> Presumably, the makers thought that making the card look like a smart card would help people understand it. The card actually uses an entirely different technology.

It’s kind of the same, though. The physical communication layer is different, but the higher protocol layers are basically identical. Smart cards with contacts follow ISO 7816. These MIFARE contactless cards are ISO 14443 Type A cards, and their protocol follows ISO 7816-4.

This shouldn’t be terribly surprising — the entire ecosystem built for smart cards with contacts wants to support contactless cards with minimal changes, and this includes the host software, the readers, and the logic in the cards. There are even plenty of devices where the same device supports contact and contactless uses — plenty of credit cards, bank cards, and FIDO devices are like this.

This is analogous to WiFi and wired Ethernet. They’re have very different physical layers, but they are logically compatible, and the same software supports both.

One of my claims to fame was being part of the team that built the first online banking site for a bank in my country around 1997.

One of the things you could do was pay certain types of widely used paper invoices. When I was brought on, the UI for this was just a standard HTML table with labels and input boxes. I decided to build a prototype with a paper invoice image as the background and a textboxes places where the numbers appearred on the paper invoice.

When people paid the invoice, they would have the paper version they had received by postal mail next to them. Now, their mission was to enter the numbers so they would end up with a visual one-to-one copy of the paper invoice on the computer screen. It made it easy for everyone to figure out which numbers to enter.

People embraced this immediately, and all forms were changed to follow this principle. All banks implemented it in their banking apps and still use it today.

  • crote
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
In my country we used to have a heavily standardized type of money transfer card. It'd be used both for regular wire transfers in a "fixed payer, flexible payee" form where you'd get a booklet of them to fill out later, and "flexible payer, fixed payee" form you'd get mailed to your house to pay your bills, only having to write your account number on them, sign it, and mail it to your bank.

They were designed to be machine-readable from the start for easy processing at the bank, and one of the ways they did this was by having all the fixed data encoded in a special font. When we started using smartphone banking apps, you'd just be able to scan a bill with your phone and it'd immediately read out all the data, fill in the missing stuff, and you'd only have to tap "confirm" to do the actual payment.

Around the same time (2001) I worked for a startup that was doing the same thing but with Flash instead of HTML. We were building European export forms. People really liked the UI side of it.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Only ISO 14443-4 uses the same protocol as ISO 7816 (another way of saying this is that ISO 14443-4 represents the higher layers of ISO 7816 over a different physical interface), though.

MIFARE Ultralight does not actually implement 14443-4/7816/"smartcard"-style APDUs; it's significantly simpler, since the ICs are much less powerful.

To make things more confusing, some MIFARE ICs really do implement ISO 14443-4 (e.g. their fixed-function MIFARE DESfire cards, and their programmable smartcard ICs like SmartMX), but not all of them.

  • m463
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It would be more analogous to your wifi antennas looking like 6" cat 5 cables with an RJ-45 painted on the end :)
We’re almost there. Try zooming in to the first picture on this RJ45 connector:

https://www.truecable.com/products/cat6a-field-term-plug-shi...

At that price point, there should be a wifi module hidden in it somewhere :)

Two things spring to mind: a whole computer inside an SFP module[1] and the O.MG cable[2]

[1]: https://blog.benjojo.co.uk/post/smart-sfp-linux-inside [2]: https://shop.hak5.org/products/omg-cable

...and now I want one.
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
QR codes seem like a better ticket medium.

This is like a 100 bytes, a qr code can be over 2kb

This is a cheap plastic substrate with ink printing over the top. A qr code is just ink - or some other even cheaper printing process if you prefer.

This needs a specific ticket technology supplier over the next 10’s of years. QR codes can be drawn on screens or printed on paper and you can change suppliers for every component - from mobile phone apps to paper type to physical printer and reader devices - until your heart’s content over the next years. That flexibility can’t be underestimated in a space like public ticketing over decades.

Issuing replacement tickets needs physical presence to collect the ticket, vs qr code which can be emailed, sent on whatsapp, shared as a screenshot or photo if you need to, but of course you can still exchange physical paper qr codes if you prefer.

The rfid reader for these are cheap and durable, the optical reader for qr codes can be almost as cheap and almost as durable but not quite, the rfid wins this one point by a small margin.

I've worked in public transport ticketing for the past 30 years including the first system outside Japan (Hong Kong's Octopus).

The problem with QR codes:

1. If they're printed, they can be copied.

2. "Dynamic" QR codes can be screenshot.

3. They're read-only (by definition)

4. Readers are slow, require good orientation by the user.

NFC is good because it's read/write, has a ~10cm range, the larger cards can hold up to 4K of data, the ultralights can replace single journey tickets and can be recycled like magnetics being captured at exit.

I don't think the suggestion is the QR code contains the ticket info, but that the QR code is the unique tag into the back end virtual ticket system. 1 to 3 are not relevant in that context, and 4 isn't borne out in my experience with modern readers (they're used in the bar code mix at parkrun and they read time is vanishingly fast with a smart phone, generally better than barcodes). The number of bits might increase the difficulty if capturing the code, but I would very surprised if a fast, robust system can't be built.

The huge disadvantage of NFC in this context is the electronic waste necessarily produced.

The problem with expecting a "unique tag into the back end" is that these systems have to work offline.

The QR codes are significantly slower to read than NFC.

I've built both NFC and QR (and ye olde fashioned magnetic stripe) ticketing systems.

NFC doesn't necessarily create any additional e-waste. In Chicago we have an NFC system, and people typically just link their phone to their account and use that to pay.

I still use a physical card - so that I have a backup option in case something happens to my phone - but even there the volume of waste is trivial. I've had my current transit card for ages, and it doesn't expire until 2037. It's possible that the only technological decision I've made that generated less e-waste was deciding to splurge on a mechanical watch instead of a quartz model.

Well, yes, but the article is about a disposable nfc ticket.
Those are more for single rides by people who rarely or never use the transit system. I've had the same Carte Opus for years and just bring it with me and refill whenever I visit Montreal. And the disposable paper cards are being phased out. I'm not sure when the rollout will be, but Montreal is currently working on upgrading the system to allow people to just tap-to-pay at the turnstiles using their phones or compatible credit and debit cards.

Which is not something that you could do with a QR system. I don't know that anything is inherently wrong with QR codes, but they do seem to be a choice that's more appropriate for countries like China where the existing electronic payment infrastructure uses QR codes. In North America, by contrast, things have generally settled on NFC, and I think that that reason alone probably makes NFC the better option for North American transit systems.

> Montreal is currently working on upgrading the system to allow people to just tap-to-pay at the turnstiles using their phones or compatible credit and debit cards. > Which is not something that you could do with a QR system

I've got several apps that display QR codes on the screen for an external reader. One of them is for my health insurance id card (a simple 10 digit number), another shows my COVID vaccination status (this one is complicated, and I'm not sure why they used a QR code for it. It must include batch identification and other information given the size)

By tap-to-pay, I mean you need no special apps, you need no special accounts, any of that. You can pay with any physical credit or debit card that supports tap-to-pay, or you can use any credit or debit card you have loaded into your phone.

With a QR code like that, people still need to install an app, set up an account, etc. It's just a lot more friction. In cities where I can tap-to-pay, getting set up to ride a bus or train for the first time takes literally zero time; I'm already set up. If I need anything special - apps, accounts, system-specific QR codes, etc - then the setup time instantly goes up to a minimum of 10 minutes. It's a relatively large barrier to entry for infrequent riders, and ultimately serves to discourage use of public transit.

Really? Setting up contactless payment is quicker than having a QR code image? I use QR codes on the UK train system and I don't have any special apps. It seems to integrate with Google wallet too, which surprised me.
The point of the disposables is that they use the same technology (NFC/RFID) as the more robust long term multi-use NFC cards.

So if you're replacing an existing magnetic system, you can reuse the magnetic transports (belts/motors etc) for single use, including capture-at-exit and recycling for single journeys, while also adopting the NFC for multiple use.

On rail systems with gates, these disposable "ultralite" RFID tickets are usually put through the old slot that used to take magentic tickets.

Exit gates usually capture the ticket on exit when it has been used up (ie single journeys, or after the number of trips encoded on the ticket).

These can (and are) recycled numerous times.

> and 4 isn't borne out in my experience

To bolster your point, aren't there whole countries where stores and street sales float on top of QR codes?

Yes- of interest:

China's Big Tech companies taught Asia to pay by scanning QR codes, but made a mess along the way

https://www.theregister.com/2024/06/17/asia_qr_code_obsessio...

In China, QR Codes are used for public transport too, and I found them just as fast as NFC readers (and faster than the slow readers used by the NS in The Netherlands)
Until you go to another city and discover that the local bus company has decided that instead of just letting you pay by Wechat pay or Alipay, you need to install their proprietary app to generate the QR code for the bus to scan, at which point the app then just turns it into a Wechat pay or Alipay transaction at the end. No benefit to the user, it just allows the bus company to extract all your PII in the process. Actually, they're not all proprietary apps, but there are several from competing companies, and you have to use whichever one the city has chosen.

Actually, I think part of the reason is that so they know who's on the bus in case it's involved in an accident, because if you buy a ticket from a bus station for a "short distance" (so out of the city, but within about 40km), you also have to provide them with a phone number even though they never call you or send you an SMS using that number.

>Actually, I think part of the reason is that so they know who's on the bus in case it's involved in an accident

The CCP certainly do want to know who's on the bus, but not for the reasons you stated.

The time to process a payment at a retail outlet is ~1s+, the time required for public transport is usually <0.5s including mechanical release of barriers etc.

QRs are dramatically slower than NFC.

Those QR codes are validated online.

Transit has to work offline.

An always-online requirement is not feasible everywhere.
You can fail open. The QR code contained a signed ticket ID and expiry. You locally validate the signature and expiry and remotely attempt to validate reuse. If the remote validation is slow or fails just accept the ticket and log it.
That is what happens, however it exposes the transit company to a risk that many of them aren't willing to accept.
1. Thats ok. If you’re expecting your rfid tokens not to be copied just because it seems inconvenient to do so, you’re in for a surprise! Your ticketing system cannot assume tickets in any form cannot be replicated- they can be and if you introduce such a vulnerability in your system, you will lose revenue

2. As per 1, no issue

3. That’d be a great feature if true, I’m all for immutability. However , qr codes can be defaced easily, hopefully the built in checksum defend against that. a more likely threat your system needs to defend against is that new qr codes can be generated extremely quickly

4. Both systems are the same speed, both systems require accurate targeting by the user, an rfid token slightly askew of the reader will not read since it won’t be able to influence / absorb the generated rf - most of these systems work by providing power to the rfid token and it communicates back not by transmitting its own signal but by exerting influence on the signal it’s receiving. It’s a very very low power interaction and very sensitive to positioning

A better problem than 4 is that you entail staff overheads with a visual system to keep them clean.

Read / write is a bad feature, you will lose ticket sales.

Recycling these is not practical. Direct reuse risks jamming the vending machine (used tickets end up subtly bent, very hard to reliably deal with), actual recycling isn’t viable, the energy required and emissions produced exceed that of creation of a new card from raw materials.

> Your ticketing system cannot assume tickets in any form cannot be replicated- they can be and if you introduce such a vulnerability in your system, you will lose revenue

Yes, the question is not whether such system would be abused, but how much. But this is in the end what businesses care about.

Will QR codes be abused more than NFC chips? Likely yes.

Will it produce a larger financial loss than the cost of the NFC chips?

Can I mitigate these losses by a centralized validation system (each terminal needs a network connection with low latency guarantees)? Sure, but how much will it cost?

A centralized system is how tags work already, so you can't toss your ticket to your friend behind you and have them reuse it.
These NFC chips have counters to deactivate themselves after the allocated number of trips has been reached.
40 years ago we had a read-write system based on mechanical trimming of a piece of card and a physical time stamp[1]. It's absolutely possible to roll out a system to keep track of journeys that doesn't require fancy embedded ICs.

[1] https://www.facebook.com/uktvads/videos/kerching-a-saverstri...

NFC tickets have "antipassback" features, eg, stores the last tap so you can't "toss your ticket to your friend behind you".
1. NFC tickets with embedded security are robust against replication, at least to the extent required for transit.

On 4, QRs are substantially slower to be read and decoded. NFC/RFID have a range of ~100mm and the field shape is dependent on the antenna design, however it is way more tolerant than QR using IR/laser. As for "entail staff overheads", we are talking about systems that process thousands of taps/day through single gates. Anything that reduces maintenance requirements is absolutely a priority.

As for "read/write is a bad feature", I don't really understand your point.

Ultralite RFID/NFC tickets are routinely recycled where they are used to replace old magnetic systems that have belt transports for the magnetic tickets. The read/write heads of the magnetic stripe are replaced with NFC readers but the belt transport and capture mechanisms remain.

I’ve found NDEF cards that can hold 16KB & 32KB, even as much as 64KB. That may be too much capacity for ticketing but it blows QR codes out of the water
  • scoot
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
When all you need is a unique identifier, what's the advantage?
That is the issue. If it was just a matter of a unique identifier, then a read only token would be fine.

However, for most transit, there is some form of "check in/out" (either through barriers/gates or via validation/inspection). This is combined with rules about "antipassback" (ie one user passing the token back to another to reuse), as well as "total time in system" (ie to avoid people staying in the system all day).

There are also rules that take into account entry/exit times (eg peak/off-peak), entry/exit locations (eg core/non-core zones) etc.

All of these rules require either:

a) An always online set of validators to be able to contact the backend that is maintaining the information, or,

b) a way to record the information on the token so that it is physically transported from one validation location to another.

It also is needed for inspection purposes during a trip.

None in that case. But with these cards there’s less need for centralization of data storage and code logic
>> there’s less need for centralization of data storage and code logic

You make it sound like less moving parts are a bad thing :-)

I know what you're getting at though - the decentralized tolerance of network partitions and the ability to provide higher availability and faster decision speed at the entry barrier.

The system design constraints are hard but not impossible, my back of napkin maths says 5k/ticket scans per second with 99th percentile latency < 1000ms not only satisfies every use case that exists today but allows for 3x population growth beyond!

There's a few things in your favour when designing this system though. For example, in the case of network partition, you have geographic locality so a pen drive delivered a couple of times per day is likely feasible.

The usual maximum time allowed for tap->barrier open is a maximum of 450ms. That includes all read/write times for the token, display changes, fare calculations and deductions, all business rule validation (eg hotlisting stolen tokens etc).

The system I recently put in allowed for that 450ms, the time broke down to:

1) NFC comms ~100ms

2) Network comms ~50-100ms

3) Physical relays (releasing barriers etc) 100-200ms

During peak periods the usual rate expected is 30-40 passengers through a gate/minute, which includes all of the time above, plus the passengers actually walking through the barriers (usually ~2m).

“99th percentile”
Not relevant. The maximum specified by contract is usually 450-500ms.

The barriers at rail stations have to have a defined maximum throughput of passengers, because it affects safety during emergencies etc. Most barriers are required to maintain somewhere between 30 and 45 passengers per minute.

Yes they can "default be open" and usually have emergency modes that disable validation entirely, but the speed during peak hour periods has to maintain the passenger flow.

1000ms is a surprisingly long wait at a ticket barrier, though! Latency is everything in this use case...
Usual requirement is <500ms from tap to passenger through the barrier, which includes not only the validation/fare deduction etc, but also the display and barrier unlock.
  • ak217
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Lots of others mentioned key downsides of QR codes that make them generally unsuitable for this purpose (they are stateless, trivially copied, easily fouled from repeated use, too slow because of fundamental optical constraints, require a 100% available centralized ledger/don't work while the reader is offline, etc. etc.) but I'd just point out that decades of R&D have gone into making these systems work well at scale at the busiest train stations in the world, and QR codes came up short. Here is a glimpse of early R&D efforts that went into this: https://www.jreast.co.jp/e/development/tech/pdf_6/tec-06-40-... - it covers some of the technical requirements these systems fulfill.
Is that a paper from 2005 about a system designed in 1997? History is excellent for research but in the decades since, many things have changed.

Some of those downsides are positives (immutable, easily copied) others aren’t accurate, for example here’s the Mumbai metro in 2023 with qr entry gates https://youtube.com/shorts/TxbEgEzY9J8?si=s3gE-7_xbCbDoQ1d

Or that a 100% available central ledger is needed (it’s not).

That Qr code systems are in use today in some of the busiest locations would probably be the most succinct counterpoint though.

The problem with QR codes is that they are read-only.

I don't know about Montreal, but Moscow public transport uses similar paper tickets, also Mifare Ultralight, except you can get them for different number of trips. When you use your ticket, the turnstile or validator would increment those one-way counters so that the next one would know how many trips you have left. You can't do that with a QR code without either the reader or the user's device having a persistent internet connection to some sort of central server that would keep track of all tickets, which is impractical.

  • Fej
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
NJ Transit uses QR codes for all train tickets and it works well enough. It's not quite as seamless as a tap card but NJT has moved largely to mobile ticketing and they're in the odd position of having to scan tickets both at turnstiles and by train crew (handheld scanners); cards would be awkward in the latter case. The paper tickets used to have magstripes but once they adopted QR codes for the mobile app, the tickets lost the magstipe and gained a printed QR code.

So the central server model is practical. The user's device has to have an internet connection at some point to activate the ticket within a reasonable period before using it but the connection doesn't have to persist after that. I don't know how their handheld scanners work in the Hudson River tunnels where there is no cell service but they do, so long as the user activates their ticket before the train departs.

> cards would be awkward in the latter case

Do you mean it would be hard for staff to scan cards? Here in the Netherlands both qr and cards (travel cards + bank cards) can be used at stations, and are read by the staff on the train.

Once I searched how Japan do the synchronization of the data in the IC card because I can't imagine how they handle all of the traffic for millions of people especially in the rush hour.

So the solution is the transportation card is writable, and each train station acts like a small data center. They sync the data periodically to the main data center.

I think the syncing tech is getting better, Japan train companies are going to experiment with QR code soon. So read only is feasible.

> So the solution is the transportation card is writable, and each train station acts like a small data center. They sync the data periodically to the main data center.

