0
Mr17Hz

An introduction to Skydive Secure - data unity for skydivers.

Recommended Posts

Quote

And for the 2-3% of skydiving websites that use auth, they're likely using it for sales which will use a shopping cart that won't integrate with your system anyway.



A shopping cart system will integrate just fine, that's exactly what RealDropzone is.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
I believe what was being implied was unless they are using the same exact shopping cart system then they will not integrate or will with issues.

Electronic waivers are a cool concept, but I've only seen 1 or 2 DZ's that will let you print the waiver ahead of time and bring it with you. It sounds like to me that value is added when DZ's start electronically accepting waivers, but due to each on being seperate there is no "universal" waiver that could be completed and sent to DZ's that you will be visiting in the future.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post


Link to post
Share on other sites
And, if done right, the information could populate the requisite general personal information (name address, phone number, drug allergies, etc.) on the waiver so when one shows up, it's just a matter of initialing and signing. For me, it takes longer to fill out the general info than it does to whip thru the requisite initial & sign my rights away.

On a separate note (which may require a separate thread - feel free to delete)... At virtually every incident I've been on the scene at; not once have I seen anyone run into manifest and give the paramedics a copy of the waiver that includes current meds or drug allergies (i.e., I'm seriously allergic to Codeine (which I only found out after the wisdom teeth extraction and subsequent hospital experience)) The flip side of that coin is how many skydivers do not list their meds out of concern for privacy issues - but it is important to do.
Nobody has time to listen; because they're desperately chasing the need of being heard.

Share this post


Link to post
Share on other sites
Sounds like a good idea but it will a tough sell to all the geezers that still think "That Evil Magic Box" is going to come to life and take over the world.:o

Funny thing about people that are so scared to give information that will be stored in a secure encrypted database dont think twice about going to a restaurant and handing some waiter or waitress their credit card and let them walk off with it.:S

If I wanted to be a criminal and steal peoples information, instead of spending 100s of hours trying to crack some computer.. I would just go get a job at as a waiter and collect 20 to 30 new credit card numbers a night. Of course I would need to check everyone’s ID too when they order a drink. Then I have thier Credit Card info, Billing address, DOB and everything else.


I hope this idea takes off and people start using it. It would save alot of time for Jumpers and DZO`s. the paranoid ones can stand in line to fill out paperwork (MUCH less secure. Writing it down for ANYONE that can read to steal.):S

I would MUCH rather have personal info in a secure database than written down on a Piece of paper somewhere.

Share this post


Link to post
Share on other sites
Quote

waiver that includes current meds or drug allergies



I don't remember ever seeing a waiver that included either of those. I understand why they ask for any medical conditions that might make jumping unsafe, but I don't know why a DZ would have to (or want to) know about allergies or medications.

Dave

Share this post


Link to post
Share on other sites
Yeah, I agree that this is probably more secure than what most DZs do now...

But from the DZ perspective, do you want your customers to be able to remove your access from their personal information (name, email address, etc.). Imagine ALL dropzones and the USPA were on this system. If I decided to visit another DZ as a jumper, I can allow them to see my personal info. But after my visit, I can take it away from them. Good for me, maybe not good for them and their email list or record keeping.

Are they able to (easily) grab my information and store it themselves in their own system? That'd be good for them, bad for me.

Seems like it will be a challenge to get this to work in a way that benefits everybody equally, but I think it's on the right track.

Dave

Share this post


Link to post
Share on other sites
Quote

Things that you can do at a dropzone's website that would require logging in:

- Posting on the DZ Forum

- Uploading pictures to the gallery

- Looking at your account balance

- Looking at your jump times / dates to assist in filling out a logbook at the end of the weekend.

- Fund your jump account.

- RSVP for free events, or register for events with registration fees.

- Reserve a tandem skydive.

- Schedule a previously purchased but unscheduled tandem skydive.

- Message a friend you met at the dropzone.

- Find out when your last repack was.

- Edit the content of a website for an event you're organizing.

