NFC Caches

[mattyrx]

I have a few NFC tags and I’ve been thinking of how an NFC series of caches could work. Essentially a cache are is listed on GCA and the coordinates point to the location of the NFC tag. Cacher holds their phone up to the tag and is automatically prompted to visit a URL which gives a piece of information that they can use to help find a separately listed physical cache. They’ll need to visit multiple NFC caches to get enough information though. Maybe not all of the NFC series, but most. Once the information from multiple NFC caches are compiled by the cacher, they’ll have enough details to go out and find a large physical cache.

The information would be preloaded into a simple web page that the cacher lands on when scanning the tag. It could be text, a riddle, a set of cards to ‘flip’, a simple puzzle etc.

The tag would be listed as a geocache in its own right - but I’m not sure where it fits within our current cache types. Physically finding the NFC tag will be enough to log the cache as a find. There’ll be no logbook at GZ, just the tag. They'll be hidden at nice locations. Should this be listed as a Mystery/Unknown with cache size ‘other’? It doesn’t qualify as a beacon cache as it’s not a multi.

I know the idea of a NFC cache was floated once, but didn’t make it through the senate. I’m wondering whether there would be enough interest to revisit this idea again, considering far more mobile phones are compatible with this technology these days. An NFC tag used to guide the cacher to a physical box could be classed as a Beacon - so there could be some overlap there, but like my example above - they have other ways in which they can be used too.

[wayn0]

Lots of interesting ways to use these tags. I did an NFC cache a few years ago in a Malaysian underground car park (how’s that for random!). It was a multi-cache and used the tags as waypoints. This particular setup didn’t require an internet connection or website, it relayed information via an app after each tag visit. NFC TagInfo App for iPhone. The main thing to note in this case is waypoints were able to be used without phone or GPS signal. It was an interesting cache.

[mattyrx]

I’ve found a couple of caches using NFC, and I think I needed to use the same app.

I was hoping to avoid having to download an app. I’ve been playing with some NTAG215 tags that allow you to encode multiple types of data - but iOS devices will only read the first record encoded, and they only read limited URL schemes (Website URL, Email, SMS, Telephone, FaceTime, Maps). There's no way to put some plain text in there and have it pop up on the screen when reading the tag. Android devices that support background NFC reading don’t have that problem though.

I’ve got a few ideas in mind on how to use them, and they’re a bit more of a novelty than QR codes, which would serve a similar purpose. However, after a couple of years of having to capture QR codes before entering any business during Covid they’ve lost their fun factor. Also a bit to much like Munzee.

[caughtatwork]

NFC as a new cache type was endorsed by the senate (4 to 0) in 2018. I haven't done anything with it as there were some technology issues with smart phones at the time. There are still some challenges when a smart phone battery is low, it won't read the tag

Info:
https://www.asiarfid.com/difference-nta ... ag216.html

Beware that if you set a "Facetime" app to open, Android devices won't be too happy. We would need to try and ask that the codes are available to any smart phone or device.

We considered if they were a type of Beacon and decided that they could be, but as they do not broadcast a signal they were not true beacons.

What is the risk of loading an NFC with malicious code? I don't know, I'm just asking.

We can certainly create an NFC cache type if there is support to do so. Rally the people to this discussion and lets go.

[mattyrx]

Ideally, I think an NFC cache should be able to be opened by by the majority of mobile phones, regardless of being Android or iPhone and without having to download a third party app. Androids can read a lot more data types from a tag than an iPhone, but both devices with NFC capabilities can read URL, SMS, Phone, Email. You can also store a location by encoding it into a url (e.g. https://goo.gl/maps/5sCn4ALWMYGK96Hz9).

What is the risk of loading an NFC with malicious code? I don't know, I'm just asking.

The URL can point anywhere, which can leave it open to abuse by either redirecting someone to an inappropriate/offensive URL, or redirecting to an unauthorised download (e.g. Malicious APK file that could be executed on an Android device, though an update in Android 8.0 prevents untrusted apps from outside the Play Store from installing automatically). The same risks are present with QR codes though.

A couple of problems (and possible solutions) I see with NFC Caches:

1. Not everyone knows how to encode a NFC.
It wouldn’t take long to create a wiki page with details on how to do this, using free apps from either Google or Apple app stores. It’s not to complicated either.

2. If using a URL, not everyone has easy access to some sort of hosting where they can put some text or HTML that they want to display when someone scans their tag.
What would be cool is if a NFC Cache is created on GCA, an extra field ‘Tag Message’ field could be created. You could enter text in this field that you want to display when someone zaps your tag. Browsing to something like http://www.geocaching.com/cache/gaXXXXX/tagtext would load up a page the revealed the text. There’d have to be some obscurity in the URL though, otherwise people could manually enter URLs into their browsers and bypass the requirement to physically visit the tags location. This URL would be the one encoded into the tag.


I think there could be some fun to be had with this cache type. I’d love to hear other peoples opinions on whether or not people like the idea of a new NFC Cache type - good or bad. Would you find an NFC Cache? Would you hide one? Has anyone else found a geocache using NFC technology, and what was your experience like?

[caughtatwork]

2. If using a URL, not everyone has easy access to some sort of hosting where they can put some text or HTML that they want to display when someone scans their tag.
What would be cool is if a NFC Cache is created on GCA, an extra field ‘Tag Message’ field could be created. You could enter text in this field that you want to display when someone zaps your tag. Browsing to something like http://www.geocaching.com/cache/gaXXXXX/tagtext would load up a page the revealed the text. There’d have to be some obscurity in the URL though, otherwise people could manually enter URLs into their browsers and bypass the requirement to physically visit the tags location. This URL would be the one encoded into the tag.

I think we could do something. When you create a NFC and you want a detailed message or instructions, we could create a hash that could be used in place of the "tagtext" in your URL above. The only way to get to get to the page would be by scanning the NFC (or someone sends you the link which we can't stop). Either way, I think we can create something that would work.

[Now_To_Morrow]

I like the idea.

I bought a bunch of tags yeeeears ago in their early days. I was going to use some for quick access tasks on my phone around the home and in the car just for fun, and some for geocaching. In the end only one has ever been used successfully and that was as a GCA beacon cache a couple of years ago. It wasn't technically a beacon (more like a multi) and a couple of people struggled with it so I archived it. The cache name ended up being quite appropriate.

If there was an easy to follow guide for them I'd probably hide another one pointing to the wiki in the cache description. I'd definitely go find them.

Being that NFC is used for card payments these days, can it be proven that there's no chance of their bank account being accessed? I know it's a case of phone reading the tag only, not the tag reading the phone, but some folks might still need that reassurance before tapping away.

[mattyrx]

Being that NFC is used for card payments these days, can it be proven that there's no chance of their bank account being accessed? I know it's a case of phone reading the tag only, not the tag reading the phone, but some folks might still need that reassurance before tapping away.

Good point. Mobile Payments using NFC use Tokenisation (your personal details, card number etc are not revealed during the transaction - only an encrypted, randomly generated token that can only be used once) and Device Specific Cryptograms (which means if some one was to intercept or copy the data stream that happens when you hold your phone up to pay for something electronically, the data would be useless to be used from another phone) as well other security protocols to keep the transaction secure.

If an NFC tag was able to skim this data from your phone, it would be useless to identify you, your card number, or any details of the transaction. Fortunately, todays NFC tags don’t have the physical capability to act as a skimming device or to process a financial transaction.