Chronotope’s avatarChronotope’s Twitter Archive—№ 156,182

                                                                                        1. This is fking terrible news for privacy in NYC curbed.com/2022/08/goodbye-metrocard-machine-friendly-interface.html
                                                                                          OpenGraph image for curbed.com/2022/08/goodbye-metrocard-machine-friendly-interface.html
                                                                                      1. …in reply to @Chronotope
                                                                                        OMNY owning the machines that give out metrocards mean they will doubtlessly be applying the extremely creepy tap to pay methodology that can link your phone with your travel, only now it will also link your phone with a travel card with a persistent ID.
                                                                                    1. …in reply to @Chronotope
                                                                                      And if you don't tap to pay with your phone for a Metrocard, you are likely paying with plastic. If you are, then your card management company (VISA, etc...) will have your data and there will be a major data point to join OMNY data with Metrocard data ...
                                                                                  1. …in reply to @Chronotope
                                                                                    OMNY is not a project of the city. It is a system operated by the private organization Cubic Transportation Systems. Cubic has quietly taken over the monetization process of the majority of major US and western EU cities - en.wikipedia.org/wiki/Cubic_Corporation#Cubic_Transportation_Systems
                                                                                    OpenGraph image for en.wikipedia.org/wiki/Cubic_Corporation#Cubic_Transportation_Systems
                                                                                1. …in reply to @Chronotope
                                                                                  To understand the consequences of the Metrocard being taken over by Cubic, we don't have to look much further than London's Oyster card, whose privacy problems are well documented. In one year Metro Police made over 3,000 requests to Oyster user records... privacyinternational.org/blog/1596/oyster-octopus-and-metro-cards-what-happens-our-data
                                                                                  OpenGraph image for privacyinternational.org/blog/1596/oyster-octopus-and-metro-cards-what-happens-our-data
                                                                              1. …in reply to @Chronotope
                                                                                The London transit authority has previously bragged about the level of detailed visibility into people's travel that the Oyster system gives them citymonitor.ai/transport/data-helps-us-provide-better-transport-tfl-oyster-cards-big-data-and-contactless-payments-1396
                                                                                OpenGraph image for citymonitor.ai/transport/data-helps-us-provide-better-transport-tfl-oyster-cards-big-data-and-contactless-payments-1396
                                                                            1. …in reply to @Chronotope
                                                                              Oyster's system also categorizes users and assigns them persistent "anonymized" user IDs. Now think about all the digital ad screens in the subway that could make heavy profits mining that data for even more detailed Out Of Home targeting. slideshare.net/neal.lathia/mining-millions-of-oyster-card-trips
                                                                              OpenGraph image for slideshare.net/neal.lathia/mining-millions-of-oyster-card-tripsoh my god twitter doesn’t include alt text from images in their API
                                                                          1. …in reply to @Chronotope
                                                                            OMNY is intended by the MTA to phase out Metrocard. If it does, that means a private company will have detailed travel records, linked to cellphone and credit card IDs, about the millions of New Yorkers who use subways or buses in our city...
                                                                        1. …in reply to @Chronotope
                                                                          This could have serious consequences if, like many other big data systems, it becomes accessible without warrants. Consequences for immigrants could be terrible ny.curbed.com/2019/10/3/20895736/mta-omny-privacy-surveillance-report
                                                                          OpenGraph image for ny.curbed.com/2019/10/3/20895736/mta-omny-privacy-surveillance-report
                                                                      1. …in reply to @Chronotope
                                                                        The terms OMNY offers are very unclear on privacy promise and if you think that the NYPD can't get at your data without a warrant... history says otherwise. When asked NYC Transit officials do not have answers about how our privacy will be protected. web.archive.org/web/20191101134240/https://gothamist.com/news/mtas-new-fare-payment-omny-launches-friday-amid-questions-about-data-security-durability
                                                                        OpenGraph image for web.archive.org/web/20191101134240/https://gothamist.com/news/mtas-new-fare-payment-omny-launches-friday-amid-questions-about-data-security-durability
                                                                    1. …in reply to @Chronotope
                                                                      I cannot discourage tap-to-pay enough. Your credit card being with these people is awful. The NFC signal that's transmitted with the tap, the doubtless present Bluetooth beacons, the ability to combine that with other data, it's really bad in terms of identifying you...
                                                                  1. …in reply to @Chronotope
                                                                    OMNY doesn't even have to join the data itself. The NYPD and other law enforcement have proven plenty capable of buying or demanding access to multiple data sets and joining them on common ids...
