A set of smart vending machines at the University of Waterloo is expected to be removed from campus after students raised privacy concerns about their software.
The machines have M&M artwork on them and sell chocolate and other candy. They are located throughout campus, including in the Modern Languages building and Hagey Hall.
Earlier this month, a student noticed an error message on one of the machines in the Modern Languages building. It appeared to indicate there was a problem with a facial recognition application.
“We wouldn’t have known if it weren’t for the application error. There’s no warning here,” said River Stanley, a fourth-year student, who investigated the machines for an article in the university publication, mathNEWS.
It gets worse :/
I looked up the brand (Invenda). Their PDF includes “using AI”, “measuring foot traffic”, and gathering “gender/age/etc” e.g. facial recognition to estimate a persons age and gender
And in terms of “stored locally” this is straight from their website
The machine comes with a “brain” – Invenda OS – and is connected to the Invenda Cloud, which allows you to manage it remotely and gather valuable environmental, consumer and transactional data. The device can be branded according to your requirements to further enhance your brand presence.
The marketing also so fricken backwards that it reads like satire:
For a consumer, there’s no greater comfort than shopping pressure-free. Invenda Wallet allows consumers to browse, select and pay for products leisurely and privately 🤦♂️
I’m dreading for the day they introduce dynamic pricing based on who’s buying and refuses to sell without a full face scan.
What really bothers me is the “measuring foot traffic”. I already refuse to use vending-machines because of the pricing and unhealthyness, but you’re telling me I need to make GDPR takedown requests just for walking to class?
Also this is data that any reasonable company could get in like half an hour of searching and asking.
There is data on how many meals are sold a day at the mensa, how many students are enrolled, how many students live on campus…
Unless the vending machine is in the last corner of the third floor of an half empty building, all this information can be puzzled together to get a good estimate of how many people are passing the machine on a day to day basis.
Fast food franchises always charge more in poor areas, I wonder if dynamic pricing would charge poor people more as well.
Got a source on this? I’d love to read more about that
@oxideseven Not offhand as it’s more something I know from experience but here are some news reports on it from my part of the world:
McDonald’s make meals different prices in different areas
And here’s a study from the US that found they charge Black neighbourhoods more.
Edit: looks like chain stores do it with fresh fruit and vegetables too.
Thanks! This is some wild stuff.
Why does privacy matter?
Login to LinkedIn to purchase [groceries / diapers / your new mechanical keyboard] 🤢
Shut the fuck up, they can hear you!
Dynamic pricing already exists based on what device brand you use
People panic about face scan while the ongoing massive privacy breaches exist around online services and electronic devices. The amount of personal data that people pour into smartphones is enormous compared to using that vending machine. We need more GDPR.
Try that with me, and I’ll unplug the fucker and cut the plug off.
They have to make it sound like it’s private and secure, but it really isn’t. It’s sad how dystopian our future is becoming.
I keep telling my zoomer son he needs to read 1984. Not to live his life in fear of it, but to help his awareness of it, and provide an example of what that sort of societal control can look like. It’s probably the one thing I nag him about. 5 years later he still hasn’t read it. lol
I haven’t read it in decades, but I still feel it’s hard to miss certain parallels with modern reality when you have.
A good book to pair with 1984 is A Brave New World. They both tackle forms of control but from two different approaches. In A Brave New World there’s no need for thought police. Every person is designed and crafted from conception to adulthood to never have a criminal thought.
That’s another good one! Thanks for reminding me of it! Kind of ironically I read most of that book while hiding from my job (that’s a story) in the bathroom for short periods of time in my early twenties.
That plus Helen Nissenbaum. When you read 1984 and then start thinking about the concept of future contexts changing use of private data, you get real nervous.
Read Big brother by Cory Doctorow while you’re at it. It is excellent!
When did it become ok for people to be violated so profusely without any consequence?
When society started paying for convenience?
At the dawn of civilization? Lol
Prostitutes, the world’s oldest profession, could be argued to be paying for convenience.
People also probably paid for cooked meals pretty early in civilization.
No phones back then, changed the game :)
And you can bet your ass that prostitutes sold information about their clients, if offered any compnsation for it. :)
In the 18th century. That’s when capitalism really got rolling and when Adam Smith wrote his crap.
