[data-ottawa]

I’m very surprised here.

I worked in retail many years, including doing store shelf tear downs and replacement and night shift stocking.

Back in the day we would get our planograms from HQ, then we’d print out all the labels on perforated paper, and walk the shelves moving product and updating the price tags, throwing out the old. The epaper tags are very clearly an improvement to that process in both time and waste. We would also check the prices using a Motorola price gun and do our fixes manually and then print out new tags or update the counts.

I’m surprised these tags are just IR blasted with no security. I would have expected they’d need some sort of code and you would simply save the code on your gun, pop a tag in front of a product, scan the product, then pair the tag all on your price gun in like 3 actions.

I also would have thought in these days we’d use Bluetooth beacons to triangulate the shelf slot too so that HQ could have a realtime map against their planos (it was not uncommon a product’s size would change and the layout would have holes or products that don’t fit on your real shelf).

Anyways, neat project! Triggered a walk down memory lane for me.

[ssl-3]

It doesn't really change anything.

Previously, a criminal could just print their own shelf tags. They'd probably do this somewhere other than in the store to get the details right, but it was doable. (We've all probably seen rolls of blank shelf tags sitting around at the store, and thermal printers are inexpensive. So what if it's two crimes instead of one?)

And then, in the store, they could just switch out the shelf tag(s) and try to play their little scam.

Now with this new development, a criminal still needs to get the details right. Like a blank paper tag, the little screen is also a blank slate. It's just eraseable and rewritable in-situ.

The scam is the same. It's just shaped differently.

---

I do understand why the tags are simple to write. Maintaining some kind of revolving, PKI, or multi-factor auth would be harder than doing nothing, and probably slow. Fixed, basic auth would just get leaked (probably first by Home Assistant tinkerers who find some discarded electronic shelf tags somewhere and want a new display for their house).

One-way jnfrared is cheap and low-power compared to anything with RF. And resets would be a pain in the ass if things were forever associated with a certain product, or a certain place in the store.

The way it's implemented now, on reset (yay new planogram!): All the tags get pulled and put in a pile.

And then: One by one, they're removed from that pile, put on a shelf, and programmed.

That's fast and flexible, and therefore inexpensive. Inexpensive is good. If there's one thing that all retail establishments hate most, it is their labor expense.

It does fail to prevent obvious-scam from happening. But it'd probably cost more to do it "right" than to eat the losses when the scam actually works.

[VorpalWay]

> Fixed, basic auth would just get leaked (probably first by Home Assistant tinkerers who find some discarded electronic shelf tags somewhere and want a new display for their house).

You know what, that is a great idea for a project of mine, where I want to display outside temp and weather forecast in the hallway next to the wardrobe. I have been musing about it for a while now: how to make it small and not stand out, how to handle power delivery, etc.

I was already leaning towards eink, and if I can get one of these price tags cheap plus hide an IR blaster in a corner that would be ideal. All controlled by Home Assistant of course. I'm going to search the usual Chinese online marketplaces tomorrow.

Thank you!

[ssl-3]

Just look on eBay. It's full of used electronic shelf tags, sold in bulk -- usually, with prices still on them. :)

The sellers don't know anything about how they work so it will take some digging to find the right ones, but having to dig a bit is normal for eBay (or Aliexpress, for that matter).

[bdavbdav]

*was full ;)

[IanCal]

I had a look and knew they seemed to be about £15 here, I couldn’t easily find second hand ones in the uk (though they’re not uncommon at shops). For £40 I can get a 7.5 inch black and white screen setup (trmnl byod xaio https://www.aliexpress.com/item/1005009532501677.html)

Lots of the tags I see though do have Bluetooth or maybe WiFi for updating as well.

I do really like eink things, I want to setup a nice 13 inch one which is now more like £160 so becoming more realistic for my to buy for fun.

I’m going to have to look more into these tags because if there’s cheap second hand ones they’d be awesome.

[michaelbuckbee]

Maybe check out TRMNL, they've got a Home Assistant plugin.

[baby_souffle]

You’re looking for this: https://openepaperlink.de/

[jojobas]

>It doesn't really change anything.

Yes it does, unlike before, a shits-and-giggles attacker could change all the tags in an aisle into "you're gay" without showing anything on surveillance cameras.

He wouldn't gain anything but the store would lose.

[ssl-3]

That'd be hilarious. Now I want one.