Or - signing onto the dropzones website from the wireless network directly at the dropzone:

- Manifest for a load
- View load manifests and slot availability
- Organizers can manifest entire groups for a load.

If you truely can't see the value in being able to log into a dropzone's website, then you're not the kind of person that would use the website anyway, and it doesn't matter.

As far as selling tandem certificates - how long does it take you to check in a tandem student? By collecting their information ahead of time - the check in process can take less than 10 seconds per customer because all that you're doing is verifying information.



Okay, I'll buy the first two things: posting on a DZ forum and uploading pictures.

As for the next three, most dropzones do not integrate their manifest and account balance software with their online presence and for good reason. It requires maintenance and overhead that doesn't add profit.

Event registration, I'll give that to you.

Reserve a tandem? Um, I thought you were trying to market this to skydivers. Why, as a member of the general public, would I want to register with a service that I will only use once? (And don't start on tandem retention, another website/web service is not the solution.)

Message a friend? That's what AIM, MySpace, and yes, even DZ.com are for. Do we need a skydiver specific messaging system?

Your last repack? Is getting out the packing data card more difficult than logging onto a website?

Edit web content? Why would I sign onto your service to do that?

Honestly, I'm not the type of person who would use this. Not because I am a luddite as some would suggest. I have three computers in a two person household and do most of my shopping on-line.

From a DZ and a consumer perspective, I just don't see a need.

I'm not slamming you. You are obviously very proud of your product, but if you don't want to hear the negative criticism with the praise, then don't ask.

- Dan G

Share this post


Link to post
Share on other sites
Quote

but I don't know why a DZ would have to (or want to) know about allergies or medications.



Technically, so they could relay that information to the paramedics in the event of an incident. If one is a diabetic, that's important for the Doctors to know if you're unconcious, drug contraindications, etc. In my case, if they hit me with any form of a Codeine derivitive, there's going to be a whole lot of doctors running around.
Nobody has time to listen; because they're desperately chasing the need of being heard.

Share this post


Link to post
Share on other sites
Well, I think Matt's idea is a good one. It is also very similar to a generalized version of a single sign on idea that I've been trying to sell for over two years. My idea is more on data owned by mfgs that 3rd parties could tap into, not personal data.

In a nutshell, it is the idea that the data owners maintain their data and who has access to it in one place.

Let's look at some of the benefits of this in the skydiving world:

- You buy a used rig with serial number 1234. A SB is issued on it by the mfg. The mfg can notify you directly, provided you allow them that right. End result, you are informed and can contact your rigger asap. This is much better than what we have today. Today the mfgs do not know who owns the re-sold rigs and also may have old address for their direct new purchases.

- Some SB or important rule change is issued and PIA, USPA, APF, BPF etc want to contact all the riggers in their country. Right now, in the US there is no way for PIA or USPA to contact all the riggers. Today we put notices in printed magazines that have 1-2 month lead times. With this system, riggers could be on a distribution list for these types of things. They would learn of the SBs asap and be able to do whatever they need to do for their customers much faster.

- You are have a wish-list of equipment that you want. You want to know when such-n-such item goes on sale. Retailers could send you info on that, but ONLY if you allow them to do that.

- Security: You only have to worry about ONE place keeping your data secure as opposed to numerous other places. Just in passing, I have found skydiving sites with logins that are very easy to compromise. I will not tell you what sites these are, but they have easy to walk-through doors that allow you to access the alleged 'member-only' data. There are also sites that you can farm data (scraping) very readily.

Let's look at some of the disadvantages:
- The big brother feeling. This is a perception that is not reality. The only people or organizations that will have access to your data are the ones you allow. Today, with your online banking, you let your bank know who you send money to each month. It's the same idea. YOU control who has access, not the bank or 3rd party.

I could go on and on about this, but the fact is that the data owners are the best people to maintain their data. The data owners are the best people to control who has access to that data.

