Panera Bread Begins Scanning Its Customers' Palms (cbsnews.com) 123
Slashdot reader quonset writes:
In an effort to more personalize a customer's experience, the U.S. restaurant chain Panera Bread is rolling out palm-scanning technology which will link the palm print with the customer's loyalty program. According to Panera Bread CEO Niren Chaudhary, the move will allow a "frictionless, personalized, and convenient" evolution of Panera's loyalty program, which boasts 52 million members. The claim is this will allow the company to offer menu choices based on a customer's order history, allow staff to personally greet the customer, and offer further suggestions.
Privacy advocates are not so sure. From the story:
Panera says the technology will securely store its customers' biometric data. However, digital rights activists worry that information could be tapped by federal agencies or accessed by hackers.
"Federal agencies like Customs and Border Protection have experienced devastating hacks where large databases of biometric information have been stolen," Fight for the Future told CBS MoneyWatch in an email. "Do we really expect Amazon, or Panera, to have better cybersecurity practices?"
The scanners are already installed at locations in St. Louis, Panera announced Wednesday, and scanners will "expand to additional locations in the coming months." (Panera has 2,113 locations in 48 states.) "After a simple scan of the palm, Panera associates will be able to greet guests by name, communicate their available rewards, reorder their favorite menu items, or take another order of their choice," the announcement gushes, "extending the guest experience into a true and meaningful relationship.
"When they are done ordering, guests can simply scan their palm again to pay."
Privacy advocates are not so sure. From the story:
Panera says the technology will securely store its customers' biometric data. However, digital rights activists worry that information could be tapped by federal agencies or accessed by hackers.
"Federal agencies like Customs and Border Protection have experienced devastating hacks where large databases of biometric information have been stolen," Fight for the Future told CBS MoneyWatch in an email. "Do we really expect Amazon, or Panera, to have better cybersecurity practices?"
The scanners are already installed at locations in St. Louis, Panera announced Wednesday, and scanners will "expand to additional locations in the coming months." (Panera has 2,113 locations in 48 states.) "After a simple scan of the palm, Panera associates will be able to greet guests by name, communicate their available rewards, reorder their favorite menu items, or take another order of their choice," the announcement gushes, "extending the guest experience into a true and meaningful relationship.
"When they are done ordering, guests can simply scan their palm again to pay."
Ah No! (Score:5, Funny)
Re: Ah No! (Score:5, Funny)
Re: (Score:3)
Ah, yes! [Re:Ah No!] (Score:3)
So, now not only do they collect information like what kind of coffee you like, they collect information on your future, like how long your life-line is, and whether you will meet a tall dark stranger!
Re: (Score:2)
Really, it's humorous.
But humor can hide tremendous danger.
The USA Federal Government does not have a right to this information, your palm print, so why gives it to a business that has no restraint on how they use if? (Really, you think the Laws will keep them honest?)
Wait until a hack --> then your palm print ends up at a crime scene. Oh, maybe not murder but burglary or fraud or auto thief. (Hopefully, you'll have an alibi.)
The only value to this... (Score:2)
...is to give Panera biometrics and customer purchase tracking to sell.
Can't see any customer (sorry, 'guest') value.
Also, it beats me how a sandwich shop can be called a restaurant.
Can't take it back (Score:2)
It's not like you can revoke your palm. It's a permanent appendage.
Usernames, passwords, social insurance numbers, credit cards, bank cards can all be revoked and reissued when a data breach occurs. Palms cannot.
Gonna have a sandwich? (Score:3, Insightful)
Quick, put your hand on this surface everyone elses grubby mitts have touched first.
Even before biometric privacy and security concerns I'd be more worried about it being plain gross.
Re: (Score:2)
Re: (Score:2)
This person thinks things done exist unless you can see them. Only takes showers when they see the stink lines.
No this person thinks that many companies do contradictory things for various reasons. Often marketing is involved in such stupidity.
