From the “no matter how bad you think it is, it’s worse” department.
🤖 I’m a bot that provides automatic summaries for articles:
Click here to see the summary
The Reddit post sparked an investigation from a fourth-year student named River Stanley, who was writing for a university publication called MathNEWS.
Where Cadillac Fairview was ultimately forced to delete the entire database, Stanley wrote that consequences for collecting similarly sensitive facial recognition data without consent for Invenda clients like Mars remain unclear.
Stanley’s report ended with a call for students to demand that the university “bar facial recognition vending machines from campus.”
Some students claimed on Reddit that they attempted to cover the vending machine cameras while waiting for the school to respond, using gum or Post-it notes.
The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface—never taking or storing images of customers."
It was only after closing a $7 million funding round, including deals with Mars and other major clients like Coca-Cola, that Invenda could push for expansive global growth that seemingly vastly expands its smart vending machines’ data collection and surveillance opportunities.
Saved 79% of original text.
The company will fix the issue by renaming “FacialRecognitionApp.exe” to “TotallyNotFacialRecognitionApp.exe”
It’s so hilarious/fortunate/sad that that was the name of the file. We will never find the others now.
But they haven’t found the facial database and Invenda claims they don’t have one, right? Their story is that the machine takes an image, runs some local processing to determine demographic info about the user/customer/target/victim, and then stores that instead of storing the image or biometrics.
There’s a good chance they’re lying but claiming the database has been “revealed” when no one has found it yet seems like sensationalism.
Edit: “Secret demographic database derived from facial recognition” would be true but sounds less snappy, I guess?
According to Adaria and Invenda, students shouldn’t worry about data privacy because the vending machines are “fully compliant” with the world’s toughest data privacy law, the European Union’s General Data Protection Regulation (GDPR).
Then they should have no issues releasing the source code for independent public audit, right?
If they are compliant, that means students can demand their data to be removed?
How does GDPR mandate a public audit of the code base? Is there such a provision in it? (Not a confrontational question)
They’re just saying that if they have nothing to hide, they should prove it. Not that GDPR requires an audit.
It doesn’t. You can check the full text at:
https://eur-lex.europa.eu/eli/reg/2016/679/oj
The only references to audits, are that supervisors can require an audit, processors need to allow audits by controllers, DPOs need to prepare for audits, and corporations or groups of enterprises need to have audit procedures in place.
It doesn’t say anything about what kind of audits these need to be, other than to ensure compliance with the law.
The technology acts as a motion sensor that detects faces, so the machine knows when to activate the purchasing interface
This sounds like an excuse to me. I’m a university student in the UK. Our vending machines use a very effective means of letting the machine know we’re ready to buy something without using any facial recognition software at all. What we do, right, is press the letter and number buttons that match up to what we want to buy. The machine says how much money the item costs, and then we tap our bank/credit cards to the contactless card reader, just like we would in any other shop. Then the machine dispenses the item.
It’s really, really clever how they’ve invented this way for us to purchase afternoon snacks to help us cope with how annoying our classmates are, and we don’t even have to have our faces scanned! Truly the kind of innovative technology you’d expect to find in a university.
I suspect that’s a lie. From a technical point of view there are way easier and cheaper ways to detect potential customers. A simple LDR would probably do a better and more reliable job and cost hundreds of times less.
The spokesdroid also stated that the machines do not take pictures. Duh. It’s a camera, what else would it do. May they meant it doesn’t store images, but the statements made so far don’t exactly instill trust.
I say sue them into oblivion. Make an example out of them.
Exactly. Vending machines have never needed complex ways of detecting when a customer is ready to buy something, because there’s really no need for anything beyond having a button available for customers to communicate to the machine “I’d like to buy something”. What it sounds like to me is they’re using the facial recognition technology to track the demographics of who buys what and how often. Do men like X snack more than Y? Do women buy more in the morning or afternoon? Stuff like that.
Devil’s advocate: they don’t need to track demographics, but a “bonus feature” would be to start playing some ad when they detect someone looking at the machine. Not a random leaf or shadow, so it doesn’t start playing annoying ads at random in the background, but an actual face. Or do play a random ad in the background when nobody has looked at the machine in a while.
Of course the temptation of using demographic data to target the ads, could be too big to resist for the company. The temptation of also storing statistical data, might follow.
Well, they did specify that the facial recognition software was there to activate the purchasing interface, rather than to advertise the machine’s contents, so I’m not inclined to cut them some slack if the real motivation was to show adverts to people when they’re claiming it needs to recognise faces because otherwise no one can purchase anything. (Why can’t the purchase interface be activated all the time, rather than requiring sight of a face? Do they think someone other than human beings is going to try to buy something? Is there a widespread problem with squirrels and pigeons buying from vending machines, which requires machines to know when it’s a person trying to buy something?)
I was thinking more of in a dark pattern way.
Let’s say, the marketing dept decides that having people go through a funnel like “Attraction, Presentation, Call to action”, will increase sales of whichever product has the higher profit margins.
In a “dumb” vending machine, they have a single advertisement where they have to put all those steps in, be it as static graphic elements, or as a looping video. A client comes by, sees whatever part of the video is playing, makes up their mind, and decides to interact with the machine or not. There is no control over whether they saw the “Attraction” part first, or directly the “Call to action”, which might as well have put them off, and that’s a lost sale.
Now imagine they made a “smart” vending machine, where they could guarantee that the “Attraction” part will play when, and only when, someone looks at the machine. Instead of having random people pass by and look at senseless stuff, now they have someone that’s showing interest in the machine, and it springs into action by playing the full funnel… right at the moment the user is making up their mind!
Honestly, I’m surprised they don’t do it more often, like in supermarkets and stuff: you go through an aisle, and wherever you look, ads would start playing just for the thing you’re looking at, offering you an alternative (higher profit) product, maybe flashing a “Limited 3x2 offer, JUST FOR YOU” if you stop showing interest, and stuff like that.
insert coin, turn knob
Gumball machines solved this 100 years ago.
TFW even the vending machine is spying on you. We really gotta make it mandatory to use “dumb” devices in public.
I imagine the people who still run independent companies that fill vending machines (I’m not sure if this is still the model, or if capitalism ruined that as well) will gladly install the M&M branded machines, when the rental fees go down drastically.
At least that’s how I see this playing out: Machine is provided to small business for cheap (possibly free), majorly increasing their ever-thinning profit margins. I’m sure the cost of snacks increasing every month is a nightmare for people who stock vending machines, and their profit margins must be thinner than they’ve ever been.
They’ll install the new machines, and maybe even make marginally more total profits… of course the real money is in the data being collected by the machine.
Shit, I bet they could start having vending machines where they just give you shit for free, all you have to do is give a thumbprint, or strand of hair, or fingernail, or cornea scan, etc… And people would use them. Hey, free shit right?
1984 was almost correct, its not the government spying on you, its corporations (which run the government)