Jump to content

Wikipedia:Reference desk/Archives/Computing/2015 January 18

From Wikipedia, the free encyclopedia
Computing desk
< January 17 << Dec | January | Feb >> Current desk >
Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


January 18

[edit]

the new chrome tries to reinterpret searches starting with the keyword "Google"

[edit]

say I want to search "google trends" I can't just type those two words into the url bar in Chrome anymore, because after I type the space after 'Google' it decides to change into a different UI. It switches to show, "yeah, you're googling for:" and then lets you continue to type. What do I type after space (such as a backspace, or escape or whatever) to have it change back to being a two-word search of which the first word is google and I've just followed it by a space? --89.133.6.76 (talk) 14:51, 18 January 2015 (UTC)[reply]

Might be a setting or your version of Chrome? My version of Chrome doesn't do that. If I type "Google trends" (no quotes), it searches for those two words. Not just "trends" in some new OI. Dismas|(talk) 16:00, 18 January 2015 (UTC)[reply]
Go to "Manage search engines" in the settings and change the keyword for Google searches to something other than "google". -- BenRG (talk) 21:46, 18 January 2015 (UTC)[reply]

Online and contactless payments security

[edit]

Are NFC, Bluetooth and wifi all secure ways of making online or contactless payments? 194.66.246.73 (talk) 16:13, 18 January 2015 (UTC)[reply]

