Do You Have Privacy Concerns about the New MagicBands?

[jackieinJuneau]

I have 99 things to worry about but the magic band isn't one

I have no issue, the more information that they have the better the crowd control. Even the idea of them being able to track my every move, not that they can at this point doesn't bother me. Targeted marketing, my web browser already does that and I have found some really great stuff that way!

I can't wait to try this system out; I am going on my Honeymoon in Oct and hope everything is up and running!

[Mike2023]

Quote:

Originally Posted by k5jmh

You are not looking at skimming information. You are reading the ID number and using the ID # to track someone's movements. If you know when someone enters or leaves a resort, then someone can use that opportunity the try and gain access to a resort room. There have been more complicated scams pulled on folks at resorts.

But you wont know that information from what you are describing.

Let say im standing by the front door of a resort with a device you describe. Only information I would be able to obtain is the number on the card and the time that I acquired the information.

- I would not know who that information is linked to.
- There would be no way for me to know what room that person is staying in
- There would be no way for me to gain access to that room if I did indeed figure it out somehow.
- I would not know if that person was coming, or going, all I would know is they walked within a perimeter of me.

my point is a device that you describe in someones pocket would not allow you to "track movements" anymore then can be done now without said tools.

Its interesting to think about though.

[Mike2023]

Quote:

Originally Posted by cslittle999

Getting you to buy things isn't always in your best interest. Imagine deals that are only offered when your kids are with you. It isn't marketing to kids but it makes it harder to say no. I'm not saying that Disney would do these things but just that it is possible.

In some ways this is no different than tracking cookies on the web. Sometimes we want advertisers to know where we've been and sometimes we don't.

I kinda get your point but I have no problem saying no to my Kids. So would not bother in the least. Marketing towards kids is in no way a new idea, and your right, it does work.

Thats a good point about tracking cookies, it really is the same thing.

I guess I'm just different then most as targeted advertising really does not bug me. If I'm interested in a product or service then I will buy it. If I'm not interested then I won't. But if I don't know about the product or service then there is no way for me to take advantage of it.

[zianha]

Quote:

Originally Posted by Stacy's a freak

One thing I am unclear about is if this is a non-removable thing. Do I have to wear this thing in the shower or can I take it off whenever I like? For me, the biggest ick factor is being stuck with an unsightly wide band on my wrist for a week of dirt and grime and if I will have ridiculous looking tan lines. (I'm shallow)

Sadly, this is my biggest concern. Plus, I don't even like wearing a watch. I'm shallow too...

[k5jmh]

Quote:

Originally Posted by Mike2023

my point is a device that you describe in someones pocket would not allow you to "track movements" anymore then can be done now without said tools.

Its interesting to think about though.

All it takes is a visual confirmation, ie watching the person come out a room and getting the UID of the RFID Tag. We ran an identical test of people leaving our parking garage at the office with RFID tags on their windshield. All you had to do was write down the tag, make, and model after reading the tag. There is nothing that is automatic, but some level of social engineering and/or ground pounding is always required. So putting a Cellular Card on the Single Board Computer with the reader allows you to be notified remotely if someone passes the reader that has been placed by an exit/entrance door.

[Mike2023]

Quote:

Originally Posted by k5jmh

All it takes is a visual confirmation, ie watching the person come out a room and getting the UID of the RFID Tag. We ran an identical test of people leaving our parking garage at the office with RFID tags on their windshield. All you had to do was write down the tag, make, and model after reading the tag. There is nothing that is automatic, but some level of social engineering and/or ground pounding is always required. So putting a Cellular Card on the Single Board Computer with the reader allows you to be notified remotely if someone passes the reader that has been placed by an exit/entrance door.

So this is a different scenario then before.

Example,

- Someone is walking the halls with device in hopes that someone leaves there room. Once that happens they note the id of the card, and room number of the person.
- Then sets up a remote scanner the front of hotel in hopes that this person walks out the front door when they leave thus tipping them off that there room is empty.
- Still no way to get into the room
- no reason to think there would be anything in the room worth the trouble.

Yes, this possible. But very unlikely that someone would go to these lengths. The risk vs rewards is very low in this situation.

I think it way more likely to have an untrusting housekeeper.

I want to point out as well that the RFID cards that are being used, and have been in place for 6 to 8 months are susceptible to this as well. So the Magic Bands don't add any vulnerability in this situation. They might make it a bit easier as they are powered and are easier to read.

[k5jmh]

Quote:

Originally Posted by Mike2023

So this is a different scenario then before.

Example,

- Someone is walking the halls with device in hopes that someone leaves there room. Once that happens they note the id of the card, and room number of the person.
- Then sets up a remote scanner the front of hotel in hopes that this person walks out the front door when they leave thus tipping them off that there room is empty.
- Still no way to get into the room
- no reason to think there would be anything in the room worth the trouble.

Yes, this possible. But very unlikely that someone would go to these lengths. The risk vs rewards is very low in this situation.

I think it way more likely to have an untrusting housekeeper.

I want to point out as well that the RFID cards that are being used, and have been in place for 6 to 8 months are susceptible to this as well. So the Magic Bands don't add any vulnerability in this situation. They might make it a bit easier as they are powered and are easier to read.

Any passive RFID is exploitable in this manner (and this was the scenario I was talking about originally. There is no value is skimming information since there is no information on the MagicBands other than the UID.)

The RFID side is not battery powered, but the Zigbee side is powered and encrypted.

[Mike2023]

Quote:

Originally Posted by k5jmh

Any passive RFID is exploitable in this manner (and this was the scenario I was talking about originally. There is no value is skimming information since there is no information on the MagicBands other than the UID.)

The RFID side is not battery powered, but the Zigbee side is powered and encrypted.

So you agree then that the bands are not worse off then what is currently out there?

[sayhello]

Quote:

Originally Posted by cslittle999

Overly targeted marketing. Knowing what I purchase is one thing but knowing which stores I enter, where in the store I go and how long I spend in each part is too much. Imagine a text message encouraging you to go back to a store you visited earlier in the day because Disney knows you're more likely to buy from stores you visited in the morning and spent more than 10 minutes in. It's stalker creepy.

Take this out of the Disney context. If it was a different company would you allow it? Would you allow it at home? I think everyone is giving Disney a break because we like them but they are still a large corporate entity and they are going to aggressively use the information that they collect.

They can only text you if you give them your cell phone number. That's not required information.

I already allow my grocery store to track what I purchase and when. I don't really care, and I get great discounts. The targeted coupons I get when I check out, nine times out of ten end up in the recycling bin.

Sayhello

[fall08CP]

Since I haven't been following the development closely and I don't plan on visiting WDW in the near future, are the bracelets cheaply made? Easily programmed? I feel like I'd want to take it off the second I left the park, but what if I accidentally left it in my room and didn't realize until I got to the park? Does Guest Relations re-issue them?

It's all confusing to me. I thought the KTTW was just fine I used to work front desk @ Disney so I'm trying to get the logistics down. Seems like a bracelet would be more difficult than printing a KTTW.

Thanks in advance The security concerns are really interesting, and seeing behind the scenes at Disney really opened my eyes. I don't want to overshare but there's a lot that really surprised me.

[Mike2023]

Quote:

Originally Posted by fall08CP

Since I haven't been following the development closely and I don't plan on visiting WDW in the near future, are the bracelets cheaply made? Easily programmed? I feel like I'd want to take it off the second I left the park, but what if I accidentally left it in my room and didn't realize until I got to the park? Does Guest Relations re-issue them?

It's all confusing to me. I thought the KTTW was just fine I used to work front desk @ Disney so I'm trying to get the logistics down. Seems like a bracelet would be more difficult than printing a KTTW.

Thanks in advance The security concerns are really interesting, and seeing behind the scenes at Disney really opened my eyes. I don't want to overshare but there's a lot that really surprised me.

Im sure Guest Relations will be able to re-issue bands, but I wonder if there will be a price associated with it.

The way I understand it, the bands will be mailed to you before you even leave for your trip. This would allow you to skip check-in all together. In theory you could just get a text message with your room number letting you know its ready thats it. No need to go to the front desk at all.

[derekburgan]

I really enjoyed the podcast discussion on the MagicBands, and it was interesting to hear the digital privacy expert say at the front there is no chance she would wear - or let her kids wear - a MagicBand and by the end of the interview it almost sounded like she wanted her kids to wear one to get the experience. That's the forbidden fruit in this situation, and how tempting it can be even to someone who knows better.

[Reddy]

Quote:

Originally Posted by zianha

Sadly, this is my biggest concern. Plus, I don't even like wearing a watch. I'm shallow too...

I'm thinking they have a snap on them & putting it on my bag instead of my wrist
or maybe putting on a beltloop
but at the waterpark it would go on my wrist - don't think it would be good in pics with it looped on my swimsuit

[PinkBudgie]

I'm an AP holder at DLR. Disney already knows my address, phone, birthday, credit card number. And they know what we buy, where, and when because I use my AP discount everywhere. It seems more likely to have a bad employee steal and sell and use that info already in the system than for someone to get info off a band. For me, the pros of the band outweigh the cons. That is a decision I make for Disney. For another company I might make a different decision. For example, I do not enter those contests at the mall to win the car that is sitting there. I know that's just an info grab and has no return value to me.

And how many times have we heard that some bank employee lost his laptop with thousands of customer's information on it?

[cslittle999]

Quote:

Originally Posted by sayhello

They can only text you if you give them your cell phone number. That's not required information.

I already allow my grocery store to track what I purchase and when. I don't really care, and I get great discounts. The targeted coupons I get when I check out, nine times out of ten end up in the recycling bin.

Sayhello

It might not be a text. It might be an electronic display that changes when you stand in front of it. The opportunities are endless.

This isn't like a loyalty card where you're tracked only when you make a purchase. You don't get to choose when they read the ID off the chip. They can put readers everywhere, and in a way that you won't recognize them, and grab the ID whether you want them to or not.

I'm not saying this will be bad, I'm just saying that however this starts it could end up in a very different place.