cariad.keigher.ca

The Worst SkyTrain Station is Scott Road

Aug 9, 2021

If you have gotten off your train and are seeing this sign, you probably know why it is a bad station without having to read a Medium piece about it.

One of the questions that is easy for me to answer is my favourite SkyTrain station, but the more difficult question is what is my most-hated.

The answer to my favourite won’t be provided in this article, but it is rooted in my ability as a person, my commuting patterns, and where I live. This means that I cannot give an objective answer to a good or bad station because my needs and uses are different from everyone else.

So how did I determine the worst SkyTrain station? Well, after being unable to come to a conclusion after a conversation with friends, I embarked on crowdsourcing the answer using a tournament bracket.

Asking ELMTOTs about every station in the SkyTrain and West Coast Express network

SkyTrain and West Coast Express network as of 2021 (Source)

SkyTrain consists of a handful of automated metro lines, with 53 stations spread across a total length of about 80 KM. The West Coast Express (WCE) provides commuter rail services to eight stations along 69 KM of shared track, with three of them sharing connections to the SkyTrain network itself.

Because of the unevenness of the number of stations provided in the present-day SkyTrain network, WCE stations were included to make it easier to run a tournament bracket. The thought was that since both are operated by TransLink (the parent agency) and were both rail services, it was fair to have them scrutinized.

Expo Line Memes for TransLink Oriented Teens (ELTMOT), is a Facebook group where transit users can come together to chat about what they like or dislike about the network, share memes, and in my case, provide a “very scientific” tournament where each member of the group were invited to help select the worst station.

With the tournament, there were six rounds. In each, a separate poll was posted for each match-up of two stations. With one vote per person permitted and three days passing, a winner (or “loser”, I guess) was decided. The station with the most votes went on to the next round and this kept repeating until the finals.

Some stations did not appear until the second round, but the way the tournament was organized was done at random, avoiding any potential for bias when the list was given to the bracket software.

There were dozens of posts made of which admittedly was a lot more work than I had expected. Somehow I managed to endure the 43 C heat dome at the onset of the poll too, but I was determined (or stubborn) enough to keep it going as it was a question requiring an answer.

From June 21st to July 27th of this year, the voting kept going. After so many posts and data entry, the worst station was crowned as the winner.

So let’s talk about the winner and also let’s pay it a visit.

What did everyone say against the station?

In 2019, 3.3 million people had to endure seeing this sign.

I have collected a few quotes from various ELMTOT members and have included them here.

“Scott Road Station is objectively … not a good place to be.”

“If you walk from Scott Road Station to Brownsville Park via the parking lot, you get stuck in the middle of a highway so that’s cool.”

“Scott Road is such a depressing station. Nothing interesting, nothing remotely aesthetically pleasing, It’s just sadness.”

“Wanna run all the way across a parking lot and then cross a road with no sidewalks and horribly placed crosswalks to get to a McDonalds”

“I hate Scott Road Station personally because for a couple years on Sundays as a teenager, I would miss the 312 [bus route] by a few minutes and end up waiting there an hour. Nothing to do, nowhere to pee, phone battery at 4%… fuck Scott Road Station.”

One person did defend the highway connections and available parking, but overall the impressions of the station were negative.

Okay. So why specifically is Scott Road so bad?

The last time I visited this station was probably in 2008 when my then girlfriend and I chose to cross the Pattullo Bridge on foot at 11:30 PM at night to get back to my home via Scott Road Station instead of walking to the reasonably close Columbia Station, which would have taken just ten minutes.

I can remember getting off of the bridge after a twenty minute walk, with her and I being completely unsure about how to get to the station despite it being in eyeshot. The were fences in the way, resulting in a need to figure out where to cross. After some trial and error, we managed to get into one of the parking lots and boarded a train to Surrey Central.

She and I were both in our twenties then and it was one of those decisions you make because you like red wine too much. However, I am now in my thirties, no longer with said girlfriend, and additionally don’t like red wine anymore, so a sober trip to the station was in order with only a short walk from my home to a nearby station.

Scott Road Station on a gloomy August day.

