danlb_2000
Premium Member
Wet and Wild was doing something like this in 2006.
http://articles.orlandosentinel.com/2006-06-20/business/WETNWILD20_1_wet-wristbands-water-park
-
Welcome to the WDWMAGIC.COM Forums!
Please take a look around, and feel free to sign up and join the community.
Disney’s RFID "Magic Band" arrives on the FCC
- Thread starter GrumpyFan
- Start date
Wet and Wild was doing something like this in 2006.
http://articles.orlandosentinel.com/2006-06-20/business/WETNWILD20_1_wet-wristbands-water-park
I just have to wonder, for all those who are opposed to this, whether or not you have a smart phone? If you do, you're already being tracked, by your carrier, and potentially others. Here's the thing though, in order to provide you with Internet, phone, instant messaging, gps, etc, they need to know where you are.
I understand the "danger" or potential for abuse that some speak of, but I really don't see any "evil" in this.
I understand the "danger" or potential for abuse that some speak of, but I really don't see any "evil" in this.
danlb_2000
Premium Member
It will be interesting to see how much backlash this gets when they start rolling it more broadly. This has been one of the big issues that has held RFID back in a lot of area. Backlash to this sort of things often isn't even based on logic, people only have to have a perception that this is invading their privacy, or risking the security of their data before they start to mistrust it.
Pumbas Nakasak
Heading for the great escape.
And as for "Big Brother"... Big Brother has neither the time, energy or even inclination to give a damn what the vast majority of Disney guests are up to.
Big Brother may be too busy, but there are some chaps who make a good living buy harvesting information about your average guy. Neither you nor I know what is to be stored on the band so to say it is devoid of risk is a tad premature at this stage.
flynnibus
Premium Member
You'd be surprised - just being a large company does not mean the company has a security first focus.. with rigorous testing and auditing. When companies that SPECIALIZE in this are still vulnerable, a company just trying to protect itself and still run day to day is almost gaurunteed to be a ripe target. There is nothing I've seen to lead me to believe TWDC operates more securely than a typical fortune company. I've worked with TWDC on IT related projects and they weren't that restrictive to us actually compared to other customers I've worked with.
What makes such a system more risky, is not the RFID per say (that's only leaking one new vector), but the idea that Disney will be opening and integrating their systems more tightly. Systems that are more open to share information between them are often great attack vectors for a less secure system to be a gateway to a more secure system.
So you're saying that if you were accused of a crime in New York, that the prosecution could call for the records of your whereabouts in Disney and Disney could tell them that you were in the crapper on June 04, 2013 so you must be guilty????
Actually there isn't anything preventing that except controls on how Disney were to release information. If there is probable cause there to support a court subpoena, the information could be taken, or Disney depending on their terms with the customer, could release the info voluntarily.
GoofGoof
Premium Member
Maybe I am not thinking about this right, but why should I care if Disney or for that matter anyone else can track where I am in the parks. The fact that I am in line at Splash Mountain is not a matter of national security. Unless, of course, I told my boss I was going to FL for my great aunt's funeral when I was really hitting the Magic Kingdom.
Even if these devices are linked back to your account with Disney which contains your name, address and credit card number I don't see how that makes a difference. Someone would still have to hack into the Disney network to get the data. This could happen now without the new devices. If there are problems after this is implemented with hacking and data theft I am sure Disney will be aggressive with corrective actions.
Maybe I am wrong, but isn't part of the reason for the wrist bands the interactive areas within rides and queue areas? Things like making your kid's name appear on a picture when you walk near it or other special effects. I think that will be pretty cool to see and will add to the overall experience and the "magic". Maybe as adults we will all know it's just data being transferred from a wrist band, but kids won't know it. I also think its more convenient than holding onto paper fast pass tickets (unless you collect them) and park and/or room cards.
Even if these devices are linked back to your account with Disney which contains your name, address and credit card number I don't see how that makes a difference. Someone would still have to hack into the Disney network to get the data. This could happen now without the new devices. If there are problems after this is implemented with hacking and data theft I am sure Disney will be aggressive with corrective actions.
Maybe I am wrong, but isn't part of the reason for the wrist bands the interactive areas within rides and queue areas? Things like making your kid's name appear on a picture when you walk near it or other special effects. I think that will be pretty cool to see and will add to the overall experience and the "magic". Maybe as adults we will all know it's just data being transferred from a wrist band, but kids won't know it. I also think its more convenient than holding onto paper fast pass tickets (unless you collect them) and park and/or room cards.
eeyore_isno1
Member
Oh please. There are a great many folks who understand the technology and are against it. Your side is also full of ignorant folks who have no idea how anything works, and will blissfully wear/activate/use anything that a company or government says they should.