Creepy (Score:5, Insightful)
Re: (Score:2)
Stuff like that is why I don't use fingerprint or face unlock.
Re:Creepy (Score:5, Insightful)
With 50 million customers they've now made themselves a big hacking target, all that biometric data linked to location, payment data etc has to be some juicy valuable data to the hacker marketplace.
Re:Creepy (Score:4, Informative)
None of what they're offering in exchange for biometric data is worth giving up biometric data
I agree with this.
It does potentially allow them to collect fingerprints that could unlock a phone or computer against the customer's will at a later point in time if police/three letter agency felt like demanding it
That's not how that works. Neither phone nor any POS scanner is taking a full stock image of the print. It's just a hash derived from keypoints. And hashes are a one-way function, so it's not like you can take hashed keypoints and return back to the print that made them. Additionally, if you're using biometrics, a court can literally compel you to unlock your phone and you don't have an argument to not do so, the Fifth Amendment won't apply. The Fifth amendment has never been construed to cover DNA, fingerprints, and pictures of your face. The standard is testimony that may incriminate, thus giving a password would be testimony, you looking into a camera is not considered testimony. You should use a PIN or password if you want to mount a fifth amendment argument. So it's kind of a moot point anyway. If you're using face unlock or fingerprints, you don't have a fifth amendment protection to begin with.
I'm sure it's only going to be used to customize sandwich orders though
Well like everything else, of course not. Which is why no one should give this information up.
Re: (Score:2)
>"That's not how that works. Neither phone nor any POS scanner is taking a full stock image of the print. It's just a hash derived from keypoints."
While you are correct, the "palm scan" technology is not a surface print at all. It is typically a deep-vein scan, which is totally different from "prints." It reads the unique pattern of blood vessels deep in the palm. That registration data cannot be readily abused. The article is likely misworded.
Re:Creepy (Score:5, Insightful)
Yes, that is how it's supposed to work. We see stories on Slashdot all of the time about systems that have been deployed with debugging information turned on and thereby gather more data than they're supposed to. We usually only find out that the systems were doing that after they were hacked and the data has leaked. They can pry my palm from my cold, dead hand.
Re: (Score:2)
Additionally, if you're using biometrics, a court can literally compel you to unlock your phone and you don't have an argument to not do so, the Fifth Amendment won't apply. The Fifth amendment has never been construed to cover DNA, fingerprints, and pictures of your face.
Because no three letter agency would ever even dream of unlocking a phone they managed to lay their hands on without bothering about a court warrant, no sir!
Re: (Score:2)
without bothering about a court warrant, no sir!
They could. But they cannot submit it as evidence. But it's not even a point. Most judges sign off on warrants to cell phones, so three letter agencies have zero problem getting a judge to sign off on it because it's rarely challenged. That leads into using a fifth amendment protection, but yes, you have a fourth amendment protection to your phone, but no judge really gives a shit about playing devil's advocate and it's usually signed off on before any lawyer can intercede.
But to toss more on the pile.
Re: (Score:2)
Neither phone nor any POS scanner is taking a full stock image of the print. It's just a hash derived from keypoints. And hashes are a one-way function, so it's not like you can take hashed keypoints and return back to the print that made them.
It's not a "hash", not in the typical CS usage of the term. It is a more compact, information-reduced form. It's typically called a "template" in the industry. And several researchers have demonstrated success in recovering something very similar to the original data from templates. Not perfect, but close enough that most algorithms would call it a match.
Also, as others have mentioned, I wouldn't count on them not storing the full livescan for debugging purposes or whatnot.
OTOH, I think most people far
Re:Creepy (Score:5, Insightful)
Literally none of it is easier than using a phone NFC.
All of it could be done with a phone app, except I wouldn't need to take my gloves off to use that.
Re: (Score:3)
Literally none of it is easier than using a phone NFC.
All of it could be done with a phone app, except I wouldn't need to take my gloves off to use that.
Anybody who wants a "true and meaningful relationship" with a fast food joint needs their head examined.
Re: (Score:2)
Re: Creepy (Score:3)
Hi!
About 30-40 years ago they discovered people don't buy things based on logic. They usually buy based on how the advertising makes them *feel*.
Why would you need to be greeted personally? Simple! Their marketing department found that 0.38% more people bought an additional item when personally greeted.
Not complicated, but it's had a really shit effect. Now the quality of the *item* no longer matters, just the quality of the marketing and monopolistic practices. The latter bought and paid for at Local, and
Re: (Score:2)
Anybody who wants a "true and meaningful relationship" with a fast food joint needs their head examined.
Not to mention, their prices are way out of line with the ever-decreasing quality of their food. Years ago, I used to go there on weekends as I loved their bagels, and because they were one of the very few with on-premises wifi. This was late 90s-early 00s. I hadn't been to one in years and after going to one a while back, I won't be repeating that mistake. What I got for damn near $12 was a joke. I like grilled cheese sandwitches and tomato soup, and they had a combo with these items, one of their "value d
Re: (Score:2)
Re: (Score:2)
>"None of what they're offering in exchange for biometric data is worth giving up biometric data. It does potentially allow them to collect fingerprints"
You are both right and wrong. First the right part- why would anyone want to be tracked like that? Doesn't matter the method of tracking.
Now the wrong. I will *assume* this technology is deep-vein palm scan because it is not evident from the articles, and palm "prints" are not at all typical or practical. This is not at all like a fingerprint and has
Re: (Score:2)
You think that's bad? Ponder leaving "your" fingerprints at a crime scene. We've actually managed to pull this shit off, creating fake prints from images and leaving perfect fingerprints. Sure, if they finally start analyzing whether it's real sweat that this print left, this might change things... but they don't.
Re: (Score:2)
None of what they're offering in exchange for biometric data is worth giving up biometric data.
I generally prefer not to give information... but I really think people massively over-value their biometric data. It is not secret, and never has been.
You leave your fingerprints everywhere, on everything. If anyone wants your fingerprints and is willing/able to get to a location you've been recently enough, they can get them, and there's not a damned thing you can do about it unless you're willing to wear gloves all the time or walk around with a rag wiping everything you touch. Palm prints a little les
We already exerience such service. (Score:5, Insightful)
When my best mate and I visit bars and restaurants, most already know our names and all make us feel welcome, they know what we like, even when we order different things most of the time.
And he pays with bank card and I in cash.
It's called customer service, not customer inventory.
Re: (Score:2)
Re: (Score:2)
For most companies that require you to sign up with your birthday, I moved mine into early December. It's kinda neat to have a good supply for cheap gifts around that time.
Re: (Score:2)
Not the same thing, at all. (Score:3)
Do those workers at local bars and restaurants pass that info to other businesses all across the country and sell it to anybody willing to pay for it?
When businesses use biometrics, the specific details of your personal biology/anatomy will be digitized and stored. From there it will be duplicated a possibly unlimited number of times, sold to anybody willing to buy it, traded to anybody willing to trade for it, and used in who-knows-how-many unauthorized ways for the rest of your life. Transactions will occ
nope (Score:4, Funny)
My daughter was home with a cold and ask me if I'd get her a grilled cheese from Panera, one from home would not do it had to be Panera. Two sandwiches, one for her and a different one for me was $25. Must be some kind of Private Equity tax in there, fuck those guys. Now you want $25 and biometrics? I just wanted a quick bite to eat, there are plenty of other places.
Re: (Score:2)
Exactly that.
What will Panera Bread do if customers just start saying NO ?
Panera might be annoying loyal customers and losing dough in the process. Time will be the proof of that.
Re: (Score:2)
I know more than one person that fully believes the Panera marketing and will think waving her hand to get a discount is high tech and fun, this will definitely add to her Panera experience. Look I wave my hand and then I instantly get an SMS coupon for next time!
