Opting out of fingerprints - any firsthand experience?

[Unvoiced_Apollo]

I am a little disheartened that not a single person here has defended your husband.

Just because someone doesn’t want Disney to store their fingerprints, credit card data, and personal information together doesn’t mean he has outstanding warrants or wears tinfoil hats. Some of us actually think about why we’re compelled to provide our personal information and whether we want to participate. Sometimes we literally have no choice, and other times the coercion effectively gives us no choice. But that doesn’t mean I unquestioningly hand over my SSN or blood anytime anyone asks for it.

I readily admit I haven’t studied the technology behind Disney’s specific system (though I’m guessing it’s not publicly available anyway). That’s good that many of you think Disney doesn’t actually take a “fingerprint” or “store” your information. I hope you’re right, but I’m not willing to put blind faith in Disney. Moreover, for those of you who think Disney’s motives are as pure as the driven snow, even its most ardent defenders surely must have SOME doubts about Disney IT’s ability to safeguard your personal information with 100% security. (Yes, you’re trusting the same Disney IT that can’t even get its own app to run reliably to protect your fingerprint—sorry, “biometric data”.)

I have no doubt that if Disney required its customers to provide DNA samples as a condition to enter, people would be lining up for their cotton-swabs. Not me.

I had previously read the same Disney language that thecouch posted earlier and was planning on opting out of the fingerprint scan in favor of showing my license. I honestly didn’t think it was that big of a deal, i.e., akin to showing ID on your way into a bar. I didn’t realize this advertised alternative is more difficult in practice. Because I don’t want to slow the family up, I likely will end up being one of the lemmings happily going off to Room 101. But I don’t think someone is being ridiculous if he chooses to use the non-fingerprint alternative that Disney (at least for now) offers.

Please tell your husband at least one other person shares his concerns.

Who said anything about handing over your SSN or giving blood? Who said Disney's motives were pure?

 

[seashoreCM]

Disney is not storing the digital representation of your fingerprint. Disney is storing a digital representation of your fingerprint. It is quite rudimentary, i.e. of low resolution.

One headshot photo of you saved in your ticket records would take up as much digital space as about ten thousand fingerprint representations, for that many respective other guests. This puts a big disincentive on Disney's part to convert from finger scans to headshot images. Furthermore the current state of the art would require someone to visually check each guest with his headshot at each tapstile while the current matching up of each finger scan with the stored data typically results in a 30 plus second queue delay invoked for fewer than one guest per 100 guests not counting guests who are actually cheating.

 

[cobright]

I don’t know if you are interested in getting into RotR and if Disney will still be doing BGs, and if they will be requiring the finger biometric at DHS when you are there, but if all of the above is a “yes,” not doing the finger biometric could pose problems with him not showing that he’s in the park as the CM will need to manually override.

Getting a BG in DHS requires you to enter the park. Disney knows you have entered the park when your entry ticket is used. Opting to use a photo ID instead of a finger isn't a manual override, it's an alternate authentication. Like setting up the finger scanner on your phone so you can use that instead of entering the pin.

He says in his line of work, which involves data management and security he’s aware of how easily things can be hacked and doesn’t want to risk it.

I've met people like that and I get it. I'm currently developing a product using AI, Machine Learning, and Computer Vision (the singularity trifecta) and... I get it.

But if it helps him, you might point out that a fingerprint scan will never be used as the sole form of authentication to access protected data. It's inherently insecure. I mean it's fine for a device you keep in your pocket and can brick with a phone call should you lose it. It's fine to get you in and out of a park.

But to access secure data? It will never measure up. Here's why. Think of your password to get into DisBoards... what happens if someone gets your password? You change it. What happens if someone gets your fingerprint? It's called revocability. Secure systems require revocability. Even if one's fingerprint scan data is leaked, it really isn't going to be very useful to the hooligans.

Did you think of the time added to get through if 5 people ahead of you decide to do this silly process? That "2 minutes" now becomes ten more. So, it's not just the one party with the paranoid person that is affected. It's everyone behind that person, and if there are multiple ones, it adds up.