Scott Road is Surrey’s oldest SkyTrain station and for a few years was the only station south of the Fraser River. It sits prominently above Scott Road itself, which is the crux of its issues.

Scott Road Station as viewed from space (Google/Maxar).

The road, Scott Road terminates just to the east of the station as it meets with King George Boulevard via an interchange, with north access leading to New Westminster via the Pattullo Bridge and south access towards Surrey’s city centre.

The interchange itself should be indicative enough of how pedestrian unfriendly the area is, but it is even worse than that because the road does mean you cannot go from one part of the station’s outside services to the other without having to go into the station itself.

TransLink’s provided map for what is “walkable” around the area demonstrates the underwhelming amenities you could get to by foot unless you really want to visit the nearby Home Depot. Also, you cannot really make a five minute walk to anything to the east of you unless you like playing an augmented reality version of Frogger.

Upon exiting a train, you have three options for available services: a bus loop and a car lot on the north end, and another car lot on the south end. This is extremely confusing.

Two exits lead to two identical parking lots and only one takes you to a bus.

The confusion about the two parking lots stems from how this station was first designed: it was meant to be a park and ride. Cars would drive to the station and either park there or would wait to pick up any departing passengers.

If you got off here during the era where your mobile phone did not have instant messaging, you’d have to ensure ahead of time that your awaiting car was in the correct location. This is less of an issue these days, but assuming everyone has a mobile phone which permits this functionality is problematic.

Over here in parking lot B, you better hope you’re not getting picked up from parking lot A because you will be going back inside. If it is past 1:10 AM on a weekday, you’re going to be walking for a while.

With design aesthetics lifted from an aging BC Ferry, you probably became quite familiar with these stairs when you figured out your ride is waiting on the other side.

The station is a product of its time and is in dire need of being fixed.

As someone put it to me while we were at the station: it’s a station I didn’t know about until today and it is also a station I wish to never visit ever again.

What future is there for Scott Road?

While there is the TransLink-endorsed, walkable Home Depot in the distance, there is also now rental housing within a thirty second walk from the station’s south entrance. New housing is under construction all around the area and it is likely to become less of a commuter destination and instead an actual neighbourhood.

The land around Scott Road Station is amongst the the easiest to develop in Metro Vancouver. While there are arguments against the removal of parking stalls around stations, the region has been shifting away from park and ride arrangements and instead towards expanding rail and rapid bus services and developing amenities.

The new North Surrey Sport and Ice Complex was built atop of grounds once used for parking at the station.

The station itself has also been undergoing upgrades with escalator replacements and has had its elevators improved. There are no long-term plans to add extra transit services to the station, but it isn’t hard to imagine this station being a hub for commuter rail or rapid rail service servicing areas such as North Delta.

Rendering of the new Pattullo Bridge with Scott Road Station towards the top (BC Government).

Unfortunately, a missed opportunity for the Pattullo Bridge replacement project is the whole Scott Road Station pedestrian situation. None of the renderings show an improvement even with the better connections from the bridge to Highway 17.

Considering the better connection to the highway from the new bridge, it may make Scott Road a much gentler road itself, but the arrangement does not appear to immediately suggest this.

What about other stations?

As mentioned before, all WCE and SkyTrain stations were evaluated.

As with all Internet-based polls, this project of mine was super scientific and free of bias, requiring zero peer-review. The results are concrete and completely infallible evidence of the general population’s opinions.

Thanks to science, we have details on who the runner ups were.

Lake City Way (Millennium Line)

This station was the runner up to Scott Road as it lost in a score of 166 to 56 in the final round. The arguments made for the station being the worst was that it was a rather unremarkable station, with not much around it other than industrial buildings and some homes within walking distance.

Maple Meadows (West Coast Express)

Surprisingly, West Coast Express stations didn’t get a lot of hate. The consensus about this station in Maple Ridge was simply how far away it was from everything else nearby. This station placed fifth overall in the tournament.

Templeton (Canada Line)

Simply put: a giant parking lot and a shopping centre. If you’re getting on here, you are probably parking your car to go to the airport as nobody seems to use the station to go buy clothes at the nearby outlet stores. It placed ninth.