That's also how the two subway systems I'm most familiar with do it here in Russia. In both Moscow and St Petersburg, the data stored on the refillable tickets (Troika and Podorozhnik respectively) was thoroughly reverse engineered. People who did it, of course, tried to write them too — for example, you'd make a dump, enter a station, then restore the dump with your old balance. It worked, but only for a day or two, after which the card number was added to a blacklist that all turnstiles check cards against. The conclusion was that there's a server on each station that turnstiles talk to, that syncs with some central server each night (when the subway is closed), where all system-wide transactions for the day are collated, and if anything is off, the card is blacklisted.

Oyster in London works like this too so I’ve heard. Some terminals (e.g. those on buses) are offline until the terminal is docked and connected to the main centre.
The Helsinki metropolitan area public transit system "HSL" used to be like that. Bus passes were first mifare and the DESfire after some upgrades, but the readers in the busses contained the transactions and worked offline.

If they got filled up the the standard practice was free fares. :)

Japan railway companies in Kanto region are moving to QR code for individual ticket in 2027.

The bulk of the ticket will still be the Felica card though, because as far as I know neither the QR code or EMV open-loop system can handle required throughput of 60 persons/minute/gate.

  • hnick
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I think semi-persistent internet is not such a big deal for a lot of providers. For Opal here in Sydney AU it uses a connection for some features. Cards can be anonymous or assigned to an account, the account shows all your trips online, so there's some required connectivity for that. The cards have a smart chip, but credit cards or phones can now also just be tapped directly, so it needs to match up when you tap off and determine where you started and how much to charge. This includes buses, which use 3G IIRC, and may drop offline sometimes.

To support the above, they did away with multi-trip tickets like you describe. It instead tracks and discounts once you hit a weekly limit (yes, you have to give up your privacy for this with an account or use your credit card directly). Not great for intermittent travel.

For systems like this the question is: if the internet is down and a few people get a free trip, does it really matter? You don't always need 100% accuracy if it makes everything else simpler, like removing paper tickets, printers, litter, etc.

Fun tangent: I hit a bug in Opal recently with the stored value cards. I was able to obtain a balance that read out higher on the exit turnstile than on a top-up machine. I'm pretty sure this was related to a recharge that failed and then eventually succeeded. Multiple top-ups later and the difference seems to persist.
You're correct, there are a bunch of different ticket options. Not sure about how it's actually implemented, though.

Slightly tangential, but when I was in Montreal, I was blown away that you just purchase a ticket from a machine and you get a printed out ticket with an NFC chip inside. Not my favourite part of the trip (Montreal is beautiful!) but definitely a cool piece of technology to see being put to such a mundane use.

I am not sure which part is impractical. In India we already use QR code for metro tickets. The system design is definitely different from one mentioned and mimics more of how airport tickets work.
How does the system know that the ticket was already used?

The thing with plane and long-distance train tickets is that you buy them for a specific route. So all the checking only needs to be done at your departure station/airport, the code for which is encoded in the ticket, and the rest of the system doesn't need to know anything about it. But you can't do that with city transport. When there aren't multi-use tickets, people would often buy multiple single-use ones at a time and use them as the need arises, without knowing in advance when, where, and from where they'll be going.

Fair enough. I went through qr code of my previous metro ticket to see what info they encode. It is non standard so there were - some hashes - type of ticket, in my case single use, - time of issue, - valid upto time, approx 10hrs, approx journey time was only 30 min - ticket id - I could not directly see source/destination address, but it is my hunch that atleast the destination address is encoded

Now this one time ticket needs to generated before entering the metro station and the qr code is scanned at * both entry and exit*.

I think the entire system works on daily rotating ticket id validated using unique hashes where a ticket validity period is tracked. I think this should be enough to ensure non-reuse of same ticket.

The caveat is, I have always only bough one time ticket which is the only mode allowed in qr. For daily traveller's, they need to buy token/card which is NFC based.

Thinking of it, QR codes make sense for when you buy a single-use ticket at the station with the intention to use it immediately.

We actually have this for suburban trains, it's just a receipt with a 1D barcode on it. You use the barcode to open the turnstile (on some stations where they are installed), but otherwise the tickets are checked by controllers that occasionally go through trains.

For getting around a city though, I don't see much of a good use case. In my city, if you're here for at least several days, you're expected to buy the refillable card. If you're only here briefly and only need to use the metro a couple times, it's 1.5x more expensive but you'd buy tokens or tap with your bank card.

The system can just keep track of whether the ticket has already been used before. You don't have to store the information on the ticket itself. You can store the information on a central server, connected to all the gates.

The ticket itself just has to encode an ID, and then the central database contains an entry for that ID that is checked by the gate in real time. When the ticket is scanned at a gate, the database gets updated.

That server would have to process thousands of requests per second during a rush hour with very little delay. In addition to QR codes just being much more finicky than tapping a card or sticking something into a slot.
It only has to process requests inside a single station, and then periodically sync up with a central server. This doesn't sound difficult at all.
This is indeed how systems around the world do it for NFC tickets. The problem with QR codes is that they're very easy to copy, so the potential for abuse with this approach is much higher. What's to stop people from using the same ticket on two different stations within the sync period?
The QR code can encode (or the system can track, or both) any combination of origin, destination, expiration (or purchase time + validity period), ticket number, etc. Check with the local server that the ID exists with the given information and that the ticket isn't expired, then allow the user through, and the server marks that ticket number as used. If the origin doesn't match the current station, the ticket is expired, or the ticket is used, don't let the user in.
So you would have to buy a ticket every time you go somewhere. That would work for tourists, sure, assuming there are vending machines that can print those QR codes. But it would not work for locals (imagine everyone buying tickets during a rush hour), and even for some tourists, it would be a nuisance. If you're visiting a city and you know you're going to take the subway N times, you would just buy N tickets, but with this system no such thing is possible.

And what about all those transfer discounts some cities have? Like if you're taking the subway and a bus within some timeframe, you still only pay once.

>You can't do that with a QR code without either the reader or the user's device having a persistent internet connection to some sort of central server that would keep track of all tickets, which is impractical.

This is literally how all of the UK Mobile Train Tickets work. The ticket is a 2D barcode either on screen or on paper. Every gate / scanner operated by a guard records when the ticket has been scanned. They are synchronised and a ticket from being scanned twice. It's not that deep

But that's a train that goes outside of the city or between cities. You usually buy a ticket specifically for the route you're taking so no system-wide synchronization is necessary, only the origin station needs to know that you've used that ticket.
  • chii
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
it would be interesting to create a wipe mechanism to erase the existing QR code (may be a belt/sander, or a laser like those rust cleaning lasers), and print a new one on (may be even use the same laser as the wipe!).
IC transit cards in Japan use heat-rewritable ink for something similar.

The ticket vending machines print your monthly transit passes right onto the face of your card at the beginning of the month, and erase it after it expires.

It's not a QR code though. Just human readable text for bus drivers. (Turnstiles in the subway still read the pass via NFC.)

If you really want a system that uses optical scanning and allows one ticket to be used multiple times, just make sure that there's enough room on the ticket for one QR code per trip. When validating, you'd print a new code in free space. You can also either print something over the old one to invalidate it, or just leave it and let the system itself figure out which of the codes is newest.
  • chii
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
i'd assume the QR code would contain a record of the transactions, but yea, i hadn't thought about multiple trips that overlap.
  • dwild
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
One advantage of the RFID, is that you can modify the ticket while using it. This is actually what made Montreal choose that solution. There's no internet connection to validate the tickets, they just update the ticket to say they are used.

I would have said that make it much more resilient, but I have seen so many buses that couldn't accept fares... I'm not so sure if it's the case.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The two big things that QR codes have going for them is that they're cheaper to make and that they can be trivially displayed on a smartphone screen.

Contactless ICs are more powerful in every other aspect: They're rewritable (allowing reusable tickets), they can support challenge-response authentication (allowing secure offline usage, which in turn makes for faster transactions at the gate), and they're much less finicky to scan in my experience.

I was in Rotterdam recently. Their metro system uses multiple approaches, some kind of RFID for hard tickets, NFC payment (without a ticket at all) and QR codes for time-limited tickets that you can buy in a phone app.

Getting those QR code readers to read the QR code was a nightmare. Almost all the cameras have heavily scratched protective windows in front of them, which makes the reading process a struggle of trying to find a working angle. Of course the scratching is vandalism, but subway systems must be robust against vandalism, cause it's something that happens and must be expected.

I switched to per-transit payment via NFC after using one of the time-limited tickets and realizing that you need to consider yourself lucky if you find just one working QR code reader at most stations. NFC worked like a breeze.

  • jhugo
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
When I lived in Shanghai 6 years ago they were trialling QR for the metro. It was really bad, always huge queues with people struggling to get the right angle/illumination/whatever to make it scan. I’ve never seen similar issues with contactless methods and in fact I think SH subsequently moved to them. The amount of data stored seems pretty trivial to scale if necessary.
When I was in Shanghai this year I used a metro QR code via AliPay, and it seemed everyone else did too. There didn't seem to be any issue with scanning them so I guess everyone got used to that. There was however a queue by the security theatre bag scanning device at every single ticket gate.
Interesting, I didn't think you could pay directly via Alipay or Wechat.

Most cities you can use chengchema/dachema mini-apps in Wechat to generate the QR codes, but also all the old smartcards I had from previous trips worked in their various cities (but only work in that city) and usually had slightly cheaper fares than the QR-code ones, which were the same as the cash price to buy a single-use ticket.

But yeah, the bag checking is annoying in China. Shanghai is very relaxed compared to everywhere else - most places you even have to have your water bottle scanned to make sure it is actually water, or else take a sip from it.

  • rjh29
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Your comment sounds good for overland rail, bus, event tickets, airlines etc and indeed QR is common.

But for subway/metro, during rush hour throughput it is important to able to tap an RFID almost instantly. QR is too slow and error-prone for subway/metro.

The world (including Montreal - these tickets are going away) has converged on credit card / phone / top-up charge card for that reason.

QR Codes are fine for one off event entries. For a transport medium that requires fast high volumes of people to go through its an awful idea. QR Code reading is slow, you can't avoid that.
Why is it slow? And is it still slow in perfect lighting conditions?
Its slow because it's read by a camera. That takes extra steps, and like you mention, lighting conditions. A QR code has to be detected, read and decoded, and thats after the image is processed. An NFC is orders of magnitude faster. Heck even an old school magnetic strip is faster than a QR code.

A better application for QR codes is scenarios where it doesnt matter that its slower. Airline checkins, concert tickets, etc work well, a busy subway where people are queueing to get through a barrier as quickly as possible is one of the worst places to use it.

When I travel to work, the time from me rotating my phone screen to present it to the qr reader window on the gate until the time that the gate opens is <1 second always. I’ve never encountered a delay, it doesn’t seem all that sensitive to what angle you hold your phone at either, it’s only sensitive to distance I’ve found, you need to hold it no more than 2 inches away.

Separately we have revenue enforcement patrols with handheld scanners. The time from the red flash of the scanner on my screen (triggered by the person holding the scanner, it’s not constantly scanning) until the beep for ticket result is < 200ms, I.e. it feels very much almost instant but with a little perceptible delay.

  • s0rce
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
RFID is less angle dependent on reading well quickly. There are delays boarding planes trying to get everyones phone to scan while the NFC seems to work a bit better just hold it up to the reader and walk through.
My understanding is that the STM (runs the Métro) likes to keep fares on the actual paper tickets or rechargeable card, rather than in some central database.

The paper tickets can hold many fares, including unlimited evening fares or two day fares. I believe this would be hard to pull off with QR codes without having to keep track centrally.

Unlimited fares should be extra easy with a QR code. Just put a signed expiration date.

If course duplication is probably a bigger risk for these tickets as they case be simply locked to one use server side.

  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> QR codes seem like a better ticket medium.

If it was a short-lived QR code generated on your phone, then maybe. But the whole point of MIFARE Ultralight EV1 cards is that they can't be cloned. It's for repeated use, not for printing and using once.

This is fascinating. We were just in Europe where we experienced these tickets for the first time. I had trouble with them; I was trying to figure out how to scan them because it never occurred to me that they might contain an NFC chip.

My wife, on the other hand, who is not at all technical, took it for granted that you would tap them and immediately figured it out intuitively.

I have found the same thing with my wife. I'm a technical person, but I'm extremely bad with tools and such, including the ticket thing. If no one shows me how to use it I'll probably figure out a way to insert it somewhere. My wife won't have any problem with this and other small tools.

The same thing with IKEA: I always rely on the manual and just blindly follow the instructions, and gets very frustrated if the instructions miss one step.

> The same thing with IKEA: I always rely on the manual and just blindly follow the instructions, and gets very frustrated if the instructions miss one step.

Thing I figured out assembling IKEA stuff in the past few years: if it seems like they skipped a step, look carefully at the details in pictures. Perhaps use a magnifying glass. There's going to be only one way to get from step N to step N+1, and all the information to figure it out is there. The drawings of all the pieces, from major parts to tiniest of screws, have accurate details, and there's enough of them to disambiguate the situation.

  • girvo
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
You really do need a magnifying glass for some of those details, as the (asymmetrical) holes that ID which way some part must go become dots at the scale they print some of the manuals. You're absolutely right though: all the info is there, just got to work it out
Ikea also doesn't use Philips screws. They have pozidriv screws and need pozidriv bits if you dont want to strip the screw heads. I learned the hard way.
I've never had an issue using my normal Phillips head screwdrivers with Ikea stuff
I’ve never seen them skip a step.

Basically all other flat pack furniture I’ve ever bought has, but none of the dozen or so ikea items I’ve assembled. It’s part of why I only buy flat pack if it’s ikea, now.

I recently assembled two non-IKEA flat-packed items from two different vendors.

One left out details in the diagrams in each step that they had deemed irrelevant to that step. This apparent attempt at simplifying the instructions stumped me for ages because I kept thinking I'd oriented pieces wrong due to the number of holes in the picture differing from the number of holes in the physical thing.

The other had switched some parts since the instructions were made, and hadn't bothered to update the instructions. This was a bit more obvious, but still kinda irritating for someone like me who is uncomfortable with uncertainty when I believe certainty should be attainable.

Whatever else can be said of IKEA, their manuals and quality control are excellent. I think of them as the McDonald's of furniture — it's never the best product, but it's damn good for the price, and you know exactly what you're going to get.

Also, their more expensive furniture can be of a pretty good quality (e.g. Idåsen for office furniture).
  • II2II
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> The same thing with IKEA: I always rely on the manual and just blindly follow the instructions, and gets very frustrated if the instructions miss one step.

Following instructions is a good thing. Plenty of people damage stuff when putting it together since it looks obvious, but they usually miss critical details. I would imagine that the people who designed the card scanners had to put a lot of thought into their design simply because they know many people won't read instructions and would do as you suggest: figure out a way to insert [the card] somewhere.

For things like IKEA furniture there often is a good engineering reason to do things in a specific order that is not obvious. For furniture this is okay - nobody does it often (or if you do it is a few things that you memorize the instructions for).

Transit has different considerations though. It is critical that doing the right thing is obvious without reading instructions. Someone might have an important meeting to make and the time to read the instructions (or wait for the person in from of them to read the instructions) means they are late. Or (worse?!?) that time spent in line is annoying enough that someone decides to buy a car. You can somewhat get around this with more fare machines - but they are expensive and take up a lot of space. Fortunately we have human-machine interaction specialists who can tell you how to make a fare machine that is easy to use correctly without needing any instructions.

Yeah...but apparently she is more handy than me. I always joked she should work as an engineer of some sort.
  • lukan
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
"I always rely on the manual and just blindly follow the instructions, and gets very frustrated if the instructions miss one step"

But why do people make incomplete manuals? If I have a step by step guidance and it doesn't work, because some steps were left out, than this is just a wrong manual!

(I share your frustration)

  • crote
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Because most companies view the manual as an afterthought. You've already bought it. What are you going to do if the manual is bad, return it? And even then, you're returning it to a third-party store - the manufacturer isn't going to care care. You bought an ShelfExpress for 50% off at Furniture Mart, can you really expect them to care?

Ikea, on the other hand, prides itself on user experience. Everything is Ikea-branded, so any complaint will come back to Ikea because the buck stops there. Everything is sold internationally, and they don't want to translate it into a dozen languages, so they have to make clear assembly diagrams. Their entire brand is built around having great assembly instructions!

  • gumby
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Typically this means they stepped the design and didn't bother to revise the doc, or used up the stock of manuals for the old version before starting on the new ones.
Some instruction booklets are completely BS. I recently tried out a Coleman 8-people tent and the booklet is just a 4-picture page. The official setup video on YouTube is less than 2 minutes...

I mean, it's completely useless for people who has zero experience with camping -- exactly the people who need those instructions and videos and exactly the people who buy these types of tents from Costco.

  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Does the card not have the three-arcs nfc symbol? Similar to the wifi symbol. To me the fake printed dip-chip is more confusing!
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The fake chip is definitely weird!

The logo you mention (four arcs actually) is owned by EMVco though, and they let people only use it for credit and debit card contactless payment cards.

There’s also an NFC logo, but as mentioned elsewhere, these cards aren’t really NFC cards, so that would also not be the right thing to use (I believe the NFC forum wants something to happen when you touch anything bearing that logo with your phone).

Most metro stations have a much simpler way for travellers to figure out what to do: of loads people who do know how it works, ahead of and beside you.
  • ghaff
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It's getting better but, in my experience, once metro systems got away from manned booths and tokens, the systems worked fine for commuters but led to lots of fumbling and long lines for tourists.

Trains in the UK still have a certain amount of "Which of these tickets/receipts go where?" while a line of irritated locals is building up behind you. Fortunately, also being the UK, someone will help you if you're struggling with something sooner rather than later.

With a requisite amount of Tsk-ing I hope.
  • ghaff
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Not really. My last trip to the UK I ended up--because of a complicated trip--with more of a bag than I should really have had on public transit. I was actually a bit embarrassed but a few folks were super-helpful with tube stations that were, shall we say, not exactly mobility friendly.
I'm not a Londoner, but I am British, and so feel qualified to say that you don't need to feel embarrassed :) I've travelled with over 100L of luggage on the Tube before - it's my contribution to the trains' traction!
Is that the fault of the system, or the fault of the tourists for visiting a new place and not reading up on local customs?
I always read up on how the local transit system works when I visit a new place. But that’s never adequately prepared me to smoothly use a public bus like a local would the very first time.

Some transit systems are just inherently more confusing than others. It doesn’t matter to the locals who know the quirks, but that doesn’t mean something can’t be improved. NYC has a great subway system, but I find the signage and general wayfinding quite lacking. Tokyo’s system is on a similar level of complexity but has excellent wayfinding and is generally much easier for a tourist to use.