They are connection methods: you still need an application to make the transfer. And security is determined by implementation. Any of those connections can be configured at various levels of security. --  Gadget850 talk 17:53, 18 January 2015 (UTC)[reply]
The above is correct, however it doesn't really answer what the OP is probably meaning to ask. The "security" indeed does not come from the NFC, Bluetooth or wifi part, however, financial institutions offer facilities that utilize those technologies, so are those services secure? That question is STILL very ambiguous, what do you mean by "are they secure"? I work in IT for a financial institution that offers these kinds of services, (to be clear I do not actually work with such services) but this is the question I would ask: if your financial institution trusts the services they offer enough to guarantee them against fraud or theft (by making you not liable for any transactions you did not initiate or authorize) then they're secure enough for you to use without worrying about it. As far as I'm aware, every institution that calls it self a bank offers such a guarantee for using its services. Vespine (talk) 21:57, 19 January 2015 (UTC)[reply]
Having said that, don't let me give you the impression that there are no steps you should be taking to ensure your safety online. There ARE scams and frauds online that will try to take advantage of you, regardless of what technology you are using. One of the main things to be careful of is which links you click, don't believe ANY emails that ask you to click links, especially if they're from any financial institution. For example if you get an email from paypal or your bank saying "for your security click this link to reset your password" or something like that, do not click anything, it is most likely a scam, financial institutions will never send you an email like this. Delete the email and in a new internet browser window navigate to paypal or your bank website, log in and check if there's any messages there, or contact them directly. If this is something you are asking out of personal interest for your own security, I would direct you to read some of the very good websites with information on how to be more secure with internet and electronic shopping and banking. Vespine (talk) 22:11, 19 January 2015 (UTC)[reply]
In the UK there are concerns about cards being read (and contactless charges being made or identities being stolen) by people with portable card readers jostling against others in crowds (e.g. tube trains during rush hour). As you will see from our article on the subject banks will accept liability for fraudulent transactions, but they "are not liable for the identity theft that the RFID card can encourage". Similarly, contactless cards may be read by legitimate contactless readers if they are too close, and charges made; this happened to me shortly after I was issued with my first contactless card (last year), and it was only luck that I spotted it in a bank statement a few days later. I now keep my card in a metal-lined wallet; the metal acts as a Faraday Cage, and so prevents unauthorised charges. RomanSpa (talk) 23:44, 19 January 2015 (UTC)[reply]
how much did you pay for your metal lined wallet? Don't take this personally but I think if you really weighed up the risks, a faraday wallet is really unnecessary. I'm not aware of a single case of legitimate identity theft having occurred by wireless harvest of bank issued credit cards. The concern arises more from NFC cards which might have unencrypted information, such as corporate ID or institutional membership cards. All credit cards are strong encrypted using the same kind of security which is used for internet banking, so far it has never been cracked. My corporate access card is actually also a visa card and employs the same encryption, trust me if that was cracked, your identity would be the last thing being stolen. Vespine (talk) 03:52, 20 January 2015 (UTC)[reply]
Faraday cage wallets are bogus, junk science. Anyone who knows how near-field communication works could tell you that - heck, the whole point of "near field" is that the wave does not need or want to propagate. Sadly, until a pop-sci show like Mythbusters sets out to debunk the myth, the collective consciousness probably won't be swayed.
The amazing thing is, the owner of a faraday cage wallet can easily disprove the concept. Leave the card in the wallet. Try to use it at a contactless payment point-of-sale unit. If the transaction succeeds... the wallet is over-priced junk!
Nimur (talk) 04:30, 20 January 2015 (UTC)[reply]
Some additional details: I paid nothing for the "wallet". I described it as a "wallet" for simplicity; in fact it is a solid metal box (originally designed for carrying miniature chess pieces) which closes tightly and is almost exactly the right size for credit cards. The unauthorised charge that I incurred was from a London Transport Oyster card reader. I have checked that when the card is in the "wallet" it cannot be read by such readers - it can't. I have also made one check that when in the case the card cannot be read by a contactless point-of-sale unit (at a large supermarket) - it couldn't. However, although I have made several checks of Oyster card readers I have only made one check of a contactless point-of-sale reader; this is, on reflection, not enough. I'm planning to go shopping later, so will run some further checks and report back. RomanSpa (talk) 10:22, 20 January 2015 (UTC)[reply]
Please do report back! I normally trust Nimur on physics concepts, but I also trust empirical research :) My brief googling shows many people saying a faraday cage does NFC, and many contrary points of view. Nimur, I think I understand your point about evanescent waves not propagating, but surely something wave must carry a signal between the sender and receiver, no? And surely (a specific, appropriately designed) Faraday cage could stop all signals using a range of wavelengths? Of course there are also many related but different standards, and so each will behave a little differently. E.g. Contactless_smart_card, smart card, NFC. Actually, from the phrasing of our articles it's not even clear to me if it's correct to say that contactless smart cards use a type of NFC :-/ SemanticMantis (talk) 16:58, 20 January 2015 (UTC)[reply]
I'm now back from my shopping. Here are my results: I tried the card at the contactless point-of-sale reader in each of the several stores I shopped at. In no case could the card be read while it was inside its metal container. It can be read when removed from the metal "wallet" (i.e. the chess-piece holder), and functions normally for contactless payments. I'm grateful to Nimur for his helpful suggestion that I perform some experiments, and relieved that I don't appear to be the owner of "over-priced junk" (though it cost me nothing anyway!). I'm intrigued by Nimur's suggestion that a Faraday cage doesn't block near-field communication, though, and would like to ask what his concerns were. My own reasoning is that a closed metal container is capable of blocking the photons of an electromagnetic field over a fairly wide range of frequencies, and since even evanescent waves must transfer their information using photons the container should have a protective effect. It seems to me that Nimur suggests otherwise; I'd be interested to learn more about his claim. Thanks. RomanSpa (talk) 17:21, 20 January 2015 (UTC)[reply]
