824
submitted 10 months ago by Ninjazzon@infosec.pub to c/privacy@lemmy.ml

A set of smart vending machines at the University of Waterloo is expected to be removed from campus after students raised privacy concerns about their software.

The machines have M&M artwork on them and sell chocolate and other candy. They are located throughout campus, including in the Modern Languages building and Hagey Hall.

Earlier this month, a student noticed an error message on one of the machines in the Modern Languages building. It appeared to indicate there was a problem with a facial recognition application.

"We wouldn't have known if it weren't for the application error. There's no warning here," said River Stanley, a fourth-year student, who investigated the machines for an article in the university publication, mathNEWS.

top 50 comments
sorted by: hot top controversial new old
[-] jeffhykin@lemm.ee 276 points 10 months ago* (last edited 10 months ago)

It gets worse :/

I looked up the brand (Invenda). Their PDF includes "using AI", "measuring foot traffic", and gathering "gender/age/etc" e.g. facial recognition to estimate a persons age and gender

And in terms of "stored locally" this is straight from their website

The machine comes with a “brain” – Invenda OS – and is connected to the Invenda Cloud, which allows you to manage it remotely and gather valuable environmental, consumer and transactional data. The device can be branded according to your requirements to further enhance your brand presence.

The marketing also so fricken backwards that it reads like satire:

For a consumer, there’s no greater comfort than shopping pressure-free. Invenda Wallet allows consumers to browse, select and pay for products leisurely and privately 🤦‍♂️

[-] neutron@thelemmy.club 159 points 10 months ago

I'm dreading for the day they introduce dynamic pricing based on who's buying and refuses to sell without a full face scan.

[-] jeffhykin@lemm.ee 92 points 10 months ago* (last edited 10 months ago)

What really bothers me is the "measuring foot traffic". I already refuse to use vending-machines because of the pricing and unhealthyness, but you're telling me I need to make GDPR takedown requests just for walking to class?

load more comments (1 replies)
[-] livus@kbin.social 25 points 10 months ago

Fast food franchises always charge more in poor areas, I wonder if dynamic pricing would charge poor people more as well.

load more comments (3 replies)
[-] brbposting@sh.itjust.works 24 points 10 months ago

Why does privacy matter?

Price discrimination!

Login to LinkedIn to purchase [groceries / diapers / your new mechanical keyboard] 🤢

[-] Steve@startrek.website 13 points 10 months ago* (last edited 10 months ago)

Shut the fuck up, they can hear you!

load more comments (3 replies)
[-] ipkpjersi@lemmy.ml 44 points 10 months ago

They have to make it sound like it's private and secure, but it really isn't. It's sad how dystopian our future is becoming.

[-] octopus_ink@lemmy.ml 11 points 10 months ago* (last edited 10 months ago)

I keep telling my zoomer son he needs to read 1984. Not to live his life in fear of it, but to help his awareness of it, and provide an example of what that sort of societal control can look like. It's probably the one thing I nag him about. 5 years later he still hasn't read it. lol

I haven't read it in decades, but I still feel it's hard to miss certain parallels with modern reality when you have.

[-] InputZero@lemmy.ml 12 points 10 months ago

A good book to pair with 1984 is A Brave New World. They both tackle forms of control but from two different approaches. In A Brave New World there's no need for thought police. Every person is designed and crafted from conception to adulthood to never have a criminal thought.

load more comments (1 replies)
load more comments (2 replies)
[-] ItsComplicated@sh.itjust.works 42 points 10 months ago

When did it become ok for people to be violated so profusely without any consequence?

load more comments (7 replies)
[-] AnUnusualRelic@lemmy.world 15 points 10 months ago

"Welcome back, consumer unit number 74665!"

load more comments (4 replies)
[-] namingthingsiseasy@programming.dev 13 points 10 months ago

GDPR desperately needed on the other side of the pond...

load more comments (1 replies)
[-] otp@sh.itjust.works 13 points 10 months ago

Invenda Wallet allows consumers to browse, select and pay for products leisurely and privately

I never would've questioned that using a vending machine with cash would be anything but private until reading that line.

(Well, the article was first...but if it wasn't for the article, that line is sketchy as all hell)

load more comments (3 replies)
[-] CaptDust@sh.itjust.works 122 points 10 months ago

Why in the ever living hell would a vending machine need local-only facial recognition...

[-] MajorSauce@sh.itjust.works 95 points 10 months ago

My guess is to associate which product is best selling to which demographic to better target them.

So ingenious 🤮

[-] CaptDust@sh.itjust.works 12 points 10 months ago

I feel like it'd be tough to find a chip powerful enough to capture demographic attributes while also cheap enough to ship in vending machines? But admittedly I've little context on embedded systems and their capabilities

[-] MajorSauce@sh.itjust.works 42 points 10 months ago

While I have no idea how much a computerized vending machine costs, I found this article about a age/gender classifier that runs on a Raspberry Pi 4.

