/ The climbing academy Glasgow. Biometrics.
I know it is a fancy wee system for staff to use and I am sure they wouldn't supply it to anyone else but I really have no idea how securely they hold the data.
Did they let you in?
Was it a fingerprint scan?
If so, I think it cant be transferred, it is just like a barcode.
> I know it is a fancy wee system for staff to use and I am sure they wouldn't supply it to anyone else but I really have no idea how securely they hold the data.
What are you concerned about - what do you have to hide?
It's just a method of speeding up the entry recording process, nothing more sinister. I willingly gave mine, but the system doesn't always recognise it so give my surname and am logged in the old school way.
I can sort of understand your stance but it does seem a wee bit paranoid.
Nothing but my personal details and identity are important. I work in IT so I have experience of how insecure systems can be. No one complains until it is in the news that their details have been stolen then they re up in arms. I have no idea how secure their system is.
Fair enough, I wouldn't object to others objecting to it. I take it you weren't denied entry and they took the rest of your (presumably legit) personal details? How secure is that - where would you draw the line?
I suppose the risk of their system becoming compromised was one I could accept.
It sounds like a daft idea for a climbing centre, the one thing fingerprint biometrics are really vulnerable to are fingerprint injuries!
The scan doesn't save your actual finger print, so the security aspect isn't necessarily on the storage side, the security aspect is rather that you are being encouraged to give one off information that could be misused (it would be really easy for someone to use a fake scanner and reproduce your prints).
Biometric scanning requires an awful lot of trust between the person doing the scanning and the person being scanned, so if they looked at you a bit weird when you queried it, they've broken the trust and should be avoided.
Name and address is fine. You can get a hold of them through a variety of means. However biometrics are not easy to come by personal details.
I was actually quite diplomatic in my response as I am sick to the back teeth of the usual "what do you have to hide" responses. I must be a criminal then so please take my prints and retina scans just to prove I am not a criminal? Have some DNA as well.
They use your thumb for the print in Bristol and I've rarely had a problem with it not recognising me. Takes 2-3 goes on occasion, but they've been using it for years now so presumably it can't give them any significant recognition issues.
What I find particularly odd is that it clearly doesn't work. I've been to TCA I think three times, and it has never worked. Would you use retinal scans to identify laser eye surgery patients? Climbers hands change more and more often that just about any other part of them. Haircuts would be more reliable. Names might also work.
No, you're wrong, it would be the OP who first broke the trust by querying it.
> [so if they looked at you a bit weird when you queried it, they've broken the trust and should be avoided.]
> No, you're wrong, it would be the OP who first broke the trust by querying it.
Crikey, each to their own, I guess but if you were interviewed in the street by someone 'researching computer passwords' would you tell them your banking passwords?
The default has to be that a user doesn't reveal ID details unless the person requesting them can establish trust, the first onus is on the requester, not the requestee. A trustable requester will acknowledge this.
Biometrics is a particularly high trust environment, if they used a combination of your membership number and a PIN, if someone compromised your PIN, what's the worst that could happen? An unauthorised user at the wall or someone burning up your ten session ticket or costing you a few quid?
On the other hand if someone compromises your biometric, thumb print, iris, foreskin pattern, then you can't grow another iris or thumb or cock. Biometrics are for life (barring surgery), PINs last until you change them.
> Nothing but my personal details and identity are important.
Are they? What use would someone have for your fingerprint.
I don't believe these systems store the entire fingerprint. The most popular ones just store a set of numbers which are measurements of various bits of the fingerprint. So if the database gets compromised, nobody can reproduce your fingerprint in a way that will be accepted by another system. These systems are sometimes used in schools for registration.
However, this might not be the case for this particular system. Or perhaps someone could subvert it by putting their own fingerprint scanner over the top or replacing it, the way dodgy petrol stations manage to steal the PIN on your card.
Security is a complex business, and the most obviously secure solutions are rarely the actually most secure ones.
You can fake a fingerprint with a jelly baby, that was done about 10 years ago.
The other climbing wall in Glasgow just uses photos.
> The other climbing wall in Glasgow just uses photos.
Not to record your attendance on that day it doesn't, it uses your registration number and they check your name once they've searched their database. The photo is simply as back-up.
At least, that's how they've operated for years until a few weeks ago, when I was last in there. Could be wrong, but I don't imagine they've changed it since then.
In theory, the TCA fingerprint scanner is instead of giving a number when you enter (ie just a different means to the same end.)
>"guess the sales man must have played a blinder"
I agree. It doesn't seem to offer much over, "What's your number?"
It's certainly no quicker, and, as the double dip recession bites, will almost certainly lead to one of the annual pass holders having their right thumb hacked off during a brutal mugging, near Kinning Park underground.
ha ha, so shall we call that a Friday night then?
To the thread
My primary knowledge of this kind of thing comes from Bloomberg, who have a finger print scanner as part of their multi factor login process to their trading platform. (It uses, I believe, an algorithm to create a numerical representation of your finger print and actually works very well)... for something like that, it makes sense.
For accessing a climbing wall though, seems a little OTT. just because you can do something doesn't mean you should.
In a parallel (sort of)
I got a phone call from a withheld number a while back asking me to confirm my name
mr rally mania
and your DOB?
before i answer that Iíd like you to tell me who you are
we can't you yet for data protection. Once we've established your ID we'll tell you who we are
I see, so for data protection you can't tell me who you are, but you think it's ok for me to give you my DOB and other personal details to confirm who I am?
It was my credit card company, I finally managed to establish (by guessing) but they just couldnít see the problem with what they were trying to do. This is why I think itís important for people to understand what they are doing with regard their own data. (and yes i may be a touch paranoid lol)
Elsewhere on the site
So, just what is the Petzl RocTrip? Every year French climbing manufacturer pick a sport climbing area that has potential... Read more
Aiming at designing and producing the best belay glasses to protect climbers’ necks, Y&Y focuses on every detail to... Read more
On Sunday 12th October the Depot Climbing Centre Leeds held its 5th annual Battle of Britain competition. The competition has... Read more
Pete Whittaker has flashed the 32 pitch route Freerider 5.12d on El Capitan in Yosemite Valley over three days,... Read more