Every little bit helps, so I maintain every little bit of my privacy and autonomy that I can. Airports and flying are places and activities that are notorious for getting you spied on, so I avoid them whenever possible.
I understand that you, and others, are not quite so sensitive about these issues. There's nothing wrong with that. We all make our own choices.
If you use your credit card to buy purchases when you drive everywhere, it’s easy to model where you are going.
Even if you use cash, if you take your cellphone with you, the mobile carrier keeps a fairly accurate record of where you are based.
It’s not about “sensitivity”, there are a million ways you are being tracked everywhere, avoiding airports means nothing
As I said, as much as I possibly can.
> there are a million ways you are being tracked everywhere, avoiding airports means nothing
I disagree. It may not mean much, but it means something. Particularly in combination with avoiding a lot of other "meaningless" privacy intrusions.
You may not feel that avoiding being spied on is a worthwhile activity anymore. That's fair. It's worthwhile for me. I may not be able to do much to avoid this kind of oppression, but I'm not willing to just roll over and take it, either.
It not only doesn’t “mean much”. It means nothing.
If nothing else, though, it means something to me: it means avoiding a place than I am incredibly uncomfortable being in, and I'm not rewarding systems and behaviors that I think are harmful. That's a win all by itself.
All of the above is contained in a SINGLE photo. MULTIPLE such photos every time you fly tell a whole lot about you. Way more than I'm comfortable giving up to companies and governments I don't trust will handle the data responsibly.
I’ve gone through security over a dozen times in the last year and never had a problem with it recognizing my face. My wife changes hairstyles very often and it doesn’t have an issue. These are solved problems.
What extremely sensitive information? Your photo they already have?
- In every authentication system (the airports' face scanning ones and others) there's a point at which a yes/no decision must be made: is this person authentic or is not?
- This yes/no "decision module" must base its determination solely on a series of bits presented to it by the image sensor.
- Every series of bits can be spoofed because the decision module can't tell whether the bits originated from a real image sensor or from a very convincing AI or elsewhere. The only exception to this is when the bits include a cryptographic signature, generated using a private key, securely embedded within the image sensor.
- The chance of such spoofing is minuscule if the sensor and the decision module coexist within a single piece of hardware that's tamper-proof. The decision module for airport face scanners can't be, given the large number of faces that must be queried. When such a decision module and its image sensor are separated by a network, possibilities for intrusion and spoofing can no longer be ignored.
- A helpful analogy is how we decry passwords stored as plain text in backend databases; after the inevitable compromise, these passwords get used to attack other systems. If backend systems store face data as a set of images (as I believe most do), how's that different in principle from storing passwords in a DB, in plain text?
- I'll grant that a careful designed system will allay my fears. The backend should store nothing but salted hashes and the image sensors must send only signed images of the subject.
- Stepping back, my ultimate concern with face authentication systems is that their technical details are opaque and they're used in situations where recourse is limited at best.
That data is not centralized. If anytime you entered a gas station surveillance footage of you were associated with your passport and added to a centralized registry, I think you'd be worried too. That's what's going on here.
Totally fine with me. Imagine all the cameras you walked by even getting to the new cameras you seemingly have problems with? If you're at an airport, people have their phones out recording all the time. It's public. I want the CBSA to be recording, databasing, post-analyzing including the ability to feed a photo into their database and know who that is. That's the border.
The big question, I'm not sure. Should the data be freedom of information act accessible? I think we side on privacy here; ban the government from sharing the ID information.
>EU rules are currently stricter and US rules allow some opt-outs for people that are uncomfortable with it.
Here in Canada, no significant rules. You can ride on an international flight fully covered except eyes to see where you're going. We recently increased privacy having everyone ride with a mask.
You can opt out of the radiation/xray scans for health and religious reasons.
Again, having your facial recognition or not having facial recognition has absolutely nothing to do with it.
aristofun•18h ago