Facial-recognition data is typically used to prompt more vending machine sales.
Why the hell does a vending machine need a facial recognition camera to “activate the purchasing interface”?
There should just be a set of buttons to select what you want and a window so you can see what items are available.
Stanley sounded alarm after consulting Invenda sales brochures that promised “the machines are capable of sending estimated ages and genders” of every person who used the machines without ever requesting consent.
That is incredibly invasive of people’s privacy what the fuck
Welcome to 2024, privacy no longer exists, your face is sellable and you being poor is exploitable, enjoy your stay
Freedom costs
a buck 'o fiveyour personal data.I saw some posts about a similar technology in the meetings and events industry: a company is selling “facial analysis” not “facial recognition.” They try to get around privacy laws by saying “well our technology does scan every single face it sees, but it doesn’t store that image, it just determines age, gender, race and emotional sentiment and adjusts tallies for those categories in a database.”
It’s still information gathering I didn’t consent to while attending a conference, and it’s a camera with the potential to be hacked.
Of course it’s always about marketing and advertising. They want to have a heat map of which areas are popular and at what times. In the case of events so they can sell to sponsors and exhibitors. In this university it’s less clear. Do the vending machines have a space to sell ads? That would be my guess.
Because people are dumb. If the machine knows when someone is looking at it, it can stop doing whatever it does to try and get your attention, and put itself in “sales mode”.
Still, you’re right. It seems like an overly complicated and expensive solution. Old-fashioned vending machines did the job just fine.
why do people think it’s okay to do this shit? if you’re coding facial recognition for a vending machine, that’s like 80 steps too far down the capitalism ladder
if you took this machine back to the 1920s and told people what it was doing, they’d shoot at it. and probably you
80 steps too far down the capitalism ladder
This is the result of capitalism - corporations (aka the rich selfish assholes running them) will always attempt to do horrible things to earn more money, so long as they can get away with it, and only perhaps pay relatively small fines. The people who did this face no jailtime, face no real consequences - this is what unregulated capitalism brings. Corporations should not have rights or protect the people who run them - the people who run them need to face prison and personal consequences. (edited for spelling and missing word)
Wait-they’ll shoot me at the machine??
“over 5 million nonconsenting Canadians” were scanned into Cadillac Fairview’s database
fully scanned facially by automated kiosks in malls… the database was deleted only after an investigation…
I love how vending machines run windows now
Tons of Point of Sale terminals run Windows instead of Linux for some reason, probably because the software they run is only written for Windows.
Makes sense, but a vending machine shouldn’t need a fully fledged OS in the first place imo
I don’t get it either. What do vending machines need to be computerized for at all? What was wrong with the old kind that was around for decades where you put your money in, pushed a button, and stuff came out? I certainly can’t think of a reason for a vending machine to have a camera. That’s nuts.
It’s 2024, most people don’t carry cash, and the whole world runs on automation. These kinds of vending machines are completely over the top, but it’s actually a pretty bad idea to not use computers for this application. Just knowing when machines need to be refilled remotely saves more money than such an implementation would cost.
It’s not hard to know when machines need to be refilled. You just come regularly, take note of how much or little stock has been purchased, then adjust your refill amounts and times accordingly. This has to be done regardless of a handful of computerized machines because plenty of them still aren’t.
Accepting a credit card or tap-to-pay would probably require computerization, but the technology should be no more complex than any other, similar piece of hardware and the machine should even be able to work if the card network is down and just accept cash if that happens.
So sure, part of the machine should be computerized. The part that accepts money. The rest is unnecessary, probably raises the price of the machines unnecessarily and certainly never justifies a camera.
It’s not hard to know when machines need to be refilled. You just come regularly, take note of how much or little stock has been purchased, then adjust your refill amounts and times accordingly. This has to be done regardless of a handful of computerized machines because plenty of them still aren’t.
I worked in the arcade/vending business in the 1990s. That blind maintenance model was a crapshoot for the machine owners. We had to routinely send a crew (usually me and one other person) to drive to a location - near or far - with games, photo booths, vending stuff, etc. just in case the supplies in some machine or another ran out, something needed fixing, etc. Sometimes we’d arrive and learn we have hours of refilling and/or maintenance work to do on a machine, sometimes it had been a slow week or two and a crew had just spent their whole workday and a tank of gasoline to collect $50 from the cash box and go home again. Remote administration really changed the game for that whole business.
Fair enough. Sounds like I was wrong.
An IoT SIM costs a whole lot less than sending a technician to every machine to check stock. I’m not arguing in favor of facial recognition, I’ve already made that clear, but you are dead wrong if you don’t think automation at scale isn’t economical.
If you’re already putting a modem in the box for credit cards, why not collect some telemetry? Sensors are cheap and effective.
They have to go to every machine to restock regardless. All they have to do is note down on a little notepad or even an app on their phone what sells, what doesn’t and how quick.
I’m sorry, I just can’t go along with internet-connected public vending machines. If you want to connect everything in your house to the internet, fine. But a machine that sells candy bars does not need to be connected to the internet just because it’s marginally more efficient to do so than the way it had been done previously for decades. Because it results in this sort of shit. And unnecessary price-gouging through selling a university expensive machines with an unnecessary connection to the internet instead of something that worked perfectly well already and didn’t cost as much money.
As if Linux based vending machines aint a full fledged OS even with a minimal installation?
This aint embedded.No, Linux is a kernel.
OS is a specific distribution, so like a Debian is the full fledged OS.
So just write your inventory inside the file, and bind the vending machine keys to it, and ignore 99% of the OS. The coin slot I would expect runs its own validations.
