Sky News: The Latest News from the World

Sky News – breaking news, headlines and top stories from business, politics, entertainment and more in worldwide

Technology

NYC’s transit agency won’t track subway riders anymore, here’s why

Jessica McCarthy
NYC's transit agency won't track subway riders anymore, here's why

The official website of New York City’s Metropolitan Transportation Authority (MTA) has a feature that can track people’s movements by entering their credit card info. The transit agency has now announced that it is disabling this feature. As part of its commitment to privacy, the MTA has also confirmed removing the seven-day history feature for the One Metro New York (OMNY) system which was introduced in 2020.

Read what MTA said about disabling the features
In a statement to Engadget, MTA spokesperson Eugene Resnick said: “This feature was meant to help our customers who want access to their tap-and-go trip histories, both paid and free, without having to create an OMNY account. As part of the MTA’s ongoing commitment to customer privacy, we have disabled this feature while we evaluate other ways to serve these customers.”

Why MTA is disabling these features
The OMNY website included a page where passengers were allowed to view their seven-day point-of-entry history across NYC’s subways. For this, the site asked its users to enter their credit card number and expiration date.

Eva Galperin, the Electronic Frontier Foundation’s director of cybersecurity said that this feature was intended to provide convenience for users, but it was also “a gift for abusers”.

Read Also

amp39Vishwa mein Digital India ki Badhti Saatamp39 and other tech highlights from Prime Minister Narendra Modis 77th Independence Day speech
Chandrayaan 3 Read congratulatory messages tech companies

This security flaw was reported for the first time by Joseph Cox who was able to successfully track a passenger’s entry points (with consent) using their card info. Cox wrote: “If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live. I would also know what specific time this person may go to the subway each day.”

The tracking feature allowed stalkers and other miscreants to look for a passenger’s travel information if they had the person’s credit card. This feature also didn’t require a PIN or password which made it easier for abusers to misuse it. However, the website allowed travellers to create a more secure account. The enhanced security option was buried farther down the page.

FacebookTwitterLinkedin

end of article

Close