Alternatively: 1493
There was a quaint old time, shortly after Google was founded, where people mused about privacy over the internet. It was forgotten about as the profits started rolling in and pretty much all other companies started following along. That was the time when we started transitioning into a period of massive data surveillance. Glad to see that the conversation is starting to pick up again in some areas, though it’s definitely being actively suppressed in many others.
Laws and lawyers. You can’t go there and beat them up. That pretty much paved the way. Money is just a toy to them. So there is zero risk involved.
“Welcome back, consumer unit number 74665!”
That’s specifically what they don’t do. They collect statistics, not individuals.
For now
The moment you collect data, it can be abused. To stop abuse, we must stop data being collected.
deleted by creator
Invenda Wallet allows consumers to browse, select and pay for products leisurely and privately
I never would’ve questioned that using a vending machine with cash would be anything but private until reading that line.
(Well, the article was first…but if it wasn’t for the article, that line is sketchy as all hell)
GDPR desperately needed on the other side of the pond…
Article says they claim to be GDPR compliant.
Say Invenda (your brand here) five times to get a discount!
Vending machines used to get vandalized at my school. How much tech are they putting in these things now?
beuh, they obviously mean that the biometric data is stored and processed locally, not the data that results from that processing.
i mean that’s still kinda creepy but you’re making it seem like they didn’t obviously admit to it in the original sentence.
Why in the ever living hell would a vending machine need local-only facial recognition…
My guess is to associate which product is best selling to which demographic to better target them.
So ingenious 🤮
I feel like it’d be tough to find a chip powerful enough to capture demographic attributes while also cheap enough to ship in vending machines? But admittedly I’ve little context on embedded systems and their capabilities
While I have no idea how much a computerized vending machine costs, I found this article about a age/gender classifier that runs on a Raspberry Pi 4.
Looking at the machine’s big touchscreen, I think this classifier would fit on the SBC or require a relatively small upgrade.
Yikes, smh… Yep that’ll do it. I hate this timeline.
Same Raspberry Pi foundation that hired a cop with a background in surveillance tech as their “resident maker”?
The error message says “.exe” and looks like a dot net namespace.
Would it be significantly more costly than some of the features vending machines already have, such as card readers? I think these things are pretty costly already, but the profit margin on snacks and soft drinks is extremely high, so I’d imagine they’d recoup their cost pretty quickly.
Well I thought so, but apparently we have good enough software that can run on a rasp pi now, so clearly the hardware requirements are much much lower than I understood.
Geez, I remember needing to use cloud services just for simple OCR not that long ago…
Doritos are probably plenty powerful enough
There’s a vending machine in a co-working space I use sometimes that has a full on fridge and oven, and when you order off the touchscreen…something happens inside and sometimes a hot cooked thing comes out. I have no idea how it works and have not used it myself, because it seems possibly kinda gross.
Why the living hell would anyone agree to develop this? What douchbags are doing that job?
There are people who actually believe that kind of dystopic bullshit, even in the tech sector. I remember a colleague a few years ago, told me he liked targeted ads because “it knew what I wanted”
Oh boy, those people frustrate me so much. The ones who have a verbal conversation about a topic they’ve never talked about before, like owning a cat, or taking a cruise to Alaska, and then giggle gleefully when they are inundated with cat litter and cruise ship ads wherever they go on the internet.
Some people just don’t care. And that’s actually fine. The ones who do care will try to look after the morons.
There’s a lot of people in the world who do, in fact, like to eat.
There are also a lot of people, already in the wealthiest upper percentiles, who would implement big brother just to be slightly wealthier.
“I was only following orders”
Problem is, if you refuse to do it, they’ll hire another developer who will.
Probably exploited labor, similar to those who have no choice but to work in scam call centers to survive.
Pretty unfortunate that things are like this IMO
I don’t think software developers working in AI are “exploited labour just doing it to survive”
Bro theres plenty of people who run scams in big offices all day every day
Removed by mod
What kind of amoral, selfish monster, would know full well that car emissions are exterminating life as we know it on earth, and still decide to drive a car?
The same kind of monster who develops this technology.
I’m all down for using public transportation and electric cars when you pay to fix the infrastructure, have it run 24/7, or buy me an overpriced electric car that doesn’t destroy the earth as well with lithium mining and all the non-renewable resources used to manufacture it. Certainly better than gas.
Although I’d argue the car manufacturer is the one you should be angry with, not the buyer who is limited by availability, a limited public transit system, and price.
Ah, so there we go. You have a perfect set of excuses for your own actions and why they’re someone else’s fault, but you struggle to understand how someone could develop software like this. The answer is: the same way as you. Excuses.