Poor UI is poor UI. Recently visited system which supports contactless payment. So the terminal is there. And it has arrow to left with logo of contactless payment. Logically first thought is that you just swipe card from right to left over it right? No keeps failing, is something wrong with my card? Also other card does not work...

In the end assholes designing it hid the payment terminal in such way that you can't see it from usual angle of use.. Amazingly hostile user design for those that rarely use that transport system...

I'm into transit and so I did my best to understand the system last time I went someplace - and it still took me a few minutes to figure out what I needed to do last time I went to a new city. And the tourists who didn't think to look this up in front of me took even longer. Nothing was hard, but when you don't know exactly what you need it takes some time to figure that out.

The above assumes you know you will be there and so can look things up. I wasn't planning to leave the airport in one city so I didn't look up what locals do - then weather made me miss the connection and I was stuck in a city for a day.

Locals going to a new part of their own city often have the same problems trying to read the map and time tables. They are faster than tourists, but still need extra time because they don't know what is going on.

“Make the damn train work” is not a local custom. Aside from that the UK rail system is so complicated and expensive you’d expect a manned gate at every station at the least.

£150 from London to Leeds?! I can fly halfway across Europe for less…

£165.90, to be precise (anytime single). Or, if you travel late-morning to early-afternoon, £70.20 (super off-peak single). By booking weeks or months in advance, you can travel for as little as £22.50 (advance single).

The unofficial BR Fares[1] website does a lot to untangle the complexity, although it can only do so much to mitigate the expense.

[1]: https://www.brfares.com/

I’m used to traveling the same distance for around £40 regardless of the time I book (shinkansen).

I guess it’s too bad I can’t save money on booking in advance, but on the other hand, I can easily jump on the train at any point of the day without sticker shock.

  • ghaff
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Making purchases ahead varies quite a bit across Europe. The UK seems to fall pretty hard on the you really should buy well in advance side or you're going to pay through the nose.

I used to work with someone who, even on an expense account, would roll their eyes if someone wanted them to do a last minute trip to London.

Indeed! Travelling last-minute, you could even be 'quids in' by popping over to the continent for an afternoon so that you'd be eligible for an Interrail ticket:

  4-Day Interrail Global Pass, Adult passenger:    €283
  Eurostar seat reservation (any destination) x2:  €060
                                                 = €340 (~£288)
Nearly fifty pounds less than the price of two Leeds <-> London Anytime Single fares, £331.80! And since hotel rooms in London aren't cheap either, you might even save money by staying the night in Lille rather than London. Kings Cross is part of the same station complex as the Eurostar departures at St. Pancras, so you would save money, spend less than three additional hours travelling and not even risk getting rained on.

This is Hacker News, but even still, I feel kind of icky suggesting a 500-kilometre detour to save money on a journey between two British cities no further than that distance from each other. How I wish we could just have a British version of the Austrian 'climate ticket' and leave all of our inscrutable rail fares behind us!

I recently visited Paris. I read up and watched videos on how to use the metro. They didn't really cover many of the important local customs: I let people off the train before trying to cram in and I held the exit gates open on my way out of a station so they didn't slam in the next person's face. I must have stuck out as a tourist. The "act like a local" public info available is never sufficient.
  • ghaff
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Ah, yes. The good old "It's the user's fault for holding it wrong."
[dead]
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
No, the card doesn't have any symbols like that. It does have a pictogram of the card getting tapped on a reader, along with the text "Apposez sur le lecteur".
My guess would be that they used plastic chip cards before (those often also do NFC) and only switched to the paper cards later - at which point they either deliberately copied the whole design including the chip contacts to make the switch as unnoticeable as possible or just lost or couldn't be bothered to find the original design files and scanned an existing card for the print template.
That's funny - I'm sure I would have shared your confusion, as all tappable objects in my world are made of plastic. I wonder how your wife thought of it?
The ones in Athens are thin white cards and as such easy to see the aerial through it. Additionally there's no slot to put it through, and a big tap surface at each gate with the RFID logo with someone tapping a card on it.[1] I think it would be hard to miss for anyone familiar with the concept of tapping cards.

[1] https://www.athenstransport.com/english/tickets/

> ... as all tappable objects in my world are made of plastic

yup in mine plastic and metal but not paper.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Probably a mix of plastic and metal: Full metal cards don’t actually support contactless interfaces!

Two common ways of getting around that is to either sandwich a plastic part containing the antenna to a metal one, or to punch out a circular part in the middle of the metal card and put the antenna in there (and close it all up using more plastic).

One card that doesn’t do either is the Apple Card – and as a result, you can’t tap it!

> Probably a mix of plastic and metal: Full metal cards don’t actually support contactless interfaces!

Well it's really annoying: the "metal" card (maybe as you say a mix of metal and plastic) is harder to swipe, so I got use to present it face down instead of face up, for I noticed that that way I get a better percentage of success on the first try.

I don't have the problem with my full plastic credit/debit cards.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Yeah, the sandwich-type cards usually have one preferred side for contactless taps. That's one advantage of the cutout-style cards, I suppose, but I haven't seen many of these lately.
> I wonder how your wife thought of it?

Probably because it's around the size of a credit card and has fake smart card contacts printed on it. That being said, I would probably get confused myself too.

Where do you live? Chicago has had these contactless paper tickets since 2013
  • cbhl
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Atlanta has been using a form of these contactless paper tickets since 2006.
Romans have used tickets before AD, guy at the gate checked it without any contact
Thunder Bay, Ontario. Pop. 110k. We still have the sort of carnival-style paper tickets. I would guess that most smaller cities don’t have fancy NFC tickets.
I’m surprised you have a subway at all
We don’t, we have a bus line.
For small cities a bus is better than a subway. There is no traffic so a bus moves fast enough, and roads don't cost that much. You need those roads anyway for trucks, so may as well reuse them. When a city grows close to a million they should start installing metros - but cities have plenty of warning and so should start reserving space for the metro at 500k.
I recently learned that you can just give a printing company a hundred bucks or so and have custom NFC cards printed for you, you don't actually have to be a big transit agency with an ongoing contract for millions of the things and a custom JavaCard NFC application or w/e coded for you.

I used this knowledge to replace the QR code membership card to my friend's bar with an NFC card version, it looks really cool in your wallet compared to all the flimsy paper stamp cards from the other bars.

You can even get blank cards, I have a few from university days. And you can get card printer... Can't find exact price now, but not extremely priced. In theory you could just do whole thing in single location from coding the card to printing it, even with custom information.
You can use these around the house or car for location-tap automation. Tap on NFC tag and mobile phone can trigger a custom shortcut for local action or SSH script to Linux SBC or micro PC. Response time is about one second. Even the iPhone SE2 has an NFC reader.

For vision-impaired people, NFC tags can be attached to objects and the phone can read an audio description when the object is tapped against phone.

  • ck45
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
This reminds me a bit of Nabaztags, or maybe the reverse. They would also read something that resembles NFC and could perform an action.
Around that time, I recall there being a lot of hype around RFID tags. E.g. the Touchatag was just a bunch of RFID tags and a USB RFID reader, but marketed as a consumer product. This never really seems to have caught on, though.

Nowadays, I suppose most consumers do have RFID tags (debit cards, transport cards, building keys, e-Passports), they just might not be aware of the underlying technology.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Given that these things are essentially QR codes via another medium, I'm not surprised that it never caught on: QR codes are much cheaper to make (it costs nothing to include them on a leaflet other than some extra ink/toner!) and basically serve the same purpose.

Where they make more sense is when they actually include dynamic information: Some of the newer tags can e.g. include an authentication tag in the URL part, which lets you verify the tag's authenticity (together with a web service that keeps track with the high watermark of opened sequence numbers).

I wouldn't call that "RFID" anymore, though; to me, RFID means transmitting only an identifier, with all the logic happening on the backend, but ISO 14443 tags get most interesting/useful when they go beyond that and do things like authentication or local processing.

All the patents and "sekhurity" isn't helping. A decade ago, I ended up with a bunch of programmable NFC stickers that my Galaxy S7 suddenly wasn't able to read, because some MIFARE intellectual property issue retroactively bricked this class of NFC stickers. Good luck figuring out where on the compatibility matrix the Amazon listing you're looking at is.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
MIFARE (classic) tags were never really compliant with any industry standard (whether freely available or patent-encumbered) and are not actually NFC tags, so many systems betting on that but later wanting to e.g. change reader chip vendors ended up with issues such as this. (There's a way of writing NFC/NDEF-formatted data to them, but it's only readable by NXP chips.)

If you buy any standard NFC forum tag, chances are pretty good that it'll work with any Android or iOS device. The Ntag series has worked pretty well for me on both OSes and across various phones; I have one that instantly and cross-platform rickrolls everybody tapping it.

We need a name for the phase of innovation curves after IP warlords have completed vision quests, leaving a stable landscape.

This vendor has an array of RFID products: https://gototags.com

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Author here for all your NFC chip questions :-)
That was a god read, thank you.

Do you have any insight into the economics of this in general compared to other disposable solutions. Are manufacturing old school magnetic stripe tickets, or just optical scanning/barcodes a lot cheaper?

I imagine magnetic stripes have a higher failure to read rate at the turnstile causing issues, while both them and optical scanning requires the ticket to be inserted into the machine, adding complexity and moving parts.

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I couldn't find a nice price breakdown. I'd expect the magnetic stripe tickets to be cheaper to manufacture, but since the NFC tickets cost pennies, there isn't a lot of money to save. I agree with you that magnetic stripes would have a much higher maintenance cost due to the mechanical aspect and the read/write head. Optical scanning seems less likely to work the first time, based on my experience with airplane checkins. NFC is probably the best from an ecosystem perspective since it can work with credit cards and phones as well. NFC readers are probably the cheapest since they are produced in large volumes for credit card point of sale.
I’ve occasionally gotten to watch transit workers open up and service the magnetic stripe card readers in the BART. Those things are complicated. It may well cost less to outright replace a contactless reader module on a fare gate than to service a magnetic stripe ticket machine once. Even an Adafruit PN532 board is only $40.
  • edub
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I've not worked with the Adafruit PN532, but for an extra $10 you can get a Pepper C1 USB from Eccel which is very easy to work with. It is a stand-alone device, so you don't have to connect it to anything but power. Has WiFi & BT built in and has a built-in web server to configure it with, you can have it make calls via REST, MQTT, WebSocket.
  • crote
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Interestingly, the Pepper C1 is essentially a PN518 (presumably a sibling of the PN532 on Adafruit's board) hooked up to an ESP32. So a very simple device - and I've had a project on the backburner which is pretty much a DIY clone of it. If they made a USB-C version I'd ditch mine and buy it in a heartbeat.
  • mjg59
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
BART stopped accepting paper tickets last year, presumably because of the complexity (not just the ticket barriers, but also the fare machines and add value machines that also had to handle them): https://www.bart.gov/news/articles/2023/news20230911
Yeah, they moved to a native integration with Apple/Google/Samsung Wallets, and Clipper cards as a backup (but they really try to discourage them, at least for tourists).

The cool thing is that their thing doesn't work with all Android phones for an unknown reason (various people from the transit agency said "oh Android? Yeah it doesn't always work with Android"), which you have no way of knowing before topping up money and trying to use your phone.

If anyone is curious, it was a Xiaomi Redmi phone, a midrange one that has no issues paying over NFC. A OnePlus next to it with the same Android version worked just fine.

And if a machine jams not only do you need staff to spend hours to repair it, but you need to pay staff, or contractors, to do it.
FWIW, Montreal used to have mag strip paper tickets and turnstiles to match, but ever since the new paper tickets rolled out we have new svelte turnstiles with an NFC reader exclusively.

They've been trying to get contactless bank card payments going on the same turnstiles but roll-out has been bogged down by other transit agencies apparently.

  • caf
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I'm curious about how the unique ID is programmed into each chip. Presumably all the chips on the wafer come out identical - at which point in the process are they individually selected and given a unique personality? Is it done with direct electrical contact that is then fused off, or using the near field link?
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Since they need to probe each die to test it on the wafer, they set the UID at the same time. According to the datasheet, "These bytes are programmed and write protected in the production test."
Maybe some kind of custom NFC command that writes the UID into the EEPROM and sets a flag that it's now read only?
It's probably done through normal write commands if there is any explicit lock bit at all (it could doesn't just check if any of the UID bits are already non-zero and then reject the write). You can actually make other parts of the memory read-only too by setting bits at a specified address [0] (which then cannot be unset again).

[0] https://www.nxp.com/docs/en/data-sheet/MF0ICU1.pdf#G4008599

  • crote
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
How do they make the chips so incredibly thin?

Surely they're not using 75µm/120µm wafers throughout the entire production process - that's literally the thickness of a human hair! Can a 200/300mm wafer of that thickness even support itself, let alone all the stresses in the production process?

How difficult is it to clone MIFARE Ultralight EV1 chips? You mention the UID is signed, can you simply copy this signature? Do you just need to buy one of the magical chips of the same design, that allow uid/serials to be written?

What is the actual mechanism behind the DESFire and other secure NFC chips that prevents cloning?

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I haven't really looked into the security aspects. I think that you could clone one of the Ultralight chips, but it wouldn't gain you anything because the security is in the backend. It's a lot like a printed concert ticket or boarding pass. You could print as many as you want, but the ticket is still good for just one admission.

The DESFire and other secure chips contain a cryptographic key that you can't access. Without the key, you can't make a clone of the chip. The cryptography provides authentication and encryption that you don't get with the cheap Ultralight chip.

I think this is all market segmentation; they don't put more security into the Ultralight chip because they don't want to cannibalize their higher-end sales.

In general, the card emulation devices (e.g. the chips in phones) try to avoid letting any arbitrary UID be set. This makes cloning these cards more difficult than it would otherwise be. It’s not terribly difficult to find devices (USB-connected things and battery-less cards) that do allow arbitrary UIDs to be set, though.
> the card emulation devices (e.g. the chips in phones) try to avoid letting any arbitrary UID be set.

I can't think of a much worse way to do security. That feels like trying to flood the market with lockpicks that don't work instead of making a more pick-resistant lock.

I imagine this is because the locks contain chips from NXP (PN532 chips), the name-brand MIFARE chips are made by NXP, and the lock picks (also PN532 chips!) are made by NXP.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Ultralight supports password authentication, and you can diversify the password from the serial number, meaning that until that password is revealed by a legitimate reader as part of a validation transaction (at which time the ticket is invalidated anyway), you can't clone it.

Ultralight C does support actual cryptographic authentication.

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I don't think the password authentication helps against cloning. You could start a transaction and stop after you get the password. Then you could clone the card. (The system could invalidate the ticket as soon as they get the UID, but that would be a reliability nightmare since a failure during the read would invalidate someone's ticket.)
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
You could do that, but it still greatly raises the cost for an attacker, since they need to hang around a ticket validator for every ticket they want to clone, as opposed to e.g. a QR code ticket, which can be trivially copied by a simple screenshot.

Also, many of these transit systems are eventually consistent (they're usually offline-capable for resilience, but usually manage to send all validation transactions to a backoffice system within at most a day, and often minutes).

This allows detecting duplicate usage fairly quickly. In systems where you need to tap out as well as tap in to leave the turnstile, that's where ticket inspectors might take a sudden interest in you if you tap out with a cloned ticket.

In the end, as with most security systems, the goal is not to make fraud absolutely impossible, but to make it economically non-viable.

You have to hang out to get the id of a simple 125khz tag too - this is what cloning means
  • ak217
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Thanks for the write-up.

How does this fit into the broader NFC ecosystem? What do other big metro systems like Omny, Clipper, Smartrip etc use? Apple and Google seem to implement some NFC protocols in their devices but in a much more programmable way, how does that work? Is the protocol used in credit cards related at all? And how do these relate to Felica, the system used everywhere in Japan (which was in the news for a while because the factory where they made the chips burned down and they had a chip shortage - giving Apple an opening to move into the market with iPhone NFC)?

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
That seems like a question for @lxgr :-)

As far as I can tell, the NFC ecosystem is a mess of competing, incompatible protocols from different companies, as well as incompatibilities for historical reasons. For example, Clipper uses MIFARE DESFire, which is the more secure sibling of the Ultralight chip that I examined. Washington's SmarTrip cards use MIFARE Plux X. New York City's OMNY, on the other hand, is apparently built on top of the Mastercard payment network using EMV. Montreal's rechargeable OPUS card (not the disposable one I examined) uses the completely different Calypso standard. FeliCa was developed in Japan along a different path and has a different standard (NFC-F vs NFC-A) with different modulation, protocol, and data rates. The NFC chips used in phones try to be compatible with as much as possible. These NFC systems all use the same 13.56 MHz frequency, so the radio hardware is compatible across them.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
On it, but I couldn't have said it better :) To expand on Felica vs. ISO a bit:

Theoretically Felica is a different stack from ISO 14443, but it's close enough that it almost got specified as a variant of ISO 14443 as well (C; MIFARE and most other systems use A). NFC does specify Felica as one possible official tag type (then called NFC-F, as opposed to NFC-A and NFC-B), so practically, most mobile devices can just also read it.

For anybody wanting to experiment a bit, I can highly recommend getting any Android device and installing NFC tag reader by NXP; it'll show you what technology exactly a given card uses, and in some cases can show you other interesting information as well. There's also an app that lets you read the current balance of various transit cards.

How and why did you learn about this topic? :)
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Apple and Google achieve the same outcome (i.e. something called "card emulation", where an NFC chip can act as an emulated ISO 14443-4 smartcard), but they achieve it through very different ways:

Google just has an Android API for it called HCE (Host Card Emulation), and anybody can write an app that implements it (i.e. Google Pay has no special position compared to competitors). In a nutshell, you just get a callback for every APDU (protocol message) the phone receives from the reader and get to respond as you wish.

Apple embeds a secure element in their devices, which is a chip almost identical to that you'll find in actual physical cards, but with an additional interface that connects it to the application processor, so that the OS and (privileged, i.e. Apple Wallet only) apps can interface with it and load new card applications. That's why the storage in Apple Wallet is limited to 50-ish cards, but Google Pay allows many more :)

Felica is not part of the ISO 14443 family, but closely related and also an official physical layer of NFC (NFC-F), so many devices practically support it as well. To my knowledge, there is no software-based emulation for it though (that's always a bit risky for stored-value cards), so Suica etc. only work on Japanese phone models that have the necessary secure element, as well as on all iPhones (Apple installs a Felica applet into their secure element on demand).

