Give your fingerprints for Gym membership?

F

fractal

Disciple
I recently checked out Power World Gym, a chain with Indian branches in NCR and Bangalore
They have a bio metric system which members need to use to sign in to the Gym. From the companies point of view, I suspect this keeps their costs low and cuts down on fraud though this could also be easily achieved with a membership card with name and photo or the old fashioned way of just having staff who recognize their customers (it was a small gym)

Not sure if they store the fingerprint itself or just a hash. When I asked about some details of what was being stored, the staff did not have any clear idea. I was not comfortable with signing up so left

Curious if some other gyms (or other small and local businesses) have also started such a practice. What would you do if you were asked for bio metrics?
 
Last edited:
even my local gym started these shenanigans two months back. cant do anything because they don't accept anyone without fingerprint authentication. too much
 
Why is this a problem if its part of a closed loop bio-metric system. Unlike aadhaar, there is not much scope to abuse. Many IT offices also use bio-metrics these days. We have had a hand geometry scanner for entry into our office for over a decade and recently, it has been been replaced with a finger print scanner. Booting work laptop also requires fingerprint. I have also seen elevators with fingerprint scanners inside to activate them.

For places like clubs or gyms, it makes perfect sense.
 
you can never trust indian companies to follow rules. what happens if some disgruntled employee of fingerprint machine company decides to steal the database , run it in adhaar software and get adhaar details. Its pretty farfetched but it can happen.
 
It should not be a problem if only a hash is stored and not the image of the captured fingerprint. Different closed loop systems would create different hashes so for example the Gym data could not be used at your Bank's ATM (maybe Banks may introduce this in future)

However there is nothing to stop misuse (if raw fingerprint images are also kept) and they also have your name, address and photo

India does not have any privacy laws for e.g. to force companies to delete data when the membership lapses
 
No, none of these systems store raw fingerprints or even capable of capturing and transmitting raw finger prints in the first place. There are many kinds of scanners using different tech like optical, thermal, ultrasound and capacitive. Capacitive scanning which is pretty common these days would be immune to someone capturing and using a raw optical finger print or even using a dead persons finger. Also, these systems only process and store feature-set and that approach is also usually unique to each system. Even if someone gets hold of the database, there would not be much they can do with it. Its just a random sequence of byes that is unusable outside that system.

The problem is when finger prints from cheap scanners are used in systems like Aadhaar that is then used for diverse purposes that impacts every aspect of the persons life.
 
adventureguy said:
you can never trust indian companies to follow rules. what happens if some disgruntled employee of fingerprint machine company decides to steal the database , run it in adhaar software and get adhaar details. Its pretty farfetched but it can happen.
Click to expand...

Lord Nemesis said:
No, none of these systems store raw fingerprints or even capable of capturing and transmitting raw finger prints in the first place. There are many kinds of scanners using different tech like optical, thermal, ultrasound and capacitive. Capacitive scanning which is pretty common these days would be immune to someone capturing and using a raw optical finger print or even using a dead persons finger. Also, these systems only process and store feature-set and that approach is also usually unique to each system. Even if someone gets hold of the database, there would not be much they can do with it. Its just a random sequence of byes that is unusable outside that system.

The problem is when finger prints from cheap scanners are used in systems like Aadhaar that is then used for diverse purposes that impacts every aspect of the persons life.
Click to expand...

Pinch of salt...

I'd avoid using random fingerprint authentication systems unless i have no other choice...
 
Lord Nemesis said:
No, none of these systems store raw fingerprints or even capable of capturing and transmitting raw finger prints in the first place. There are many kinds of scanners using different tech like optical, thermal, ultrasound and capacitive. Capacitive scanning which is pretty common these days would be immune to someone capturing and using a raw optical finger print or even using a dead persons finger. Also, these systems only process and store feature-set and that approach is also usually unique to each system. Even if someone gets hold of the database, there would not be much they can do with it. Its just a random sequence of byes that is unusable outside that system.

The problem is when finger prints from cheap scanners are used in systems like Aadhaar that is then used for diverse purposes that impacts every aspect of the persons life.
Click to expand...
felt better reading this[DOUBLEPOST=1548650705][/DOUBLEPOST]
Julian said:
Pinch of salt...

