SoylentNews is people
SoylentNews
As big as I am on privacy, I'm inclined to agree with the fine folks over at [H]ard|Ocp:
Who would give up info like their name, age, sex to a beer company for discounts and promotions on beer? Hmmmm, now that I think about it, that's a tough one. Privacy....or....free beer?
Or if, like me, you despise getting your news in video form, techinasia has a story on it as well but in text format:
Enter Glassify. The Tel Aviv-based startup is building 'smart glasses' which pair with an app on your smartphone to offer users incentivized promotions and discounts.
How it works is fairly straightforward. Consumers order their drinks at the bar and are prompted to scan the glasses over their phones when served. The glasses have an NFC chip embedded at the bottom and work with any QR scanner. There's no need to have the Glassify app pre-installed – it'll prompt you to download it when you scan a compatible glass for the first time.
"There's always an incentive for users to scan their glass," explains Ben Biron, CEO of Glassify. "This could be things like a free drink, chaser, or a food combo."
This really shouldn't be that hard of a call but free is my favorite kind of beer.
(Score: 5, Interesting) by Some call me Tim on Tuesday November 01 2016, @04:25AM
Just wait until that data gets to your health insurance provider and they raise your rates because you scanned all your friends glasses too. Then there's auto insurance, employers etc. Lots of ways for that data to be abused and you know it will be if some company can make a buck. Oh, and don't spill beer on your phone or drop a slippery glass on it. *hits preview* Wow, I'm in a really "glass mostly empty" mood, time for a refill ;-)
Questioning science is how you do science!
(Score: 3, Insightful) by bob_super on Tuesday November 01 2016, @04:39AM
It's ok, you used your phone to pay the tab, so the cops already know how much you had to drink, even without extra help.
(Score: 1) by anubi on Tuesday November 01 2016, @05:18AM
My guess is you will never know about the data you provided until something happens, and you suddenly hear the words "not covered" after you have been paying years of premiums for the "peace of mind" thinking you were "covered".
There will be some other application you checked somewhere saying you did not drink, and here is proof you did. Grounds for denying coverage.
Kinda like those "Guaranteed Acceptance" senior life plans where some corporation will guarantee that they will accept your monthly premium contingent on your answering "just three simple questions", any of which if they can find any way to shoot a hole in, they can deny you the coverage you thought you were paying for.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by The Mighty Buzzard on Tuesday November 01 2016, @09:56AM
What health insurance provider? I pay no insurance premium and I pay no Obamacare tax. Thanks to all you palefaces who continue to donate to our casinos and completely pay for my healthcare.
My rights don't end where your fear begins.
(Score: 2) by tonyPick on Tuesday November 01 2016, @10:15AM
Given the success untappd appears to be having (https://untappd.com/), and particularly with folks tying it to their TwitterFaceSocial accounts then this is obviously not seen as a major problem by most people.
(I agree it will be a problem sooner or later due to all of the above, but I wouldn't bet against this particular company on this particular issue, even if I think they'll fail for other reasons.)
(Score: 2) by VLM on Tuesday November 01 2016, @12:00PM
because you scanned all your friends glasses too
Yeah um about that, since you get a treat every time your account unlocks a glass, and I'm a hungry and thirsty boy, I'm thinking it'll take days perhaps even weeks until someone creates an app for your friends phone that outputs all the glasses we've ever seen at that bar or whatever.
To get around it they'd have to have cryptographically secure serial numbers and make them one time use stickers (scratchoffs?)
Of course what they'll probably do is something brilliant like serial numbers "Moe's Bar #1" "Moe's Bar #2" and so on. Then buy your friends a round or two and scan all their glasses and get serial numbers 4, 33, 12, 75, and 42, then implement the famous WWII (or WWI or WTF) algo where you can statistically predict the max serial number based on a set of theoretically randomly mixed samples. Now you know Moe's Bar max serial # is 100, so you program that into your QR code spoofer and start scanning random serial numbers between 1 and 100 whenever you get hungry or thirsty.
Eventually they'll go away because the app will present the owner with a bill claiming they helped sell 7000 frosty mugs and gave away 7000 shots, while the liquor cabinet shows a missing 7000 shots as claimed, the kegs have only dropped like 500 mugs worth. Hmm.
Or if an app is too complicated for drunks, just figure it out and hand out sheets of paper with QR codes on them. Its not like QR codes are secret or anything.
Another thing is back when QR codes were "cool" and marketing people put them on mass advertising posters and stuff (haven't seen one of those in years) well it was a "thing" back then to print out stickers encoding the old goatse URL and paste them over the stickers. Not saying I ever did such a thing of course. But some deplorable could do such a thing and then what happens back at the ole bar when a QR code gets scanned like 1500 miles away from the bar? Or at the bus stop out on the street in case they're checking GPS or whatever? Distributed Denial of Beer Service DDoBS I guess?
In the 80s people used to dial for codes on the assumption that you'd have to try 1000 codes to find a valid one... well... you could play this game with the beer too, waitress serves up a bunch of frosty ones and immediately the fake app people start rolling "dubs gets a free shot!" or wtf. If a bar only has 500 glasses and the waitress walks by with 5 freshly poured beers that 1 in 100 is pretty tedious for a human, but a botnet or an app is not scared away by trying 100 times.
(Score: 3, Interesting) by urza9814 on Tuesday November 01 2016, @06:59PM
They could just have the bartender scan the glass before giving it to you. They scan it from their bartender account, it gets 'unlocked'; you scan it with your phone and it locks and can't be scanned until the bartender unlocks it again. You could still scam it a little, but it's gonna take a ton of effort -- you scan all 100 codes and you might get four or five that are open and haven't been redeemed yet. A bot could do it, but you block that by just putting a rate limit on each user. One code per minute isn't a big deal, even if one person at the table is scanning for everyone. But if it's a bot that needs to guess every possible code before those beers get scanned by someone else, that'll get blocked entirely, even with only 100 glasses that's going to take 2 hours, and the glass won't be active that long. If you rate limit by IP address then a botnet would work, but that's idiotic -- just rate limit by user account, and no transfers between accounts. So to use a botnet all your rewards end up distributed between a few hundred different accounts, and surely those rewards expire, so the odds of building up enough in one account to be able to use them before they expire is pretty slim. Tie in the bartender account to the POS system, so if you scan glasses that went to two separate tables, you get locked out for cheating. Add GPS fencing to the scanner app, so you can't scan codes if you aren't actually at the bar.
If they've done NOTHING to prevent this sort of issue, they deserve whatever consequences they get (which is probably not much really). But it seems like it would be pretty trivial to prevent false scans because you already know within a few minutes and a few feet when and where that code could be legitimately scanned. And those scans must be tied to a registered account on an external service.
(Score: 2) by VLM on Tuesday November 01 2016, @07:52PM
Yeah you list some valid defenses. The news seems to imply people without the app can scan and get some kind of offer, if that reply indicates valid code or not, well...
It smells kinda startup-py and those kids usually don't know anything about security or business. I wrapped someone elses idea in bootstrap wheres the billion bucks I am entitled to, etc.
Most bar and restaurant operate on hype (which this might help) and razor thin margins (not so good).
Its wait and see time...