site banner

Friday Fun Thread for May 31, 2024

Be advised: this thread is not for serious in-depth discussion of weighty topics (we have a link for that), this thread is not for anything Culture War related. This thread is for Fun. You got jokes? Share 'em. You got silly questions? Ask 'em.

5
Jump in the discussion.

No email address required.

The office where I work has installed new a new Bluetooth access system, and it's sufficiently annoying to make me reevaluate The Industrial Society and Its Future.

Before, you had a little NFC tag you'd beep at the door, and it opened pretty much instantly. Now I have to:

  • Get my phone out
  • Unlock the phone
  • Go into settings, enable Bluetooth
  • Start the door app, wait for it to load
  • Wait for it to slowly scan for nearby doors
  • Scroll through the list of doors until I find the one I'm standing in front of (there are no signs, you need to memorize all the door names. This is especially annoying for the lab doors that people felt it was funny to label as emojis)
  • Press it
  • Wait for the app to tell the door to unlock (this takes a while)
  • Exit the app
  • Go into settings, disable Bluetooth
  • Enter (though by this point somebody on the other side will generally have noticed and taken pity on you by opening the door manually)

Thanks for this, as its related to my work. Using bluetooth apps for Electronic Access Control raises some interesting usability challenges. Like why would you want to have bluetooth open on your phone all the time. Also the app can probably track your location through the facility, which while it can have some great functionality in theory like aiding fire evacuation (even though in practice no fire warden will bother opening the app in a real scenario), its more likely to be used to monitor your work in the same way keyloggers do for company laptops.

Can you request a separate access control swipe card?

I wouldn't be surprised if the "door app" collects behavioural data that the operator can sell as a side gig, enabling them to undercut the previous NFC-based system when offering the system to your office. (They might also figure this makes it easier to issue and revoke access than if they had to issue/collect physical tokens.)

The behavioural data can be used in some ways in intelligent buildings for legitimate purposes (like telling app users that the company gym is at capacity so you don't bother grabbing your gym bag), but the data will absolutely be used to make profit for the provider at some point.

They might also figure this makes it easier to issue and revoke access than if they had to issue/collect physical tokens.

Wouldn't token-based authentication give each token a unique code whose access can be revoked in the event that the token is lost or stolen?

I managed my small company's NFC door system and yes: we had a database with every employee next to their NFC tag ID and we could revoke them without confiscating the key. Pretty sure that's standard on every system you'd buy. Probably if you're homebrewing a solution, too.