Panera is a lot like Subway in that the dough all comes from a factory and they bake it in the store. You can dress up the place and make it more home-like, you can fancy up the menu items a bit, and you can charge a little more, but it is still th
Re: nope (Score:2)
Iâ(TM)m sorry but paying actual money for grilled cheese on bread is just daft. Takes what five minutes to slice some bread, slice some cheese, lightly toast bread then grill the cheese.
Re: (Score:2)
Re: (Score:2)
As an addendum, we can see evidence that this is true. On a blind taste test these things usually lose. If people are given two, one from Panera or McD's or wherever, and one more naturally made, then asked to choose by taste, in the majority of cases they'll choose the non-chain one. But crucially in these types of tests they have had both the one full of additives and the one without, so the addiction cravings are taken out of the equation.
If you just give them the non-chain version and tell them it's bet
Re: nope (Score:2)
Clearly I have been spoiled my whole life. I have not eaten at McDs or anything like that in many years. The idea they add addictive chemicals to basic foods seems unlikely to me; how would that even be legal. It's just shit food lathered in salt and sugar. Which are both very addictive I suppose. I never get takeaway food except in very rare situations when I'll go pick up a pizza from my local Italian place, so I would not actually know.
Re: (Score:2)
Most of these addictive additives are not illegal, probably because these chains have lobbied to ensure they don't get made illegal. An awful lot of the E numbers and similar additives are addictive, as well as the salt and sugar. There is a dearth of actual studies proving this though, for the same reason that they aren't banned: lobbying. Addictiveness can be difficult to definitively prove, needing quite detailed and lengthy studies to prove it. Lobbying prevents Government agencies spending the resource
Re: nope (Score:2)
Sure you pick the correct bread, butter, and cheeses.
Yes you can make it at home. But it is extra good because chefs have already gone through a 1000 flavor combos to find a great one.
A sub shop I used to go made an awesome grilled turkey sub
I have spent years trying to recreate it out of the 4 basic ingredients. Finding the extra sharp provolone regularly is a pain for non chefs. Let alone the sauce the turkey was cooked in.
That said I make my own melts with 2-3 different cheeses, sauces e
Re: (Score:2)
I got my kid some comfort food when she was not feeling well, yeah I know makes me dumb and a bad person. I offered to make one at home, and she likes they way I make it at home, but that wasn't going to make her happy that day. You must not have kids.
I think the bigger story is how the stores in strip malls all over the US, where a lot of people shop everyday, are owned by and being squeezed by Private Equity and it is all about concentrating profits for a few.
https://www.businessinsider.co... [businessinsider.com]
https://www. [retaildive.com]
Re: (Score:2)
Read my comment earlier in this thread.. A tiny cup of soup and a half-assed sandwich for nearly TWELVE F'ING DOLLARS.. And during the visit in question, where the sandwitch had a BITE taken out of it, and the manager, when approached about this, gave copious attitude, and made it clear to me I was DONE with ever returning to a Panera..
You can scan (Score:5, Funny)
What's in it for me? (Score:5, Insightful)
extending the guest experience into a true and meaningful relationship.
I don't want a "true and meaningful relationship" with Panera. I just want a sandwich. I'm not looking for a date. Your food is already terrible so what incentive is there for me to hand over my palm print? So you can "greet me by name?" What idiot thought this was a good idea?
Re: (Score:2)
Same with the likes of Starbucks. A local comedian once put it quite perfectly when he described his first visit to a Starbucks
"I'd like to have a coffee"
"Yeah, I'd need your name?"
"Sorry, did I misspeak? I meant coffee, not loan agreement".
Re: What's in it for me? (Score:2)
They want your name so when they put your order on the counter, they can get it to the correct customer. Use a different name every time you visit. They won't care.
Re: (Score:2)
Just look at the badge of the person taking the order and use that name. Yes, my name is Karen too.
Honestly though the S/M/L thing gets me, I don't want to learn Starbucks-speak just to get a coffee. I like my coffee black, nothing in it. Starbucks coffee is terrible black, it is roasted have the taste come through in the face of endless sugar and milk.