Looking at the machine's big touchscreen, I think this classifier would fit on the SBC or require a relatively small upgrade.

[-] CaptDust@sh.itjust.works 12 points 10 months ago

Yikes, smh... Yep that'll do it. I hate this timeline.

load more comments (2 replies)
load more comments (4 replies)
[-] tsonfeir@lemm.ee 36 points 10 months ago

Why the living hell would anyone agree to develop this? What douchbags are doing that job?

[-] Neato@ttrpg.network 16 points 10 months ago

There's a lot of people in the world who do, in fact, like to eat.

[-] WhatAmLemmy@lemmy.world 22 points 10 months ago* (last edited 10 months ago)

There are also a lot of people, already in the wealthiest upper percentiles, who would implement big brother just to be slightly wealthier.

load more comments (2 replies)
[-] ICastFist@programming.dev 16 points 10 months ago

There are people who actually believe that kind of dystopic bullshit, even in the tech sector. I remember a colleague a few years ago, told me he liked targeted ads because "it knew what I wanted"

load more comments (1 replies)
load more comments (27 replies)
[-] BearOfaTime@lemm.ee 13 points 10 months ago

"local only"

Even if it's technically local-only, pretty easy for a tech to drive by and pull data it's stored.

Or when it gets filled.

[-] jeffhykin@lemm.ee 17 points 10 months ago* (last edited 10 months ago)

Its not really local only either, the cameras exist for the point of data harvesting, just look at their marketing. They only mean they're not streaming video to a server for recognition. The after-recognition data is still sent to a server https://www.invendagroup.com/vending-machines

load more comments (6 replies)
[-] ikidd@lemmy.world 91 points 10 months ago

A massive and punitive fine for anyone gathering biometric data without express permssion would be a great way to discourage other companies from bringing that shit around. A billion or two ought to do it.

load more comments (16 replies)
[-] kbal@fedia.io 59 points 10 months ago

Yet another demonstration that the primary meaning of "smart" has come to be "unbelievably stupid."

[-] OpenStars@startrek.website 26 points 10 months ago

The definition of pretty much every word these days has been hijacked to mean the exact opposite - like Google lets you "search" for things you "want", and Reddit would "connect" you to "~~humans~~ people", FaceBook will ~~steal all of your data~~ share "news", again from "people", and so on.

I pretty much think of "smart" as now meaning "tactically weaponized to maximize corpo profits" - you know, "for your convenience"!:-P 🤮

[-] Rolando@lemmy.world 12 points 10 months ago
load more comments (3 replies)
[-] BradleyUffner@lemmy.world 48 points 10 months ago

Regardless of the privacy issues, if this is actually a default feature of this machine, why does the camera hole look like it was put there with a hammer?

[-] floofloof@lemmy.ca 15 points 10 months ago

Dunno, but it needs more of the hammer treatment.

load more comments (4 replies)
[-] Guntrigger@feddit.ch 48 points 10 months ago

Students believe there is a camera inside this hole on the vending machine

Students and their silly beliefs. Don't worry about that lens shining in the hole. It's just a useless hole!

[-] LemmyExpert@lemmy.zip 18 points 10 months ago

Strategic use of a cordless drill can ensure it's a useless hole.

[-] Rodeo@lemmy.ca 14 points 10 months ago

that's vandalism and can get you in trouble.

A simple sticker though, which can be easily removed, doesn't count as vandalism, and can be done over and over again for almost no cost.

load more comments (2 replies)
[-] reverendsteveii@lemm.ee 33 points 10 months ago

who's hype for the state-industrial complex to track our every movement! surely this combined with a right wing political movement that is increasingly focused on punishing so-called enemies will never lead to a complete humanitarian disaster.

load more comments (2 replies)
[-] devilish666@lemmy.world 32 points 10 months ago

Hmm.... facial recognition vending machine huh....
Finally it's time for my jammer & some script from c/netsec to shine

[-] nix@midwest.social 13 points 10 months ago

Or tape over the camera hole.

load more comments (1 replies)
load more comments (1 replies)
[-] butsbutts@lemmy.ml 20 points 10 months ago
load more comments (6 replies)
[-] FunkyMonk@kbin.social 11 points 10 months ago
load more comments (2 replies)
[-] Aggravationstation@lemmy.world 10 points 10 months ago* (last edited 10 months ago)

The pharmacist at my local Tesco once told me I was buying paramol too often. It had been at least a year since I last bought it.

This told me that:

A. They're using facial recognition to track purchases

B. There's either not enough info provided by it or enough training on it's use

load more comments
view more: next ›
this post was submitted on 23 Feb 2024
824 points (99.5% liked)

Privacy

32177 readers
522 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS