> Worried someone's going surreptitiously copy your key with our service? Not to worry. We don't accept surreptitious or flyby pictures of keys. The key must be held in the person's hand, with their fingers visible. In any case, we require a credit card to ship the key, so in case of fraud, identity can be traced back. We respond swiftly to all inquiry from law enforcement agencies.
The victim wouldn't even know the key was cut by this service. So the friend/plumber/handyman or whoever could just take the picture, get the key cut and then raid the place without anyone knowing.
Indeed. In Germany for example, employees of this company could be tried as accomplices to the crime if it was found that they had duplicated a house key without asking for proof of residence.
This sounds extremely complicated compared to the somewhat more realistic "throw the jewelry in the toolbox and walk out" or the "unlock a window" approach. The most realistic approach is to lie to the customer... "well, we need to special order a left handed crescent wrench and some frequency grease and also do some mold abatement". This is before we get started with outright insurance fraud and the like.
It could happen, but it sounds a lot more like a hollywood movie plot security threat than a real security threat.
My bad, I missed that part. But I still think those conditions are far from sufficient. A sharp picture and a credit card?! Really? How would anyone even resolve that this service was the accessory to the crime?
I like the slowness and hassle of duplicating keys because I know that someone would have to swipe my keys to do that. Not just snap a clear picture.
The future is probably with smarter locks, not enhancing what is broken.
Well, to be fair, they suggest you can mail to another address (for those who don't work from home, the office is the obvious choice). I don't think the security implications overall are too worrisome (any potential thieves who care enough to not just break a door or window to get into my house will just bump the lock, rather than trolling Facebook to desperately try and find a picture of my front door key). But I am sure people will test the service by sending stock photos of hands holding keys...
my thought exactly.. an envelope with address on it and house key in it.. Sorry guys, but using your service would be stupid.. will insurance even cover a break-in using the spare key?
Someone pitched me this idea a few months ago and I urged him to pursue it. I'm glad to see that it's being done by a super technical team who seem to know what they're doing.
Here's why I'm so excited:
1. Shloosl solves a small but acute problem that nearly everyone in the country has.
2. It's a big FU to a fragmented and unevolving couple billion dollar industry. I don't want to find a locksmith or go to Home Depot. I just want a duplicate key. And I don't care whether I pay $1.50 for it or $10 for it.
3. It's going to have some interesting implications on physical security in society. Locks are already useless to any unskilled criminal with a $100 lockpicking gun. But now, any clown with an iPhone can take a picture of a set of keys and have a working copy sent to anyone in the country within days. I certainly hope the security industry responds with something good.
I'd like to think the solution is a better kind of lock, but I don't know. Credit cards have been vulnerable in the same way for a while, but the networks or merchants essentially insure fraudulent transactions so it hasn't resulted in a real problem for people.
Either way, I'm looking forward to trying this out this weekend.
> I certainly hope the security industry responds with something good.
Security industry? As you said, it's unlikely they'll be surprised. I'd say if it catches on then we're much more likely to see legislation against these sorts of services unless they enforce valid IDs– hell, give it a month and I'm sure someone could find a way to spin it as a DMCA issue. That seems a whole lot easier to them than actually trying to solve the problem, which is that the locks we use are fundamentally insecure.
All in all though I do think it's a great idea, and I hope it does happen. I might even give it a try since I just welcomed a new roommate and it turns out I didn't have as many spare keys as I thought I did...
> It's a big FU to a fragmented and unevolving couple billion dollar industry. I don't want to find a locksmith or go to Home Depot. I just want a duplicate key. And I don't care whether I pay $1.50 for it or $10 for it.
Meh, I like the idea but I'd much rather just stop by Home Depot and use the automated key duplication machine for $1.50. Last time I needed spare keys I spent $10 and got myself a handful.
I love the technology behind this (though not the name--I will never remember this name), and I bet they'll be successful, but I honestly don't see this denting the key duplication industry in the slightest.
I suspect physical security in terms of keyholding is less fragile for people's house keys than it might seem on first blush. They're mostly in your pocket when you're out and about.
That said, you can stick many doors through in some parts of the world by simple expedient of giving them a swift kick. People don't seem overly concerned. So I suspect even if it proved simple to get pictures, it would have to be horribly abused before people did anything about it.
For my money it's a cool idea, but an overtechnical and imperfect solution to a rare and cheap problem. Keys are cut in minutes, cheaply, with professional guidance at tens of thousands of places around the world.
That's the issue. Who has the problem this is solving?
Last week I needed a new copy of my house keys. The next day I was going out to lunch and noticed there was a bicycle shop that copied keys down the street. I said "I'll meet you inside", got the copies made in about 2 minutes, and made it to the restaurant before the waiter had even come by to take the order.
If I were a shut-in, I suppose this could be easier, but if I were a shut-in I wouldn't need more copies of my keys.
Does this really solve a problem? The only time I've needed to get keys cut was when I've either lost a key or moved house and needed a copy immediately.
Why would I risk my security and have to wait for the mailman? I can get a key cut at one of 10 shops near my house, door to door in 15 minutes.
