As part of my recent discovery of old miniDV tapes a couple days ago, I came across these tapes of a presentation I did at DorkBot in Seattle back in March 2006. At the time, I only had my implants for just about a year. My book was coming out, and I was pouring everything I had into a new startup called txtGroups. Basically it was all the features of Twitter and then some, being developed by just one guy (me). It had a great API, RSS integration, all kinds of stuff. We had connections with every carrier in North America and were processing text messages… but.. things happen and all that.
So anyway, looking back at the presentation I gave back in 2006, I’m surprised that a lot of what I said is still relevant. Of course, many things have changed since then too. One of the things I still consider relevant is the concept of security and privacy context when it comes to using RFID devices in your own projects and/or body. Essentially my argument is this; when used in a personal context, even completely insecure openly readable RFID tags are not necessarily a large security or privacy risk. As I discuss in the presentation, the simple reason is that an attacker armed with my RFID tag data can do nothing with it unless he or she has directly targeted me for the specific reason of attacking my individual system. That is a very narrow attack vector, and is basically useless to your average punk with an RFID skimmer. However, I won’t deny that there is a certain amount of risk involved (which is why I have a secure HITAG tag in my right hand). But I’m not going to stop using my insecure EM4102 tag until I get rich or famous enough to worry about it.