When I cross the Atlantic I pdf or screenshot the plane ticket. Never had a problem. Why can’t this be like that?

I had this discussion with someone checking my ticket once. The argument being, that you could share the screenshot with multiple people.

The TL;DR is, that this is not true and comes from a lack of digital understanding.

For the long explanation: copying the ticket with a screenshot does provide a smaller hurdle for “copying” tickets, but the alternative is downloading the ticket on a second phone which is no hurdle at all. Even if it were restricted to one phone, I could backup my apps and restore the backup on a different phone. For every 10 ft wall there will be a 12 ft ladder, because: you can’t trust the users phone. They have full control of it.

Which is why the tickets have a UIC918.3 Aztec Code on them (what people call QRCode), which has a digital signature. Basically there are pairs of public and private keys (one per issuer of tickets), and the list of public keys is on the device checking your ticket. Without the knowledge of a private key, signing a ticket is statistically impossible (else there would be a lot of bigger problems worldwide)

That is why every control should check your id regardless. Because the Barcode does not identify you! Their assumption, that a valid ticket means you are the owner is not reasonable! And yet they do.

In another comment a user claimed that changing the name on the ticket would be thinkable, it is not. What has happend in the past with issuers of “fake” tickets is that someone got access to the private key of a local train company and was able to sign tickets in their name. (Don’t confuse “normal” signatures with digital ones: this is not like forging a signature on a cheque, but more like finding a chequebook full of presigned cheques)

After this discussion, I made a test. I saved the online (HTML) version of the ticket, changed the text around it to say I was the owner of the rail network (instead of the owner of the ticket) and changed my birthday to 69.69.420. The barcode I would download once a month, and replace it in the ticket (because again, that is the only unfakable part and in case someone would scan it I would like for it to be valid)… And never had issues with it again.

So basically I made an obviously fake but elaborate screenshot, and because something moves on it I never had issues with it. Which sucks, because in the end, it is the illusion of security that is the biggest danger to actual security.

Here’s a trick for you: While the google wallet will require an acount, downloading a file for the apple wallet will usually give you a .pkpass file.

So often you just need to visit the page on a desktop where both options are shown.

One time I also had a URL parameter where I just replaced “android” (or google) with “apple” and were then shown the apple download option.

I think you mentioned this was RIDE, right? Have you tried the desktop site or contacting support? Because I definitely got a .pkpass from them for a ticket. In fact there was a button right under the Google Wallet option

It’s not directly answering your questions, but I do like .pkpass. It’s a good standard because it does not require accounts, links or anything like that. If you have the file, you can import it. It’s the opposite of how Google does it, which makes it useful beyond Apple.

PDFs/Screenshots being invalid because it can be sent quickly to multiple people is a bad reason as you could print out multiple copies too. Sadly, being sensible is so often not a thing.

FossWallet seems to be great although I didn’t try it yet.

I also really hate it when services restrict downloads depending on the platform. I.e. it could be possible that Apple users get shown a .pkpass, while Android is artificially limited to Google Wallet - even though not all devices support it. Maybe setting the user agent could help but that’s just a wild guess.

When I cross the Atlantic I pdf or screenshot the plane ticket. Never had a problem. Why can’t this be like that?

Because we rarely do the sensible things in Germany, especially when it comes to digitalization related things.

Why can’t this be like that?

Because our highly corrupt, neo-liberal wannabe overlords hate the fact that we have basic privacy and data protection laws.

So every bit of digitalisation with government involvement has to be a non-funtional and totally insecure shit show so they can then lie and pretend that a) we need to remove data protection laws that are to blame for all problems and b) only big tech can do it properly so we really, really need to sell our private data to them (also c) <add random AI buzzword bingo gibberish> ).

You could at some time print out your ticket (depending on where you bought it) as a QR code . But that meant you wouldn’t need to use the DB App which is an insane security and privacy nightmare constantly breaking laws without any consequences. So they needed to limit that option and again lied about how that code can magically not save the info of who is the owner of that ticket (because… you know… basic cryptographic methods don’t exist…).

PS: Just so this isn’t just purely a rant, here’s a list of companies that still allow to get the Deutschlandticket as a chip card to avoid that horrific app.

Have you maybe tried to open the website on a desktop pc? Maybe it will give you other options e.g. Apple wallet, which would result in a PKpass file? There has to be some way for apple users. Or maybe ask a friend with an Iphone to open it, try to download it and if it is a pkpass send it to you?

And yet another question, if I send an email asking the transportation authority what kind of technology they use for travel documents, if they provide any alternative to google or any way to download the ticket in either pkpass format or any other format that doesn’t require me to give my personal data to a data grabber, if they provide plastic travel cards to people that won’t allow their data to be used by google, what are the chances they won’t ignore me or outright laugh at me?

50:50 tbh, either you get someone who had bad experience with privacy laws (or something where privacy laws were severely misunderstood and resulted in a worse product because people didn’t check things properly. That is how it often goes in my experience.). Or you get someone who understands your problem and can help you.

I just learned what a pkpass file because some of you seem to know this technology, but ain’t it an apple technology?

while pkpass files are developed by Apple they can be used on Android with several Apps (i think they might be even usable with Google Wallet but i am not sure.). So often times when something can be added to the wallet i just click the Apple button, get the file and add it to my app. (In Germany, usage spread depends heavily on the region. Big city events often have wallet links for tickets etc.)

pkpass is extremely seldom used here. I stumbled upon that format once or twice and I think I could import the files into Catima on Android.

Normally your transport association has it’s own App, like for example the DB Navigator, where you log in with your account and besides from looking up trips, your ticket is stored.

People could help you better if you told us the city/region.

If you have a .pkpass file you probably could import it into FossWallet (don’t know if this works for the Deutschland ticket, would be great if you could tell me :P).

Edit: I just realized you don’t have that lol.

It used to be that you could print out the Deutschlandticket. I don’t live in Germany but have visited a few times since it started to be a thing; the first Deutschlandticket I ever had, I printed out and stored in my wallet. Abolishing that was a step backward.

When I had that problem I was able to klick ‘add to Apple Wallet’ or something like this and it downloaded the .pkpass file. Maybe you need to spoof your useragent to present as a iOS device/PC?

Sometimes the agents who check tickets don’t accept something that looks unfamiliar though so be carefull. In most cases that does not agree with ther terms (which prohibit screenshots, not non-google wallet apps), but what’s your recourse? It’s not like anyone will sue over 7€…

The explanation is easy: Public transport has lots of tight regulations. The use of pkpass files is not in these rules, therefore nobody uses it directly.

The use of screenshots or PDFs is not secure. Fraud would be way too easy if they allowed it. Airplane tickets are an exception: because there are so many passport checks at airports, forged tickets are rare.

If I remember correctly, pkpass is a Apple standard. So maybe you can import the file into a wallet app. Then it may become usable for you. But that’s just a wild guess.

Can’t really answer your questions, since u have never heard of the technology in question, but when you book the “Deutschland ticket” (Germany ticket), which gives access to every form of public transportation except IC/ICE for 58€ per month, you simply get a QR Code that you can take A Screenshot of.