New FDW work permit card - what's the point?

[1fast1]

Someone please tell me what the point of this exercise is? 

The employer's address will no longer be printed on the card. Great for privacy, right? 

Wrong. The free app still allows pretty much anyone to scan the QR code and display all the details on their phone.

So how exactly does this protect the employer from, say, harassment by loan sharks whom the FDW owes money to? 

In fact, not displaying the employer's address on the card has the downside of discouraging good samaritans from directly returning the card to employers if it's convenient for them. Especially if they're not tech savvy enough to scan in the code.

I simply don't get it. Maybe I'm missing something.

[Ody_2004]

9 hours ago, Turboflat4 said:

 

Wrong. The free app still allows pretty much anyone to scan the QR code and display all the details on their phone.

So how exactly does this protect the employer from, say, harassment by loan sharks whom the FDW owes money to? 

 

Just guessing.. when someone scan the QR code.. the govt will know which mobile phone scan it.. so this is a added layer of traceability. 

so in a way is better than printing on the ID itself when anyone can see and do harassment without a trace..

[1fast1]

2 hours ago, Ody_2004 said:

Just guessing.. when someone scan the QR code.. the govt will know which mobile phone scan it.. so this is a added layer of traceability. 

so in a way is better than printing on the ID itself when anyone can see and do harassment without a trace..

I thought about this, actually. 

Firstly, I don't think such detailed logging has even been considered by the gahmen. I doubt the application has the capability to do all this. 

Secondly, it is possible to defeat snooping like this. You can completely hide your IP with a VPN. I doubt applications can get access to device info like your IMEI. What's even more interesting is that it's apparently possible to change your IMEI without even needing to root your Android device. A network MAC address can be spoofed. So getting software identifiers like IP address and hardware identifiers like IMEI and MAC can all be thwarted. 

And, ultimately, I think you can simply run the apk on an emulator like Bluestacks on PC and find a way to scan the barcode into that environment. A PC environment is much more malleable for hacking than even a rooted mobile device. You can just sandbox the whole session into a virtual machine, chain VPNs, whatever. Almost impenetrable. 

That's why security is such a hard problem, hard enough for much brighter minds than fester in our lead-in-the-ass Sinkie civil service. It's not just about fending off casual dilettantes, it's about defeating a sufficiently determined and knowledgeable attacker. And we have proven woefully inadequate so far in meeting cybersecurity challenges. It's all wayang.

 

 

[Ody_2004]

2 minutes ago, Turboflat4 said:

I thought about this, actually. 

Firstly, I don't think such detailed logging has even been considered by the gahmen. I doubt the application has the capability to do all this. 

Secondly, it is possible to defeat snooping like this. You can completely hide your IP with a VPN. I doubt applications can get access to device info like your IMEI. What's even more interesting is that it's apparently possible to change your IMEI without even needing to root your Android device. A network MAC address can be spoofed. So getting software identifiers like IP address and hardware identifiers like IMEI and MAC can all be thwarted. 

And, ultimately, I think you can simply run the apk on an emulator like Bluestacks on PC and find a way to scan the barcode into that environment. A PC environment is much more malleable for hacking than even a rooted mobile device. You can just sandbox the whole session into a virtual machine, chain VPNs, whatever. Almost impenetrable. 

That's why security is such a hard problem, hard enough for much brighter minds than fester in our lead-in-the-ass Sinkie civil service. It's not just about fending off casual dilettantes, it's about defeating a sufficiently determined and knowledgeable attacker. And we have proven woefully inadequate so far in meeting cybersecurity challenges. It's all wayang.

 

 

Agreed.. maybe those small time criminal lah.. whahahahahahaha..

what you shared is very true for high level crime.. small ah seng ah beng criminal i doubt will be so savvy.. but we never know..

[Sosaria]

1 hour ago, Turboflat4 said:

I thought about this, actually. 

Firstly, I don't think such detailed logging has even been considered by the gahmen. I doubt the application has the capability to do all this. 

Secondly, it is possible to defeat snooping like this. You can completely hide your IP with a VPN. I doubt applications can get access to device info like your IMEI. What's even more interesting is that it's apparently possible to change your IMEI without even needing to root your Android device. A network MAC address can be spoofed. So getting software identifiers like IP address and hardware identifiers like IMEI and MAC can all be thwarted. 