If I had to bet money, I'd say the metallized material works as a dielectric attenuator, not a faraday cage; but without a lot of time and test equipment, I wouldn't be able to prove it either way. Maybe on my next free weekend, I'll buy one of these toys and do some original research... and perhaps I am totally mistaken - while that's unlikely, I'll admit it is a possibility! Nimur (talk) 18:48, 20 January 2015 (UTC)[reply]
Um, I'm pretty sure that it's solid metal, not "metallized material", and it's not a dielectric. RomanSpa (talk) 01:13, 21 January 2015 (UTC)[reply]
Dielectric losses can occur even in an electrical conductor. It's one of the ways the signal can be "blocked." Conservation of energy tells us that the radio signal can't just disappear! If we want to know where the signal is going, we need to measure it! If the metal is acting as a Faraday cage, you should measure signal across the wallet (and on the opposite side). If it's acting as an attenuator, you won't - the energy will be thermalized. Either way, it looks like I have to rescind my earlier skepticism in deference to experiment. If you're willing to conduct more experiments, you can try the card outside the wallet, on the wrong side of the wallet from the card-reader... if it's a Faraday cage, that transaction will go through! Nimur (talk) 05:32, 21 January 2015 (UTC)[reply]
I'll report back later. RomanSpa (talk) 12:47, 21 January 2015 (UTC)[reply]
[Later]: I only needed to visit one shop, and, annoyingly, they didn't have a contactless point-of-sale reader. I'm not expecting to go anywhere near a contactless reader tomorrow, but will report further on Friday. RomanSpa (talk) 19:05, 21 January 2015 (UTC)[reply]
So, I happened to go over to the anechoic chamber yesterday, and in between short bursts of microwave radiation, I managed to ask some RF guys what they thought about the subject. I have to say, we ended up with more questions than answers.
First, I need to rescind (or at least qualify) a specific factual statement. "Near field communication" does not necessarily use an evanescent wave - that depends on the implementation. Most commercial contactless payment systems today are "near field" in name only - because they work when you are "near" the point-of-sale system. The actual signal is usually a low amplitude UHF or microwave - say, 1 or 2 gigahertz - and the transmit antenna is intentionally very high-impedance (i.e. it is not matched to 377 ohms or whatever model of free space people use nowadays). The signal only flows - ergo, power is transmitted - when an impedance-matched loop antenna - your card - is present and inductively coupled. Among the wires that got crossed in my mental model, I was thinking of inductive charging systems, which operate similarly, but at much lower frequency - longer wavelengths - more on that in a moment.
Next point: the antennas are inductively coupled loop antennas. They pick up the magnetic field... while Faraday cages block electric fields - at least in all the textbooks! So a Faraday cage should not block the signal here.
Next point - a Faraday cage works if it is an enclosure (Gaussian pillbox). User:RomanSpa's metal box is perfect! It totally surrounds the card. But a wallet might not be - the induced current loops won't completely surround the card. Furthermore, and this is again a point where my mental model needed correction - the textbook answer is that a Faraday cage mesh spacing must be much much smaller than the wavelength in question. Therefore, a wire mesh is suitable for blocking centimeter waves that you'd see from a UHF NFC reader. This was a chance for me to trip up my RF expert: those who know me recall that I used to work on very low frequency radios: so when I talk about wavelengths that are much much longer than a mesh, I mean kilometer waves! We ran some math, and I'm pretty sure that the mesh will not block a wavelength if the wave is too low-frequency. In other words, the Faraday-cage itself is a tuned antenna, and only blocks a certain frequency range. On top of this, if you're carrying a wallet in your pocket, the cage isn't grounded - the implications of this were not clear to either me or the experts I consulted - but we had a funny feeling that it was important.
Finally, I ran some experiments myself: I wrapped up my NFC system in some aluminum foil from my colleague's burrito, and tried out a few permutations. When totally wrapped in foil, the card did not scan. When totally occluded by foil, the card did not scan. ... When aluminum foil was near the card reader, but not touching or blocking the path to the card, the card did not scan.
Per my earlier bet, I've already lost money on this ... but if I were to double down, I'd wager that we're dealing with a software squelch circuit. From one point of view, the wallet "works" - at least, if it's made out of discarded burrito-foil. From another point of view, I do not yet have a consistent theory of how the wallet "stops" the signal - so I can't trust that it does so in a secure fashion - again, knowing that I'm coming at this from a tin-foil-hat-wearing, aluminized-wallet-wielding SIGINT perspective. The bi-directional link might actually be established; the return signal from your card might still be detectable - so it might not be secure - but the machine magically knows not to scan in those conditions. We'd need an RF probe, and a lot of time; but I had to get back to my regular work demodulating signals at much higher frequencies.
Thus far, I have not found any great references about NFC signal integrity or shielding, but I did have to pull out Griffiths' E&M textbook to review my elementary physics.
So, I don't have answers: only more questions. Carry on sciencing!
Nimur (talk) 16:02, 22 January 2015 (UTC)[reply]
Thanks! I would still like to work some of this out from first principles. I think your point about real-world lack of handshaking being very different from theoretical isolation is very apt. I think I'll ponder this a bit and open a new thread in a few days. SemanticMantis (talk) 17:33, 22 January 2015 (UTC)[reply]
I did some more experiments today, both with Oyster card and bank card. I replicated my earlier results that the metal case prevents the card working, even when placed directly on the reader. I also tried the experiment of placing the metal case between the card and the reader. In no cases did the card register with the reader, even when the three were literally stacked together and touching. At first sight this seems to suggest that this may be a simple screening effect, but there is an additional point: to be read, the card must be very close (of the order of a millimetre, it seems) to the reader, but the metal case I am using is several times this thickness, so I don't think we yet have definitive proof one way or the other. I await other people's comments on this experiment. As a side note, I'll observe that I'm having to buy a large number of items that I wouldn't otherwise buy, so this experiment is providing a small boost to the economy. It is also providing a small boost to my waistline, as without this experiment I certainly wouldn't have bought the cupcakes I did today. (They were delicious, in case you're wondering!) RomanSpa (talk) 00:18, 24 January 2015 (UTC)[reply]