"UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key."
A bit harder - use of a telephone book would probably solve a fair portion of cases where they didn't just get straight in (assuming you paid with your own credit card and so they had your name).
> Yes, so all it takes is somebody to rob THEM, and get keys and addresses...
Which would legitimately take the heat off of them, so it would be in their interests to fake a robbery of themselves not long before their real robberies of others begin.
Ah, but I'm just getting started! If you wanted to rob houses and frame them, just rob them first. The police and everyone else will think your real robbery was faked by the company, as per my previous paragraph, so you get off scot free.
It's strange, but I really find it hard to come up with a legitimate reason for this service - I think there's a place that'll copy my keys down the street from me. It would take me less time to get my keys copied there on the way home than it would to actually check my mail when I get home.
I find it hard to come up with an illegitimate reason for this service. A thief could finagle a picture of your key, send off to an online service using information that could easily be traced back to him, then use it to open your door. Or he could just pick your lock in less time than it would take him to fill out the order form.
It's also very possible to abuse a local, bricks and mortar key duplication service.
To abuse the online service, you need a valid credit card not in your name or traceable to you, a valid anonymous dropbox to ship to, a clean shot of the key, and an anonymous or well concealed IP address.
To abuse the local service, you need the key, some cash, and about 20 minutes.
As the consumer, it is way easier to be abused by the online service. First let's assume those running the service are perfectly honest. Now let's assume they practice security about as well as the average small online retailer. Now let's assume a hacker breaks into their system and downloads a full dump of their database. Now that hacker has many (hundreds? thousands?) of key photos matched directly to addresses and likely tons of other PII.
> Now let's assume a hacker breaks into their system and downloads a full dump of their database. Now that hacker has many (hundreds? thousands?) of key photos matched directly to addresses and likely tons of other PII.
In theory, they could encrypt the data with a public key before it ever hits the database (or any other permanent storage) and ensure the matching private key is never stored on the same computer.
In theory there are lots of ways they could secure the data, my point was that in the non-theory real world most online companies fall way short of good practices for data security.
This is why barely a day can go by these days without some some story popping up on HN about "Company XYZ was hacked, customer data exposed".
Right, my point is that neither service is ironclad secure. (By the way, loading and activating a prepaid Visa anonymously is more tricky than you'd think post Patriot Act - I'd venture criminals would more likely just grab a stolen CC).
Interesting about the redaction. Presumably that's to guard your home if the picture is ever compromised?
Not sure if the PA is what caused this, but the last time I tried to set up a prepaid card a couple years ago, (one of those off-the-shelf drugstore ones), the actual card could only have $100 put on it until I filled out a form online that required all kinds of PII, including the requisite SSN.
The prepaid card only worked in person too, never online. (I assume they did this by having a bogus or placeholder name attached in their database, which would fail any basic verification checks done by an online seller, but work just fine at a local retailer.
Agreed. Even though the site says "requires a credit card" as some type of security measure, it doesn't secure anything. What are the chances that if your locked item is opened, you would trace the theft back to this service to notify them?
Slim. You'd have to catch the perpetrator first and then figure out how he got a key.
99.99999% of people don't even know a service like this exists let alone to check if their house key was duplicated there before it got robbed.
In the U.S., the main deterrent against robbery is jail time. Most houses can be broken into with an elbow. Locks prevent silent entry and make it slightly harder to break in, they don't secure anything.
This. Locks keep honest thieves out. I don't know of any house that I couldn't gain entry into in a few minutes, without damaging anything, including my own.
No, it's often much easier than that. I do live in a pretty quiet neighborhood, but that's not what I meant either. There are a couple of things. One is that people tend to be vigilant WRT their home's primary access, but pay less attention to side-doors, back-doors, garage-doors, and windows. So you can often find one of these left unsecured. The second is that the latches on windows are notoriously bad WRT their ability to stay closed. They can often be dislodged by just bumping them gently while applying pressure in the right place, even when installed correctly. If they were installed incorrectly, or just carelessly, or if the house has "settled" windows can be even easier to defeat. Another weakness of windows is the glazing, sometimes it just slips out, or can be easily pried loose, sometimes it takes a screwdriver. Until very recently, little attention seems to have been paid to the security of windows in residential construction. There are a few other more-foolproof entry methods that I know that do little or no damage, but they aren't the sort of thing that a burglar would do.
PS I learned most of this at Texas Fireman's Training Academy (and just paying attention to my surroundings), in case you're wondering.
This allows you to keep a digital copy of your key. In the event that something unexpected happens, like you are in a different state and you misplace your car keys, you have a digital backup that can be turned into a physical key.
You buy expensive makes then, I really hope you know that you're way above what most people spend on cars. Most cars don't have those chips yet. The only sort of mainstream car I've seen with a chip in the key is the prius, which starts in the low 20s new.
Come to think of it, I've only had a Mazda the last 10 or so years. Maybe it's just Mazda then. Their bottom-line Mazda3 (currently 16.7k MSRP) came with it when I bought one 6 years ago too.
>I really find it hard to come up with a legitimate reason for this service
Do you really find it hard? Let me help you out then. First, there are people who don't live next to a locksmith. Second, there are people who drive home instead of walking, and an extra stop while driving certainly takes more time than checkin mail. Third, there are people who check their mail regularly anyway. Which is pretty much everyone.
That leaves us with all of the people who walk home, live next to a locksmith, and don't check their mail regularly, who can't make good use of this service.
Yes! I remember this was on HN a few days ago and thought it relevant but I couldn't remember the exact name so I googled shoosl+keys+copy+delivery+startup and a variety of combinations based on that but couldn't find the service online. They really need a memorable name.
This is made easier by the fact that key bitting is discrete. The software doesn't have to measure the exact depth of the valleys; it just needs to know which of the seven (or whatever it is for that particular lock) possible heights it's closest to.
I'm not even sure why you need a computer for this - maybe to print out the picture. As mentioned elsewhere in the thread, the heights are discrete, and you could figure out how to reproduce the key with a ruler and a pencil.
http://michaelgr.com/2008/10/29/duplicating-keys-from-photos...
"UC San Diego computer scientists have built a software program that can perform key duplication without having the key. Instead, the computer scientists only need a photograph of the key."