How many people have you seen that opt out of fingerprint scanning? This guy choosing to do so is not going to encourage or cause other people to do so.

We live in a society. Sometimes that means someone else's choices cost us a few extra minutes in line. Are you never that person?

You know I don't carry a bag into the park half the time, something my wife carries every day. Should I bolt for the bag-free line leave her behind?

Like I said, a biometric.

biometric is an adjective. Lots of things are biometric. Just saying biometric doesn't tell us what's being stored. Eyes, face, ears, voice, the way you type, the way you correct the steering wheel while driving, your walking gait, fingerprints are all biometric, they are all things a computer can record and compare in order to authenticate you. Disney stores fingerprint data.

I am a little disheartened that not a single person here has defended your husband.

Ahem

After multiple people here have explained how the biometric scan is useless outside of the confines of WDW, it's a wonder to me how people are still concerned with a partial ID of a finger being a problem. What exactly are you going to do with that finger?

Nothing. And I don't worry about it. But for those who do, who are not on the tinfoil spectrum, it's a matter of principle. I hear people talk about it being a progression along a comfort gradient... getting the masses to accept less and less control over their personal information. I get it. I just don't worry about it.

"For Disney to say they are not storing the actual fingerprints, they are," countered Former FBI agent J.J. Klaver. "They are storing the digital representation of that fingerprint."

I don't think any of us can say with 100% certainty what Disney is doing with our data.

I read that article, it had a smell conspiracy nut to it but he's not exactly wrong.

Disney is not storing the digital representation of your fingerprint. Disney is storing a digital representation of your fingerprint. It is quite rudimentary, i.e. of low resolution.

What's being stored has no resolution. If you could pit the data together as an image at all it would most closely represent a QR code. A QR code that has no visual similarity to your fingerprint. But ... the scanner itself is taking a very hi resolution image of the finger, 500 pixels per inch. That image exists in a stored state long enough to be processed and encoded. There is concern that a scanning terminal could be hacked.

Remember when those full body x-ray scans at the airport were being rolled out and the TSA assured us that the the private areas would be distorted automatically and that the machines were incapable of storing scanner images? And then ... they had to admit that the stored images resolve to near photo quality minus clothing... and that they are capable of saving scanner images... and that a bunch of US Marshals were busted with 100s of saved body scanner 'nudes'.

A small dose of paranoia is not always a bad thing.
(I still use the scanner)

 

[Mackenzie Click-Mickelson]

I readily admit I haven’t studied the technology behind Disney’s specific system (though I’m guessing it’s not publicly available anyway). That’s good that many of you think Disney doesn’t actually take a “fingerprint” or “store” your information. I hope you’re right, but I’m not willing to put blind faith in Disney. Moreover, for those of you who think Disney’s motives are as pure as the driven snow, even its most ardent defenders surely must have SOME doubts about Disney IT’s ability to safeguard your personal information with 100% security. (Yes, you’re trusting the same Disney IT that can’t even get its own app to run reliably to protect your fingerprint—sorry, “biometric data”.)

When I worked for my alma mater we had to use this to clock in (as well as punching in our specific codes) and out of which is a hand geometry recognition biometric machine.






These days that's kinda old school but I'd imagine that the OP's husband probably would have an issue with the above and that's at a place of employment. I don't necessarily think it's ridiculous to be wary but I do understand the viewpoint of "it's not really that big of an issue" either to have the fingerscan done. It will slow the traveling party down no matter what simply out of explanatory reasons to the CMs each and every time. I think it's ok to explain it may be a decent chunk of time slowed down just as much as it's ok to explain it may only be a handful of minutes. At least the OP knows more of what to expect.

 

[Scott McDuck]

P.S. I meant to mention this in January (honestly!), but got distracted by big brother: Fingers contain germs. Cheers Disney!

https://blogmickey.com/2020/07/repo...be-used-at-disney-world-theme-park-entrances/