Closing

After the Pattullo Bridge’s construction has concluded and with the upcoming extensions of the Millennium Line deeper into Vancouver and the Expo Line towards Langley, it may be worth revisiting this question: which station is the worst?

Taking the train home, which is far, far away from this terrible station.

Perhaps in 2031, we’ll be able to talk about the worst station again and maybe then the crown will be given elsewhere.
Looking back at the Game Gear after having played most of its library

Jul 16, 2021

Back in early 2020, I embarked on an ambitious plan: I was going to play every non-RPG and non-sports game lineup on the Sega Game Gear.

At the start, it didn’t seem so bad as I figured it would be on par with playing games from the Nintendo Game Boy library, but Sega’s portable console was not only good at eating up batteries, but it was capable of frustrating me in ways I didn’t anticipate.

The Game Gear logo, proudly demonstrating it can do red, blue, and green.

Hyperbole aside, the Game Gear is overall an awful system, but the reasons for why it is awful became evident the more often I’d spend a Monday night entertaining folks on Twitch with a new crop of games that would find themselves often labeled as “cursed” or “jank”.

An overview of the darn thing

The Game Gear itself is a technical masterpiece for its time. Comparatively similar in specifications to its Nintendo counterpart, its origins were in Sega’s earlier console, the Master System as it was effectively a portable version of it albeit with a different screen resolution. Unlike the Game Boy, it featured a palette which offered thousands of colours (4,096) with 32 of them on screen at any given time instead of four monochromatic shades of grey atop of a green backdrop.

Yet despite Sega promoting the handheld’s graphical superiority over its competition, it could not muster more than one sale for every ten that Nintendo made. Reasons for this were numerous, but it is wise to suggest that it was probably because of the six AA batteries required to operate it with a maximum runtime of three hours. The colour screen came at a cost because the Game Boy could use four of the same batteries and be able to provide a playtime on them of five to ten times as long. The Sega console was 50% more in price too, making it not palatable to parents.

That all aside, an impressively large library did manage to develop for the console with just over 360 titles being released worldwide, with somehow North America having more games than Japan.

What was actually good

Okay. So I started this off all negative, but honestly there were a few things good about the Game Gear. One of the things that made the Game Gear have a large library was that many of the games already existed on the Master System (SMS) and with very little tweaking, they could be made to play on the handheld.

In fact, just like the Sega Genesis/Mega Drive, there are adapters available (albeit from third-parties) which enable plugging in SMS cartridges directly into the handheld.

My first speedrun: Kingdom Hearts 0 — “Jorts Before Breakfast”

The Game Gear gave me my first-ever speedrun game:Legend of Illusion Starring Mickey Mouse. This game was interesting for two reasons: the first being that it was ported from the Game Gear to the SMS for Brazilian customers and the second was that it was a Disney game that I actually enjoyed outside of Kingdom Hearts.

I last played it for GDQ Hotfix back in March 2021

It now has a place in my heart as a game that I would have otherwise ignored if I didn’t embark on exploring this console’s library.

An amazing port of a game that has no business existing on the platform

Did you know that a competent port of Panzer Dragoon was ported to the console? Panzer Dragoon Mini was a Japan exclusive and while it was not entirely great to play in contrast to its Sega Saturn counterpart, I didn’t think it was as bad as it could have been.

It played as well as well as it could for a third-person perspective-style game.

I didn’t finish it but I did get fairly far. It is not a game I wanted to continue playing again, but it stood out as rather impressive from a technical perspective.

I am biased here, but a licensed anime game was actually good

If you know me personally, I am a huge Sailor Moon fan. I’ve rewatched the original anime series twice, read the manga, seen the movies, and at some point I’m going to get a tattoo of an item from the series.

Box art from Sailor Moon S for Game Gear

More often than not, Sailor Moon games are awful, especially when they’re platformers (the Nintendo DS game exclusive to Italy comes to mind). Of all of the games I’ve played, the Game Gear one, Pretty Soldier Sailor Moon S is one of the better ones. Nowhere in the game does it feel like an environment Sailor Moon would actually be portrayed in, but at the same time, it was playable and importantly, enjoyable.

