During all this monitoring, I wasn’t anywhere near the rider. I didn’t even need to see them with my own eyes. Instead, I was sitting inside an apartment, following their movements through a feature on a Metropolitan Transportation Authority (MTA) website, which runs the New York City subway system.

  • OtterA
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    4
    ·
    10 months ago

    What’s the feature

    • seSvxR3ull7LHaEZFIjM@feddit.de
      link
      fedilink
      English
      arrow-up
      57
      ·
      10 months ago

      With their consent, I had entered the rider’s credit card information—data that is often easy to buy from criminal marketplaces, or which might be trivial for an abusive partner to obtain—and punched that into the MTA site for OMNY, the subway’s contactless payments system. After a few seconds, the site churned out the rider’s travel history for the past 7 days, no other verification required.

      From the article

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        11
        arrow-down
        1
        ·
        10 months ago

        Credit cards are as secure as carrying your passwords around you on a piece of paper, and telling it loots of people always.

      • OtterA
        link
        fedilink
        English
        arrow-up
        8
        ·
        10 months ago

        Thank you! I was on the bus and couldn’t get the article to load

    • atomic peach@pawb.social
      link
      fedilink
      arrow-up
      15
      ·
      10 months ago

      From the article, you can get a detailed usage history of MTA transactions by simply supplying the credit card number (which they state can very often be bought on the dark web). The lack of identity confirmation to pull the report is the concern.

      • UnverifiedAPK@lemmy.ml
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        10 months ago

        You want to force people to show ID to use the subway?

        Why is this info even public? That’s the real issue.