A college is removing its vending machines after a student discovered they were using facial recognition technology::A photo shared on Reddit showed one of the vending machines with an error code suggesting it used facial recognition tech.
On the one hand, I can totally understand that there is a difference between recognizing a face and recognizing your face. Algorithms that recognize a face are really easy to implement now.
On the other hand, though, why should a vending machine need to recognize a face? So it shuts off it’s lighting when no one is looking at it? I’m not sure if there is any practical benefit besides some project manager justifying a new feature with buzzword-compliant tech.
I believe the company when they say there is nothing problematic here, but they deserve the bad press for thinking it would be a good idea in the first place.
Their corporate website mentions that they use the data for marketing purposes. Whatever type of face they see - e.g. male or female, large or skinny, etc. - gets correlated with what was purchased, and then they sell that data for marketing purposes. Exactly like Google selling your search history, except with likely fewer restrictions in place.
Their website doesn’t mention how often they get hacked to give away that data for free - to be clear, that data meaning A PICTURE OF YOUR ACTUAL FUCKING FACE. I don’t know what resolution, or even what someone would do with it later, I am focusing here on the fact that the picture taking seems nonconsensual, especially for it to be stored in a database rather than simply used in the moment.
They claim to be GPDR compliant, and while I am not an EUian I think if that claim is accurate, they can’t be doing any of those things you mention.
My point is, even if we take them at their word that the facial recognition is benign, it was still a dumb choice.
GPDR only applies in the EU, and this happened in Canada. They may actually be GPDR compliant in europe, but have they stated whether they are following those laws where they aren’t legally required to?
Most companies who sell worldwide won’t bother developing one set of firmware which is GPDR compliant for the EU, and another set for the rest of the world, unless there was an explicit business reason to do so. So when they replied about this incident in Canada with their GPDR status, I thought it was implied that they had only one codebase which was GPDR compliant, and they ship it in Canada, not because they have to but because it’s all they have.
The assumption is exactly what they are hoping for and the problem. They say they adhere to the GPDR, but not that they adhere to it everywhere, regardless of legal requirement. If they do adhere to its requirements everywhere, it would be an easy thing to state.
The article has comments from the manufacturer and the company that stocks the machine and both state that they dont take or store pictures, but are purposely vague about what data they so take and storing. I expect this is due to it still being a creepy level of information about their customer base that is another revenue stream they exploit.
Lesson learned: don’t name your surveillance tool EvilFaceRecognition.exe
We got a phishing campaign at work awhile back with an attachment named “OktaAccountStealer.pdf”
… I was impressed. What I really want to know is how many people opened it anyway.
They do shit like that on purpose. Someone who is aware enough to read the names of attachments probably won’t fall for the rest of their scam. Its a filter to make sure they don’t waste their effort on anyone other than the most gullible.
How about totallylegitfacerecognition.exe?
“Don’t be evil”
How about some consent and payment for my info? Swingy peephole cover thing over the camera. Offer a discount if the machine can take a picture of you. Oh that’s right, it’s only worth something when you amass a ton of the data. 0.004 cents off isn’t that appealing is it?
A solution in search of a problem. They didn’t need that tech for a payment interface.
It’s funny how much I love cyberpunk fiction but how much I hate cyberpunk reality. Now if the vending machine becomes sentient? Then we are good, until then I guess fuck these guys?
I’ll gladly welcome the sentient machines if they can make me a sandwich now and then
As facial recognition becomes easier and cheaper, you are going to find it in all sorts of things. From your refrigerator to your child’s toy. Better get used to it, because that is the future. We should all invest in stickers to place on all the cameras, or guillotines… for the tech ceos
We should all invest in stickers to place on all the cameras, or guillotines… for the tech ceos
why not both
Glad the college I went to is too cheap for these fancy things. Their vending machines are just barely smart enough to use tap pay, and by barely I sometimes it doesn’t even work.
deleted by creator
Honestly, what’s the big deal? Your face is not secret and anyone who feels like it can photograph you while you’re out in public. Vending machines already know who you are if you use a credit card.
However, this is a good reminder to programmers: customers might sometimes see your error messages even if you didn’t intend them to. Don’t write anything Marketing wouldn’t like.
Differential pricing.
Did they implement this? Or just fear mongering over technology?
Yes.