Games that were just awful

Okay. Now I can talk about the negatives. I could run through all of the ones that I hated, but I have opted to just narrow it down to three just so it seems even-handed.

Before I do, the Game Gear is really limited by just having a directional pad, two action buttons, and a start button — it has one less button than the Game Boy, which is used for ‘Select’.

This made attempts to port fighting games which rely on having at least three action buttons (and ideally four to six) fraught with compromises which should have been enough to suggest that they didn’t bother in the first place. This basically is me implying that I won’t bother remarking on a specific fighting game as with exception to one Mortal Kombat port, they were all just bad and played a role in my not bothering to complete my challenge.

I am hearing-impaired and I wish I were more impaired before this

I gave Chicago Syndicate a try, which is an arcade-style beat ’em up. This game was probably the first one to ever make me give up really quick.

This game was ridiculously slow-paced and could make your ears bleed.

The problem with the game wasn’t the fact that it was slow-paced and felt obtuse in design, it was the fact that my ears were being assaulted with what felt like someone decided a referee’s whistle was a musical instrument (or a smoke detector I guess).

I want to use more colourful words to describe this, but the slow pace and the assault on my ears made me absolutely abhor the short time I gave to this game.

A movie that killed a genre also had a video game tie-in that sucked

Cutthroat Island was suggested to have killed the pirate movie genre for almost a decade when it managed to achieve box office results a tenth of what it cost to produce. It came as no surprise that the video game tie-in for the handheld was not much better.

This is basically it — this is the game

This was probably the first game I labeled as “jank” and it really is as much. When you see the awesome fight scenes in Pirates of the Caribbean (which revived the genre post-Cutthroat), you expect fast-paced action and an expectation that you have no idea where the fight will go. However, this game manages to combine sword fighting with swimming in molasses all the while providing controls that make it feel like you’re eating ice cream with chop sticks.

This game has been put into a special list for other projects to say the least.

An EU game that fortunately remained in the EU

One of my favourite comics and cartoons growing up was Tintin. As an adult, I have a lot of thoughts and feelings on the series and the author, Georges Remi (“Hergé”), but for now, I want to talk about Tintin [in] Tibet.

This is all you’re going to see in this game because good luck getting past the start.

The game is unnecessarily hard from the start. Controls were stiff and you’re immediately presented with platform jumps that just become obnoxious and difficult to achieve. You’re greeted with instant deaths because there’s just no margin for error. At release, French-language publications didn’t give it favourable reviews and I can most certainly understand why.

What about The Hedgehog?

I don’t like the Sonic games on the Game Gear much at all, but I especially disliked Sonic 1 and 2 for one reason and one reason only: resolution.

The Sega Master System has a resolution of 256x192 pixels and the Genesis did 256x224. With the Game Gear, it was limited to 160x144, meaning that 40–46% of the screen real estate you had on your television was lost when you developed on the handheld.

While a bit of an exaggeration as sprite reduction was made to accommodate the actual game, the red line shows the compromises made to make Sonic The Hedgehog or any made for TV game work on a Game Gear’s significantly smaller display.

Unlike his plumber rival, Sonic as a character is intended to go fast and keep going fast. This means that as a player, you must have lightning fast reflexes as you may encounter a pit, spikes, or an enemy and there are just lots of leaps of faith you must take in order to succeed. On a television with an adequate resolution, this is not a big deal as you often have enough head’s up, but being that the horizontal resolution is 40% smaller on the Game Gear, you really have no chance to predict what is coming.

The games that were intended to be on the Game Gear in the first place were playable and overall enjoyable (the Tails ones in particular), but Sonic 1 and Sonic 2 definitely do not fall into that category. They were built for the television first and were only put on the Game Gear because it was easy to port and easy to sell.

Closing remarks

I never owned a Game Gear growing up. When I was ten, my parents gave me a Game Boy for Christmas (I still have it too) and it provided me with many years of entertainment. One of my neighbourhood friends growing up did however have the console and while a few times I played it at his house, I never really felt all that invested in it.

5.8% of the games in the Game Gear Library were enough for me to consider speedrunning were I to bother.