.
.
Make It Happen
Parachute History
DiveMaker

Share this post


Link to post
Share on other sites
Quote

Quote

waiver that includes current meds or drug allergies



I don't remember ever seeing a waiver that included either of those. I understand why they ask for any medical conditions that might make jumping unsafe, but I don't know why a DZ would have to (or want to) know about allergies or medications.

Dave



When I biffed in at Eloy, manifest had my medical/next of kin paperwork ready for the EMTs when they arrived. Some DZs do collect that info.
50 donations so far. Give it a try.

You know you want to spank it
Jump an Infinity

Share this post


Link to post
Share on other sites
A lot of the reasons you posted are why I said USPA integration would be nice.

The possibilities with this, if designed right, are very huge to skydivers. One thing to keep in mind when reading this is that Matt is developing a new manifest software and I know this is supposed to tie into it.

Given what jumprun is like, people will be using his software if it doesn't suck and the price is reasonable. At least most of the big dropzones will be. I can tell you that trying to get meaningfull data out of jumprun is horrible.
~D
Where troubles melt like lemon drops Away above the chimney tops That's where you'll find me.
Swooping is taking one last poke at the bear before escaping it's cave - davelepka

Share this post


Link to post
Share on other sites
Quote

We already had a system that works . . .

- Walk up to manifest, hand them X bucks.

- Manifester puts X bucks in old cigar box

- Walk over to plane and board.

NickD :)BASE 194



Yah - but I hate standing in line to manifest.
If I could submit the roster and what plane we wanted with a click that would be better.
And I could time it better too.
Don't manifest too soon, else you don't have enough time to dirt dive.
Don't manifest too late, else you have a long turntime.
Goldilocks would be hit a button midway through your dirt dive to get you and a plane asap, with that break to go pee factored in.

Even when we are doing the same group all day, the manifestor sometimes doesn't copy the complete roster.
Then we end up with 30 people trying to get on one Otter load.

.
.
Make It Happen
Parachute History
DiveMaker

Share this post


Link to post
Share on other sites
Quote

We already had a system that works . . .

- Walk up to manifest, hand them X bucks.

- Manifester puts X bucks in old cigar box

- Walk over to plane and board.

NickD :)BASE 194



True but that doesn't help DZOs figure out how to get more tandem customers to pay for buildings and planes.
~D
Where troubles melt like lemon drops Away above the chimney tops That's where you'll find me.
Swooping is taking one last poke at the bear before escaping it's cave - davelepka

Share this post


Link to post
Share on other sites
Quote

I would MUCH rather have personal info in a secure database than written down on a Piece of paper somewhere.



"secure database" sounds nice, but reality is a bit different. Financial institutions with the budget and the desire to maintain security fail to do so at a pretty high rate. Why would a DZ be seen as more reliable?

Paper is more secure - it's too much hassle to data mine.

I'm still looking for the upside.

Share this post


Link to post
Share on other sites
Quote

Paper is more secure - it's too much hassle to data mine.



:S
lets see.. Most Criminals are Lazy and generally not very intelligent. But they can read a piece of paper.

Those that are capable of "hacking" much of anything generally are fairly intelligent and motivated.

Sorry, but as someone with more than just a passing knowledge of database security.. It is a million times easier to steal your credit card info and or personal info by walking into manifest and digging through the files cabinet. ANYONE is capable of that.

Less than 1/10 of 1% of the people in the world would even have a chance at accessing your data from a secure database and most of them have pretty damn good jobs already.

The media loves to scare people. That is how they get you to watch the news and/or Buy their papers. Most the "millions of Identities stolen" BS the spew is just that.. BS. All that means is someone had access to a Computer that contained the files. It doesn’t mean they opened the file, it doesn’t mean they went out and got credit cards in your name, It doesn’t mean they made charges to your card.

How many people have access to the File cabinet at the DZ?? How hard would it be to get access to that file cabinet?? I am Positive It would be a hell of a lot easier and require a lot less skill. The vast majority of TRUE identity theft is from exactly what I mentioned before, Some kid at the Restaurant making a copy of your credit card when you hand it to them and let them walk away with it.

