• rustyricotta@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Unfortunately, that does seem to be the easiest solution.

      Though how much that imposes on your privacy depends on how they implement it There is no saving privacy. If it was me, I would keep everything the same, except have the checksum tied to an account and it can be checked and updated remotely.

      This way, most of your transport usage informed would not be stored. In theory they could still log when the checksum is checked or changed by an official machine, leading to a vague idea of when you travel.

      The points of attack would then be:

      • Somehow spoofing an official machine to talk with the server and modify the stored checksum. Very difficult if done properly.
      • Cloning someone’s card and using their account credits. Relatively easy to do. To prevent this they would have to implement usage tracking so the users can check for fraudulent activity. And there goes privacy.
      • makingStuffForFun@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I appreciate your detailed reply, but I believe the fight for privacy is not over. It takes a lot of time, dedication and money to fight for privacy, but it must be done.