The technology was developed by Cubic Transportation Systems and similar cards are in use all over the world.  The idea is when you get onto a bus or a train or anything, you touch your Go card to the sensor.  When you get off, you touch it again and the appropriate amount of money gets debited from your card balance.  Presuming it works, it’s a sensible system in my opinion.

Despite catching a bus to (not from) work nearly every working day, I had originally avoided the new system for a few reasons.  The main one was that it provided no financial benefit to me.  There’s a refundable deposit that’s payable when you buy a card, and the cost of an individual one-way ticket was the same whether you used the card or paid cash on the bus.  Discounts only came when you used it more than 6 times in a week.  I very, very rarely travel by bus more than half a dozen times a week.  In early August however, the fares will come down for the Go card only.  This makes it more attractive, so I went to purchase one.

The TransLink website provides an online web ticketing service that lets you purchase a card online.  Presumably they send it out to you but I didn’t get that far because frankly, I was too scared.  Let me show you.

After a couple of short screens asking you about the type of card you want, you come across this screen (click to enlarge):

Notice the “Billing Account Question” at the bottom.  There’s no more information on what this is for, but I presume it’s some kind of verification question you have to answer in order to make payments or maybe changes to your billing details.  The default question is, “What is my name?”.  That’s probably the worst security question I’ve ever heard! Ok, I’m generous, so I’ll give them the benefit of the doubt here and assume that this isn’t used for anything important.  You can change it anyway, and if you’re sensible, you probably will.

Let’s look at the next screen:

The first thing I noticed was that there was another “Cardholder Question”.  Is this different from the other one?  Again, there’s no help available to tell you what it’s for.  At least the question is slightly more difficult to guess this time.  I wasn’t terribly concerned at this point, so I continued.

Here’s the next screen:

Now I’m quite concerned.  Firstly, it appears that despite this being a Queensland Government website, I’m suddenly being charged in pounds.  On one of the first screens, I was told that the charge was $5 so I could probably assume that they just got the currency symbol wrong, but this is a big deal.  What if I am going to end up paying the equivalent of just over $10? I had a look at the address bar to make sure I was still in the right place, and yes, it’s an Australian domain.  I’m growing more and more reluctant to sign up to this thing.  Of course by this stage, I’ve already given them my credit card details, and who knows whether they’ve been stored.

So next, I clicked on the terms and conditions link at the bottom of the page.  Here’s what the pop-up window said:

So that’s it.  I’m done.  No way I’m going to buy online using a credit card from a site with that many problems. The other thing that the terms and conditions error showed me was that they appear to be using Lotus-Domino version 4.6.7a.  The current stable version is version 8.  And does that “a” indicate an alpha version?  The Wikipedia page on Lotus Domino doesn’t even recognise the software before version 5, and the page on Lotus Notes suggests that version 4.6.7 was released sometime prior to 1999.  I’d hate to think what kind of exploits could be carried out on that server.  Colour me scared.

Now, I’m sure I could have continued on my merry way, bought the card, and everything would have worked out fine, but I wasn’t convinced that the transaction would work or even that my information was safe.  SSL or no, the currency problems and the information gathered from that error page just scare me too much.

To be honest, I’m not sure I’m comfortable buying the card at all any more.  The cards have to be registered, so I assume I have to give them some kind of personal information.  With web software that old, I simply can’t trust that it’s safe.

I certainly hope they sort all this out soon if they plan to decommission their other ticketing options.

Damo

Via Gizmodo Australia, I discovered an article on the Sydney Morning Herald website with a fairly critical analysis of this government campaign.
The advertisements are costing about $22 million, and are part of a $189 million NetAlert program designed to “save our children”. The SMH claims that this money is being spent to “whip up fear about the largely non-existent threat of online sexual predators”. When you read on, you can see that their criticism is legitimate.

Here are some anomalies with the campaign as reported by SMH:

• The number of people who have been charged and convicted for approaching minors online with a view to paedophilia (called grooming) in the last two years in NSW is one. Yes, one person in two years.
• The ads claim that more than half of Australian children have been contacted by a “stranger” online. It appears that the definition of “stranger” includes friends of friends. So if you’re a child, and a friend from school introduces you to a friend of theirs, then you contribute to this statistic.
• If the previous point wasn’t bad enough, it seems that contact from a “stranger” also refers to unsolicited email; i.e. spam. Yes, that’s right, more than half of Australia children have received spam; a statistic that has nothing to do with paedophilia at all, and frankly seems a bit low to me.
• Only 8 percent of children even mentioned the possibility of talking to “bad people” when asked about concerns with the Internet. Their major concerns appeared to be popup ads and speed issues.

In the Sydney Morning Herald article, there’s almost no mention of misleading statistics regarding pornography or inappropriate content. That’s fair enough; the research that this campaign is based on shows that more than half of Australian children have done something online that their parents wouldn’t approve of. But what about offline? What do you think the response would have been if the same children had been asked whether they had done something in real life that their parents wouldn’t approve of? And what constitutes these acts that parents “wouldn’t approve of”? I can imagine that talking to friends after 11pm might fit that description, as would playing games when they were supposed to be studying.

Now, don’t get me wrong, I acknowledge that material on the Internet that is inappropriate for children is far too easy to find. There should be technologies and mechanisms available to allow parents to monitor and restrict their child’s access to such content. And that is what the government has tried to do with their free Internet filter. The one that was cracked in 30 minutes by a kid in grade 10 at school. As an IT guy, I can appreciate that it is a very hard problem, but with $189 million dollars to spend and the ability to write legislation, you’d think a reasonable solution might be forthcoming. At least one that would last longer than half an hour. Why not require that ISPs implement a filter at their end that can be turned on and off by the account holder? The filter can’t be cracked by your 15 year old if he can’t see it.

I appreciate that the government is taking the danger of the Internet seriously, really I do. But using misleading and essentially false statistics to implant fear into the minds of parents is a horrible solution.

Some parents go seriously overboard when it comes to “protecting” their children. I know parents who have prevented their child from seeing their friends outside school hours for more than a year because the child skipped school one day. I know parents who have forbidden their 16 year-old daughter from watching the Austin Powers movie because it had a character called “Alotta Fagina”. What would be the response of parents like this if they saw an ad suggesting that over half of Australian children have been approached by a paedophile online? I have little doubt that the children would be prevented from accessing the Internet at all, or at the very least, restricted to Internet usage with a parent sitting next to them. Maybe the latter is not so bad, but God forbid if the kid accidentally stumbled upon a search result that contained inappropriate material.