- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
I mean sure they could probably display less information when you punch in that card number. But the biggest sticking point for this is I don’t see how they could create a secure system without forcing you to create an account? Which personally I think would be ridiculous.
In the Netherlands, they solved this by adding a randomly generated transaction reference to the payment. This will appear on your bank / credit card statement. To view details for the transaction (time and location of entry/exit), you have to enter the paid amount and reference.
However, this will only give you info for a single transaction. If you want to see an overview of all your transactions, you need to create an account in their app. After linking your card to your account, again using the reference and amount for a transaction, you can view your travel history.
Every city had a fine system using cash/coins or cards you could fund at a kiosk by cash coin or card. Those cards were anonymous.
Now everyone has to be fancy and link credit cards and phones to accounts for every activity of daily life.
The card system would probably be best where just buy a card and load it up at a kiosk. There would still be potential security vulnerabilities if you were allow someone to "anonymously "view that transaction. Or allow someone to view the card trips. Which would just be logged with its number.
And I’m just more so talking about the current system they have in place. I’m not sure what else they could do utilizing their current system except for forcing some kind of account
It would be trivially easy to add privacy any number of ways if they didn’t insist on tracking the users and logging that info.
They could even track it and just not make it available by web. Or require 2FA. Not exactly a nation-state level attack being described here.
People have just become accustomed to not caring about privacy and so that’s what we get.
I had ExpressPay before OMNY and that also had a list of every transaction in the website where you had to refill your card. Ever since they came out with the MetroCard, I assume there was a shadow profile per card and that was linked to the credit card number on file if that was the method the card was purchased by.
Personally, I value the transactions list, since it makes it easier to verify I was billed properly and got the free transfer or the 13th ride free. I’ve not had to dispute anything yet but I imagine it’ll be easier to bring up any issues with customer service over the phone after the fact, than the station agent.
There’s always the dedicated OMNY cards you can buy from stores, although I’m not sure if it’s possible to refill with cash directly somehow. For the most privacy focused, it’s good this option exists, and at least maintains most of the privacy as the MetroCards used to.