And, ultimately, I think you can simply run the apk on an emulator like Bluestacks on PC and find a way to scan the barcode into that environment. A PC environment is much more malleable for hacking than even a rooted mobile device. You can just sandbox the whole session into a virtual machine, chain VPNs, whatever. Almost impenetrable. 

That's why security is such a hard problem, hard enough for much brighter minds than fester in our lead-in-the-ass Sinkie civil service. It's not just about fending off casual dilettantes, it's about defeating a sufficiently determined and knowledgeable attacker. And we have proven woefully inadequate so far in meeting cybersecurity challenges. It's all wayang.

 

 

I think they just want to make it more difficult to get hold of employer's address, that's all. It's super easy if it's printed on the card, that's for sure. And someone can look over the maid's shoulder when she's using the card, etc. With QR code, it adds a few more steps and prevents simple snooping.

The SGWorkpass app is already in existence for FWs, so extending to FDWs just adds more users / utilization without further investment. Makes the developer look good, yeah?  If nobody want to download and use, like the SGSecure app previously, until have to be forced ..... a bit more sia-sway.

[1fast1]

15 minutes ago, Sosaria said:

I think they just want to make it more difficult to get hold of employer's address, that's all. It's super easy if it's printed on the card, that's for sure. And someone can look over the maid's shoulder when she's using the card, etc. With QR code, it adds a few more steps and prevents simple snooping.

The SGWorkpass app is already in existence for FWs, so extending to FDWs just adds more users / utilization without further investment. Makes the developer look good, yeah?  If nobody want to download and use, like the SGSecure app previously, until have to be forced ..... a bit more sia-sway.

First para: what would random snoopers care to do with an address they spot over the FDW's shoulder? No biggie right? It's the ones who are really up to something that we need to worry about, and a freely available app usable on pretty much any device that most people have access to in their pockets at all times is not anywhere near enough protection. 

Second para: I agree with your assessment that this is a feel-good, look-good exercise for them. 😁

[Philipkee]

15 minutes ago, Turboflat4 said:

First para: what would random snoopers care to do with an address they spot over the FDW's shoulder? No biggie right? 

Must ask @Jamesc.  He's always performing massages on people like them. He might have a better idea. 

Edited August 23, 2020 by Philipkee

[Sosaria]

4 hours ago, Turboflat4 said:

First para: what would random snoopers care to do with an address they spot over the FDW's shoulder? No biggie right? It's the ones who are really up to something that we need to worry about, and a freely available app usable on pretty much any device that most people have access to in their pockets at all times is not anywhere near enough protection. 

If it's a very chio and busty maid, want to find out where she works ?  Working address would be useful

[Ody_2004]

36 minutes ago, Sosaria said:

If it's a very chio and busty maid, want to find out where she works ?  Working address would be useful

Err.. in their normal working attire how busty i think u won't be keen lah! 😂

They look best at Lucky Plaza with their tank top! whahahahahhaha.. remember hoh now got control not every Sunday they can and u can be there! 😂

[Jamesc]

5 hours ago, Philipkee said:

Must ask @Jamesc.  He's always performing massages on people like them. He might have a better idea. 

Aiyah you need to wear glasses lah

I massage MODELS not MAIDS lah.

[Philipkee]

12 minutes ago, Jamesc said:

Aiyah you need to wear glasses lah

I massage MODELS not MAIDS lah.

A maid can be a model and vice versa  

[Jamesc]

5 minutes ago, Philipkee said:

A maid can be a model and vice versa  

I think I know what you mean.

You also like Japanese maid videos huh?

Edited August 23, 2020 by Jamesc

[Lethalstrike]

Data privacy concerns aside, I find it surprising that MOM is willing to give up the income opportunity to charge a fee for every change of name/address on the physical pass. 

Oh wait...now they can charge a fee and change the address electronically, without having to go through the trouble to amend the details on the pass physically. They didn't say porting over electronically will be free of charge for all amendments in the future. 

Okay, so nothing has changed after all. 😁 

[Kangadrool]

Maybe this feature will come to NRIC also. Dun need to go mata chu to change address anymore... Login with SingPass and change from there.