But actually: It's not that broad. It's still mostly one at a time, ish. Changing a lot of them would stand out if anyone were paying attention.

Although it could certainly be broadened...but an IR emitter that's skookum enough to reliably hit all of the shelf tags in an aisle at once would probably show up as an intensely-bright purple floodlight on the cameras. That would stand out quite a lot. :)

[jojobas]

Well it does need to read individual tag barcodes, so it is indeed one at a time, still you could make an automated camera+beam device, hide at chest level, walk through an aisle as if looking for something, then pick up something in the end of the aisle and go to checkout.

I don't think anyone is paying attention anywhere near enough to pick that up. Additionally, one could read some barcodes and make quite cheap battery-powered narrow beam emitters to be placed in store aimed at particular tags that would only power up once a day at a random time.

[ssl-3]

So it needs barcodes to be read?

If the lulz are the point, then: Just build hide the thing in the floor-cleaning robot. Include a decent camera (they're very cheap) to catch the barcodes.

If the comms last long enough as the machine passes by to program some tags every night, then some tags get programmed every night. Nobody will pay attention to the robot's new purple floodlight in the cameras.

[jojobas]

The code mentions composing an address from the barcode, yes.

Shop floor cleaning robots seem to be rather clean on the outside, hard to imagine tampering with one in the field and making it inconspicuous.

[anilakar]

A very real use case I can see would be Palestine supporters defacing Israeli product labels here (don't shoot the messenger, please).

[jojobas]

Or "I made this" with a politician of your choice.

[prawn]

Someone representing one brand could go around and upwardly adjust all competing brands so that no one wanted to buy them.

[LargoLasskhyfv]

> It doesn't really change anything.

> Previously, a criminal could just print their own shelf tags.

Between your 'previously' and now is a period of at least two or three decades, where shelf tags have only be for your information in the store, while the real price came from computerized POS-Terminals with attached barcode-readers. Which of the two has priority for the customer may depend on country, law, store policy & good will.

Furthermore stores are completely cam covered nowadays, so much luck with being seen fumbling with your gadget in front of that label, or being seen on 'tape' putting another one over it, or things like that :-)

[data-ottawa]

I suppose you're right, even with auth there a risk the store would lose it and the tags would need to be trashed or manually reset. Stores aren't the most tech savvy of businesses.

On that note, I worked at a store where each department would borrow the store floppy and copy their weekly orders+sales onto it, then the store manager would read them on the office computer in one big excel file. This was in the late 2000s, so floppy was already pretty outdated, but it worked so it never changed.

I got called to the managers office one day. The store manager and assistant manager couldn't get the master spreadsheet to save and needed my computer skills. I spent like an hour fiddling with things before ejecting the disk and realizing they had hit the write lock switch on the floppy, so the spreadsheet wouldn't save.

I was the hero of the day and the manager bought a thumb drive from the photo department so this wouldn't happen again.

[CGMthrowaway]

>Previously, a criminal could just print their own shelf tags.

Yep. For the physical "hackers" among us, a price sticker gun (those little orange or white stickers with a number on them that mom and pop shops use) was one of our first tools to mess around with

[Cluelessidoit]

And previous before that was the days of /b/tards on 4chan making coupons for feee stuff

[xerox13ster]

I’m sorry but this entire premise is dubious at best hilarious at worst.

I’ve worked retail on and off for a decade and been friends with AP in most places and no one has ever mentioned this happening. Never been told to watch for it, or heard a rumor about it from another store.

It’s just not something that happens.

[cogogo]

Just recently I was in a small shop where I was surprised to see epaper tags and ended up talking to the owner about them. She said they were super flaky and would reset at random. Agter that interaction I am not at all surprised a flipper could mess with them. But I also have not seen them widespread at the physical outlets I shop at.

[Barbing]

>But I also have not seen them widespread at the physical outlets I shop at.

Me neither. If it parallels the arc of those restaurant buzzers [USA perspective]:

-Big chains first (Olive Garden) with quality industrial systems

-Then, small businesses with dinky systems sold on Bezos site

What do you think, someone would have to be fired if e.g. Best Buy tags were super flaky and reset at random nationwide?

[giantg2]

"I also would have thought in these days we’d use Bluetooth beacons to triangulate the shelf slot too."

Maybe wifi6 location based on the gun when setting the tag?

[arghwhat]

I have never seen an IR-based on in any store myself. Bluetooth, and possibly some proprietary RF setup, seems popular.