                                                                1. …in reply to @Chronotope
                                                                  That said, considering the digital displays, there is a LOT of monetary incentive for OMNY and the Cubic Corporation (which, remember, is a private corporation that needs to make money) to collect, store, and enrich this data and then sell it to advertisers...
                                                              1. …in reply to @Chronotope
                                                                OMNY says they won't disclose your data except for potential sharing to law, "safety", and anti-fraud related entities, "affiliates and subsidiaries". OMNY is owned by Cubic subsidiaries include military service providers, & cos that serve the international intelligence community
                                                            1. …in reply to @Chronotope
                                                              Cubic is owned by Veritas Capital en.wikipedia.org/wiki/Veritas_Capital Veritas Capital, among other things, helps run the DHS's biometrics database. Their CCPA statement says they collect and share information collected from "portfolio companies" that includes Identifiers.
                                                              OpenGraph image for en.wikipedia.org/wiki/Veritas_Capital
                                                          1. …in reply to @Chronotope
                                                            In case you thought that I was being hyperbolic about the type of information OMNY might collect. Here's their privacy policy's (which you automatically accept when you use their service) list: - Personal Information including your name, age, photograph, email, DoB ...
                                                        1. …in reply to @Chronotope
                                                          ONMY collects: - Your disability status - Geolocation information - Online Activity, with the help of a third party, including: - Device identifiers - Cookies - IP addresses - "tracking information we or a third party may collect" ...
                                                      1. …in reply to @Chronotope
                                                        OMNY collects: - More online activity: - Device hardware info - Device software info - Your full User Agent - Information used to "identify a user device" - "De-identified information" including - demographic information.
                                                    1. …in reply to @Chronotope
                                                      And how does OMNY collect all this information?: - Registration - Participating in special programs **including participation in programs intended to help the poor and disabled* ...
                                                      oh my god twitter doesn’t include alt text from images in their API
                                                  1. …in reply to @Chronotope
                                                    OMNY also collects information by: - tracking information on your credit card, including brand, and contact with your financial institution. - Questionnaires and surveys - Scraping social media - Accessing their website - Cookies ...
                                                    oh my god twitter doesn’t include alt text from images in their API
                                                1. …in reply to @Chronotope
                                                  OMNY's website also explicitly uses web beacons *specifically for the purpose of advertising*. Presumably so they can market OMNY to you, but it doesn't say.
                                                  oh my god twitter doesn’t include alt text from images in their API
                                              1. …in reply to @Chronotope
                                                OMNY's Privacy policy reserves them the right to use your data to "create anonymous information" (presumably through pseudo-anonymity which is bullshit), to do promotional campaigns and to "develop new products and services"...
                                            1. …in reply to @Chronotope
                                              OMNY also uses your information to "to respond to requests from public and government authorities" All that and more in their Privacy Policy omny.info/privacy-policy
                                              OpenGraph image for omny.info/privacy-policy
                                          1. …in reply to @Chronotope
                                            The worst case scenario here is that either through marketing activities or sales OMNY shares your data with everyone with a buck to buy it or who is involved in placing their marketing campaigns...
                                        1. …in reply to @Chronotope
                                          The best case is OMNY shares its data with the NYPD freely and with the affiliates that it has via the Cubic Corporation and Veritas Capital, both of which provide services to local, federal and international law enforcement and various militaries and intelligence agencies.
                                      1. …in reply to @Chronotope
                                        Cubic has already been--depressingly--providing the MTA w/services since 1991. But the push towards cashless, especially via your phone, opens up new horrors on the privacy front, over a higher number of people. New machines will no doubt continue to push towards phone use.
                                    1. …in reply to @Chronotope
                                      From what I've read, the MTA, Cubic, and the City have all been asked about the details of how the new OMNY system will handle its cornucopia of user data and they have made no significant statements or assurances. That is *extremely* troubling.
                                  1. …in reply to @Chronotope
                                    Remember... the New York City subway system is not providing you a substantially different service thru OMNY. NONE of this collection or monitoring is *necessary*. The service you get is fundamentally identical to the one you could access using entirely anonymous physical tokens.
                                1. …in reply to @Chronotope
                                  In case there was any doubt that the parent company runs the same software and therefore likely joins data across its various transit services. lorenzofb/1565792888755298304
                              1. …in reply to @Chronotope
                                OMNY cards, and therefore (considering the wording in the OMNY privacy policy) presumably OMNY accounts, will provide persistent identifier cards to NYC's in-need school children. silive.com/education/2022/09/2022-2023-nyc-school-year-student-metrocards-return-omny-cards-planned-for-next-year.html
                                OpenGraph image for silive.com/education/2022/09/2022-2023-nyc-school-year-student-metrocards-return-omny-cards-planned-for-next-year.html
                            1. …in reply to @Chronotope
                              Very notable: the City's program transitioning to OMNY has gone over budget and, at this point, cost $772 million! This is for a system that *I must remind you* provides no extra benefits other than tapping your phone to enter a station and enhanced tracking capabilities!
