A set of smart vending machines at the University of Waterloo is expected to be removed from campus after students raised privacy concerns about their software.

The machines have M&M artwork on them and sell chocolate and other candy. They are located throughout campus, including in the Modern Languages building and Hagey Hall.

Earlier this month, a student noticed an error message on one of the machines in the Modern Languages building. It appeared to indicate there was a problem with a facial recognition application.

“We wouldn’t have known if it weren’t for the application error. There’s no warning here,” said River Stanley, a fourth-year student, who investigated the machines for an article in the university publication, mathNEWS.

  • jeffhykin@lemm.ee
    link
    fedilink
    arrow-up
    275
    ·
    edit-2
    7 months ago

    It gets worse :/

    I looked up the brand (Invenda). Their PDF includes “using AI”, “measuring foot traffic”, and gathering “gender/age/etc” e.g. facial recognition to estimate a persons age and gender

    And in terms of “stored locally” this is straight from their website

    The machine comes with a “brain” – Invenda OS – and is connected to the Invenda Cloud, which allows you to manage it remotely and gather valuable environmental, consumer and transactional data. The device can be branded according to your requirements to further enhance your brand presence.

    The marketing also so fricken backwards that it reads like satire:

    For a consumer, there’s no greater comfort than shopping pressure-free. Invenda Wallet allows consumers to browse, select and pay for products leisurely and privately 🤦‍♂️

    • neutron@thelemmy.club
      link
      fedilink
      arrow-up
      159
      ·
      7 months ago

      I’m dreading for the day they introduce dynamic pricing based on who’s buying and refuses to sell without a full face scan.

      • jeffhykin@lemm.ee
        link
        fedilink
        arrow-up
        93
        arrow-down
        1
        ·
        edit-2
        7 months ago

        What really bothers me is the “measuring foot traffic”. I already refuse to use vending-machines because of the pricing and unhealthyness, but you’re telling me I need to make GDPR takedown requests just for walking to class?

        • Also this is data that any reasonable company could get in like half an hour of searching and asking.

          There is data on how many meals are sold a day at the mensa, how many students are enrolled, how many students live on campus…

          Unless the vending machine is in the last corner of the third floor of an half empty building, all this information can be puzzled together to get a good estimate of how many people are passing the machine on a day to day basis.

      • livus@kbin.social
        link
        fedilink
        arrow-up
        25
        ·
        7 months ago

        Fast food franchises always charge more in poor areas, I wonder if dynamic pricing would charge poor people more as well.

      • GBU_28@lemm.ee
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        1
        ·
        7 months ago

        Dynamic pricing already exists based on what device brand you use

      • federico3@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        edit-2
        7 months ago

        People panic about face scan while the ongoing massive privacy breaches exist around online services and electronic devices. The amount of personal data that people pour into smartphones is enormous compared to using that vending machine. We need more GDPR.

    • ipkpjersi@lemmy.ml
      link
      fedilink
      arrow-up
      44
      ·
      7 months ago

      They have to make it sound like it’s private and secure, but it really isn’t. It’s sad how dystopian our future is becoming.

      • octopus_ink@lemmy.ml
        link
        fedilink
        English
        arrow-up
        11
        ·
        edit-2
        7 months ago

        I keep telling my zoomer son he needs to read 1984. Not to live his life in fear of it, but to help his awareness of it, and provide an example of what that sort of societal control can look like. It’s probably the one thing I nag him about. 5 years later he still hasn’t read it. lol

        I haven’t read it in decades, but I still feel it’s hard to miss certain parallels with modern reality when you have.

        • InputZero@lemmy.ml
          link
          fedilink
          arrow-up
          12
          ·
          7 months ago

          A good book to pair with 1984 is A Brave New World. They both tackle forms of control but from two different approaches. In A Brave New World there’s no need for thought police. Every person is designed and crafted from conception to adulthood to never have a criminal thought.

          • octopus_ink@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            That’s another good one! Thanks for reminding me of it! Kind of ironically I read most of that book while hiding from my job (that’s a story) in the bathroom for short periods of time in my early twenties.

        • kalpol@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          7 months ago

          That plus Helen Nissenbaum. When you read 1984 and then start thinking about the concept of future contexts changing use of private data, you get real nervous.

      • Exocrinous@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        7 months ago

        In the 18th century. That’s when capitalism really got rolling and when Adam Smith wrote his crap.

        Alternatively: 1493

      • namingthingsiseasy@programming.dev
        link
        fedilink
        arrow-up
        6
        ·
        edit-2
        7 months ago

        There was a quaint old time, shortly after Google was founded, where people mused about privacy over the internet. It was forgotten about as the profits started rolling in and pretty much all other companies started following along. That was the time when we started transitioning into a period of massive data surveillance. Glad to see that the conversation is starting to pick up again in some areas, though it’s definitely being actively suppressed in many others.