And in the case of a lost key, I'd replace the barrel of the lock too.
Nail on the head. I can only remember one or two occasions where I've needed to copy a key and waiting a couple days for delivery would have been practical.
That said, I had a clever idea on my way to work this morning.
They've already got automated kiosks[1] all over the place, why not network those, give customers a login and let them save their keys to a centralized location. You'd then be able to get a copy of any of your keys without having the original present. You could even share keys with another account - visiting friend, whatever, so they can get a copy cut in their hometown. No need to save any info besides login credentials and keys (ie. nothing that could allow someone to trace a key back to a lock via a billing address).
I've never had a problem having "DO NOT COPY" keys copied. When I was the manager of a store I had to get multiple copies of the door keys and case keys at various times working there. OSH, Home Depot, etc didn't ask me any questions, just made my copies and sent me on my way.
Interesting. I once tried to get a copy of a key to a security lock (a fact I didn't know) in Germany. The guy in this tiny little shop (which I'm sure would otherwise be happy for every customer) had one look at the key, then handed it back to me straight away. He wouldn't do it.
Maybe I should have just gone to a couple of other shops?
Same sort of experience in the UK, when trying to get a copy of my front door key made. You needed the original barcode that came with the keys to order copies.
No, as I said, I wasn't even aware that it was a secure key. I can't remember exactly what the key was for, presumably to the door of my rental apartment.
Why bother? Around here places like Home Depot will just generally copy it even if it says "DON'T COPY" right on it.
And the one time I was trying to copy a key which Home Depot didn't have blanks for, it said "DO NOT COPY" on it, and the locksmith I went to only asked me to fill out a slip of paper with my name, the address the key was for, and the type of location it was for (house, garage, etc).
I filled it out with entirely incorrect information.
This service really does not open up many doors that were not already open.
I'm actually more worried about this[1]. I don't want my key and associated information stored with bank-grade cryptography, I want it deleted after it's cut and sent out. It's easy enough to change a password if you get hacked, it's slightly more difficult to change a credit or debit card but it's more hassle in "changing all the places it's used" than anything else. But changing locks is a huge pain, and not always possible to do depending on what the key is for. I'd far rather take a picture of a key, save it somewhere secure myself, and send it in when I need a copy made. Having both my shipping address and the key to that address stored on a remote server is particularly worrying to me.
In general I agree for the sake of security, but in all fairness, the types of locks for which they are duplicating keys are pickable in under 60 seconds. It is essentially a waste of time to go through making a duplicate key - it is quite a sobering moment for me when I realized how easily I could defeat the locks on my house.
High security locks whose keys need protection, such as BEST Locks, are probably outside the scope of this service, and are not normally available to consumers anyways.
Not when you correct it by the subset of people who would consider breaking into your house. Lockpicking and bumping are very easy, even for the amateur criminal.
hi. i wrote the code that runs shloosl. this is a good point. i'm going to stew over this for a few days. if you're willing to chat, drop me a note at ali@shloosl.com?
On the one hand "oooh, that's useful, I need another set for loaning to cat-sitters."
On the other hand, "Keys are worthless now!"
The gripping hand is that keys have been worthless for quite some time, but we continue to use them. Whether out of habit, or because they feel sufficient.
Locks and keys keep honest people honest, and make people feel "secure". There's a lot of value in that. The actual security value most locks provide-- not so much. I don't think this service changes that dramatically.
Useless, in the sense that they are less than adequately effective; a reasonably able locksmith can open most barrel locks in seconds. If a criminal puts it in mind to acquire the skills, opening the locks is a small part of thievery, getting around the alarm is probably more of a concern.
I don't buy this reasoning. Yes, if someone really wanted to get in, they could probably learn to pick locks. But that doesn't mean locks are useless - now we reduced the pool of potential criminals to people who 1) know to pick locks 2) have been hanging around the area enough to know when the neighbors are away and unlikely to notice anything suspicious while a stranger is picking the locks 3) take greater risks. This is a significant improvement from anybody who saw that the car wasn't parked and decided to waltz in.
You have to be very careful about where you provide this service. Duplicating a "secure" (i.e. non simple) key without asking for proof of residence is against the law in some countries.
Although, it isn't anything like I imagined it would be. My design's a lot more practical and only 1 piece, so the patent won't get in the way but I don't think it's something consumers might want to put up with. Having to enter a combination to use your house or car keys each and every time just doesn't seem worth it. Then again... fear is the easiest thing to sell.
What do you guys think? Would you buy a combination lock key sheath for $19.99?
This is a pretty dangerous website, just because you can do something doesn't mean you should.
A unscrupulous car mechanic could save up a bunch of pictures of keys then sell them online anonymously to random people with fake credit cards. You wouldn't even need the peoples address just google map the neighborhood and look for their cars.
It'd be a lot harder to sneak off from work to the hardware store then just take a picture of their key.
You're over thinking this. Anyone with access to the car can open the glove box and look at the address on the registration. They could take a picture of the registration in no time.