Is it possible that the Android implementation could be less secure given the lack of a dedicated secure element? Perhaps not, but I am curious why Apple does it that way.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It's definitely less secure for issuers: The entire point of having a secure element is that the issuers of digital wallet cards and passes can't trust all of their users to not decompile their app and extract a private key that grants fraudsters infinite money or transit rides. Physical cards and secure elements on the other hand are resistant against key extraction even in an adversarial environment.

There are ways to mitigate that in software (e.g. by not ever loading long-lived keys into software, fetching them just in time after device attestation etc.), but while that works pretty well for the kind of payments where the terminal needs to be online anyway, it's very risky for offline transactions.

That's why Suica and most other stored-value passes only support iPhones and a handful of specific Android devices that have a secure element (or can use the SIM card as one).

> Is the protocol used in credit cards related at all?

In e.g. London and the Netherlands, the readers were upgraded to support tapping in and out with a debit/credit card or Apple/Google Pay.

However, Apple also seems to have an ‘Express’ mode, which even works when the battery is empty (‘Power Reserve’).

It seems to me that there must be three protocols: the one for the disposable and stored-value tickets (ISO 14443?), EMV for debit/credit/Apple Pay/Google Pay, and Apple Pay Express.

  • lmz
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
EMV (specifically EMV contactless) is also based on ISO 14443, it's more like an application layer protocol on top of it.

Apple Pay Express is just Apple Pay without the need for the full system UI: "If iOS isn’t in use because iPhone needs to be charged, there may still be enough power in the battery to support Express Card transactions." it interacts the same way as the physical card equivalent (otherwise they would need a reader upgrade).

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Both EMV and MIFARE (and similar solutions) indeed sit on top of ISO 14443-4 (or -3 for the older/lighter MIFARE versions), but they're conceptually very different:

EMV is an account-based payments protocol, and the card only confirms its presence in a transaction; balances are managed on the backend. The reader does not authenticate itself to the card at all.

MIFARE is a stored-value service and as such keeps track of the card's balance on-chip. This requires another smartcard on the reader side, holding the necessary keys for mutual authentication, but allows two-sided offline transactions, which is quite useful for transit applications (e.g. buses dropping out of network coverage, allowing higher volumes even during short server outages etc.)

> MIFARE is a stored-value service and as such keeps track of the card's balance on-chip. This requires another smartcard on the reader side, holding the necessary keys for mutual authentication, but allows two-sided offline transactions, which is quite useful for transit applications (e.g. buses dropping out of network coverage, allowing higher volumes even during short server outages etc.)

MIFARE cards are used in all kinds of applications and not all of them require the reader to authenticate itself. And even in authenticated uses the keys don't neccessarily need to be stored in a smartcard (SAM) depending on the security requirements. For the simpler MIFARE cards a secure enclave for the keys doesn't even provide any additional security since they key is transmitted to the card anyway - and the simplest ones don't have any authentication at all.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> a secure enclave for the keys doesn't even provide any additional security since they key is transmitted to the card anyway

I'd assume that the keys (more accurately passwords, since a key would never be transmitted to the card over an unencrypted interface) are diversified by card serial number though? In that case, it would still be useful to have an SAM to hold that diversification key. You could further store some MAC authentication tag on the password-protected tag that the SAM needs to see before revealing the password over the radio.

I'm not saying that this is how every transit system practically does use MIFARE Ultralight, but based on the design, it's definitely possible.

Right. Much like the fact Find My functionality can still let you track your phone when it’s “dead”, the power requirements are just so low that when the phone can’t get going due to the requirements of the CPU + RAM + display there’s plenty to power NFC/BT beacon stuff for a while.

An AirTag can operate on a CR2032 for two years. An Energizer datasheet says that’s 235 mAh. An iPhone 13 Mini has a 2438 mAh battery (~10x). It makes sense the phone could do it for at least a day or two with the left over charge.

(I don’t know how long it would actually keep working)

Kind of a software question, but why isn't nfc with asymmetric keys a thing? It seems like at best this is a custom javacard app on select expensive cards ($4 per card if you buy 1000 on aliexpress) or $70 for a yubikey otherwise. Is getting the signature time fast enough just impossible with current hardware/tramission power restrictions?
Not an NFC chip question, but what kind of microscope do you need to get silicon photos of a chip so tiny?
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The trick is to use a metallurgical microscope, which shines the light down through the lens. A regular microscope illuminates from below, which works fine for cells, but not for opaque chips.

Specifically, I use an AmScope ME300TZB-2L-10M microscope, which my friends consider an entry-level microscope, but it works for my needs.

I’ve been curious about the orientation of these devices. For examples, if I want to track an item’s presence in a box, would I have to coat the entire item in these chips to get one to be in the right orientation?
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I think it depends on the type of antenna. A linearly polarized RFID antenna is sensitive to the tag's orientation, but a circularly polarized antenna is less sensitive to orientation. Systems can also use more than one RFID antenna to get better coverage.
I am interested in the plastic layer with conductive traces for the antenna. How are these made? Do you know of a source that talks about the production process for them?
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I don't know personally about the antenna manufacturing, but one web page talks about printable conductive silver ink for producing RFID antennas. https://www.sunchemical.com/product/printed-antenna/
as always a delight to read ken! im curious about speculation how to do the bonding and mounting of these chips at scale. at this size even the general handling and cutting of wafers are hard to imagine for me. how did the connections to the antenna look like and was there an indication of different glue / adhesive layers apart from the coatings you described?
I really enjoyed this read, thanks.

In the footnotes you said:

> One complication is that the counters have an "anti-tearing" feature for additional security

Two questions:

1. Why is it a "complication"? Is it just that it makes the counters more complicated, or is there something frustrating about the counters? 2. I would love to learn more about how the anti-tearing feature works!

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The problem is that if the user tears the card away from the reader in the middle of an update, that card can end up with corrupted data. This makes implementing the increment-only counters more complicated. For instance, the straightforward approach might hold 00 FF in two bytes. If you increment the counter by updating the low-order byte first, but the card gets torn away before you update the high-order byte, you end up with 00 00, and the counter has gone backward.

A simple way of preventing tearing is to have two copies of each counter; if there is tearing, then the two values will be different.

Looking at an NXP patent [1], they use a much more complicated approach, using a level of indirection. They write the new value to a different memory page and then update a pointer to the new page. There are various progress bits recorded along the way so they can roll back as needed.

[1]: https://patents.google.com/patent/EP3226141A1

Here's an article describing an attack on the anti-tearing feature: https://blog.quarkslab.com/rfid-monotonic-counter-anti-teari...

Could someone just use an nfc enabled phone to get it to act as a ticket?
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
For MIFARE Ultralight, yes – it's essentially just a bearer token with no encryption/authentication. I believe there's a password mechanism, though, which might just be good enough for single-use tickets. That password can be derived/diversified from the card's serial number, making such a scheme still significantly better than e.g. simple QR codes.

MIFARE Ultralight C and larger/more expensive chips allow challenge-response authentication, making them pratically uncloneable. These are usually used for reloadable and monthly passes.

Layer 3 and down yes, 4 and up depends
Is this the same system used by Boston MBTA? I was surprised to see single-use tap cards when I visited there for the first time yesterday. I wondered why the ticket isn't reloadable.
Most people who live in Boston use the reloadable CharlieCard (https://www.mbta.com/fares/charliecard) - these report as Mifare Classic 1k, which is a similar chip

There are single-use fares as well, the "CharlieTicket" that you might've encountered.

More CharlieCard NFC info:

https://medium.com/@bobbyrsec/operation-charlie-hacking-the-...

https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20pre...

Yeah I figured but you can't buy a charliecard online to load into your smartphone wallet, and I only needed it the once, and since it took more than an hour to get to Cambridge due to some combination of circus acts I used Blue bikes for the remainder of the day.
Ah yes, it's not quite there, but almost. Contactless payment directly at the turnstile is coming to Boston MBTA this year, I believe. Like how NYC works now, where you can just use your credit card for entry.
  • chgs
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
This is the London system we’ve had for a decade, it was licensed to other areas a few years ago.

I found myself in Paris having to cross the other day and forgot how terrible the old way of buying tickets was, amazed that it’s still the norm in so many cities

Single tap cards are usually just used with their "hardwired" chip serial number. That is stored in a central system which invalidates the number once you used it. This makes it rather easy (even if its environmentally unfriendly) to issue these cards: load a number of cards into your machine, register the serial number and invalidate it when used.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
That's no longer the case: Many of the newer single-use ticket ICs (including the MIFARE Ultralight one mentioned in the article) actually support data storage and (very) basic cloning protection.
While it is possible to use advanced features from newer chips, I know more than one actual system where they just use the serial number, even when rolling out more advanced Mifare based cards. So your "that's no longer the case" is a bit too general/optimistic IMO.

And sure, simply using the serial number might pose a security risk depending on the application, but that rarely stops implementors to implement such schemes. More often than not do people believe in security by obscurity, sigh. For a simply ticket system the serial number should be secure enought as it is a use-once application.

That the chips support data storage doesn't mean that that feature is used. There are systems that use MIFARE Ultralight cards for the UID alone just because they are cheap and easily sourced.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Definitely, but my point is that that’s not the only way to do it.

You can also store only an ID in a QR code, but you could also fit more information and a digital signature of it in there.

How much cheaper and smaller can they get before we see them used in parcel and freight?
You already see RFID tags used in retail so I would not be surprised if that isn't already the case somewhere in the shipping industry as well.

I imagine those can use even simpler chips that are completely read-only over the air and only have a UID programmed.

Several such pilots for this have been in flight the last couple years.
> The Ultralight chip has a few features beyond a printed ticket, though. The chips are manufactured with a unique 7-byte identification code (UID). Moreover, the UID is signed, ensuring that fake UIDs cannot be generated.

The problem is, they can be just as easily cloned. Your average Flipper Zero can do that.

If you want actual security, you have to go for a challenge-response scheme - i.e. every card is provisioned at the factory with a unique private / public key pair, and the public key gets signed by the factory. Then, to verify authenticity, the terminal gives some random nonce, the card signs it using its private key, and the terminal verifies that against the factory's public key.

> Even so, there were a couple of times that I lost track of the chip and had to check some specks under the microscope to determine which was the chip and which were dirt.

That is the really amazing part for me. We as humans have difficulty handling them, but how on earth does a machine even manufacture these, much less orient them consistently for the bond process to work?!

> If you want actual security, you have to go for a challenge-response scheme

Another option is to just store used UIDs in a database. In fact, you could do a system with only UIDs. For a single use ticket, validate the UID signature and mark it as spent the first time it is used, then every use after that will be denied.

A card can be cloned, and it will work, once, it means one could steal a ticket by walking by and using appropriate equipment (not just a Flipper Zero as it is too short ranged) and use it before the legitimate owner does. I don't think it is something to worry about for a single use subway ticket.

To improve security for multi-use tickets, one could use rolling codes: every time a ticket is scanned and its UID validated, some code is read from the NFC memory and it has to match a sequence, the next code is then written back to memory and has to be provided next time, invalidating any clone. Tickets can still be stolen, but you can't beat the system unless you crack the server-side encryption.

More valuable tickets like commuter passes can use a different system with a challenge-response scheme.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
This scheme implies a low-latency, high-availability connection to a backend database. That's not easy to achieve in many transit system environments, hence the relative popularity of systems with some level of distribution.

Practical systems often are online these days, but only use that connection for eventual consistency style reconciliation.

> A card can be cloned, and it will work, once, it means one could steal a ticket by walking by and using appropriate equipment (not just a Flipper Zero as it is too short ranged) and use it before the legitimate owner does.

Even MIFARE Ultralight supports a basic password authentication scheme, where only legitimate readers know (or can derive) that password, so there a bit better protected against cloning than pure passive storage cards.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> The problem is, they can be just as easily cloned.

Not if the validation system uses the password feature of MIFARE Ultralight. For single-use tickets, which are invalidated immediately after being read, this can be good enough and is much more lightweight on the IC side.

  • chx
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It's utterly not worth it. Your time to get it working, the equipment... but even if you have all of those if you get caught they will throw the book on you to scare away others. You can be charged by Unauthorized use of computer, Fraud and who knows what else. All of that to save four dollars on a ticket? When every station has cameras?
The thing is, you have to do it only once, and then the clones and knockoffs come.

Like what, there's Tiktoks advising young dumbasses precisely what they need to steal and joyride cars.

> Like what, there's Tiktoks advising young dumbasses precisely what they need to steal and joyride cars.

Yeah, because cars are valuable and joyriding a stolen car is impressive and cool to lots of teens. Getting a free ride on the bus is like negative street cred.

> The problem is, they can be just as easily cloned

But you can only clone a ticket who's ID you use. So you can buy a ticket and clone it, but what have you achieved? It is still validated "on the backend" once you use either the first time.

So the only real risk is that you clone a random person's ticket between them buying it and using it which is a security flaw, but probably a very minor issue in real-world use.

Maybe there could be slight issue with day passes? You could buy a single day pass then issue clones at a lower price. However it is likely not an issue worth paying for more expensive chips to avoid.

> If you want actual security, you have to go for a challenge-response scheme

Sure you just have to accept that you're now vulnerable to Denial of Service attacks, or just DoS due to unrelated service infrastructure outages caused by things like backhoes.

> much less orient them consistently for the bond process to work?!

It's not all that consistent. They have a 3% failure rate. And you have to accept a unique map of "broken chips" with every single order you receive.

I am apalled at the crazy amount of waste this creates. Millions of tickets with chips inside them?

My understanding is that they are one time use?

In New Delhi metro, India, they used to use plastic tokens with these chips, but at the end of the journey, to exit the station you have to give the chip back.

Nowadays, they use a printed QR system, and they have even gone paperless. I can buy the ticket with my mobile app, pay using UPI instant payment, and show the qr code on the phone to the scanner and then travel.

For monthly card holders, rfid chip based cards are issued.

The fact that they cost just a few pennies each is a reflection of how little waste is occurring. If waste bothers you, focus on something worthwhile like canceling just one airline flight.

Lifetime of a plastic opus card may even be more wasteful, by mass of plastic and chip, if not used extensively. For example, one time use is often for tourists, where a full chip opus would be very wasteful indeed.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> If waste bothers you, focus on something worthwhile like canceling just one airline flight.

That's just whataboutism: If there's an alternative way of solving the same problem that generates less waste, why not use it?

I find the contactless coin form factor for single rides quite clever personally, and I don't see any downsides compared to paper single-use tickets (other than that validators and gates need some storage container to collect them, which could be tricky in buses).

Just because you don't see downsides doesn't mean there aren't any. Coins are lost or broken or intentionally damaged, and may need cleaning and staff to handle and transport them. It's not zero waste. In fact I suspect the STM solution may overall have less waste. If you read the article, the chip is the size of a grain of salt.

Airline is not just whataboutism. It illustrates the absurdity of scale in your point. Imagine someone who is spending 20 minutes to save themselves 4 pennies on their electrical bill, but they are running 8 air conditioners with their windows open during a heatwave. Yes, that's whataboutism, but it's an informal fallacy, meaning I may still have a good point.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> I suspect the STM solution may overall have less waste. If you read the article, the chip is the size of a grain of salt.

The antenna isn't, however. In any case, I think there's a pretty high chance these tickets will not end up in a dedicated recycling facility that can properly separate antenna from paper and recycle both, disregarding the chip.

For similar reasons, Japan is phasing out even magnetic stripe single-ride tickets out of recycling concerns (in favor of QR code based ones).

> Imagine someone who is spending 20 minutes to save themselves 4 pennies on their electrical bill

That's not an appropriate comparison, though. Buying a reusable token doesn't take 20 minutes more than buying a paper ticket.

Imagine instead a device manufacturer spending some months of R&D to help every single household in a large country save 4 pennies on their electrical bills, and it doesn't seem so absurd anymore.

> Buying a reusable token doesn't take 20 minutes more than buying a paper ticket.

No, but it could expend 20x the resources, and not be used 20x as much.

As the article mentions, the purpose of these paper tickets is for single-use or short term use, and the system also supports plastic cards for longer term use.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
These tokens are collected at the end of each trip (or you can’t leave). This obviously only works in systems that have mandatory exit turnstiles.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I find the plastic tokens quite clever, but QR codes are not a great option for mobile ticketing at transit gates: Often it takes people forever to pull up the code in the right orientation and dial up the brightness enough for the scan to work. Not something I love to deal with when I want to catch a train.
QR code reading does not depend on the orientation, at-least as per its spec. there are many apps and devices out there that can read a QR code in any orientation.

In the app that is used by me, the brightness of the screen is automatically increased by the app as soon as I open the ticket QR, and then reduces to its previous state, once the QR code display is removed.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Not any orientation – if you present a QR code ticket the wrong way around, or even just angled away from the plane the reader focuses on too much, it doesn't work.

Contactless tickets work both ways, and in addition to that usually have a larger, more forgiving "landing area". On top of that, they can usually read through a wallet (but that's more relevant to regular commuters, arguably; tourists and infrequent riders will likely have purchased the ticket just moments before using it).

If the QR code is in an app of some kind, any one I've seen maxes out the brightness while it's onscreen. Orientation data is built into QR codes anyway, so that's a problem with the reader.
You should read footnote #2. You can get an Opus card, which is reloadable: https://en.wikipedia.org/wiki/Opus_card

I couldn't find any data on usage for one vs. the other, hopefully it's not a crazy amount. I'd imagine that most people who use transit on a regular basis do not use single-use tickets.

The chips are slightly smaller than a grain of salt. Doesn't seem like the craziest amount of waste.
  • chgs
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Mifare is what’s been used in London’s Oyster cards for 20 years (not the ultralight ones mind), and Hong Kong for even longer.

However oyster really is in its way out for most uses. contactless and especially a phone is far more convenient for non season use, and far less wasteful.

Isn't Mifare in different forms a de-facto standard for NFC subway tickets around the world? St Petersburg uses Mifare Classic (and tokens), Moscow also uses Mifare Classic for the refillable Troika card and Mifare Ultralight for disposable ones, Dubai "nol" card is a Mifare Desfire, Los Angeles "tap" card is a Mifare Classic, and, yes, the London Oyster is a Mifare Desfire EV1. Yes I actually went through my stack of transit cards and scanned those of them that I wasn't sure about.