      • NotJustForMe@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        Laws and lawyers. You can’t go there and beat them up. That pretty much paved the way. Money is just a toy to them. So there is zero risk involved.

    • otp@sh.itjust.works
      link
      fedilink
      arrow-up
      13
      ·
      7 months ago

      Invenda Wallet allows consumers to browse, select and pay for products leisurely and privately

      I never would’ve questioned that using a vending machine with cash would be anything but private until reading that line.

      (Well, the article was first…but if it wasn’t for the article, that line is sketchy as all hell)

    • cpw
      link
      fedilink
      arrow-up
      8
      ·
      7 months ago

      Say Invenda (your brand here) five times to get a discount!

    • graymess@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      7 months ago

      Vending machines used to get vandalized at my school. How much tech are they putting in these things now?

    • voxel@sopuli.xyz
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      edit-2
      7 months ago

      beuh, they obviously mean that the biometric data is stored and processed locally, not the data that results from that processing.
      i mean that’s still kinda creepy but you’re making it seem like they didn’t obviously admit to it in the original sentence.

    • MajorSauce@sh.itjust.works
      link
      fedilink
      arrow-up
      97
      arrow-down
      1
      ·
      7 months ago

      My guess is to associate which product is best selling to which demographic to better target them.

      So ingenious 🤮

      • CaptDust@sh.itjust.works
        link
        fedilink
        arrow-up
        13
        arrow-down
        1
        ·
        7 months ago

        I feel like it’d be tough to find a chip powerful enough to capture demographic attributes while also cheap enough to ship in vending machines? But admittedly I’ve little context on embedded systems and their capabilities

        • MajorSauce@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          43
          arrow-down
          1
          ·
          7 months ago

          While I have no idea how much a computerized vending machine costs, I found this article about a age/gender classifier that runs on a Raspberry Pi 4.

          Looking at the machine’s big touchscreen, I think this classifier would fit on the SBC or require a relatively small upgrade.

        • LinkOpensChest.wav@lemmy.blahaj.zone
          link
          fedilink
          arrow-up
          9
          ·
          7 months ago

          Would it be significantly more costly than some of the features vending machines already have, such as card readers? I think these things are pretty costly already, but the profit margin on snacks and soft drinks is extremely high, so I’d imagine they’d recoup their cost pretty quickly.

          • CaptDust@sh.itjust.works
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            7 months ago

            Well I thought so, but apparently we have good enough software that can run on a rasp pi now, so clearly the hardware requirements are much much lower than I understood.

            Geez, I remember needing to use cloud services just for simple OCR not that long ago…

        • AlecSadler@sh.itjust.works
          link
          fedilink
          arrow-up
          3
          ·
          7 months ago

          There’s a vending machine in a co-working space I use sometimes that has a full on fridge and oven, and when you order off the touchscreen…something happens inside and sometimes a hot cooked thing comes out. I have no idea how it works and have not used it myself, because it seems possibly kinda gross.

    • tsonfeir@lemm.ee
      link
      fedilink
      arrow-up
      38
      arrow-down
      2
      ·
      7 months ago

      Why the living hell would anyone agree to develop this? What douchbags are doing that job?

      • I Cast Fist@programming.dev
        link
        fedilink
        arrow-up
        16
        ·
        7 months ago

        There are people who actually believe that kind of dystopic bullshit, even in the tech sector. I remember a colleague a few years ago, told me he liked targeted ads because “it knew what I wanted”

        • tsonfeir@lemm.ee
          link
          fedilink
          arrow-up
          8
          arrow-down
          1
          ·
          7 months ago

          Oh boy, those people frustrate me so much. The ones who have a verbal conversation about a topic they’ve never talked about before, like owning a cat, or taking a cruise to Alaska, and then giggle gleefully when they are inundated with cat litter and cruise ship ads wherever they go on the internet.

          Some people just don’t care. And that’s actually fine. The ones who do care will try to look after the morons.

        • bjorney
          link
          fedilink
          arrow-up
          3
          arrow-down
          3
          ·
          7 months ago

          I don’t think software developers working in AI are “exploited labour just doing it to survive”

      • Exocrinous@lemm.ee
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        7 months ago

        What kind of amoral, selfish monster, would know full well that car emissions are exterminating life as we know it on earth, and still decide to drive a car?

        The same kind of monster who develops this technology.

        • tsonfeir@lemm.ee
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          7 months ago

          I’m all down for using public transportation and electric cars when you pay to fix the infrastructure, have it run 24/7, or buy me an overpriced electric car that doesn’t destroy the earth as well with lithium mining and all the non-renewable resources used to manufacture it. Certainly better than gas.