                              oh my god twitter doesn’t include alt text from images in their API
                          1. …in reply to @Chronotope
                            This is at the same time the subway has had record levels of health-endangering heat, where some days the entire underground system is above 86°F with some platforms exceeding 100°F. nbcnewyork.com/news/local/its-way-too-hot-on-nyc-subway-platforms-study-reveals/527573/
                            OpenGraph image for nbcnewyork.com/news/local/its-way-too-hot-on-nyc-subway-platforms-study-reveals/527573/
                        1. …in reply to @Chronotope
                          Hard to understand why tap to enter is a nearly billion dollar priority while parts of the subway are literally deadly to older riders and the MTA does not seem to have any plans to fix this issue at the station level.
                          oh my god twitter doesn’t include alt text from images in their API
                      1. …in reply to @Chronotope
                        The only way I think it makes sense to prioritize tap-to-enter is if the city or its vendor thinks they can make serious money off of it... or if they think it will make the NYPD more effective. Otherwise... why is this a priority for the MTA to spend our taxes on right now?!?
                    1. …in reply to @Chronotope
                      Very much worth noting that one of the new OMNY system's changes is to make user data available in basically real time. (via transitcenter.org/publication/do-not-track-a-guide-to-data-privacy-for-new-transit-fare-media/)
                      OpenGraph image for transitcenter.org/publication/do-not-track-a-guide-to-data-privacy-for-new-transit-fare-media/oh my god twitter doesn’t include alt text from images in their API
                  1. …in reply to @Chronotope
                    And for those who were curious, the Reduced Fare MTA program actually does *require* you to register for an account with the 3rd party vendor OMNY. This is an explicit privacy tax on the poor and disabled of NYC. new.mta.info/welcome-to-omny
                    OpenGraph image for new.mta.info/welcome-to-omnyoh my god twitter doesn’t include alt text from images in their API
                1. …in reply to @Chronotope
                  And, in case you were wondering, yes Cubic has a history of making the transit transaction system itself an ad network. theverge.com/2020/3/16/21175699/mta-omny-privacy-security-smartphone-identifier-location-nyc
                  OpenGraph image for theverge.com/2020/3/16/21175699/mta-omny-privacy-security-smartphone-identifier-location-nycoh my god twitter doesn’t include alt text from images in their API
              1. …in reply to @Chronotope
                Also, further pushing users to phone use will be that an OMNY card NFC will likely clash with other tap to pay cards in your wallet, which an increasing number of transit users will have, causing delays and confusion at the turnstile... nytimes.com/2017/10/27/nyregion/new-fare-system-metrocard-security-hacking.html
                OpenGraph image for nytimes.com/2017/10/27/nyregion/new-fare-system-metrocard-security-hacking.htmloh my god twitter doesn’t include alt text from images in their API
            1. …in reply to @Chronotope
              The idea OMNY would clash w/other NFC cards is particularly concerning since one of the main promises of OMNY is to increase station throughput by decreasing time it takes riders to get in the station. Another sign the system will heavily push users towards giving up phone data.
          1. …in reply to @Chronotope
            (I just realized not everyone may be familiar with the term 'privacy tax'. Basically it is when systems that want to harvest your data have alternatives or options that allow you to better prevent tracking, but will cost more in money, knowledge, and/or time...
        1. …in reply to @Chronotope
          ...privacy tax is a method where increased friction & cost is used to claim a system has privacy preserving alternatives, while increasing the difficulty to access those alternatives in order to push people towards systems that invade their privacy to the profit of the system)
      1. …in reply to @Chronotope
        (It also allows operators to push towards more invasive technology under the guise of "quality-of-life improvements". This is something Cubic has done in the past by proposing biometric face-scanning technology for transit machines in other cities.)
    1. …in reply to @Chronotope
      Fast Company was kind enough to allow me to write this up into a more extensive op-ed! fastcompany.com/90788367/the-mtas-switch-to-omny-machines-is-a-privacy-nightmare
      OpenGraph image for fastcompany.com/90788367/the-mtas-switch-to-omny-machines-is-a-privacy-nightmare
  1. …in reply to @Chronotope
    I tried to address some of the questions and objections I heard to this thread, so if you're still out there thinking I missed something, hopefully I got it spot on in the article.
    1. …in reply to @Chronotope
      More surveillance in the subway: Chronotope/1572948645820989441


Search tweets' text