Do you drive a car?
No.
Aren’t you taking this all a bit personally? I’m just using your own experiences to explain a situation you find difficult to understand. The douchebags are the same as you. Hope that helps.
Can you afford to finance $40,000?
I’d do that. Privacy should not exist. Everything must be public and available to everyone. Every person should have a tracking implant and anyone should be able to access it.
/s
Not /s. Privacy is a foreign concept for humans, invented a bit over a century ago. Privacy is a root cause of many social problems in our day and age.
Privacy as a human right is, indeed, new. The concept and the desire for it is old. Doing things and not wanting to get caught is as old as walking forward. What, you think the idea of cheating a romantic partner is new? That every military in history and prehistory exchanged letters with one another, saying what they were doing? That every important and “important” person always exposed everything they did and thought to everyone?
Also, keep in mind there’s a significant number of serious journalists that need privacy in order to do their job of exposing crimes. I can already see you replying “They wouldn’t need to do that if everything was public”. True, but that would also mean that tyrants and wannabe tyrants would have incredible ease in killing everyone they disliked.
Well, you said it yourself - you only need privacy to commit a crime or to cheat on someone. Privacy should NOT exist!
Huh, I didn’t know preparing surprises (parties, gifts, trips) was a crime. Today I Learned /s
Every person should have a tracking implant and anyone should be able to access it.
In that case, I would guess that you’re a man, and one who has never had a stalker.
Privacy is what enables stalkers.
You’re fucking unhinged, mate.
Like what?
“local only”
Even if it’s technically local-only, pretty easy for a tech to drive by and pull data it’s stored.
Or when it gets filled.
Its not really local only either, the cameras exist for the point of data harvesting, just look at their marketing. They only mean they’re not streaming video to a server for recognition. The after-recognition data is still sent to a server https://www.invendagroup.com/vending-machines
You know, when technology really got started, I had dreams about tech knowing me, doing things for me, acting in my best interest. Smile at the cashier, and my bill is paid, entering any public building, and I’m added to the queue, my documents already there… A vending machine would know me, holding back that last Snickers bar, because it knew that I would come by today…
It could have been good. It could have been right. On another planet, with another species. :')
Best case scenario the machine has some sort of standard software with facial recognition code, but no hardware in the machine. Would he interesting to know.
Unfortunately its got the hardware for it https://www.invendagroup.com/vending-machines
Oh geez. These corporations are trying to be evil every way they can.
MARS isn’t doing a good job of proving you wrong.
According to Invenda’s website, the Smart Vending Machines can detect the presence of a person, their estimated age and gender.
I’m confident I don’t need a vending machine to know any of that.
A massive and punitive fine for anyone gathering biometric data without express permssion would be a great way to discourage other companies from bringing that shit around. A billion or two ought to do it.
Or do it like they do in China: if your company breaks the law you have two choices: donate it to the government or we take your CEO behind the shed for questioning.
Your face is not private, nor are your fingerprints. In public and in many private properties that are open to the public(e.g. stores) you have no expectation of privacy so you can be filmed within the law. You consent to facial recognition by passive agreement when you enter the public without your face covered.
Facial recognition technology is everywhere and there is nothing that will be done to curb it’s use.
Edit: To be clear, I do not support anyone or any entity using biometric data for any purpose except verification of identity for security purposes with intentional consent. Businesses or government using biometric data, or any data obtained without clear and willful consent, is unacceptable.
Apathy is a bullshit response
It’s not apathy, it’s an observation of the legal status of the situation.
Legally, you have no reasonable expectations of privacy in a public space, and as such anyone is free to record you. I don’t think fingerprint data being collected from devices available to the public has been tried in court yet, but audio and video recordings certainly have been.
It’s actually a good thing. Imagine if it was illegal for you to video cops.
Legality can change, that’s literally what we’re talking about. It’s legal now, it doesn’t have to be.
Also just declare that cops don’t have a right to privacy. Easy.
You are so right. I’m dumbfounded by how apathetic Americans are when it comes to politics. The idea of making the change you want to see, seems like a foreign concept. This will bring in a lot of downvotes, but I’d be happy to find some kind of online community that excludes Americans. And, I don’t mean by nationality, or even geography. Just this… acceptance of political depravity. In the US, you get the choice between “bat shit insane”. And, if don’t like that, you can vote Republican instead, which is orders of magnitude worse, with layers of vile shit. I’m tired. Most problems are so simple to solve. But the arguments are always presented between two things that don’t matter.
