The Capitol Hill coder who demonstrated to major media around the world the vulnerabilities of sites like Facebook when accessed via the typical coffee shop’s wi-fi system has created a new tool that reveals a different component of your privacy — what’s on your ORCA card. There’s also a new app backed by state cash that will help you find a carpool to cross the 520 bridge. More on both steps into the mobile-device enabled commuting future, below.
With a tap on the back of an Android phone, FareBot can extract balance information and trip history from an ORCA card. We got a quick demo of the app on a Broadway sidewalk thanks to Metrix’s Matt Westervelt. In the announcement of the app’s availability in the Android Market, Capitol Hill developer Eric Butler says, at this point, FareBot is more a demonstration of the possibilities than a useful tool for the average user:
Currently FareBot can parse and display balance and trip history information from Seattle’s ORCA card, and can dump raw data from any other MIFARE DESFire card including San Francisco’s Clipper card. FareBot is open-source and designed to be flexible so that hopefully other developers will add support for other types of cards.
When demonstrating FareBot, many people are surprised to learn that much of the data on their ORCA card is not encrypted or protected. This fact is published by ORCA, but is not commonly known and may be of concern to some people who would rather not broadcast where they’ve been to anyone who can brush against the outside of their wallet. Transit agencies across the board should do a better job explaining to riders how the cards work and what the privacy implications are.
Like his work on Firesheep, FareBot gives Butler a platform to demonstrate the privacy vulnerabilities — and technological opportunities — in interconnected systems. Butler notes the possibility that somebody could use similar technology to read your private travel history or even game the cards with only a tap of the phone. Of course, during our brief demo on Broadway, the app crashed once or twice first. That’s the future.
Using a smartphone, drivers can match up with riders at busy hubs such as Husky Stadium or Eastside park-and-ride lots. That way, they can travel in the high-occupany-vehicle lanes, as well as share toll or gasoline costs.
The concept is similar to slugging — the custom in Washington, D.C. and the San Francisco Bay Area of motorists who pick up strangers en route to work, in hopes of driving quickly in the HOV lanes.
But while riders in those cities essentially hitchhike from park-and-ride lots or bus stops, local riders will send out an electronic beacon on their smartphones.
You might call the Seattle experiment “e-slugging.”
It’s a cool concept but we’re looking forward to a more open system that isn’t burdened by an emphasis on the scary things like driving records and criminal histories. Of course, we probably don’t want it spitting out our travel histories to anybody who taps it, either.