The only ones that I came across that are not Mifare, and not even readable by Android (but readable by the Flipper Zero), are the paper tickets used in Brussels. Then, of course, there are non-NFC tickets. For example those that use magnetic stripes, like the cute tiny ones in Paris or NYC's MetroCard.

> the London Oyster is a Mifare Desfire EV1

There are two distinct types of Oyster card, but I don't know which is which, other than from a user perspective. All I know is that I had an old style one (the one without the white D in a blue square on the back) and you could still use it, you just couldn't "connect it" to the app so you couldn't look up your travel history.

There was a complicated process for returning it and getting a replacement, but as they'd already phased in paying by bank card by then, and the only advantage of an oyster card was for season tickets, I just returned it and got my deposit back.

But if you're into collecting different card types, you might want to try to get hold of one of these old ones as well. They're probably somewhat rare now, as they were encouraging people to upgrade to the new ones at least 5 years ago.

Japan uses FeliCa for its integrated transport cards (I just read an Osaka Metro ICOCA card with NFC Tools to check). This is used by quite a few systems around the world, including Hong Kong's Octopus.
That's a lot more MIFARE Classic than I would have expected considering that reader support for those is a lot less guaranteed these days. I guess a lot of them might be legacy systems.
Update: some of those that I labeled as Mifare Classic are actually Mifare Plus, it's just that the app I'm using didn't distinguish them ¯\_(ツ)_/¯
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Hong Kong's Octopus card uses Felica, as far as I know.

It's conceptually very similar to MIFARE – a fixed function IC implementing a fully offline stored value purse – but uses a stack that differs from ISO 14443 A on pretty much all layers. (It was planned to possibly become ISO 14443 C, but that never happened.)

>Hong Kong's Octopus card uses Felica, as far as I know.

Yes: Felica was developed by Sony in Japan, but was actually first adopted in Hong Kong, then later in Japan. It's far better than other standards, because it's so fast.

There's a noticeable delay between contactless cards and oysters. Some people I know prefer oyster cards simply because they open the gates faster, in spite of having to top them off all the time.

I'm looking forward to not having to choose one trade-off over the other.

The MIFARE protocol (which Oyster cards use) takes 300ms to 500ms per tap. EMV (i.e. contactless cards) take ~500ms, which slows down normal walking speed.

Here's a good summary of NFC protocols used for transit gates: https://atadistance.net/2020/06/13/transit-gate-evolution-wh...

The Felica standard is fastest at 100ms per tap, and is used in Japan (e.g. Suica card) and Hong Kong (Octopus card).

  • wenc
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Apple Express Transit works with Octopus cards.

https://support.apple.com/en-us/118625

You don't have to unlock your phone -- just tap. If you have an Apple watch, just put your wrist to the reader.

I use this all the time in NYC and it's so fast.

It’s noticeable if you’re used to the instant response of Oyster, but we’re talking about a few hundred extra milliseconds. Not something that bothers you once you’re accustomed to it.

It’s still fast enough that it will read my Apple Watch before the gate starts to close from the passenger in front of me.

One saved trip to an Oyster top-up machine will make up for a lifetime of contactless NFC latency!

>but we’re talking about a few hundred extra milliseconds. Not something that bothers you once you’re accustomed to it.

Wrong. With the traffic volumes normally seen in Tokyo, those few hundred extra milliseconds will cause huge delays at the fare gates. There's a reason the systems here use the Felica card which processes in 100ms: it's really needed for this kind of pedestrian volume.

  • rtpg
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
At peak hours it can definitely be a problem, you really need the entire pipeline to work well. There's going to be somebody behind you most of the time, and you really don't want people stuck at the gates.

In Japan credit card transactions routinely take a couple seconds. Imagine each person taking 5 seconds to go through the gate! I think what trials for credit card payments in transportation services there are doing is simply not processing the transaction inline, and just doing it after the fact (assuming it will go through).

Yes, the TfL system does a partial authorisation. It checks the card is valid and not blocked etc but doesn’t necessarily do a real-time authorisation all the way to the issuing bank.

If you try to use a card that is valid but has no available balance/credit, it might work for the first ride but then be blocked when you try to use it for the return trip.

Fares are batched throughout the day and you are charged once, overnight, for all rides that day (after applying any multi-ride discounts, etc).

This is different from some other cities where I’ve used contactless payments and they’d charge you immediately for each ride, giving you lots of annoying little charges on your bank statement!

  • rtpg
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Wonder how they block the card, my impression was that tokenization was meant to make it harder for card chargers to be able to track a card through multiple taps like that.
TfL not only gets your Apple Pay device account number (DAN), but can also associate it with the primary card number (PAN). Both magically appear if you add the primary card to your online TfL account and have used the associated Apple Pay device with TfL before.
They must have the card identity because you have to explicitly 'tap out' at the other end, if you don't want to be billed with a maximum fare.

Don't ask me how though

  • rtpg
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I love this reasoning! Absolutely succinct
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Is it not possible to top up a digital Oyster card on an iPhone or Apple Watch via an app or Apple Wallet?

The Japanese transit cards that are supported by Apple Pay have that option, and it's arguably the best of both worlds.

> ”Is it not possible to top up a digital Oyster card on an iPhone or Apple Watch via an app or Apple Wallet?”

It is, there’s even an auto top-up option that adds credit automatically if your balance drops below a certain level.

But there’s no “digital” Oyster card, only physical ones. If you want to use a device to pay you have to use contactless.

And either way, it’s still kind of a pain to have to maintain a balance - especially if you’re a tourist or visitor and don’t know exactly how much credit you’re going to need.

I agree that being able to load a transit card into Apple Pay etc is also a good solution. The convenience of not having a physical card that can be easily lost or forgotten is probably the biggest benefit for me.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Sorry, I always get Oyster and Octopus mixed up, and it happened again here :)

Octopus (used in Hong Kong) is the one that supports virtual cards in Apple Wallet.

  • akpa1
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I'm looking forwards to the day they somehow manage to link a National Railcard to a contactless bank card.
I feel like the approach will probably be that railcards become digital wallet compatible.
costco already has this for ID cards in the states (and I've also seen it for account ID for home depot and some other places where it's tied to discounts). the app will pull up an ID card with a QR code that changes every 60 seconds or so to prevent screenshotting and trivial reuse, which is analogous to the function the chip performs in terms of challenge-authentication.
  • chgs
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
You’d have to have a national railcard first. The only railcards that exist are specific ones for specific groups.
  • akpa1
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
National Railcard is the name that TfL uses to refer to all of those different types of card.

https://tfl.gov.uk/fares/free-and-discounted-travel/national...

  • emmet
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I'll have aged out before they ever manage this. Been on the to-do list for years.
I think there are plans for contactless smartphone tickets in Montreal too. I wonder why they haven't done that yet, it's been years since they've started talking about it.
Hong Kong's Octopus card uses the FeliCa standard, not MIFARE.
  • ghaff
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I used up the balance of my Oyster card last time I was in London and just started using my credit card. If there's a difference I didn't notice.
OMG! Last time I went to get on the Subway in Montreal, the line up at the station to purchase one of these tickets was crazy long that I just gave up. There was no way to enter the subway by paying directly. You had to purchase one of these tickets. In Toronto, you can just tap your credit card to get on the subway.

Also, you see these Montreal cards laying all over the streets. This card system just seems so messed up in Montreal.

Yes but this allows silly transit companies to retroactively charge your CC like in London
All Moscow public transport powered by these chips (actually it was, nowadays the chips we use are clones, made in Russia itself) - trains, metro and buses.
For a few years now, you may usually do a contactless card payment - just tap your bank (debit or credit) card. The fare is often higher but so is convenience.

Back around 2010 I remember reading these accusations that significant part of revenue went directly to Mifare for the massive number of chips.

And for single rides, some of Metro systems still use these steampunk brass tokens. Sometimes, less authentic plastic.

every single transportation system that uses disposable nfc are definitely making a ton of money for the vendor.

and every transportation system that pretends to run as a profit center and not a cost center also makes ton of money for the vendors.

In the systems I’ve ridden, there’s usually some kind of plastic stored-value card for regular riders, and the (more expensive) disposable tickets are only used by occasional riders.
A system I used in China had NFC plastic coins for occasional use, which were collected and refused by the exit barrier.
Building roads and selling cars, though, also makes an awful lot of money for the vendors.
They are going away soon (TM), the tech is cool but they are impractical. I will be happy to use my credit card or phone.

Too many times I have been stuck in 15-20 minutes queues to buy those tickets and you cant refill them with an app... Plus south shore and north shore have they own system it's a mess.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I agree in that they are much more convenient for tourists and occasional users, but when living in a city and taking public transit every day, I actually prefer stored-value cards, as there are still some advantages that arguably make them a better fit for the transit use case:

- Full offline support (i.e. both the reader and payment device don't need network connectivity), making the system more resilient

- Symmetric cryptography and highly optimized transaction flow, making reads more reliable and allowing faster customer flows through transit gates

- Upfront transparency about charges, monthly passes, capping etc. – you immediately see your balance left after tapping.

- No "transaction spam". This is more on my specific transit provider (NYC MTA), but I'm really not a fan of getting an individual credit card charge for every. single. tap. It can't be cheap in terms of fees for the operator either! At least other systems, like TfL in London, aggregate taps over a day, but it's still not great.

Singapore's public transit agency recently attempted to switch from a stored value based model to an exclusively account based one, but had to backpedal quickly due to public outrage about the move.

Ideally, a system supports both payment methods: Open-loop payment cards for infrequent users, and stored-value cards (both physical and in digital wallets) for heavy users and anybody else that prefers them. But realistically, maintaining both is too much of a burden for many transit agencies.

> I agree in that they are much more convenient for tourists and occasional users […]

I would argue that contactless debit/credit card or mobile wallet taps are substantially more convenient for tourists and occasional users – if you are fresh off the boat (or off the plane – for a more modern twist), not much can beat the convenience of turning up at the turnstile, tapping on and getting on with the trip on the local public transport network and tapping off at the end of the trip.

No need to look for a place that sells local rechargeable or disposable NFC cards, having to be aware of a low balance, looking for a place where the card can be topped up, actually top them up and stuff like that. For frequent travellers, it also entails having fewer non-portable mass transit payment cards to carry.

Bonus points: debit/credit card/mobile wallet payments also eliminate the problem of the discovery and consolidation of lost balances when a card gets lost, and it reduces the environment impact (manufacturing + energy consumed during the process) and the wastage (the disposal or, rather, the lack thereof) that disposable NFC cards inherently possess.

That is what Sydney (the one that is not in Canada) has done: they went straight from prepaid paper tickets to their own rechargeable Octopus/Oyster style cards (with the name also beginning with an «O» – Opal) followed by enabling debit/credit card (Visa/MC/AmEx) and mobile wallet NFC payments later within the larger metropolitan area public transport network on buses, ferries, trains and trams.

Convenience, as always and of course, comes at the expense of privacy, though.

Montreal has mostly followed this trajectory, be we haven't yet stuck the landing yet on bank cards. Most turnstiles now are equipped to handle them but the project has stalled a bit.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Yeah, that's what I meant, sorry if that wasn't clear – open-loop payment card based systems make more sense for infrequent users and tourists for all the reasons you've mentioned; dedicated card purse-based systems can be better for regular commuters.
> […] dedicated card purse-based systems can be better for regular commuters.

I suppose it is a matter of personal or circumstantial preferences so I won't go into that, but through reading this discussion, I have learned that, e.g. the Boston MTBA's CharlieCard, have an expiry date and has to be replaced in person. From the regular commuter's point of view it is a nuisance of epic proportions – to turn up at a bus stop or a station only to find out they are unable to pay because their dedicated card has expired. The commuter is only interested in the act of paying the fare and not in complexities of the local mass transit system's payment network shenanigans.

I also can't help noticing that the wallet (the purse style) making business has taken a hit in recent years due to the rapidly decreasing circulation of cash and the rise of mobile wallets. Many people now leave their homes with their smartphones and keys only. Eventually and inevitably, all cities will embrace either the integration with or adoption of mobile wallets, but that will take a while depending on how well each government funds its local public transport agency.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Mobile wallets are not a contradiction to dedicated transit cards, though!

Apple Wallet supports transit cards for dozens of transit systems, and most of them have some associated app to allow managing monthly passes or topping up the balance. Arguably, that's the best of both worlds.

Yes, I am in a full agreement on the best of both worlds, with a couple of caveats.

Apple Wallet supports neither the Montreal (the subject of this discussion) nor Boston CharlieCard transit cards nor many more. Apple Wallet has promptly shown some transit cards from mainland China, 1x from France, 1x from Hong Kong, 3x from Japan and only 3x (!) from the US (Clipper, SmarTrip and TAP). That is all it supports. Android may support more.

The said CharlieCard[0] supports a bespoke mTicket app that is neither integrated with the mobile wallet nor fully supports all modes of transportation in Boston:

  √ Best for Commuter Rail and ferry riders who don’t often take the subway or bus
  ∅ No transfers to other modes
Which brings me to the main caveat. Compared to debit/credit card payments originated in a mobile wallet, supporting each transit card in existence is an extra effort that places the onus at least on the vendor of the mobile operating system and usually on the local government as well. Generally, governments do not have a good track record at delivering modern digital solutions to their citizens and are inefficient at engaging the smartphone vendors. So at the very least, the governments are slow to instigate a technological change.

And, since the onus is also on the government to upgrade NFC readers across the entire network anyway – to support modern ways of paying, the question is which one is more future proof: 1) natively supporting a local transit card at the smartphone level + upgrade the NFC readers to support a variety of NFC protocols, or 2) upgrade the NFC readers to support the debit/credit card and mobile wallet payments only? I am inclined to think that (2) is more efficient and more cost-effective for taxpayers.

[0] https://www.mbta.com/fares/charliecard

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Definitely – the challenges and cost of maintaining these individual systems should not be underestimated.

But practically, a lot of them are run by a small set of contractors anyway, not any government entity directly. These only need to integrate with wallet providers once; beyond that it's just a matter of contract terms and uploading a few new assets to Apple's and Google's servers. (I believe Apple can even launch new transit cards without an iOS update these days.)

It is theoretically possible to refill it with the phone. You either have a stored value card where the value is stored on the card and have the phone's NFC talk to it, or you store the value in a server that has an API to add value and have the reader at the subway deduct the value from the server.
That’s exactly how online top-ups, and credits/refunds, work with the Oyster card system.

In the old days you’d nominate a specific station, and the credit would be transferred to the card the next time you tapped in at that station.

But now days I don’t think you need to do that: presumably it maintains the balance primarily on the server side now rather than on card.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I think Oyster cards are still stored-value based, but I suspect that either the backend servers and connections are now fast enough to poll pending top-ups in real time, or they just fan out the pending top up dataset to all turnstiles.

I remember using that feature in the SF bay area, and while it took a day for the top-up to actually propagate to all readers, it even worked on buses, so they must be uploading that data everywhere.

That type of connection needs to be there in any system that supports lost/stolen card value recovery, in any case, since that's how card block lists are distributed.

The Oyster card balance is certainly maintained online in real-time (or near to real-time) since you can view it in the Oyster card app/website.

But yes, for speed/redundancy they are still probably using the stored value balance too.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It's most likely near real time.

TfL likely need that mechanism primarily to synchronize the list of blocked open-loop bank cards with unpaid balances to all readers. Faster Oyster transaction list updates and any-station remote top-ups are probably just a side effect of that.

Clipper doesn't (yet) support open-loop bank cards yet, so for them, it's probably enough to update more remote readers every time the bus goes back to the depot, for example.

You can refill them with the Chrono app since last March. No more queues. Can't do nothing about Laval and Longueuil though.
Yeah they added refills but you can't use your phone as an NFC pass yet :(. I've always been curious to know more about why, you'd think if you can refill your Opus card with your phone, to then use it on the terminal, you could just skip the card step entirely but I'm sure it's not that simple!
They're actively working on allowing you to just use your phone, iirc targeted for like 2026 or something. Basically, its' a work in progress and they delivered the update to the Chrono app as a stop-gap.
Yeah I wish I could buy the one way tickets there. I dont have an opus card.
  • rendx
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I dread the privacy implications. No thanks.
  • vhcr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
No need to worry about privacy, facial recognition already takes care of that.
Is that admissible as evidence?
What privacy implication? You already buy the NFC with a credit or debit card so if they want to track the card use they can.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Many of the systems that account/payment card based ticketing is now replacing used to allow cash top-ups for their stored value cards.
But you can still purchase these one-time use cards with cash? That’s the case with my local transit system. Are there places that are eliminating cash altogether?
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
In NYC, there will soon be no more single ride tickets.

There’s the OMNY card, and I believe the original plan was to outsource sales and top-ups to third-party stores, but lately I’ve also seen some vending machines for that in some stations, so maybe they’re going back a bit on that idea.

> you cant refill them with an app

You can now refill the rechargeable OPUS cards using an app.

Comparing Montreal subway with Vancouver's skytrain:

- Montreals subway stations have this gritty, distinctively french atmosphere i loved it.

- Vancouvers above/below stations have no soul, distinctively anglo but above ground ones i liked.

- Montreal train cars use rubber wheels to my shock! Extremely loud.

- Vancouver train cars use some sort of electric system which im not familiar with ( have a few variants (newer hyundai rotem cars, old ones: https://www.youtube.com/watch?v=W_BoeXqaV9c)

- Montreal subway does not cover the entire region like Vancouver's skytrain. Getting around is difficult without uber. Road conditions are horrible (pot holes remain unfixed for decades, city went broke hosting olympics long time ago), I just shudder how you can get around during the winter.

But the biggest shock was that in some instances, it was faster for me to walk then walk to the station and wait for the subway.

- Arriving at YVR: Skytrain runs directly from airport to a satellite city where its numerous public buses cover almost the entire MV. I could just tap through the toll gate with my credit card and wait for a bus which arrives on time quite frequently.

- Arrriving at YUL: Have to take a bus from airport for 30 minutes to Montreal but doesn't seem to respect time schedule. Got off somewhere in Montreal I don't remember (there was a large open artsy area) tried to wait for a bus but never came, gave up, got uber.

  • nsguy
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
When I visited Montreal I mostly walked and used their rental bicycle. I did take a few subway rides and being from Vancouver it didn't leave any specific impression on me one way or the other - I got where I needed to get to (some suburb).