1) If you have a picture of the key for the bike rack on my car, you don't need to do photometric analysis of the key, all you need to do is read "N027" handily stamped onto the key, and "Thule" silk screened onto the bike rack.
2) Geocoded pix in the exif data? So a pix of the bike rack key taken while I'm standing in my driveway is easily accurate enough to find my driveway.
Forgive me if it's already being done, but I would love to see this capability at my local Home Depot or maybe in an app for a locksmith service. Store pics of my keys on a secure server at the provider, and if I ever lose a key, I hit a button and it's made for me. Could be a whole new revenue stream for them.
Lets say you have a classic 60s/70s-ish minicomputer collection and you need a key for the rack mount door. Assuming no one swapped it out, every PDP-8 ever shipped was locked with a "ACE XX2247 tubular key". And no I'm not making this up.
After more than a decade of starting my car, my key physically began to wear out and I had to have another key cut to code, which the stealership had on file for me. The wear on the key was pretty surprising. It was expensive, but because I was expecting to have to replace the much more expensive locking mechanism I was relieved to only be out $15 or whatever it was for a dealer made key.
Also anyone who's ever replaced a lockset at home, probably noticed that the keycode is usually written on the outside packaging, so you can buy 3 locks where any key works in any lock, without having to cut any extra keys or special order.
I have three keypad locks on my three house doors, so I don't use keys at home, and the stereotypical NFC card at work, so I only use keys in my cars ignition. This is likely the biggest future problem for this business.
Do you trust the home depo staff with effectively permanent copies of your keys? Potentially just takes one bitter guy getting fired and deciding to make a little money to sink the whole ship, and the security of that end of the service isn't something that you or me's going to get to take a look at.
Or someone steals your phone and then everything else you own...
Edit: I'm assuming this is idea was relating to an online business. You could always give a copy of your keys to your friends if your willing to drive/walk somewhere
Have them require ID to pick up the key. Or have the app require a picture of the person(s) authorized to pick up keys and store it along with the key photos on the server. Everyone is talking about the security issues, but these are far from insurmountable problems.
This is also known as registered mail. The killer problem is the post office is 10x as inconvenient as just going across the street to the hardware store.
I'm not too convinced by that, the only times I've had to get keys cut in the last year were because:
- I moved into a new apartment and my landlord only had one set of keys. I didn't always want to be home when my housemates wanted to get in so the first thing we did was get new keys cut.
- I lent a key to my landlord to do repairs, and they didn't return it. I borrowed one of my housemate's key and got a copy cut (protip: copying a copy isn't a great idea) straight away.
I guess maybe it's different in the US, but over here I go past at least five locksmiths on my way to work. Other than that, cool idea :)
So i'm about to move out next week, I take a snapshot of the key (that's in my possession right now), pay with a prepaid Visa, and take next occupants stuff.
Easily s/apartment/office.
Flawless, proof that just because you can, doesn't mean you should.
Woah, are you just saying you like the creepy CCTV everywhere for good?
Also, you could have copied the key any time you lived there. They won't store videos such a long time. Even if they get data that you copied some key, they still don't know which key. Machines used in a home depot or a mall are dumb, they do not work with key numbers and can't store them.
To protect one site they're already obsolete except for some pretty exotic high end locks.
Metal keys will never be obsolete from a police perspective because here's "burglary tools" to bust people, and patterns to discern, and a piece of metal evidence with fingerprints, and ordering history, and shipping history... They may be useless for protecting one site, but they're a great tool for busting a serial burglar who's done it a dozen times.
The obvious solution to the "this will be abused by creeps" problem is for the website to generate a page with some random token on it that must be in the same picture as the key.
At least half the people will not mind the permission to post things for them. When pleaserobme.com catches wind of this, they're gonna get a lot of renewed media attention!
sooo now i only need a picture of my nemesis/crush to get in his/her apartment? sounds good...all the fun i can have...
...and totally not crepy...
WHAT THE FUCK?
one more reason to get a $70 lock where the key is not that easy to reproduce! and hopefully they stick to the normal rules and ask for the certificate when u want a copy. that would make it a bit safer.
I assume they're supporting Schlage SC1 and Kwikset KW1 keys which fit the two most common types of five pin locks in the US.
Both of these keys have a pin coding - each of the five pins has a value from, IIRC, 1 to 9. With a little practice, one can decode keys visually in a few seconds, I can't imagine it being hard to write an image processing algorithm to do it.
I've decoded keys that I've seen people carrying on rings on their belts (and, in many cases, the pin values are stamped right on the key). I don't carry keys where people can see them, but I'm a little bit paranoid. With the advent of this service it probably pays to be a bit more paranoid, since somebody could take a picture of your key, send $5, and get a copy w/o knowing anything about pins and tumblers.
I think I just found a new people-watching side hobby. Next on HN: Burgling across Brooklyn as hipster keychains "pic-pocketed" en-masse...
I'm really looking forward to when I get the time to rig up my door so I can use my yubikey instead. Much easier than all the metal keys I have to carry around now, and much less damaging to my pockets and belt-loops.
