When we originally looked into Nymi, the wrist-worn authentication device that identifies users by their electrocardiogram (ECG), we were skeptical but open-minded. Published algorithms managed a 10% false accept rate, which, though far from perfect, might be good enough for some consumer applications. And perhaps Nymi could do even better.
Nymi promised a white paper with greater detail on their underlying technology, and I had high hopes it would put these questions to rest. Unfortunately, it didn’t.
Only one page in the 28 page document is dedicated to the “reliability of authentication”, and the key figure is disappointingly incomplete:
With sufficient patience, your probability of authenticating goes to 100% if the band is your own. But what is the false accept rate, the probability that Nymi incorrectly matches an ECG to your template and grants someone else access to your…whatever it is Nymi unlocks? This is arguably the more important metric, and its deliberate omission is a cause for serious concern. Nymi would not hide this data if the results made them look good.
This is very bad news. The next 10 pages of the document go on to detail their cryptographic protocols and privacy considerations, but no burglar would bother picking a lock when the window is left open.
Isn’t there some idiom about chains and weak links?
That said… if you’re still committed to your purchase of a Nymi, you’ll be excited to learn they released a developer SDK alongside their lackluster white paper. An SDK, or software development kit, is a set of tools that enable developers to build applications for hardware platforms or software frameworks; it effectively defines what applications can and cannot do with a given system.
In the case of the Nymi, here’s what Bionyme says the band can provide to an app:
- Proof of authentication
- Live ECG, accelerometer, and gyroscope streaming.
- 100 Hz ECG data
- 40 Hz accelerometer data (of undefined resolution)
- 40 Hz gyroscope data (of undefined resolution)
- Gesture notifications
- Swipes up, down, left, and right
- Clockwise or counterclockwise circle
- Tap
Let’s take these one at a time:
- Proof of authentication
- Yeah, but… re-read this blog post.
- Live ECG, accelerometer, and gyroscope streaming
- As we mentioned in our original post, gyroscopes are exceptionally power hungry. The Fitbit Flex, which has a similar form-factor but sports an accelerometer but no gyroscope, only advertises 5 days of battery life. It seems downright impossible for Nymi to get the 7 days between charges they’ve promised.
- Gesture notifications
- No real technical issues here, but it will only be as good as their algorithm.
So that’s that – it’s all speculation about what might someday be. There is no published list of what technologies will interface with Nymi, though Karl Martin, the CEO of Bionym, is on record daydreaming of such wonders as “a coffee machine that ‘knows your settings vs your partner’s,'” or “an Arduino module that […] overshares and tweets whenever you’re in the room saying you came home and you’re here.” (I’m being a tiny bit unfair, I’ll admit. Of course he first suggests, “the obvious ones […] simply unlocking various things, from doors to their personal devices,” so that’s exciting.) Still, it strikes me as a red flag when a company leader says he’s “hopeful” his product will launch with “about 10 killer apps”, but only speculates about what those killer apps might be.
So for all you folks who have preordered one of these expecting it to unlock your Tesla, I refer you to my friend Cartman’s opinion of preorders (NSFW).
I’ll unlock his trunk. Rawr.
Overall, I’m disappointed. Nymi had potential to do something innovative and clever, but it’s shaping up to be just another crowdfunded project that over-promises and under-delivers.
I find the majority of what you state here fair except I think Bionym is accepting pre-orders that won’t actually charge users until their projects ship. I wouldn’t necessarily call this crowdfunding.