Just keep that tin foil hat on and you will be safe.;)

Share this post


Link to post
Share on other sites
Quote

I believe what was being implied was unless they are using the same exact shopping cart system then they will not integrate or will with issues.

Electronic waivers are a cool concept, but I've only seen 1 or 2 DZ's that will let you print the waiver ahead of time and bring it with you. It sounds like to me that value is added when DZ's start electronically accepting waivers, but due to each on being seperate there is no "universal" waiver that could be completed and sent to DZ's that you will be visiting in the future.



Any shopping cart system can be integrated to use this service without a lot of hassle. What I said in my original email is that if a shopping cart service that has a checkout form directly on that website (doesn't redirect to paypal or google checkout, etc); is that the website would still be required to purchase annually a security certificate from a well known root certificate authority, and so these websites would not see the advantage of encryption without still purchasing a security certificate (this is even true of RealDropzone - dropzones will need to purchase a security certificate of their own).

In no way am I attempting to tie using the service to having to purchase and use RealDropzone. If another dropzone management software product wants to integrate and do the same thing that I'm doing - that would be just fine, competition drives better products. I would actually help them do so at no cost just to help demonstrate the community advantage of a service like this.

Electronic waivers are a cool concept, and only 1 or 2 DZ's DO let you print it out ahead of time - but this will be changing. Skydive Chicago will allow this for 2007 (maybe not at the beginning of the season, but soon); and I've talked to at least 5 other dropzone owners who will be using this system as soon as it is economically feasible - the low cost of RealDropzone compaired to the value gained from it makes it more than economically feasible - but potentially profitable.

I'm not trying to sell this system to put it into place, this system is already being put into place, I've already sold the concept to dropzone owners; all I am trying to do by this post is share the possibilities of how the entire community could benefit from a standard system; rather than ONLY dropzones running my software.

As many people pointed out, if the USPA were to jump on board it could made the entire system that much better - but even without their support; this is still going live at participating dropzones.

SkydiveSecure is by no means the selling point of my software, I don't need others to participate to sell the product; but the fact is that others can benefit from it, and I am willing to help them benefit. I'm looking at the big picture - the skydiving industry as a whole has the ability to benefit.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
Quote

You'll still have to sign and initial a waiver no matter what and filling an address, USPA and license number on the same form hardly requires a central database of information.



How much of the emergency contact information entered to you think changes in the course of a year? People change cell phone numbers all the time. By putting information in a centralized database, it makes it really easy to update information when it changes.

Many people are in a hurry when they show up at a dropzone - they want to JUMP! Who knows - maybe the ability to update information online in a less pressured environment helps one single person decide to indicate that they're an asthmatic with a sever allergies to multidextrose, a chemical used in tipical IV solutions. Maybe that single skydiver happens to be the next guy that makes a mistake at 200 feet - and maybe having that extra information available before the paramedics even arrives, his live is saved.

How long does it take a dropzone that uses a paper based system to look up a waiver for a customer, and how out-of-date is that information?

This is just one more example of how SkydiveSecure has the ability to benefit the industry. One life saved makes the tens of thousands of dollars, and hundreds of hours that I've personally invested into making this possible all worth every single penny, and every 18 hours session of coding worth it.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
Quote

But from the DZ perspective, do you want your customers to be able to remove your access from their personal information (name, email address, etc.). Imagine ALL dropzones and the USPA were on this system. If I decided to visit another DZ as a jumper, I can allow them to see my personal info. But after my visit, I can take it away from them. Good for me, maybe not good for them and their email list or record keeping.

Are they able to (easily) grab my information and store it themselves in their own system? That'd be good for them, bad for me.



By removing a company from access to your information they can no longer request that information from Skydive Secure.

They CAN continue to use information that they already have, provided that they kept it. This is no different than every single business you've ever done business with, they will always have any information you provide them - but will never have any new information unless you provide it to them.