The Skytrain to YVR is indeed very nice - built for the winter Olympics. Maybe not as "connected" as some European airports but quite convenient.

The problem with transit in Vancouver is that most of it is rays emanating from downtown, i.e. you have fairly decent (though IMO worse than most large European cities) transit if you need to get downtown but it's terrible useless if you need to get across. My work used to be 20 minutes drive time, >2 hours transit time.

Skytrain doesn't exactly cover the entire region, as you get further away from the downtown core the coverage gets much spottier until when you get far enough (but still part of metro Vancouver) it's non-existent.

There are certainly times when buses don't show up on time. I take transit these days to work and back and I would say something like 30% of the time the bus isn't on time. About 5% of the time the bus I'm supposed to take just never shows up.

>Montreal subway does not cover the entire region like Vancouver's skytrain.

It's not supposed to. The new REM train network (a few stations already in use) will cover the region. By 2027. Maybe.

REM will also go to YUL.

PS. Fun fact, REM is also driver-less just like the Skytrain.

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Strangely enough, I used the ticket in the article for the REM train (from Du Quartier, where I was staying).
Yeah the Montreal area transport system uses the opus system (the disposable cards are part of that) for everything. Sadly, it's now bizarrely more complicated with the weird zones that they recently added after half a decade of consultations that were meant to... stream line intercity travel! for example, if you take the metro in Montreal, then ride it until Laval, you have to buy a specific type of ticket with the two zones.

Meaning that if you just buy the normal ticket in any Montreal station and make the mistake of going to Laval, you can be fined and they do tons of ticket traps because they know that people make that mistake pretty ogten. It's not even a separate line or something. And the same card wouldn't let you take a bus in Laval because again, it's another ticket (but not the same as the one for the dual zone metro that I was talking about earlier...). Just a huge mess when it used to be much simpler before they "streamlined" it.

  • ·
  • 3 weeks ago
  • ·
  • [ - ]
In addition to how hosting the Olympics hurt Montreal financially, there was substantial tax revenue loss from the trend of corporate headquarters moving from Montreal to Toronto staring in the 1960s due to Francophone policies.
Yeah they seem to do this every recession. I don't see any value in forcing French language which btw, people from France laugh and make fun of Quebecois. I've seen it at work too.
clean and soulless >>>>>>>>>> distinct and gritty for public transit

i'm from vancouver, and every day I take the NYC subway i wish it was cleaner and more soulless, more hospital sterility, harsh 6500K lighting, glass and stainless, and less literal grit

The NFC chip I want still doesn't exist: a CPU and flash I can write a program for, directly, no VMs, no Java, without an NDA'd datasheet.

These exist, but they're all behind NDAs and you're not allowed to have them. They're used for e.g. EMV.

I saw an NFC chip that has 512 bytes of eeprom. Talks to a micro via I2C and has an interrupt that can be used to wake it up.

I think it's a M24LR04E.

Costs like $0.50.

I think these could be useful for devices where you have a limited amount of data you want to read or transfer. Like why have bluetooth and all the crap that entails when all you want to do is configure a device once.

Advantage of a separate IC is you can use it with whatever microcontroller development stack you have working.

  • crote
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The problem is that it is simply a dual-interface EEPROM. It only holds data, it doesn't process it. Great for something like a device whose configuration you can update via NFC tap (think e-paper display), not so great if you want to do a whole challenge-response dance between microcontroller and NFC smartphone.
See comment below.

More generally what I'm seeking is something in the card form factor which is suitable to store cryptographic secrets (i.e., a smartcard).

Separate IC is a disadvantage here since it creates a vulnerable security boundary and makes it infeasible to integrate the chip into a thin card.

How about something like this:

https://hackaday.com/2009/06/27/avr-rfid-tag/

  • bsder
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Is there a problem with the TI NFC chips? They all seem to be purchasable and have available datasheets.
  • G4E
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
You should check out the lpc8N04 from NXP then ;)
This is interesting but clearly not intended for security/cryptographic applications... no security hardening, no hardware cryptography, and it's also not available in a card form factor according to the datasheet.
Interesting discussions in the comments regarding reuse, waste, QR codes, etc.

Worth bearing in mind that in the UK train stations have mixed NFC, QR and magnetic readers. The ones which are the least reliable are the magnetic readers which operate on paper cards. The NFC readers are used for pre-paid ticket cards and credit/debit cards. The QR scanners for so called "E-Tickets".

I don't really ever see anyone have problems with the QR tickets (they're static and distributed as PDF or pkpass). Likewise with NFC. Only the paper magstripe cards commonly cause problems.

Meanwhile in the Shanghai metro they use chip coins. Small, reusable and NFC.

I think these paper NFC things are a unique combination of non-reusable, prone to damage, prone to jamming.

But they are cool.

> a per-chip price of nine cents

That still seems expensive for a $3.75 metro fare.

2.4% of the cost of your ride is the chip in the ticket itself? Maybe it's worth it because it lets them eliminate mechanical ticket-reading and unify paper tickets with other NFC payment methods.

These single use tickets are used essentially only by tourists and those who use public transport only on occasion.

The vast majority of users will use rechargeable Opus cards [1] that can contain a variety of different fare types (single tickets, monthly tickets, etc).

From an operator's point of view it definitely makes sense to only have to maintain one type of reader, even if that means losing a few cents profit on the low single digit percent of rides that use the disposable tickets.

[1] https://www.stm.info/en/info/fares/opus-cards-and-other-fare...

That’s not true in Montreal if you buy a single ride you get a paper ticket with a magnetic stripe that you feed into a completely different reader.
I've never seen these mag tickets, the ticket machines all give out Occasionnelle cards even for 1 ticket. Maybe if you walk up to the clerk?
I assume all regular customers will be paying a fare of $3.25 or less per ride on the reusable Opus card (fare purchased in a 10-ride pack). Essentially you’re paying for the chip with the very-occasional-commuter one-ride convenience fee.
  • crote
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
That's the per-wafer price, via a distributor. I bet you get a decent discount if you buy a few thousand wafers straight from the manufacturer.
The diameter of a neuron's axon is about 1 μm, this is getting close to biological levels of miniaturization.
It's small compared to the size of the card, sure, but not small for typical modern lithography techniques.
It is using a relatively old manufacturing process. It may be small but it is because modern chips are small, not because this is a feat of engineering where they've achieved incredible compute densities.
Phosphoric acid, hydrochloric acid, and boiling sulfuric acid: I should have paid more attention in chemistry lab. This is a neat project and answered a lot of questions.
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It's not as scary as it sounds :-) For a chip this small, I only need a few drops of chemical, which cuts the risk way down. I don't have beakers full of hydrofluoric acid and red fuming nitric acid, like the real decappers.
So how much more powerful is this chip than the ones NASA used in the the Apollo program?
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I think this chip is implemented with a state machine rather than a processor, so it's meaningless to compare their processing power. The Apollo Guidance Computer had about 17,000 transistors, while I estimate that the NFC chip has about 45,000 transistors. So the NFC chip has more complexity, but the same order of magnitude.
For the fun of it, what about radiation hardening ?
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The Apollo Guidance Computer would be more radiation-hard, due to its large transistors and magnetic core memory.
How is a chip like this actually manufactured? Especially the analogue components area.
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It's manufactured pretty much the same as any other chip, using photolithography. Most of the analog components would be CMOS transistors, just larger. They might use a BiCMOS process with a few extra steps to make bipolar transistors. And there might be an extra step for the capacitors. But overall, the chip uses an old, simple manufacturing process, much easier than cutting-edge processors.
  • rwmj
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The chip seems like it's almost too small? I don't even know how they would cut up the wafer and how they would pick each die and mount it in the paper card.
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
They cut the wafer apart with a diamond blade, 20 µm thick. Laser cutters can make thinner cuts, but they cost more. Die pick-and-place machines can manipulate even smaller dies at high speed: https://www.syagrussystems.com/dts-2-die-sorter
"Tie die"

Ha ha ha ha... Love it! Always informative and interesting :)

  • ck45
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The article itself is a very interesting summary of the technology used.

As for the comments, there seems to be a big discussion on whether NFC or barcodes (includes QR codes) are the better technology for public transport ticket I have a completely different view: No matter what technology you are using, after having used public transport in multiple cities in Germany with the same flat rate tickets, I wonder if this could be feasible in every city or country. Just not caring about a ticket seems to be the most user friendly option. It seems to work well, but such a system would need to prove itself in areas where public transport is already quite crowded, like London.

I'd actually go the other way around. I see a lot more value in getting smaller public transit systems onto a common standard.

Getting set up to use public transit as a visitor to a top tier city like New York, Brussels or Montreal (I can't speak to London) is easy. Usually they have explanatory signage and staffed kiosks at all the major intercity transit stations. And good websites that clearly explain what visitors need to know to navigate the system.

It's visiting a city with a lower-tier transit system that tends to pose a greater challenge. I'm thinking here of cities like St. Louis, Milwaukee or Portland. Stations may not have attendants, automated kiosks may not be well-maintained, websites tend to be ill-designed or be missing key information about how to use the system, etc. And, on top of all that, I'm not necessarily visiting there often enough to amortize the (already relatively high, due to the aforementioned problems) cost of getting to know the system across may visits. And I certainly don't want to have 15 different transit apps and payment accounts to juggle. Standardizing the fare structures and payment systems could be a big boon to visitors.

There's potentially more value to the the smaller transit systems themselves in standardizing, too. None of them is individually a large enough system to achieve good economies of scale w/r/t the technical and administrative costs of maintaining their own special snowflake fare system.

"Not only should municipal transit be zero fare, using it should provide tax credits."

"This is a genuine, serious proposal. Cars and car infrastructure are so enormously expensive and destructive. Paying people to use public transit instead would be a net positive, and it's not even close."

From: https://hachyderm.io/@jenniferplusplus/112667806776752372

Ken is a treasure - he's a walking encyclopedia of all things electronic!
  • elric
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Free public transport would make all of this stuff unnecessary.
  • pluc
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
There is no such thing as free public transport.
There is also no such thing as public transport fully funded by ticket sales. If there are large government subsidies then it is a valid question if all the costs associated with ticketing are worth it.
  • gpm
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
There is. The same way as "non-toll roads", "fire departments", "public schools", and so on.

If you want a concrete american privately run and open to the public example, see Stanford's buses in Palo Alto...

I can't help but feeling a little sad about single use electronics. Not even from an environmental perspective (though there's that too) but just the fact that there's some pretty cool electronics, doing digital and analog stuff, wireless communication etc, that does it's thing once, and then never again.
They use something similar in Athens, a paper one-use ticket with a tiny chip inside https://realgreekexperiences.com/locals-guide-to-taking-the-...
The article says the chips are made on a 180 nm process and they come out about the size of a table salt grain.

We’re now down in the single digits for fabrication in nanometers, although I know that sort of just a name. This chip is so tiny already, if you were to fab it on a process like 7 nm I’m guessing it would be unworkably small. Too hard to cut, too hard to manipulate individual chips once you did manage to cut them.

So here’s my question: how small can we make a chip in area while still being able to cut them out and easily use them?

It’s obviously not a concern for the hundreds of square millimeters of a large processor, but I’ve never heard about the opposite end of the spectrum before.

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
There are a few issues. First, you lose 20 µm due to the saw cut between the dies. I saw an NXP patent that said this was wasting 30% of the die for their tiny chips. If you made the chips smaller, you'd be wasting even more. Another issue is that you need some area for the bond pads, so you can't make your chips arbitrarily small or they will be useless.

Looking at a random die pick-and-place machine [1], it handles dies down to 0.2mm in either dimension. So you could handle smaller dies than mine with an off-the-shelf machine, but not a lot smaller.

[1] The video of the die machine in action is pretty cool: https://www.syagrussystems.com/dts-2-die-sorter

0.2mm per side? Wow that’s smaller than I’d expect. Thanks.

The increased losses due to cutting make sense too. I was expecting the cuts to be wider than 20 µm, so that’s not actually as bad as I was imagining.

I would like a comprehensive analysis of FeliCa.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Same here! It seems like a fascinating system, especially in the federated way in which it's being used by various Japanese transit agencies and issuers. Compared to MIFARE, it was definitely ahead of its time.

Unfortunately, most things I could find are in Japanese, as expected; I suspect that the really interesting parts aren't public, as usual in this industry (there's still a lot of belief in security by obscurity, even if the systems actually don't need it).

Singapore's CEPAS seems very similar conceptually to Felica (at least in application, in that there's multiple issuers of stored-value cards with interoperability), and the specifications for that seem to be available for purchase, but I'm not curious enough to bite that bullet yet :)

  • rtpg
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
It's not really on the technical side of thigns, but the unification of IC cards across transportation companies has a good write up [0] that has a bunch of fun details. My favorite thing is how the people working on the project just had a bunch of card readers from various transport companies all in one room.

[0] https://www.ejrcf.or.jp/jrtr/jrtr62/pdf/6-15_web.pdf

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
That’s great, thank you!
I'm a big fan of this blog: https://atadistance.net/2023/04/04/final-frontiers-how-suica...

The author understands Japanese sources and writes about how the various Felica-based systems operate and evolve.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I'm also a big fan!

One small caveat: As much as I appreciate his writing, I'd take some of the technical explanations with a grain of salt – the approach is definitely more that of an (extremely knowledgeable and experienced!) outsider looking at the system and coming up with hypotheses for its workings than that of an authoritative source with hands-on experience working on the system. It's sometimes not that easy to figure out what's hypothesis and what's "confirmed" knowledge as a result.

That said, much of what I've learned about Japanese transit payment systems (without ever having visited) was via that blog. It's amazing!

Somebody from the tiny intersection of people apparently having hands-on experience with Felica and writing about it in English is this pseudonymous Reddit user (often also quoted on the blog): https://www.reddit.com/user/FelicaDude/

On the topic of NFC: my iPhone ApplePay thing taps so much more reliably than any of my credit or debit cards. Is this because it has its own power supply and doesn’t have to first be powered up by the machine?
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The primary reason is probably just that the secure element in more recent iPhones is probably just an order of magnitude more beefy than the IC in your physical cards.

Powering up the IC actually doesn't take long, but the processing itself can: Contactless payment transactions (mostly) use asymmetric cryptography, and old one at that too (usually RSA), so simply crunching the numbers takes these fairly underpowered ICs quite some time, even when they include cryptographic coprocessors.

Compare that with (symmetric key based) transit ticket authentication, e.g. for MIFARE DESfire or Japanese Felica cards: These usually use DES or AES, which is lightning fast in comparison.

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
NFC supports passive mode (where one side is powered and the card is not) and active mode (where both sides are powered). So, yes, your phone is probably more reliable because it provides a powered data transmission.

An NFC card doesn't actively transmit data. Instead, it sends data using "load modulation", where it switches a load across the antenna to change how much power it absorbs. The transmitter can detect this change in power, but the signal is extremely weak (80 decibels below the transmitted signal), so it's amazing that it works at all.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The iPhone doesn't actually use NFC's peer-to-peer/"active" mode (since contactless payments aren't an NFC application; see my other comments on that), but it does specifically include an NFC "field amplifier" IC (shown in some iFixit teardowns), which most other smartphones and of course all physical cards/tags lack.

This does mean that iPhones can't do cool tricks like booting up the secure element purely from the field with a completely dead battery though that some earlier Android and Windows Phones could do (or at least Apple has intentionally deactivated that capability for a more consistent/secure experience) :)

That’s insane. And yet when I see what we can do with coax or twisted pair, I anticipate we’ll get to gbps speeds one day. :)
Additional conjecture: a device with upgradable software can take advantage of updates to readers and protocols. Whereas the physical card is stuck at the version it was created with.
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
In the 60's I hacked the Montreal Metro's transfers, and rode free. The punched holes recorded time and date code.
I was living under the impression that the Oyster card already solved this problem years ago.
iirc (it's been over a decade), the Oyster card is a plastic card with an NFC in it. Montreal's Opus card does the exact same thing (and is probably modelled off of it and similar implementations in other cities). This article is describing the disposable, single-use ones.

If you don't want to use disposable ones, the same kiosk that dispenses the temporary cards will allow you to buy a permanent one which you can load with fares as normal.

I wonder why they don't use magnetic paper instead like how Japan is using? Seems cheaper
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Magnetic paper can't do computations, so these tickets are a storage medium only and as such can usually be trivially copied. That puts higher requirements on the backend's availability in order to prevent fraud.

Most people in Japan actually use (reloadable) IC cards, as far as I understand, and railways seem to be in progress of switching magnetic stripe tickets for QR code based ones: https://english.kyodonews.net/news/2024/05/362243d2c187-japa...

Those electro-mechanical ticket readers are borderline lost technology and sadly don't belong in this software-eletronic era

0: https://www.youtube.com/watch?v=3Vn-QxQOoqQ

Montreal used to but transitioned to these NFC ones recently.
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
This wasn’t super obvious to me until later in the article but this is about the single use tickets.

Neat stuff, though I can’t say I love the concept of e-waste NFC.

  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I don't like the e-waste aspect either, but realistically, the chip is so minuscule that the amount of waste is trivial compared to almost anything else you might discard. The chip is literally the size of a grain of salt.

The other factor is that people who use tickets regularly would use the rechargeable plastic cards, rather than the disposable tickets, so the amount of waste is reduced.

> ”the chip is so minuscule that the amount of waste is trivial”

It does add significant costs to the transport system. Single-use NFC cards must cost at least a few cents to produce and dispense, which adds up when you’re talking about hundreds of thousands or millions of rides every day.

Even reusable NFC cards are costly in terms of providing all the infrastructure to support them: software, servers, enough top-up machines in stations to handle peak demand, commissions to retailers selling the cards, extra staff to deal with customer support, delays and congestion caused by top-up/ticketing queues, etc.

That’s one reason London’s TfL has been pushing everyone to just use their bank-issued contactless credit/debit cards (or NFC-enabled phones) for years now.

It’s also more convenient, of course, to never have to worry about your balance or recharging the card.

Do they still issue single use tickets for transfers between the Heathrow Terminals?
Last time I checked, yes. There’s a machine where you press a button for a free ticket that works the ticket gates.

Unfortunately the days where you could ride the buses for free around the whole Heathrow area are gone, however.

