[RndTbl] On forcing people to get Google accounts

[Mark Jenkins]

I really appreciate Hartmut's contribution here because I've been
thinking of asking Shaw for new equipment after many years, so I'm
glad to know the Hitron's are still a thing.

On the credit union front, I'm just glad that my credit union still
has a web interface. Possibly I'm missing out on mobile cheque deposit
via photographing and some other mobile specific features but the web
interface gets the job done and I can do that from my all floss Power9
Raptor Computing systems Blackbird. (housed in an ATX case that
Frantic Films threw away.)

If I had to go mobile only I'll be looking for another bank that still
has a web interface. Hopefully we can count on that existing for
decades to come given how slow banks can be to change.

I'm living day to day with a feature phone in my pocket instead of a
smartphone, will be interesting to see how far and how long I can push
that.

Got my first aftermarket, user-serviceable battery a few months ago.
(battery life on this replacement has been disappointing, but I'm at
least living the dream)

To the conversation I'll contribute two other cases of the push
towards mobile devices that have irritated me in recent years.

---------

First, Ticketmaster and the Blue Bombers have made it very irritating
to attend a football or soccer game without a smartphone running the
proprietary Ticketmaster, "Blue Bomber" (a ticketmaster whitelabel) or
Google Pay apps. I imagine True North (Jets/Moose) with Ticketmaster
has done the same thing at their venue.

I believe it's possible to stand in a long customer service line on
game day for a printed ticket, but I've just bent over and just used a
casual (not day to day) smartphone to avoid that.

They use a time based token that updates on screen, making it
non-printable by folks at home. I appreciate the business reason for
this, there have been too many people victimized by ticket sale scams,
and so there's going to be less victims when it's known that transfer
of the time based code is required. I haven't heard of anybody
transferring these time based codes outside the blessed system.

And at least I was savvy enough to figure out that I didn't need a
data plan on said smartphone, that the time based ticket-token can be
transferred to the Google Pay app which works entirely offline. Others
may not have been prepared for that and landed in the long customer
service line. There are people who own smartphones as their day to day
phone and don't have data plans, believe it or not. (I know several).

I would just appreciate it if the protocols/standards for these time
based tokens were open so they could be transferred to a fully floss
stack token-wallet. Maybe this is already documented or reverse
engineered out there, I haven't looked into it.

Though, can you imagine me popping open my Pinebook at the stadium
gate and saying "scan this"?

Probably it would be more principled to just not attend. Can use my
ears and take in the game free to air on 680 AM or walk into a sports
bar. I could certainly find things to complain about if using a cable
box and cable subscription or DRM streaming at tsn.ca .

--------

Second situation that irritated me was the required mobile app for
verifying Manitoba vaccine cards.

(I think I posted this before).

It wasn't truly my itch to scratch because I didn't personally operate
a venue required to perform verifications, but I felt sorry for this
imposition of proprietary software and mobile devices on Manitoba
restaurants and so forth.

With help from my fellow folks at Skullspace, we reverse engineered
the Manitoba app. Which basically boiled down to discovering that the
magic API URL was
GET https://immunizationcard.manitoba.ca/api/verification/UUID
with a simple JSON response payload.

(plus a redundant login auth layer that ends with a "authorization:
Bearer " http header being included in the above)

Our work was featured on hackaday.com, including my proof of concept demo video
https://hackaday.com/2021/08/19/manitoban-makes-open-software-demo-of-proprietary-vaccine-verification-systems/
https://github.com/markjenkins/immunizedshellscriptmb/blob/mainline/verificationpipeline.sh

But I never went further to document the login auth protocols or to
make a full replacement app. As is the case for many hobby projects, I
was satisfied to just get the proof of concept and key information out
there for anyone else that wanted to take it further.

Adjacent to this was my experience as a card holder.

I didn't opt to receive a government printed card in the mail. I
considered that a waste and had heard how they were scarce at first,
so I said to myself, save it for others. Figured it wouldn't matter as
well because the program would not be part of mainstream domestic life
in Manitoba for very long. (was under a year in the end)

Though I didn't want to use a smartphone as a way to display my QR either.

There was no print button in the government website UI. I self-printed
my QR anyway. Much later in the program they recognized that choice of
card by mail or smartphone was a barrier for some people and added an
official print button with a nice Manitoba logo in the design.

But, long before self-printing was officially recognized, I took
myself as an experiment to see what life would be like as a weirdo
with a self-printed QR instead of a government printed card or
smartphone displayed QR.

There were three classes of experience.

1. To my pleasant surprise, the vast majority of venues that were
actively verifying QR codes didn't treat me as a weirdo for
self-printing a QR. Venue staff understood that optically scanning a
QR printed on paper was no different than optically scanning a QR
displayed on a phone or card. They scanned, they cross verified the
name on my ID card and life was somewhat normal.

2. The other really common experience was venues not operating
scanning equipment at all. They eyeballed the font and layout of my
self printed QR just like they eyeballed the font and layout of
anybody presenting a smartphone, just like they eyeballed the font and
layout of anybody presenting a piece of plastic.

I had a private joke about this. I joked that maybe it was true that
there was a microchip in the vaccines because serving staff showed
remarkable computational power to eyeball a QR code, decode it and
converse with the Manitoba government server.

Clearly many Manitoba businesses were not eager to roll out a fleet of
smart phones to their staff. No enforcement effort was ever directed
at small venues that asked customers for proof but didn't verify said
proofs.


3.
I can only remember two exceptions where self-printing my QR broke
down. At one venue the lighting wasn't great and they just couldn't
get a scan. Perhaps my self-print out was starting to wear at that
point, (though with all the error correction in QRs that shouldn't
have been a problem). It may have also been a network outage of some
kind. I don't know. They were nice and admitted me. I later offered to
dig up and boot up the casual smartphone in my bag to have that
scanned instead.

Occasionally I would say to venues of type 2. "you're not going to scan that?".

This backfired on me only once.

I came back to a certain place on a different day and they grinded my
gears back at me, saying they now would only accept the government
printed card. I explained how the government printed card was opt-in
and how it was an official part of the system that people could
display QR codes and that it is up to venues to scan them. They gave
me the business about how anybody could just print that and I was like
"yes, that's right, anybody can replicate the look of these printed
cards and QRs and you need to scan it if you're serious about
verification".

That wasn't enough so I pivoted to "would it make you happy if I
showed it to you on a smartphone through the official government app"
and after much fumbling with a smartphone that I don't use day to day
I was having trouble getting things open and finally they acknowledged
that they now had a device of their own on site that they could use to
scan. My paper copy got scanned, and I was able to stop feeling like a
criminal.

Anyway, I could have avoided these two oddball experiences by just
taking delivery of a government printed card, but it was interesting
to see life without that or smartphone. I perhaps successfully
educated one venue along the way as to how things worked, though with
their veneration of the government printed cards I doubt they ever
ended up scanning those.


Mark