It's irrelevant where the credit card data is stored. I can still get near you, remotely scan you, dup it, then go dine at Vic and Al's and the bill shows up on your account, not to mention get into your resort room. And you won't even know about it until you get home and find all this extra stuff on your credit card bill.
Yes, it probably won't happen, because doing it at Disney is rather limiting, and the folks working on this will be frying larger fish (such as credit cards).
But that doesn't change the fact that a device that broadcasts room keys and financial info is insane.
flynnibus
Premium Member
Only if Disney doesn't require a form of pin or similar... Which they will over a certain amount to protect themselves. And if they follow other existing systems it would goto an account you see before you leave.. Not just straight to the card
RSoxNo1
Well-Known Member
Am I the only one that didn't know there was such thing as a number that equates uniformly with wrist size?
quirkle
Well-Known Member
I was thinking about that before - I am also allergic to nickel so i hope any metali is stainless. Luckily my kids are older and if they have to wear a bracelet they well but 9 year olds still lose things and I worry about wiping and dopping in the loo.
PeterAlt
Well-Known Member
Okay, it's obviously for single day use. You would need to get a new one, it seems, each day... What a pain! If you need to remove it for whatever reason, would you have to replace it with a new one and how long would that take? How are they going to make it single-user non transferable? I see where they could put a picture of its user, which means you will still have to show your rist bracelet each time you use it to a Disney cast member, so it really doesn't add too much automation.
I can see its usefulness at water parks. Other than that, I can't see how this is more convenient than the old system.
I can see its usefulness at water parks. Other than that, I can't see how this is more convenient than the old system.
Thanks for proving my point!
Do you know this to be true, or are you just making wild speculative and paranoid guesses? Because, to my knowledge, the specs have not been published on the technical details of exactly how this will work. However, IF it turns out that they are in fact broadcasting room keys and financial information, I will be flatly refusing this device. But, I seriously doubt this will be the way they implement it.
If I had to guess, I would think they would use a variant of the current KTTW card where you have a unique number that identifies you to the computer, and then an encryption algorithm that would allow it to communicate securely with Disney's computers. At least that's how other similar devices work. I would be horribly surprised if Disney didn't implement something like this. With a design like this, the user's information is all isolated on a server, the only thing remotely personal on the key itself is the unique number.
and how many people deliberately broadcast their location using Foursquare and Twitter with geo tagging and Facebook checkins etc? basically letting people know that they aren't home and that their home is available to be robbed?
Clever Name
Well-Known Member
The finger biometrics will be replaced with face recognition. As you go through the main entrance, your wristband will be electronically queried to check your Identity. Cameras will also scan your face at the entrance point as well as many other locations in the park. The face scanning happens on the fly. You don't have to stop and look at a camera. You won't even know that a camera is checking your face image. A face recognition database will repeatedly match your face against the use of the wristband. If the face changes or if the face is already listed in the database as a "bad actor" your ID will be subjected to more detailed checks. There are about 5 or 6 different security levels. Most guests will breeze through the entrance point and all subsequent checks without a problem and without stopping at all.
Clever Name
Well-Known Member
Your scan will not provide any useful information as to the ID of the user. Nor would you be able to charge anything or get into anyones room. Your scans would not work at all.
They already have many cameras in all of the parks.
Clever Name
Well-Known Member
Indeed, that part had already been done. Other hardware still needs to be installed to complete the system. Also, not all of the RCID permits for this system are in the public domain.
Rob562
Well-Known Member
Read my earlier post (#80 in this thread). There are two RFID systems in the bracelet, one active (broadcasting) and one passive. The passive one would be what they'd use for everything your room key can do now. A hacker would have to get close enough to touch your bracelet to read it. And it's nothing different than the touch-to-pay chips you most likely have inside one or more of your credit or debit cards in your wallet. How securely do you guard your wallet from someone trying to grab that RFID info?
The broadcasting element would most likely only be a serial number that the rides or queues could use to personalize things, or perhaps to track your location in the parks, or use wait times for everyone entering a queue to be able to post the most-accurate wait times possible, rather than the FLIK cards they hand out now which only times one person every 5 or 10 minutes.
All that would be gained by some hacker stealing the broadcast chip data and duplicating it would be that the rides would call them "Rob" instead of "Dennis"...
Edit: Just thinking more blue-sky, the system could also use both systems together at the same time, where to use it at a register the NextGen system would have to detect the broadcast chip within the area of the register before allowing the passive reader on the register to accept that chip. Both would have to be duplicated somehow to get it to work. And if the system is powerful enough, in the instance of a duplicated bracelet it could detect that there are two of them in different places on-property at the same time, and thus shut down recognition of both of them.
-Rob
G00fyDad
Well-Known Member
There is. You have to measure your wrist to buy a watch. Of course, that is only if you have the trouble I do. I've almost always had to purchase a watch and then buy extra links to add to the band.
http://www.bestoftime.com/popup-wristsize.html