The chip is the size of a grain of salt, but there's a relatively huge antenna inside made of conducting material (metal?) and glue and all that.
  • gruez
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
all of that is probably negligible compared to how much disposable foil is used for cooking or packaging.
  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
On one hand it is probably small in comparison, but on the other hand, it seems much more feasible to reuse transit ticket ICs than e.g. food packaging.

Many transit agencies do explicitly incentivize reuse, e.g. by offering cheaper fares using a reloadable contactless card and often charging a deposit for that card.

Even then, many of these systems have been struggling due to the IC shortage, given the low margins these single-use tickets have to operate on. In some Asian countries, including Japan and Malaysia, it was tricky to get a new transit card for several months or even years, even though there is a deposit charge.

just let people use their phones to open the gate
  • ximus
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I don't know about justifying or rationalising waste by pointing to a greater source of waste.
The question is whether it's negligible compared to good old fashioned paper tickets.
I don’t really see why a chip is needed at all for single use tickets. Those have existed forever and there are a plethora of non-chip options ranging from the simple holepunch to the optical printed barcode or QR code.
Because that would require a completely different way to read tickets than are used for stored value cards. Every ticket machine needs way to print which is less reliable than writing NFC chip. It is likely that printing a ticket costs more than NFC. Every fare reader needs two sensors, one NFC and one optical. The optical ones are going to be slower. People are going to get confused about which reader to use.
If people can manage the existence of both an optical scanner and contactless at the self checkout grocery store, this is way overblown.

A ticket needs to be printed anyways, the single use ticket with chip does not come from thin air.

But why are you making it worse and more complicated? Disposable NFC card is better, cheaper, and easier to use.

The NFC doesn't need to be printed. It just needs to be dispensed.

My city went from printed paper tickets, that didn't even need to be scanned, to contactless fare system with paper NFC tickets. It saves money having simpler and less used ticket machines. It helps that most people use contactless credit card or fare card. They really should have more signs that can tap phone or credit card cause I suspect tourists think they need to buy ticket.

  • ·
  • 3 weeks ago
  • ·
  • [ - ]
  • rtpg
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
throughput, throughput, throughput.

Magstripes tend to work not so well when you have the ticket in your pocket for a couple days, printed codes involve people futzing with cameras. You can use a sort of card ingestion system to line up a QR code or the like... but those things are complicated and break down a lot! You end up needing staff to constantly be opening it and unclogging it. This works alright if you have like 6 turnstiles, less so when you have 2 or 3.

Obviously you can work with those models anyways, and plenty of transportation networks do! But if your rush hour involves moving a million+ people, you really do need this stuff to go fast.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> Magstripes tend to work not so well when you have the ticket in your pocket for a couple days

How very true... SWIPE CARD AGAIN AT THIS TURNSTILE in glowing turqouise-ish dot matrix letters will be forever etched into my brain long after the Metrocard is finally gone.

  • ·
  • 3 weeks ago
  • ·
  • [ - ]
You are discarding both the chip and every consumable that went into making that chip, though.
Yeah but also the antenna and I wonder how many chemicals are used in the lithography process.
I feel like 99% of people would not benefit from single use public transportation tickets. Even if you are a tourist, if you use public transportation once, there is a high likelihood you will use it multiple more times, in which case it makes sense to get a regular card. Most systems let you return the card and get the deposit back if you'd like.

Personally I collect the cards instead because I have a tendency to revisit cities years into the future. I just wish cities wouldn't make their cards expire so damn quickly. Wuhan's metro is nice, the cards don't expire until 10 years later. But I've found Singapore and Taipei expire within 3 years and you lose your stored money.

I have this "brick" of public transit cards for about 20 cities. It feels powerful. I kind of wish I could just swipe this brick in any city and just go. Unfortunately they all interfere with each other.

I’m pretty sure that the Montreal paper tickets are non-refillable but can “contain” multiple rides or a pass (weekend, weekly, etc) if you buy them together.

I’d bet a lot of them are sold at the airport: the fare to downtown comes with a 24-hr pass for other buses and metros.

I don't know how many times I've been in a city for a single day, or part of one, and have zero interest in spending precious minutes finding, buying, and returning a card.

Just let me pay with coins, or a credit card in seconds, with no return work.

I believe Singapore's public transit does support tapping a credit card directly at the gates now, but there's an annoying step of having to register your card in advance on an app before it actually works.

My guess is this might be because on-the-fly credit card authorizations still take too long. Waiting 3 seconds for an EMV contactless verification would seriously hold up the line at rush hour in a country where most people live by public transit.

If I were to guess, the registration is probably what enables them to pre-authorize a credit line and allow you to tap in in a fraction of a second.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
That's odd. Most open-loop transit payment systems I know give new/unknown cards the benefit of the doubt, and put the card on a block list if it turns out to not be good for the fare that's eventually distributed to all readers.

Are you sure that's true? Their website says otherwise:

> Do I need to sign up for a SimplyGo account to use my contactless bank card for transit? You do not need to sign up for a SimplyGo account to use your contactless bank card for transit.

OK, it's confusing, I had seen some other information that suggested app registration was necessary. It seems that it's only necessary if you want to track your journeys which makes sense.
  • gsa
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> there's an annoying step of having to register your card in advance on an app before it actually works.

Did this change recently? I travelled a little over a year ago and my Wise card worked right after I landed at the Singapore airport.

Interesting, and this hypothesis shows why twmp cards might be preferred.

I have no issue with temp cards, if I can buy them right at the pickup location. I once flew into a place late at night, and only stores had cards to buy, and all were closed.

Duh.

Yeah that's a stupid system and I've seen it in many places. Being asked to go to <some random convenience store> to get the official public transit card, even the dude at the station couldn't sell me one.

The vending machines at every station should be capable of directly vending public transit cards. I think most of the better systems around the world do work that way.

Credit cards do not require online authorization.
That is a flaw of Singapore's system. Other places let people use contactless credit cards without any delay.

London has been using contactless for a while.

  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Assuming that it doesn't become litter on the street what is the actual impact of such waste?
All of the waste that went into producing it of course.

IC fabrication produces a lot of chemical waste, and I would imagine that these ICs aren't fabbed in a place that has a great track record on pollution.

These devices are so tiny that presumably this is also a tiny part of IC fabrication.

I'm not saying there is none, just trying get an idea of how much of a problem this really is. We also need to consider what impact any alternative solution would have.

What struck me from the description of the system was that it seems that no electronics is really needed at all, a unique QR or barcode would be just as good because the back end system records the use.

But that would require the installation of optical readers in a system that might not have them but does already have NFC readers. Adding those readers would add a considerable amount of e-waste too.

It isn’t different from other anti-counterfeiting measures, the printing just happens to be really small and electrically react to certain frequencies.

Part of the “software eating the world” story is the decreased cost of precision that enabled the hardware substrate of software to be inexpensively and ubiquitously included in any mass produced object.

Agreed! In Rome for some time now one can top up his paper NFC ticket; there is no reason to throw it away.
  • tzot
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Yep, the ones in Athens can be refilled too.
  • mig39
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The ones I've used in the Netherlands and Portugal are similar, but can be refilled.

In Portugal, you pay extra for the initial ticket, but subsequent uses are cheaper, because you are using the same physical ticket.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I've actually always wondered what type of system the Portugese cards use: They don't seem to be based on anything ISO 14443 (or 15693) at least, since they don't react to my phone or external reader at all.
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Indeed, I didn’t know what kind of ticket we are talking about - folks please include a picture and some context in your blogs, for people from other places and countries
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The title says "Montreal" and the second photo in the blog post shows the specific ticket. I'm not sure what else I can do here.
Photo of the ticket / ticket machine is an obvious thing to include.

Some people live on a different continents and their environment looks completely different. This is giving me same vibes as those ‘probe you are not a robot’ tests that ask you to identify things that are specific to USA’

Background information in an article is normally presented first.

Ticket in english sometimes refers to a season or monthly ticket, so it’s pretty ambiguous.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> There are multiple NFC standards with differences in speed, protocol, and range, including NFC-A, NFC-B, NFC-C, NFC-F, and NFC-V. The MIFARE Ultralight cards use NFC-A, which is defined by the standard "ISO/IEC 14443 Type A".

Pet peeve: Calling these chips "NFC" is a bit misleading. NFC-A isn't defined by ISO 14443-A, but builds on it.

NFC is an umbrella standard that defines a way of storing structured data on a wide variety of existing contactless IC technologies (including, but not limited to ISO 14443) and products (such as NXP's various MIFARE chips, which in turn are based on various layers of ISO 14443 up to -4).

For the concrete example, it's correct to say that one possible implementation of an NFC-A tag is MIFARE Ultralight (that would be a NFC forum type 2 tag), but neither is NFC the only thing you can do with MIFARE Ultralight (and this transit use case almost certainly doesn't put an NDEF container on the ticket), nor is this the only type of tag you could use for NFC.

>NFC is an umbrella standard that defines a way of storing structured data on a wide variety of existing contactless IC technologies [...]

Yeah, then it's appropriate to call this NFC.

  • lxgr
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Except that the highest layers in that stack is not used by many contactless systems. As an analogy, you wouldn't call HTTP or TCP "web protocols" either, even though the web uses both (but it can also run on QUIC, which is UDP, and you can do non-web-things via HTTP).

Importantly, NFC standardizes a way of storing structured data like URLs or phone numbers on NFC tags; transit tickets most likely don't use tags in that way.

Did you google all of that on your PC?
While the chip technology is interesting, I found the human factors on Montreal's public transit system to be bad. This is based on my experiences in 2023.

The reusable OPUS transit card expires after 4 years unless you have a photo registered. In almost all cities, adult transit cards don't expire and don't require photo/name registration. https://www.stm.info/en/info/fares/opus-cards-and-other-fare...

The system does not have a concept of a monetary balance ($). The system only has tickets (bought in blocks of 1, 2, or 10 with appropriate discounts) and unlimited passes (24 hr, 3 day, week, month). Note that I define a "ticket" as an abstract authorization to ride transit for one trip, not a physical object.

There is no discount for using OPUS. If you buy a block of 10 tickets, it's the same cost whether you load it onto a disposable paper card or on a plastic long-term OPUS card. There is no incentive to reduce waste.

The Greater Montreal Area is divided into fare zones, A/B/C/D. You can use any supported transport agency and vehicle (bus, subway, commuter rail, possibly others) to make your trip. Ticket/pass types have cumulative fare zones, i.e. A or AB or ABC or ABCD. This isn't wrong per se; this is just setting up a definition for what's to come.

An OPUS card is locked to one set of fare zones for the purpose of buying tickets. For example, your card might be set to zone A, or maybe zones ABC. You can only buy and spend tickets of that type. However, you can buy passes for any zones, but they are expensive and intended for long-term commuters.

A new paper card can be bought for any set of zones. e.g. If you want to travel from somewhere in zone A to somewhere in zone C, you buy a zone ABC fare ticket. A paper card cannot be reloaded after the initial purchase.

There is only tap-on, no tap-off. So if you board at zone A, there is no way for the transport system to electronically know if you exited in zone A, B, C, or D. This also means that an open payment supporting credit cards cannot deduct the correct fare amount. There are random fare inspections from human officers to ensure you hold a tapped card with the correct fare type at the location of the inspection.

In light of this entire setup, I can understand why an OPUS card is locked to one set of zones for tickets (which are counted down as you use them). If you tap your OPUS card at a reader in zone A but you own tickets of multiple zone types on the card, how does the reader know which ticket to deduct? Montreal has brought this problem on themselves by not having tap-off and also not using a money-based system.

To make matters worse, the fare vending machines at subway stations are inadequate. There are not enough of them, the menus are slow to navigate through, paying by cash or credit card may have additional frictions (e.g. cash rejected, no change, card payment failure). Thus there is often a queue to buy tickets, making the travel experience that much worse. (Meanwhile, I found Japan's ticket-vending machines to be top-notch - very clear instructions, fast machine response times, and excellent handling of cash.)

By comparison, Toronto has a different strategy and different problems on the PRESTO contactless fare card. The TTC has a flat fare and 2-hour free transfers within the system. GO transit has tap-on and tap-off for buses and trains. For a long time, there was no fare integration between transit agencies, so you had to pay separately on each system; this changed in Feb 2024 so that you pay more or less the maximum of what each agency on your trip charges rather than the sum of the components.

Japan's transit systems mostly use tap-on tap-off, even many buses, and charge by distance. (There are small exceptions like the Kyoto bus being flat fare.) Transit pricing and ticketing is almost an entirely solved problem for decades; the rest of the world can learn from them. (There are still small exceptions, like how travelling between two different IC card regions, like from Numazu to Tokyo, requires a paper ticket.)

As you can see, even if you live permanently in Montreal and own an OPUS card (e.g. zones AB), as soon as you need to make a trip outside (e.g. zones ABCD) your usual area, you need to interact with a ticket-vending machine and buy a paper card. Meanwhile, in Toronto or Japan, you hold one card and the transit systems deduct the correct amount of money based on the trip that you take. Heck, Toronto introduced open payments in 2023, so you don't even need to buy the transit card.

To peoples asking: "Why not just QR codes?" Again it's all about latency. QR codes take longer when you tap them at the gate: opening the app, waiting for the scanner to adjust, connecting to inet. While NFC handle these tasks almost instantly. A big difference in super busy places where queues are a nightmare.

Again, this problem wouldn't exist if we can optimize WFH methods. We don't need to solving "physical problems" from start to finish. Making, distributing, and recycling all those ticket papers.

No matter how advanced your transportation tech is, moving people long distances is still really costly. Sorry to "steer" this conversation into WFH and WFO topics.

In some places, like Oslo's metro, tram & bus systems, the solution is that there are no ticket barriers, you're trusted to have bought a ticket for your journey. There are occasional ticket checks with big fines for non-compliance.
>In some places, like Oslo's metro, tram & bus systems, the solution is that there are no ticket barriers, you're trusted to have bought a ticket for your journey.

Yes, in high trust societies, you can do things like this.

Today we have to lock deodorant and toothbrushes behind bars in our pharmacies so it's not looted. We are not the same.

I was watching a travel show about France and in Paris it seems tourists can get confused as to where their ticket is for. They can easily end up on a train in an area their ticket isn't for. You get a 100 Euro fine! And that's an honest mistake not trying to get away without buying a ticket.
Like a lot of rules, enforcement needs to be realistic, appropriate and not overly harsh. In Oslo at least, the obvious tourists tend to get let off with just buying a ticket, even though the ticket app makes it easy to buy the correct ticket. If you speak Norwegian they often look at your travel history to see if you’re a regular payer who just forgot.
100 Euros for a travel story you'll tell years into the future, and funding the tourism economy - win-win!
"We got fined for getting off the train at the wrong stop" is not much of a travel story though.
> "We got fined for getting off the train at the wrong stop" is not much of a travel story though.

I was on a plane recently and two people in the row behind me were having a lengthy moan about their respective travel experiences / disasters. They stopped escalating when one of them said "That's nothing, we were just coming in to land when the volcano started to erupt."

I was really tempted to stand up and pitch in with a line about landing in Tokyo when Godzilla chose that precise moment to attack, but the fasten-seatbelts sign had just lit up, so I didn't.

100 Euros per person. A group of 7 would be 700 and that is only one mishap, there could be multiple per day..
Pretty sure you wouldn't want to make two of those in succession. I mean, last time I had to pay a fine for not having The Correct Blessed Type Of Ticket, I did pay a lot of attention to the tickets I bought next. (Wasn't as expensive as in Paris, but still a palpable mistake.)
  • dnate
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
yet another reason not to visit Paris, win-win!
Yeah, that kinda sucks.

Last year I bought a friend a ticket from Avon (just south of Paris) to Charles de Gaulle. I rode along and we stopped for lunch in Paris.

He carried on to the airport, met mr. Ticket man, and got a €100 fine for taking the route printed on his ticket, but too slowly.

I can’t understand what they’re trying to incentivise by doing this to tourists.

Transport company gets some money and ticket man gets a share. There is no incentive for them to be human.
Most North American cities sadly don’t operate at the level of trust required for a system like that to work, as much as I agree it would be better for everyone.
Many cities in North America do. The key is the fine for not having a ticket is high enough that you are on average much better off having a ticket. Generally this works out to enough random inspections that the average person is checked once a month, and the fine for not having a ticket works out to the cost of a 3 month pass. The exact numbers are of course subject to debate, but the above should give any city a good starting place they can play with.

IMHO, if you have fare gates they need to be tied into a parent control system so that parents to limit where their kids are allowed to go alone. I've never seen the implemented and the details are important to get right.

  • exitb
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Where I live, I'd be far better off not buying the tickets. The fine is less than 2 months with a pass and I'm checked 2-3 times a year. Yet most of these checks don't find anyone without a ticket. Monthly ticket costs about 1.5% of average monthly income for that city, less than 4% of minimal wage. I'm quite convinced that reasonable pricing is the key.
That's probably a significant part of it. Also accessibility of the monthly passes. I used to live near a rail stop in Tempe/Phx area, and would use it when I had to go to the airport or to Downtown Phx as it was easier than dealing with parking. The ticket kiosks were a bit of a pain, but easy enough, widely available and not overly expensive.

I didn't use it that much, but did see ticket checks on one of the trips, nobody was without one.

  • ikety
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Now you have to collect those fines. Good luck with that. Only true frictionless solution is fully state funded.
san francisco operates at the level of IDGAF that allows people of all income to ride buses and trams without a ticket
The way you pay for those buses is also kinda ridiculous. You're supposed to know that it costs something like $1.75 and you're supposed to have the exact amount in cash, no change given. But maybe it changed since 2016.
Yes, and they have a nearly-$1 billion budget deficit.
>There are occasional ticket checks with big fines for non-compliance.

I'll likely mangle the explanation but this sort of policy does not fair well when there is a large divide between have/have-not and little/no social safety net.

If you are poverty level you will be forever stuck in this cycle: Ticket/fine, court, loss of income, etc. What might work is simply granting free access below a certain income threshold.

What many people do not realize is that one function of tickets is to prevent access to public transportation to people below a certain income threshold. If you do not, you have people using public transport as homeless shelter, urinate, smell badly, openly doing drugs, etc which leads to normal people stopping using public transport and then happily defunding it (as nobody reasonable uses it anymore - too dangerous and unpleasant).
Then make those activities against policy and have transit police.

The solution to bad behavior shouldn't involve cutting off poor people from basic services they need to improve their condition.