          Although I’d argue the car manufacturer is the one you should be angry with, not the buyer who is limited by availability, a limited public transit system, and price.

          • Exocrinous@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            Ah, so there we go. You have a perfect set of excuses for your own actions and why they’re someone else’s fault, but you struggle to understand how someone could develop software like this. The answer is: the same way as you. Excuses.

              • Exocrinous@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                7 months ago

                No.

                Aren’t you taking this all a bit personally? I’m just using your own experiences to explain a situation you find difficult to understand. The douchebags are the same as you. Hope that helps.

      • Aux@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        23
        ·
        7 months ago

        I’d do that. Privacy should not exist. Everything must be public and available to everyone. Every person should have a tracking implant and anyone should be able to access it.

          • Aux@lemmy.world
            link
            fedilink
            arrow-up
            1
            arrow-down
            24
            ·
            7 months ago

            Not /s. Privacy is a foreign concept for humans, invented a bit over a century ago. Privacy is a root cause of many social problems in our day and age.

            • I Cast Fist@programming.dev
              link
              fedilink
              arrow-up
              12
              ·
              7 months ago

              Privacy as a human right is, indeed, new. The concept and the desire for it is old. Doing things and not wanting to get caught is as old as walking forward. What, you think the idea of cheating a romantic partner is new? That every military in history and prehistory exchanged letters with one another, saying what they were doing? That every important and “important” person always exposed everything they did and thought to everyone?

              Also, keep in mind there’s a significant number of serious journalists that need privacy in order to do their job of exposing crimes. I can already see you replying “They wouldn’t need to do that if everything was public”. True, but that would also mean that tyrants and wannabe tyrants would have incredible ease in killing everyone they disliked.

              • Aux@lemmy.world
                link
                fedilink
                arrow-up
                1
                arrow-down
                1
                ·
                7 months ago

                Well, you said it yourself - you only need privacy to commit a crime or to cheat on someone. Privacy should NOT exist!

            • otp@sh.itjust.works
              link
              fedilink
              arrow-up
              12
              ·
              7 months ago

              Every person should have a tracking implant and anyone should be able to access it.

              In that case, I would guess that you’re a man, and one who has never had a stalker.

    • BearOfaTime@lemm.ee
      link
      fedilink
      arrow-up
      16
      arrow-down
      3
      ·
      7 months ago

      “local only”

      Even if it’s technically local-only, pretty easy for a tech to drive by and pull data it’s stored.

      Or when it gets filled.

    • NotJustForMe@lemmy.ml
      link
      fedilink
      arrow-up
      5
      arrow-down
      1
      ·
      7 months ago

      You know, when technology really got started, I had dreams about tech knowing me, doing things for me, acting in my best interest. Smile at the cashier, and my bill is paid, entering any public building, and I’m added to the queue, my documents already there… A vending machine would know me, holding back that last Snickers bar, because it knew that I would come by today…

      It could have been good. It could have been right. On another planet, with another species. :')

    • dan1101@lemm.ee
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      Best case scenario the machine has some sort of standard software with facial recognition code, but no hardware in the machine. Would he interesting to know.

  • ikidd@lemmy.world
    link
    fedilink
    English
    arrow-up
    91
    ·
    7 months ago

    A massive and punitive fine for anyone gathering biometric data without express permssion would be a great way to discourage other companies from bringing that shit around. A billion or two ought to do it.

    • Omega_Haxors@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      7 months ago

      Or do it like they do in China: if your company breaks the law you have two choices: donate it to the government or we take your CEO behind the shed for questioning.

    • Death_Equity@lemmy.world
      link
      fedilink
      arrow-up
      5
      arrow-down
      81
      ·
      edit-2
      7 months ago

      Your face is not private, nor are your fingerprints. In public and in many private properties that are open to the public(e.g. stores) you have no expectation of privacy so you can be filmed within the law. You consent to facial recognition by passive agreement when you enter the public without your face covered.

      Facial recognition technology is everywhere and there is nothing that will be done to curb it’s use.

      Edit: To be clear, I do not support anyone or any entity using biometric data for any purpose except verification of identity for security purposes with intentional consent. Businesses or government using biometric data, or any data obtained without clear and willful consent, is unacceptable.

        • Rodeo
          link
          fedilink
          arrow-up
          6
          arrow-down
          25
          ·
          7 months ago

          It’s not apathy, it’s an observation of the legal status of the situation.

          Legally, you have no reasonable expectations of privacy in a public space, and as such anyone is free to record you. I don’t think fingerprint data being collected from devices available to the public has been tried in court yet, but audio and video recordings certainly have been.

          It’s actually a good thing. Imagine if it was illegal for you to video cops.