I'd avoid using random fingerprint authentication systems unless i have no other choice...
Click to expand...
true. I have to use it to enter gym so I gave them my ring finger. Guy protested but I said whats the difference, fingerprint is fingerprint, he asked his boss and said ok
 
**** the system. Build your own gym.

EDIT: I was probably very angry. but after giving a second thought... Why are you people okay with this? I would just buy a mask to filter the pollution and go on a hike/run in the outdoors. Just get out there and be in the nature. its much better for the spirit and mental health.
 
Last edited:
adventureguy said:
true. I have to use it to enter gym so I gave them my ring finger. Guy protested but I said whats the difference, fingerprint is fingerprint, he asked his boss and said ok
Click to expand...

Ring finger is a great idea. (almost) Like a disposable email for fingerprints.

But wait, doesn't aadhaar record ALL your fingers?
 
booo said:
**** the system. Build your own gym.

EDIT: I was probably very angry. but after giving a second thought... Why are you people okay with this? I would just buy a mask to filter the pollution and go on a hike/run in the outdoors. Just get out there and be in the nature. its much better for the spirit and mental health.
Click to expand...
It is impossible tbh. I live near a developed lake and its quite crowded every evening, not to mention the crowd in the weekends. every time I walk there, I think to myself that mother earth requires a new plague. Also running is impossible due to traffic. That leaves me with gym alone. I tried cycling too but that impossible too.[DOUBLEPOST=1548737029][/DOUBLEPOST]
Julian said:
Ring finger is a great idea. (almost) Like a disposable email for fingerprints.

But wait, doesn't aadhaar record ALL your fingers?
Click to expand...
I don't remember tbh. do they?
 
booo said:
**** the system. Build your own gym.

EDIT: I was probably very angry. but after giving a second thought... Why are you people okay with this? .
Click to expand...

This is a private gym so people can opt out, but it appears that this is spreading more and more and becoming the norm
 
fractal said:
I recently checked out Power World Gym, a chain with Indian branches in NCR and Bangalore
They have a bio metric system which members need to use to sign in to the Gym. From the companies point of view, I suspect this keeps their costs low and cuts down on fraud though this could also be easily achieved with a membership card with name and photo or the old fashioned way of just having staff who recognize their customers (it was a small gym)

Not sure if they store the fingerprint itself or just a hash. When I asked about some details of what was being stored, the staff did not have any clear idea. I was not comfortable with signing up so left

Curious if some other gyms (or other small and local businesses) have also started such a practice. What would you do if you were asked for bio metrics?
Click to expand...
What is the branch name ? couldnt figure out.
 
Lord Nemesis said:
No, none of these systems store raw fingerprints or even capable of capturing and transmitting raw finger prints in the first place.
Click to expand...

I am not sure of this. I had noted that the hardware used was a product from SUPREMA. The specs of the product seem to indicate that it can scan and capture an image of the fingerprint at the device, transfer it to server, and then use a standard MINEX algorithm to convert it to a hash. They may or may not store the fingerprint image but the hardware is certainly capable of capturing and transmitting a raw fingerprint image
 
^^ Those are definitely using optical sensors which are considered insecure these days and easily spoofed. On top of that, some of the more premium models have an Image Log feature which I am guessing will leave a processed image. There is no indication that the image log is transmitted outside the device, but these are definitely not what I would call secure. Leaving aside the data security aspect, its not even going to be any good for the purpose its intended for. Anybody armed with scan of your fingerprint can pass the check. The Minutiae based interchange format is no issue as it cannot be used for reconstruction of the fingerprint, but only for matching after suitable calibration.
 
After going into more details, it looks like image log feature is not related to the fingerprints at all. It is capturing a photo of the user in front of the device when the finger print scan is done. These event logs can be viewed by the administrator. Also, despite being equipped with optical sensors, these device do seem to have live finger detection to prevent spoofing. There is no indication that raw image is stored or transmitted. The captured fingerprint is processed in hardware itself and converted to ISO 19794-4 format.

But still, use of optical sensors makes it outdated technology
 
Back
Top