Good luck. I’m gonna see if there is a lemmy community that actively blocks “American mentality”. Which is hilarious, because a lot of Americans express that lemmy is “extremely communist / anti capitalist” etc. Which is just what “common sense” looks like to Americans.
Most states do not have any laws which restrict how biometrics are used. So using your fingerprint, face, or iris to checkout at the store doesn’t have any protections that would prevent that biometric data from being sent somewhere else, including the police. A store could gather facial or even iris data from a camera and you would have no idea because they don’t have to tell you.
Worse is that most people don’t see the problem with the digital panopticon because “they haven’t done anything wrong” and they are willing to give up their data for the idea of a theoretical safety.
Because the United States are the only country in the world.
In Italy it is illegal to share recordings in public without the recorded people’s consent.
“Cops” are public servants, as such it is always allowed to record and share.
This university is in Canada, genius. Those are the laws in Canada.
There is a massive fundamental difference between having a person see your face in public, or even having a basic security camera record your face, and having a system recognize your biometric data and stalk you through every public environment with extreme precision.
The general public should absolutely not accept the imposition of being expected to be followed through every public place by private corporate entities for undisclosed purposes. We can and should aggressively push government representatives to take strong regulatory action to outlaw this behavior and aggressively punish violations.
Will making these efforts actually change matters? Maybe, maybe not. Will throwing your hands up and just assuming it’s impossible to change anything and that we should all just lay down and accept it as fact lead to the worst possible outcome? Absolutely.
Fuck off narc
Your face, retinas, and fingerprints are keys to unlock digital assets.
Using those biometrics to access anything without a warrant is legal and not protected by the 4th or 5th amendments.
That’s where the laws come in. I don’t agree that recording and biometric information on people should be legally protected, unless you ask for permission first.
Yet another demonstration that the primary meaning of “smart” has come to be “unbelievably stupid.”
The definition of pretty much every word these days has been hijacked to mean the exact opposite - like Google lets you “search” for things you “want”, and Reddit would “connect” you to “
humanspeople”, FaceBook willsteal all of your datashare “news”, again from “people”, and so on.I pretty much think of “smart” as now meaning “tactically weaponized to maximize corpo profits” - you know, “for your convenience”!:-P 🤮
And spying is privacy.
Renting is owning.
Downloading is theft.
I should probably read that - I figured that I get the gist having read Animal Farm but hey, if we are going to live out the irl version then it might be good to at least say that I read about it first!:-P
It is fascinating how some people see far (ahead), by virtue of seeing clear (to the soul/center of the human condition) - technology may change but we don’t seem to. Asimov, Jules Verne, George Orwell, they are like techno- or cultural prophets, not that we listened, sadly:-(.
C.S. Lewis (Chronicles of Narnia) in addition to being a christian apologist also wrote philosophy about how Hitler was able to influence Europe during WWII, and I found that just fascinating e.g. if you avoid ever saying a thing but instead just act as if it is true then it is a way to avoid it being questioned. Evil people have access to so many tricks that a free & just society would never condone using (another big one lately is misinformation), nor would it even so much work in the other direction b/c getting people to question things is a major bonus in such a society so it’s at best an anti-pattern there, and yet I wish we were much more aware of them b/c otherwise it is like facing a pathogen with no immune system.
Anyway thank you for reminding me of those quotes:-).
Students believe there is a camera inside this hole on the vending machine
Students and their silly beliefs. Don’t worry about that lens shining in the hole. It’s just a useless hole!
Strategic use of a cordless drill can ensure it’s a useless hole.
that’s vandalism and can get you in trouble.
A simple sticker though, which can be easily removed, doesn’t count as vandalism, and can be done over and over again for almost no cost.
Man, I sure got a lot of stickers, too…
That or a more elaborate sticker/photo taped far enough away so the camera may focus on it. Maybe an image of Alfred E. Neuman? Or some kind of FU meme?
Regardless of the privacy issues, if this is actually a default feature of this machine, why does the camera hole look like it was put there with a hammer?
Dunno, but it needs more of the hammer treatment.
I bet it’s from people picking at it and the paint chipping off the sharp edge, but it does also look like the hole was drilled on a Friday afternoon by a guy who probably should have retired 10 years ago.
I think it’s remnants of chewing gum the students were putting in there.
