What type of end-to-end security is used? Can I tap into the Ethernet coming out of the reader and get all the reads?
We use SSL connections between all system components (including readers). As such, it is not possible to tap the Ethernet connection coming out of a reader to learn what tags a reader reads. Do some readers use WiFi? If so, what additional information about me is leaked over WiFi? Hypothesis: If I have tags, you can identify me from the number of tags and how they respond, even if you can’t see the IDs. Yes, some readers use WiFi to make the connection to the rest of the RFID Ecosystem. The reader generates one packet per tag per antenna per second when a tag is sighted within the reader’s range – so indeed there is probably some information leaked. This said, it is unlikely that the number of tags carried by a person is enough to positively identify that person, two main reasons are: 1) Most people carry either exactly 2 or exactly 3 tags and there are more than 60 people carrying tags. So there is some degree of K-anonymization for the common user. 2) The tags are pretty unreliable a