On a side note - US law does mean that if you remove yourself from opt-in mailing lists, etc - a business is legally oblicated to no longer solicite you.

Skydive Secure has the opportunity to help enforce ethical business practices without getting the law involved: By acting as a BBB type service that almost forces new customers to look up BBB complaints before doing business with the customer; this can very quickly isolate unscrupulous business owners into the reality that they will no longer be able to participate in the SkydiveSecure system until they not only change their business practices, but satisfy customers that they've previously treated unfairly.

The premise behind this feature creates a self-enforcing system that could take a large step in ridding the industry of businesses like the fictional SkyDried company that I mentioned in my original post.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
Quote

We already had a system that works . . .

- Walk up to manifest, hand them X bucks.

- Manifester puts X bucks in old cigar box

- Walk over to plane and board.

NickD :)BASE 194





Boy are YOU behind the times Nick! :)

You NOW have to hand manifest 2X bucks, and it's a more secure COFFEE CAN it goes into! ;)










~ If you choke a Smurf, what color does it turn? ~

Share this post


Link to post
Share on other sites
Quote

Quote

Paper is more secure - it's too much hassle to data mine.



. That is how they get you to watch the news and/or Buy their papers. Most the "millions of Identities stolen" BS the spew is just that.. BS. All that means is someone had access to a .;)



I agree with all of your post points excepting this one. Millions of identies have been stolen, but not the millions "stolen each year."
What most fail to realize, is that the "stolen" identities are practically handed to the thief by either people leaving their bills unshredded making access to information easy, or they foolishly click on links and fill in credit card information.
We just finished an internal corp vid for a very large internet-based business, and was fairly surprised to learn that more than 2 million of their user accounts had been compromised not from internal theft or hackers, but rather to phished mails that appeared to have originated within the company but didn't.

Share this post


Link to post
Share on other sites
Quote

Hi, is this just advertising?



It's not advertising because I'm not selling anything. Not only am I not selling anything, but I'm also saying that I want to see the service adminstrated by a not-for-profit consortium of businesses like the USPA and PIA. I created the system and am using it internally for RealSkydiving purposes, but the entire purpose of this post is to try to show a few others how everyone might benefit from it actually becoming a standard.
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites
As an update:

Currently, the only required feilds on SkydiveSecure were Name, Address, Emal, Birthdate, Gender.

My purpose of these feilds was from the perspective of a dropzone - who needs this information anyway. Based on feedback; these can change to just:

Name and email.

Currently, the "Accept subscription" dialog has only a "Accept Deny". This can be changed to:

Allow this site administrator access to:

[ ] Username/Name/Email only

[ ] Information required to jump (emergency contact, USPA membership info, etc.)

[ ] Advanced: Let me choose which properties to publish.

MemberPortals can have a list of required feilds for membership - perhaps SkydivingMovies only wants your zip code, but a dropzone wants your birthdate/height/weight/emergency contact info. This system would allow complete control over who has what.

SkydiveSecure will never use any information except for your email to email you for administrative reasons.

Also - I am coming up with a system where you can still provide information only to the site you're registering for - it will never be stored in the SkydiveSecure database - but this does mean that you'll have to re-enter the information for each site. This should eliminate all privacy concerns.

In addition, when things are finished and stable - the entire logic flow of the system and data schemas / process / will be published, so that other IT professionals can confirm that everything is happening as stated. This is also my reason for wanting to make the service consortium run.

With this changes available in a second phase, does it resolve privacy concerns? It would make the service available to those who wish to benefit from it, but not effect those who do not.

Here is something to consider for those who oppose this idea: something like this is likely to happen in the next 2-3 years anyway. Rather than rejecting the idea completely with one liners - now is a great chance to shape the idea into something that you feel is more acceptable.

What are your ideas to make it more acceptable?
Matt Christenson

[email protected]
http://www.RealDropzone.com - A new breed of dropzone manifest software.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

0