I thought you were exaggerating…lmao
The facial recognition error might be ”no suitable camera found“?
Hmm… facial recognition vending machine huh…
Finally it’s time for my jammer & some script from c/netsec to shineOr tape over the camera hole.
I was going to suggest epoxy resin.
To the batmobile!
who’s hype for the state-industrial complex to track our every movement! surely this combined with a right wing political movement that is increasingly focused on punishing so-called enemies will never lead to a complete humanitarian disaster.
Yea, we need to fight to make sure that the state-industrial complex tracking our every movement is focused on punishing OUR so-called enemies, as defined by a small handful of Internet based social clubs (controlled and operated by people we know next to nothing about).
Throw in S-210, which could likely support face tracking tech for age verification, also handled by a third party. I thought Nineteen Eighty-Four was supposed to be a cautionary tale, not a playbook…
new tech sux
Corporations suck
Technology does way more than what some consumers want without adding enough value. Ring doorbell just grossly increased their ring protect plan cost and I’m starting to wonder:
“Why are we paying monthly subscriptions for them to just store two months of snapshots with a few videos?”
We need open standards for data storage so we can have more freedom in how our data is stored.
Absolutely. Nowadays you could afford an external hard drive to store such a small amount of videos. Plus, it gives you the benefit of having fewer eyes on your data. The notion of storing data on the cloud turns me off of having certain indoor cameras.
https://lemmy.world/c/selfhosted is pretty great for finding open source alternatives to commercial apps.
Definitely, but I’d like to see more accessible solutions for less technical people, and that’s possible with inter operative standards. It would be great if regulatory bodies required that all hardware supported at least one open standard.
RIP Brendan, best SCSM.
Yeah, that was a great story, but an odd missed opportunity for a cyberpunk game on hidden mass surveillance. I’m thinking of NG Resonance from Deus Ex: Invisible War. I.e., it’s odd that Bredan’s a.i. was used to just sell more drinks, rather than as a mass surveillance tool. People were forming relationships with him, providing him with all sorts of personal information.
You should tell Theo that he will miss her :'(
The pharmacist at my local Tesco once told me I was buying paramol too often. It had been at least a year since I last bought it.
This told me that:
A. They’re using facial recognition to track purchases
B. There’s either not enough info provided by it or enough training on it’s use
[off topic?]
New York City is moving away from people paying for subway/bus rides with a pre-paid card or cash and going to a system where you pay with your credit card or smart wallet. Nice way to quietly monitor everyone’s location and habits.
Sadly. Many people do not see things like you --correctly-- do. In my city, they are pushing people onto cards, which track everything, including transfers, and how? The fare on the card is like 5 cents cheaper. Many people have no foresight.
This just in, slavery co. branded machines have been found partaking in illegal espionage, much to everyone’s shock.
FatBastard.gif
This story seems fishy. Why would the hole for the facial recognition camera be so poorly made? It looks like someone made it with a screwdriver, not something that was made in a factory.Edit: got it
Go to the vendors website, and not only see hole for yourself, but look at them claiming to use AI to detect demographics.
PDF Link: https://a.storyblok.com/f/184550/x/e7435c019e/brochure-svm_generic-dark-netflix-ui.pdf
Their website: https://www.invendagroup.com/vending-machines
Here’s my own screenshots in case the vendor takes their pdf down from bad press.
Hole: https://photos.app.goo.gl/rTk8fUWynmXgw7Zc6
AI Features: https://photos.app.goo.gl/RiF1Phrroj65tMdd7
Demographic Sensor
- People count
- GDPR-compliant demographic profiling (age and gender)
many have tried to cover a small hole on the machine that they believe houses a camera
Looks like a student might have used a pocket knife or similar implement to dig at the hole and enlarge it, to try to see if there was a camera.
In a choice between thinking that a vending machine company put facial recognition technology into a vending machine or prankster students hacked the device to display a suspicious error message I would suspect the latter is the case.
However, watching the video and looking at the brochures on the manufacturer’s website, it looks like the manufacturer did indeed put rudimentary facial recognition in so they could gather demographic information on their customers like gender and approximate age for marketing purposes. Maybe the hole was damaged by curious students?
(After seeing your edit) to be fair, there are a ton of overblown hype articles that are actually built on nothing. The opposite side of skepticism (jumping onto the outrage bandwagon) is worse and more common than being skeptical. Its a shame things are not easier to verify.