Those activities are mostly against policy already but current political environment makes it impossible to enforce nuisance laws. Ticket price is a reasonable alternative even if it hurts a few deserving poor people.
There should be a program for the poor for sure.

Also a program for free rides to places like abuse shelters (for all genders - battered women is sexist talk!), voting booths and others similar locations should be in place - if you are going to one of them the checker verifies that are on the direct route to such a place and gives you a ticket - once you get there they validate your ticket - while if you don't arrive they send the police looking for you (in the case of abuse not arriving is a sign of urgent trouble, in other cases the police can arrest you when they feel like it)

How does putting NFC in the tickets prevent this?
But there still needs to be some sort of validator that you need to use, doesn't it? I've been to two cities with a similar system where you're trusted, Helsinki and Berlin. In Helsinki there are validators that people tap some kind of multiple-trip card on. In Berlin there are very analog paper tickets that you have to put into a "Drucker" on the platform, it stamps it with the date, time, and station name.
It depends if the tickets are trip based or time based, for time based system you don't always need validator.

I have visited Prague in 2019 and their subway had no barriers, ticket machines were tucked somewhere in the corner so that I had to actively look around. Interestingly the metal poles where sticking out of the floor up to waist height with a spacing like that they used to have validators on them before.

Since I had a 3 day ticket and I validated it on the bus when going from the airport I didn't need a validator. Their trams and buses had validators in usual places, so subway probably has them too but not in an obvious place or the ticket machines already print ticket with time on it so you don't need to validate it.

Interesting! It's a good way to test how successful the city is with their education systems. We could try it out one day a year at least.

Differentiate nomal daily sales rates within the test day, observe the trend year by year. Sounds naive, would be lovely if it works.

There was a push for a gated system here, some years ago. The vendor tried to sell it on massive cost savings...and was publicly humiliated by a bunch of geeks with an Excel table. Turns out, installing and running the gates would, at best, bring parity with random ticket inspections+fines - while impeding passenger flow as a bonus.

It's not necessarily a matter of education: just the feeling of "not worth freeloading (at the price), I'm likely to get caught anyway" is sufficient.

Calgary's light rail is like this, at least to-date. I don't know if fare compliance is an issue, but security and homelessness is and that may add physical fare-only barriers in the near future
Seattle’s light rail also works this way: no ticket barriers and occasional ticket checks.
  • scoot
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
The UK rail network already supports QR codes, with the busiest station handling over 80M entries/exits per year.

Meanwhile, the integrated subway/overground/bus network in London supports direct payment with NFC smartphones, without the need for an intermediate "smart" paper ticket; the infrastructure for vending those; or the (not insignificant) cost of producing the tickets. Not sure what Montreal was thinking!

Even better, London doesn’t need NFC smartphones: if you have a chip bank card with a chip for tap payments, just tap that. For those of us with smart watches, they do the metro fast pay thing as well, so I literally just tap my watch without having to press anything or get anything out of my pocket. If my watch battery is dead, I can just a bank card.

The only advantage to having Oyster is if you’re travelling enough to justify a monthly pass (daily and weekly caps are respected on bank card taps), or longer.

I travel a lot across North America and EMEA, always glad to get home and deal with London’s transport network: it’s the only one that is really designed around, built for and feels invested in the passenger experience.

  • scoot
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Good point, the choices are: smartphone, smart watch, physical bank card (credit or debit), and pre-paid "Oyster" card (think pre-paid debit card specific to the London public transport network), and, yes, legacy paper mag-stripe tickets.
  • a-dub
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
NYC OMNY allows for direct payment from a debit/credit card via NFC at the turnstile. this has privacy issues but i think they're ameliorated if you use a smartphone.

i think you can buy a transit payment card if you need one.

no paper tickets. cool ephemera but pretty wasteful.

would be pretty cool if/when we see a day where provably private cryptocurrency microtransactions allow for both real privacy and the 7 day fare cap feature.

I like London’s version of this. You can just tap your credit card or phone at any station, and it will even stop charging you after you rack up £8 in payments over the course of a day. Just pretends you had bought a day pass in the first place.

Really leaves a good impression, knowing that they could have gouged you but chose not to.

Yes, super easy to use. And if you don't want to use a bankcard or phone you can buy a dedicated 'oyster' card and top it up as required. They all use the same card reader.
New York also does this, except weekly. https://omny.info/fares
Crypto isn't private as traceability is an inherent requirement for crypto to operate.

Anyway with OMNY.

You just buy a OMNY card and load it with cash if you want privacy. They are being slow to roll the vending machines for these out due to vendor issues but it's growing and they can't discontinue the MetroCard until they have all the vending machines in place.

  • a-dub
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
> Crypto isn't private as traceability is an inherent requirement for crypto to operate.

monero is a counterexample to this.

i wonder how many organizations that do payroll see a timestamp and location when you tap a credit card at an omny reader?

maybe it's fine and can be solved with regulation, but honestly it seems a little not great.

  • asah
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
1000s of people leaving a stadium faces the same latency: not a WFH/WFO issue
That latency is time stolen from the other people who are already on transit (or waiting in line to get on) who get there later. All this latency is the type of thing that makes people want to quit using transit and just get a car. (and then build more roads to deal with congestion - though road users often have more options to avoid this latency and overall generally go faster than transit despite the congestion - remember it is end to end trip time that matters not time to get through a bottleneck)
Not really a comparable thing versus the morning/evening rush every single weekday when forcing people in-office. It's the scale that makes it an issue, 1000s of people is nothing and more of an occasional spike.

See how London deals with toob stations for pride, for example, by closing and controlling some, exit only periods close to the event, open ticket gates, etc.

Haha, absolutely! Just to generalize, those thousands of people can also watch the match by streaming, right? It's all about remote versus physical activities.

We can't shift everything into remote mode. However, we don't need to hustle into physical mode every day either. Yeah, yin yang complexity, balancing everything out.

  • zuppy
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
i’m not a sports fan, but the feeling of being there can’t be compared to watching the event from home. this is not the part to optimize, in my opinion.
  • Delk
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I'm not sure that necessarily explains the need for single-use NFC tickets, though. There could be a more durable serial-use or permanent card with NFC that regular commuters could buy, and if those commuters are the vast majority of rush hour passengers, it might not be such a problem if single-use tickets had a slightly slower system.

Of course that'd mean having two recognition mechanisms, so the operator might opt for NFC and chips for single-use tickets anyway to make the system simpler. But somehow having single-use tickets with chips on them does seem wasteful to me.

We have those, with two recognition systems. The system the article describes is for the low count, disposable fares (a few tickets or a 3 day pass). Most people in Montreal have a chip card (the OPUS) which is reusable (and 5$ to buy).

The OPUS is also super interesting because it's a stored value card that holds the tokens on the card as opposed to a simple ID. The system was developed when cellular connectivity was still spotty, so they needed a card that would work on buses without internet access. It's pretty bad from a UX point of view though: you can only store a few different kind of fares, you can't recharge the card online (until recently you had to go to a terminal to do it, now there is a NFC phone app), you can't declare a card stolen, etc.

  • Delk
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Ok, that makes sense then. I know that systems with non-disposable cards exist, and we also have one in the Helsinki metro area. I think our present system assumes continuous connectivity, though. Now and then you see buses with the terminal in a non-functioning state. Ends up being a free ride. (You can also buy unlimited travel within a given zone for x days at a time, which is what those who use public transit daily usually get.)

I think most people nowadays use a phone app rather than the card, though. But we also don't have gates at stations, and it's more of a trust and ticket inspections system similarly to what someone said about Norway.

Japan has the Pasmo system which is weird in that it's actually more like a prepaid debit-style card that you can use not only on most public transit but also as a payment method at some shops etc. You can charge it using teller machines at stations. I can't remember the details, though.

But why are there disposable tickets at all? Even if you're just visiting, buy a transit card and use it, then get your deposit back when you leave (or keep it as a keepsake).

The idea that you still need single-use tickets for any use-case once you have a working transit card is just bonkers. You don't, stop making them.

  • Delk
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
Some people are passing through and only stay at a city overnight, or are just making a day trip, and getting a card and returning it for a deposit might be a hassle. You might be visiting multiple cities within a brief period, each with a different system and different card, and getting and returning a card at each sounds cumbersome. More or less the same if you occasionally visit different cities in your country or area but not often enough that you'd want to keep cards for a bunch of cities. A local might forget their card and need to make a single trip.

I can see lots of use cases for single-use tickets. All of them are technically possible to cover with a non-disposable card, of course, but that doesn't mean single-use isn't more convenient in some of them.

Nowadays phone apps might also be an option, but that can hardly be the only way of paying for public transit.

Can confirm that in Montreal there is a permanent version of this card (la carte OPUS) on which you can reload more tickets.

There are even semi permanent ones you can buy, which are good for say 1 day, 1 weekend, or contain 10 passes.

Taipei has single use NFC tokens that people can buy, but they are non-disposable. Instead, they are coin shaped, and are deposited in the ticket machine at the end of the trip so they can be re-used.
COOL
I would like to point out that there is an implicit assumption here that we actually need a ticket system for public transport.

The general concept is “the cost of the price”. Which is something to consider for public goods. If the prices would be zero, the cost of a ticket system would also be zero.

It's kind of silly how contentious this subject is.

The majority opinion is that we all pay for public works projects even if they don't benefit us, but for some reason, transit must be self-funded. It's odd, to say the least.

It makes sense if enough people with influence over lawmaking and government have a vested interest in benefiting from “free” infrastructure and some level of friction to use public transit. Add a pinch of “public transit is useless anyway, I have a chauffeur” and here you are.

It is completely counter-productive and damaging to the economy and the environment, but it is not that odd, unfortunately.

FWIW, even in places like Estonia, which has a free public transport (bus only?) system, the tickets are still sold/used/checked. Reportedly to get usage numbers and to cost-optimize the routes.

Each resident/citizen can buy a public transport card, then tie it to their Gov ID and then tap it everywhere. You could argue that this could be replaced by some vision tech but I guess this is simpler and has dual use (visitors can purchase the card and pay instead of using for free).

I can't see big technical limitations resulting in slow QRCode scanning. We manage to detect fast cars going 120mph to fine them, we can read fingerprints instantly through a screen. We can take pictures of galaxies light years away.

30 years ago you could kill ducks with the NES guns instantly and it worked by detecting pixels.

I'm sure we can figure out how to analyze black squares and turn them into a number under 50ms.

Lol, that's the joke.

QR Codes were invented by Denso (automaker own) / Toyota. For high speed assembly line processes. Lul.

In 1994, no less.

I don't think people realize how limited the hardware was at the time.

They think because their phone is slow at scanning QR codes, that's how it must be. But the phone is not a dedicated device for QRCode scanning.

It's like someone saying they get blurry pics of cars on the highway so clearly speed limits are not possible to check automatically.

Touch x against y versus line this weird printed shape up at just the right angle in good lighting conditions. I feel like NFC is much easier to tell older folks how to use as well.

I'm all for the "we have technology why tf don't we use it, why aren't we better at it" argument, but the truth is that a lot of tech/systems in transport & other areas are retro af and new stuff gets shoe-horned in with all the caveats of a shoe-horning in.

Stuff doesn't get upgraded often, because it's expensive, because all of us vote for politicians that grant expensive/overpriced gov contracts putting money into them and their mates' back pockets. We'd be able to refresh public use tech all the time if it was non or low profit, never gonna happen tho.

Look at how much it cost Wales to change 30mph signs to 20mph: 34m£! And that's just for a few small areas, not everywhere they wanted to do. How in the f u c k, do you spend 34m taking down and putting up some signs? Those are ludicrous prices & all of us just completely ignore it bc we're too busy arguing about skin colour, which sex the person I sleep with is, or trans people being in the bathroom they want to be in, etc. Honestly.

> weird printed shape up at just the right angle in good lighting conditions

None of that matter. QR code can be read on any angle because of the 3 position detection patterns it comes with, by design.

Lighting conditions are not a problem on tickets (which is what the article is about) because you can illuminate the paper from the camera.

QRCode were fast on assembly lines two decades ago. They were invented in the nineties, at a time where we had slow processors and shitty cameras.

Actually, they do matter.

Assembly lines give you GREAT control over where the code is located, how it's lit (consistently), and what you do on read error (can't shunt off the passenger to a read error bin, so they don't hold up the line). Rotational angle doesn't matter, perspective skew does. And then - it's a leaf of paper, so you get folds and obscured parts (yes, correctable...up to a point).

Assembly lines are dirty, full of parasites and with broken lights all the time.

We can create live deep fakes or detect complex objects in live feeds of random webcams.

We certainly can correct a few shadows and distortions on a flat piece of paper we formatted, showing a basic symbol we designed and printed, pushed against a sensor we control, on a device we can light and shape the way we want.

NFC fails as well, you can fold the ticket just and it will break the antena.

Of course if it's a reusable ticket on a rigid medium, it won't happen. But neither for QRCode.

You speak about reader sourced illumination but there's a reason that phone screens go to full brightness when trying to scan a digital barcode.
The Stockholm Metro and public transport uses QRs, but on phones, and it's awful. The huge variance in people's shitty broken, dim phones make it take 3-4 tries sometimes. Infuriating! The scanners themselves are brilliant though, but nobody wants to stand in line for some printer machine and need to carry a flimsy bit of paper around.
The article talks about tickets with chips in it, which means you could provide the same ticket with qr code, only cheaper and less polluting.

No variance.

People can then use nfc with their phone, which doesn't have the pollution problem.

When I was there they also had NFC readers you can tap your credit card or phone on.
Why would a QR code require Internet, or an app? You could just print it on paper and track the corresponding balance on the server side. To my understanding this is what most transit networks do anyways, to prevent an enterprising user from modifying their balance on the card itself.

(The optical scanning argument makes sense, however.)

Even for single-use tickets, the turnstiles on the entire system need to somehow know that you've used your QR code the moment you did it. This requires them all to be connected to some sort of central server. There's a reason why single-use tickets either somehow store the validation mark on the ticket itself (NFC, magnetic stripe, paper that you have to stamp) or get taken away from you (tokens).

> To my understanding this is what most transit networks do anyways, to prevent an enterprising user from modifying their balance on the card itself.

On those on which this was attempted that I know of, this synchronization is far from instant. I was wrong in my other comment, in St Petersburg metro it only takes two hours for a dumped and restored card to be blocked, but you can apparently do this indefinitely on buses and trams because they aren't (weren't?) networked: https://web.archive.org/web/20170323213524/https://habrahabr...

Internet is how you get from the client side to the server side. Maybe not internet but some-kind-of-net, and that has latency, failures etc.

Maybe that's not clear: the turnstile needs to connect to a server to check the QR. Need to only have one server, so some turnstiles will be relatively far from it. Latency.

> Maybe that's not clear: the turnstile needs to connect to a server to check the QR. Need to only have one server, so some turnstiles will be relatively far from it. Latency.

Sure, but is this a serious design pressure? I've been on a lot of EU train and trolley networks that have a POS terminal on the train for direct sales, which are already doing networking both for the card transaction and to issue the ticket.

(Again to be clear: I'm not saying a QR is better. But I don't think connectivity is a unique problem, since systems that use NFC without tying into payment cards are almost certainly using connectivity to make up for the lack of tamper resistance.)

I ran into this in France, where the ticket station used QR codes & NFC. The QR code readers are scratched up meaning printed copies without backlight didn’t work. And iPhone opens Apple wallet when you bring it near a NFC reader, hiding the QR code on your screen.
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
My favorite household NFC usage? NFC alarm clock.

Makes me get out of bed and tap my phone on a specific NFC tag placed somewhere around the house, in order to turn off the alarm. Then, I may as well wake up, since I'm already out of bed : )

It's a nice companion to help perform 'habit stacking' as Atomic Habits calls it. Want to do pushups right after waking up? Place an NFC card under your workout mat, so you're forced to the mat first thing in the morning.

NFC Alarm Clock https://play.google.com/store/apps/details?id=com.nfcalarmcl... is a really great and simple Android alarm. Share if anyone has a good iOS recommendation.

I use "alarm clock xtreme" on Android that is similar; it has math and "type these random characters" puzzle as well as snooze detection so you hit "I'm awake" but also includes snoozing/stopping via number of steps detected or by scanning a barcode etc. Definitely recommend it.

But even so, I wish it would force me to key in the current time to disable, that way my sleepy brain would better understand "it's time to wake up now, because it is x time".

> Makes me get out of bed and tap my phone on a specific NFC tag placed somewhere around the house, in order to turn off the alarm.

Neat, but is there an advantage between this and "Place the alarm clock further from the bed"?

Not a huge advantage, but I'd say mostly range and flexibility. You may want to put the tag farther away than you could hear an alarm clock, if you want to go to another room. And you could customize the alarm so you're guided towards a different tag every day of the week, without needing multiple (or any) alarm clocks.
> You may want to put the tag farther away than you could hear an alarm clock, if you want to go to another room.

cries in studio apartment

The noise maker (alarm) is still close to him.
Fair. My mother used to put one of those old rattling alarm clocks with two bells on top into a metallic dish and placed that combo at the other end of the room. Similar concept.
  • exe34
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
I have one set up with guest WiFi credentials, and somehow it's still a novelty to my friends when they visit for the first time!
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
[flagged]
Yeah, I read it's cheap, like, really cheap... But I refuse to believe this is cheaper and simpler than a piece of paper with a barcode, why add complexity to something that has to be discarded after like, 1 minute?
The user experience seems superior with an NFC chip like this. It’s easier and more reliable for the user to tap a card than scan a bar code. It’s also probably cheaper and simpler for the subway system to use a NFC reader for everything since they already need to read NFC for their non-disposable tickets or tap-to-pay. And as a user it seems nice knowing that no matter your type of ticket you tap them all the same way.
FTA:

> It's remarkable that these NFC chips can be manufactured so cheaply that they are disposable

In our times, where we slowly understand that we have problems of resources and waste, I find it very disturbing that "disposable" is considered a positive achievement by the author.

These are so tiny that throwing them away is a drop in the bucket in terms of waste. It's less waste than your morning coffee produces.
Except coffee is biologically degradable and functions as a fertilizer. These chips are just dispersing sand grain dust everywhere.
[dead]
  • kens
  • ·
  • 3 weeks ago
  • ·
  • [ - ]
No, I do not consider "disposable" to be a positive achievement. I consider it to be surprising and worthy of attention that NFC chips are so cheap that they are disposable.