5 points 10 months ago

Doritos are probably plenty powerful enough

[-] AlecSadler@sh.itjust.works 3 points 10 months ago

There's a vending machine in a co-working space I use sometimes that has a full on fridge and oven, and when you order off the touchscreen...something happens inside and sometimes a hot cooked thing comes out. I have no idea how it works and have not used it myself, because it seems possibly kinda gross.

[-] tsonfeir@lemm.ee 36 points 10 months ago

Why the living hell would anyone agree to develop this? What douchbags are doing that job?

[-] Neato@ttrpg.network 16 points 10 months ago

There's a lot of people in the world who do, in fact, like to eat.

[-] WhatAmLemmy@lemmy.world 22 points 10 months ago* (last edited 10 months ago)

There are also a lot of people, already in the wealthiest upper percentiles, who would implement big brother just to be slightly wealthier.

[-] fuckwit_mcbumcrumble@lemmy.world 4 points 10 months ago

"I was only following orders"

[-] jaybone@lemmy.world 2 points 10 months ago

Problem is, if you refuse to do it, they’ll hire another developer who will.

[-] ICastFist@programming.dev 16 points 10 months ago

There are people who actually believe that kind of dystopic bullshit, even in the tech sector. I remember a colleague a few years ago, told me he liked targeted ads because "it knew what I wanted"

[-] tsonfeir@lemm.ee 7 points 10 months ago

Oh boy, those people frustrate me so much. The ones who have a verbal conversation about a topic they’ve never talked about before, like owning a cat, or taking a cruise to Alaska, and then giggle gleefully when they are inundated with cat litter and cruise ship ads wherever they go on the internet.

Some people just don’t care. And that’s actually fine. The ones who do care will try to look after the morons.

[-] lemann@lemmy.dbzer0.com 7 points 10 months ago

Probably exploited labor, similar to those who have no choice but to work in scam call centers to survive.

Pretty unfortunate that things are like this IMO

[-] bjorney@lemmy.ca 0 points 10 months ago

I don't think software developers working in AI are "exploited labour just doing it to survive"

[-] Steve@startrek.website 6 points 10 months ago

Bro theres plenty of people who run scams in big offices all day every day

[-] exocrinous@lemm.ee 1 points 10 months ago

What kind of amoral, selfish monster, would know full well that car emissions are exterminating life as we know it on earth, and still decide to drive a car?

The same kind of monster who develops this technology.

[-] tsonfeir@lemm.ee 0 points 10 months ago

I’m all down for using public transportation and electric cars when you pay to fix the infrastructure, have it run 24/7, or buy me an overpriced electric car that doesn’t destroy the earth as well with lithium mining and all the non-renewable resources used to manufacture it. Certainly better than gas.

Although I’d argue the car manufacturer is the one you should be angry with, not the buyer who is limited by availability, a limited public transit system, and price.

[-] exocrinous@lemm.ee 2 points 10 months ago

Ah, so there we go. You have a perfect set of excuses for your own actions and why they're someone else's fault, but you struggle to understand how someone could develop software like this. The answer is: the same way as you. Excuses.

[-] tsonfeir@lemm.ee 0 points 10 months ago
[-] exocrinous@lemm.ee 2 points 10 months ago* (last edited 10 months ago)

No.

Aren't you taking this all a bit personally? I'm just using your own experiences to explain a situation you find difficult to understand. The douchebags are the same as you. Hope that helps.

[-] tsonfeir@lemm.ee 0 points 10 months ago

Can you afford to finance $40,000?

[-] exocrinous@lemm.ee 2 points 10 months ago

Yeah, you're taking this way too personally. I'm out here explaining how people can justify doing bad things to themselves, and you're having a whole identity crisis over whether you're a bad person about it. Look, your personal difficulties excusing your own actions are none of my business.

[-] tsonfeir@lemm.ee 0 points 10 months ago

I’m not taking this personally at all. I think you’re reading my responses with the wrong tone.

[-] exocrinous@lemm.ee 1 points 10 months ago

If you're not taking this personally, why all the personal questions about my transit habits and finances? It seems like you're trying to use me as some kind of gotcha for why you don't have to introspect. Leave me out of it.

[-] tsonfeir@lemm.ee 0 points 10 months ago

That’s how people have conversations? You seem really angry. Maybe go for a walk ;)

Have a good night.

load more comments (13 replies)
[-] BearOfaTime@lemm.ee 13 points 10 months ago

"local only"

Even if it's technically local-only, pretty easy for a tech to drive by and pull data it's stored.

Or when it gets filled.

[-] jeffhykin@lemm.ee 17 points 10 months ago* (last edited 10 months ago)

Its not really local only either, the cameras exist for the point of data harvesting, just look at their marketing. They only mean they're not streaming video to a server for recognition. The after-recognition data is still sent to a server https://www.invendagroup.com/vending-machines

[-] NotJustForMe@lemmy.ml 4 points 10 months ago

You know, when technology really got started, I had dreams about tech knowing me, doing things for me, acting in my best interest. Smile at the cashier, and my bill is paid, entering any public building, and I'm added to the queue, my documents already there... A vending machine would know me, holding back that last Snickers bar, because it knew that I would come by today...

It could have been good. It could have been right. On another planet, with another species. :')

[-] Stizzah@lemmygrad.ml 4 points 10 months ago

Probably because its real purpose is not to sell things.

[-] dan1101@lemm.ee 2 points 10 months ago

Best case scenario the machine has some sort of standard software with facial recognition code, but no hardware in the machine. Would he interesting to know.

[-] jeffhykin@lemm.ee 9 points 10 months ago
[-] dan1101@lemm.ee 2 points 10 months ago

Oh geez. These corporations are trying to be evil every way they can.

[-] Kolrami@lemmy.world 3 points 10 months ago* (last edited 10 months ago)

MARS isn't doing a good job of proving you wrong.

According to Invenda’s website, the Smart Vending Machines can detect the presence of a person, their estimated age and gender.

I'm confident I don't need a vending machine to know any of that.

this post was submitted on 23 Feb 2024
823 points (99.5% liked)

Privacy

32177 readers
291 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS