I don’t wish to pay with my face. Move on.

I don’t even want to unlock my phone with my thumbprint.

FUCK ALL THE WAY OFF ❌

What a monumentally stupid idea.

I’m sure it’ll take off.

Have they solved the racial bias issues that has plagued facial recognition systems?

Putting a gun to my head. Even then, it’s a 50/50 I choose to starve to death instead.

You couldn’t pay me to do that.

I’m a twin. My face isn’t exclusive.

No f’n thanks.

That sounds like an absolutely horrible idea.

• Biometrics are non-revocable. It gets compromised, you can’t change your face. Well, not easily.

• Your face is not a secret. You plaster it everywhere all day long, unless you’re gonna wear a mask. Anyone armed with a smartphone can steal your facial biometricd. Any camera you walk by is grabbing them.

• Cameras and the systems feeding them on consumer systems are not trusted hardware. I can feed synthesized video to you. That’s before even making a physical face they looks like someone else.

Give me a little hardware device, like a scaled down smartphone, with a trusted display (so I can trust what I see on the thing, instead of what some point-of-sale system is saying) and keypad with PIN and contacts that can interface with my phone or computer or PoS system (because wireless authorization of financial transactions is also not great). Maybe even put a fingerprint scanner on it (not that a fingerprint is great, also a non-revocable biometric plastered all over, but it makes swiping someone’s token after viewing their PIN harder). Someone submits a transaction to the thing, it displays the information to me, I authenticate myself to the device, it cryptographically signs my approval, done.

I don’t want my keystore on my phone or computer, because they are big and complicated and I don’t want a lot of routes into the device. I want to have a trusted piece of hardware holding my auth keys that works with all of my phone, computer, and point-of-sale systems.

Why do payment systems determinedly persist in insecure approaches?

The original credit card – a number printed on the card – was terrible from a security standpoint, but at least they had the excuse of technological limitations of the time. Adding a CCV number that retailers aren’t supposed to retain was a marginal improvement.

The magstrip is pretty much equivalent.

The smartcard was an improvement – you aren’t copying your authentication data to every person you do a transaction with, letting them swipe it, but still didn’t have a trusted display. And there was no little to rollout to let consumers do smartcard stuff on computers for online purchases.

Tap-to-pay is a downgrade from a security standpoint, since it’s easier to bump someone and authenticate as them using a tap-to-pay card in a pocket.

Apple or Google Wallets come with the downside of having a lot of untrusted, complicated hardware and software in the loop.

Looking forward to this dystopian technology being pushed out to all retailers and then never working so I still have to swipe my card anyway

A big local tech corp is trying to push facial recognition payment at my university campus. Turns out all people needed was a cup of free coffee. I’m serious.

Most idiots - very little, because “convenience”