Re: (Score:2)
But they don't have S M and L as sizes. They have some weird names that nobody gets. Or, as the comedian said, they could as well have named them Lollek, Bollek and Daddy Fuck.
Re: (Score:2)
The routine continues with him going on to demand she writes "Zul, destroyer of the universe" on the cup, and when she asks to spell it, he starts "Z. U. U. U. U. U. U.....", and then how she tried to put smaller and smaller "u"s on the cup.
Re: (Score:2)
Collecting biometrics not desired personalization (Score:2)
In an effort to more personalize a customer's experience
Collecting biometrics is not the sort of personalization most customers would desire. Just give customers an app that shows a QR code.
40% off paninis in exchange for your health docs! (Score:4, Funny)
Re: (Score:2)
Free coffee in exchange for stem cells!
Panera has really really REALLY been pushing something called their "unlimited sips club", where you pay around 8 bucks a month and you get all the coffee you want all month for free. Then they extended to include other drinks, obviously because people aren't buying into the club.
It's not like there's a Panera on every corner... so you have to go out of your way every time you want to get a "free" coffee. It makes no sense, from a customer perspective.
Re: (Score:2)
Re: (Score:2)
I suppose that's true. But the closest one to my work is a 15-minute walk (or a 10-minute drive... it's really busy). And the closest one to my house is a 15-minute drive.
I don't believe you have to order anything else... although I'm sure they're hoping you do. But I don't think their coffee is anything amazing.
It's a trend I've noticed lately (Score:4, Insightful)
Most fast food restaurants are trying really hard to get you to order through their smartphone app. For example, McDonald's has daily "X percentage off your order coupons" that basically amount to a surcharge if you're ordering in person. My local Wendy's, McDonald's, and Panera all usually have the dine-in cashier counters unstaffed and expect you to order from a touchscreen kiosk if you're not using their app.
I think the filthy palm reader thing is really just yet another way of nudging people towards ordering using their phones, where of course they're getting to build a customer profile on you and all that data mining jazz.
Re: (Score:2)
Re: (Score:3)
Can you still just use a regular touch screen
My first job was working at Rat Shack* way back in the day and I got grilled constantly with the "why do you need my phone number?!" question. My answer was always "I'm sorry, I can skip it if you'd prefer." Just like back then, no retail establishment is going to reject your business over opting out from their marketing scheme.
Personally, I actually prefer ordering using an app since it's generally faster and I can't say I'm a big fan of having to repeat my order to stoned teenagers (YMMV, but ever since
Re: (Score:2)
>"Just like back then, no retail establishment is going to reject your business over opting out from their marketing scheme.
You are partially correct. These new schemes *WILL* punish you if you do not comply. You will pay higher prices, overall, than those who just "go along" with the tracking. So yeah, they won't refuse to sell to you, but you will pay more either with directly higher prices or ineligibility to take advantage of any promotions or even sale prices listed on the shelf (see Kroger for a
Re: (Score:2)
Re: (Score:2)
>"McDonald's has daily "X percentage off your order coupons" that basically amount to a surcharge if you're ordering in person."
BINGO. And I have heard so few actually say it out loud.
Almost *ALL* companies are doing this now. And you are correct, it is actually a "tax" on people who value their privacy. Walk into any pharmacy, or Krogers, for example. Tons of sale prices, but *ONLY* for those who do not want to shop anonymously. And to get a "membership" usually requires presenting a positive ID so
Re: (Score:2)
CVS and Walgreens accept a phone # - use an existing account to get a discount. Just keep punching numbers in until you get one that works. Try (area code) 867-5309, then numbers of random acquaintances that you don't particularly like, former bosses, etc.
Also, I just created a Kroger's affiliate account online - no ID needed.
Re: (Score:2)
>"Try (area code) 867-5309"
LOL- I like that song
>"then numbers of random acquaintances that you don't particularly like, former bosses, etc."