Linux Standard Base is full fledges OS then
Yes of course Linux is a fully fledged OS, my point was a vending machine should not need any OS, my bad if I didnt make that clear
Why not? A full windows environment (though not really, because these things run what’s called the kiosk mode) can run on cheap SBCs and gives you a ton of hardware and software flexibility, and is also pretty convenient. It’s very commonly used for very good reasons.
TIL about windows kiosk mode!
I can understand it from the perspective of the developers who need to implement all this crazy tracking/advertising/graphics functionality, but imo a vending machine should only do three things:
- Let me see what is available (preferably using glass)
- Accept payment
- Give me what I paid for
Vending machines have done this for decades without requiring an operating system. Keep it simple!
Simple in what way?
You could make logistics simpler by giving these things networking capacity so you can remotely track their stock and cash levels.
If your software needs to run on multiple different device configurations, you can simplify development and deployment by letting the OS handle a lot of the low level stuff.
In other words, a simpler machine is not necessarily going to be simpler to operate for the company.
It isn’t. It would most likely be windows IoT. it’s an embedded windows OS that allows for a single app instance to be running.
You’d be surprised how many things run windows IoT right now…
A low end Windows PC can be had very cheap these days. Why bother doing something proprietary, if you can just cobble together something from off the shelf parts?
This isn’t even remotely true. Everyone knows that if you’re trying to do a cheap embedded product, you use SBCs and Linux. Using Windows for these kinds of applications is almost always the result of a company having a contract with Microsoft that leads their development strategy towards Microsoft’s offerings rather than the best offerings.
Also, in what universe is a Linux platform more proprietary than Windows?
Just imagine the license fees.
That’s why the need facial recognition, to sell the data to pay for licensing fees.
They must have like an enterprise master agreement IOT-specific thingy right?
To the people that allowed that gross invasion to happen:
Oopsie woopsie, diddums make a widdle fucky wucky? Yes you did. Yes you did.
Then do what you’d do to any other child: take away the toy they misbehaved with.
Hmm… facial recognition vending machine huh…
Finally it’s time for my jammer & some script from c/netsec to shineTime for me big sledgehammer to shine
That’s obvious vandalism though, you wanna fuck it up covertly so you don’t get caught!
This is the best summary I could come up with:
The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS.
Where Cadillac Fairview was ultimately forced to delete the entire database, Stanley wrote that consequences for collecting similarly sensitive facial recognition data without consent for Invenda clients like Mars remain unclear.
Stanley’s report ended with a call for students to demand that the university “bar facial recognition vending machines from campus.”
Some students claimed on Reddit that they attempted to cover the vending machine cameras while waiting for the school to respond, using gum or Post-it notes.
The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface—never taking or storing images of customers."
It was only after closing a $7 million funding round, including deals with Mars and other major clients like Coca-Cola, that Invenda could push for expansive global growth that seemingly vastly expands its smart vending machines’ data collection and surveillance opportunities.
The original article contains 806 words, the summary contains 166 words. Saved 79%. I’m a bot and I’m open source!
I’d doubt it’s collecting or transmitting much. It’s probably just estimating age, sex, race etc. and using it to decide which promotion to put on screen. It’s possibly collecting these to determine what type of people use the machine. Similar to those billboards in shopping centres.
Storing each individual to recognize later or identify online seems like a stretch.
If it did have a user bio database, it would be centralised and not on the machine itself.
Still not ok.
I think the problem is that it is storing the user faces, at all. If it were simple identifying each person’s characteristics there would be no reason to save that data for later. Also, apparently the company advertises that the machine does transmit this data for estimating age and gender for every purchase.
That’s your claim though. They are storing “male, 24” and that’s it, no face. Of course they could be lying and actually are storing faces, but it doesn’t look like it. And it’s also perfectly valid to object to them storing even “male, 24”.
The first question that came to my mind was - A M&M vending machine?. The the actual fuck society
U no like
Time to hack the vending machine snd delete all the partitions off of it and render it unusable
Why bother hacking it? Just destroy it.
Yeah but this is the University of Waterloo we’re talking about here. This hit Canadian mainstream media CTV News so I know that. Also for an university specializing in Engineering and Mathematics there’s a shit ton of cameras around
deleted by creator
Those any combination coca cola machines have cameras on them.
deleted by creator
deleted by creator
I’ll play devil’s advocate. The machine recorded estimated age and gender. Assuming it tracked statistics and didn’t store images, what is the real harm? Future candy will have different designs after they found most users were 70yr old grandpas?
It is anonymized PII data collected without explicit consent, sure, but don’t blow it out of proportion. There is no big surveillance state plot here (yet), just an overzealous marketing team.
Not everybody who approaches the machine or walks past it is really consenting to their appearance being logged and analysed though - not to mention that “we don’t store data” is only true if the security is effective and no exploits manage to weaponise the camera now staring back at you as you try to make a purchase.
Ultimately vending machines are completely passive sales anyway, the collection of demographic data about who is buying from the machine are a little useless because it’s not like the machine can work on its closing techniques for coin based candy sales.
If you don’t have access to the source code then you don’t know what it’s doing. If there’s economic incentives to take my picture and tie my face to my name then I’m going to assume “trust us, it’s anonymous” means “we buy and sell your data” (at least).
If you’ll grant there are people in power who would want a surveillance state and businesses routinely sell data to governments then you don’t get to dismiss this out of hand. We have to draw the line somewhere, even if marketing people with a stalker mentally don’t see the line.