That seems a little "mean"/unethical.
Re: (Score:2)
Re: (Score:2)
>"What's unethical is charging people for privacy. Fight fire with fire."
Well, the punishment should at least be targeted at the perpetrators!
Re: (Score:2)
I don't trust them. (Score:5, Informative)
I hadn't been to Panera Bread since they were exposed for ignoring a breach report for eight months.
Re:I don't trust them. (Score:5, Informative)
And *this* will "allow" that? (Score:3)
The claim is this will allow the company to offer menu choices based on a customer's order history, allow staff to personally greet the customer, and offer further suggestions.
And they need a palm print to support this? They can't do it with the existing swipe card and/or phone number?
And people will fall for this? [Sadly, that's probably rhetorical.]
What a load of BS.
Re: (Score:2)
Re: (Score:2)
Why a whole handprint? Even Disneyland uses only a single fingerprint. This seems like an unnecessary waste of money on hand scanners.
Maybe it's to future-proof an "upgrade" to using butt prints? :-)
What other body parts ... (Score:3)
Re: (Score:2)
REALLY bad idea (Score:2)
Identity/access devices/tokens have a habit of getting stolen and being used by criminals. If you get mugged and you have credit cards, ATM cards, cash, etc you can expect that these things will be removed from you so that the thief can use them to get stuff he wants.
Do you REALLY want your finger/hand/eyeball to be an access/identy thing? [this could get REALLY bloody... really fast]
Re: (Score:3)
If you use a severed hand to order a sandwich at Panera Bread, you might attract some attention.
Re: (Score:2)
Pandemic anyone? (Score:5, Insightful)
Just nope... (Score:2)
Greasing palms (Score:2)
Perfect example ... (Score:2)
And yet they refuse to make my chipotle chicken (Score:2)
theoretically (Score:2)
So if I brought in, say, just someone's hand, they could pay for my sandwich?
Asking for a friend.
Police (Score:2)
So, there will be another corporation subject to selling our personal information or giving it up via dragnet subpoenas. I think not.
Way to go, Panera (Score:2)
so, do they know where your hands been? (Score:2)
They better be cleaning the scanner after every scan. Who knows where the customers hands been.
Solve security (Score:2)
This will solve the age-old problem of someone else eating your lunch.
Semen Sample and Pap Smear Next Week (Score:2)
Appropriate conversation... (Score:3)
Me: No.
P: We require it.
Me: Turn and walk out immediately.
Let them scan their palms to straighten out the order.
the crone behind the counter (Score:2)
I was a bit deterred by their analysis:
"Your lifeline shows you will have a short life ending in tragedy. To make the best of things, enjoy our delicious sourdough before you die."
The reader then adjusted her headscarf and flew off on a broom.
At that point I said screw it and went to Subway.
All I want is a sandwich (Score:2)
The only thing I want from Panera is the soup-and-sandwich special. It is not necessary for them to permanently store my biometric data to satisfy that request. I don't want them to greet me by name and I don't want them to have an eternal record of every sandwich I eat in their establishment. Just bring the food.
Re: (Score:2)
When EVERYTHING uses biometrics for identification then they become worthless because EVERYONE has all the biometrics.
That makes no more sense than saying photo IDs are worthless because everyone already knows what you look like.
Everyone may have a hash of my palm print, but they can't impersonate me without my hand.
I'm not too worried about anyone amputating my hand just so they can order my favorite sandwich a few seconds faster.
A simple man in the middle attack. (Score:3)
Everyone may have a hash of my palm print, but they can't impersonate me without my hand.
Unplug the scanner and plug in a device that uploads a handprint. :-)
Re: (Score:2)
Unplug the scanner and plug in a device that uploads a handprint. :-)
Also, you can use any key to open any door just by changing the lock.
Re: (Score:2)
Everyone may have a hash of my palm print, but they can't impersonate me without my hand.
Yeah, those scanners are impossible to fool.
(facepalm)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)