Overall, the library ranges from a few gems, some mediocre titles, and a metric tonne of software that only existed to keep the system on life support as Sega just could not compete with Nintendo.

When streaming the games on Twitch, I really tried hard to not take shots at the developers of these games as many of them went on to make excellent things later on, but there were a handful of publishers where if I saw their name appear on screen, I’d begin to anticipate the awfulness that was waiting for me.

Most of the skipped games (33.9%) were sports games, entirely in Japanese, or were RPGs. 55.1% of the library as a whole was played by me and 11% I did not get around to.

About eight months into going through the catalogue almost every week, I had to give up. I was burnt out from trying to play these games even though my goal was never to finish them — just play them. I just could not do this anymore; and after chatting with a friend, I decided to end it. I’m still streaming, but the Game Gear and I are for the most part done.
An open-letter to my Member of Parliament with respect to the deaths of 215 children at the hands…

Jun 1, 2021

For context, you may read this article here. This was written to my Member of Parliament (MP), Don Davies, who represents my riding of Vancouver- Kingsway, which once was part of lands shared by the indigenous peoples of the Sḵwx̱wú7mesh (Squamish), Stó:lō (Stolo), Səl̓ílwətaʔ/Selilwitulh (Tsleil-Waututh), and xʷməθkʷəy̓əm (Musqueam).

A copy of this letter has been sent to his mailing address. I encourage you to write to your MP about this as well, as remaining silent is a privilege of which must remain unused.

Mr. Davies,

As the white daughter of settlers, I am quite disturbed and furious that indigenous persons of the lands we occupy are once again subject to sorrow and grief at the hands of racist policies of the federal government and proselytization of the Catholic church. The discovery of two hundred and fifteen (215) dead children in a mass grave is reprehensible and any suggestion that this is remnants of a “dark past” is ignorant of the fact that indigenous persons remain a systemic underclass to this very day.

While many of the individuals responsible for the deaths of these children are now deceased, many are not and furthermore, the organizations that ran these residential schools — including the aforementioned Catholic church — are still operating and often amongst the wealthiest in the world. Dismissing the deaths of children who were as young as three years old as merely succumbing to severe illness ignores that the school had seen just about five hundred (500) pupils in its operation, suggesting that two-fifths of those who entered the school’s doors never returned home to their loved ones.

These children would have grown up into adults who would have had a measurable number of them with us living today if it weren’t for the negligence of the school. Some involved with schools adjacent to this one are still alive today in particular one who was prominent with a recent major event in Vancouver.

I am a former Catholic who left the church due to its mishandling of child abuse at the hands of its priests and its continuation to suggest that those of us in the LGBTQ+ community are “of sin”. For an organization who is quick to demonize women for having ownership over their bodies and imply that I am of sin because of who I am, they’re just as quick to attempt to sweep under the rug their responsibility of the harms they’ve made against children. I often believe that the only reason why the church responded to child abuse claims and not what it did to indigenous persons in residential schools is because it was often enough that the former victims were white.

While I cannot speak on behalf of indigenous persons, I can at the very least express my anger and resentment over our government’s token gestures and inadequate actions in taking responsibility and holding persons to account for their mistreatment. The discovery of this mass grave is just the tip of the iceberg.

Do something.

Regards,
Cariad Heather Keigher
Twitch chat harassment remains unaddressed despite complaints and evidence of potential fraud

Mar 15, 2021

CW: sexual content and obscene language will be displayed in this Medium story as well as the accompanying report.

This is a blog post for a report I have written (titled “The ineffectiveness of Twitch with respect to serial harassers and the consequences therein”) Twitch’s shortcomings on addressing harassment from chat. If you’re interested in reading the report in its entirety (it is long), it is available at the end of this post.

One of the outlets that I found during the pandemic which helped me was getting more involved with being a streamer on Twitch. I’ve had an account on the service since 2014, when Twitch Plays Pokémon debuted, but after my partner and a close friend both suggested I start to stream and speedrun, I found myself immersed in the culture that the site has.

Naturally, when harassment claims became front and centre in mid-2020, the arms of Twitch were twisted enough to finally address them. While the verdict is still out on how effective they’ve been since, the focus has primarily been on streamers’ sexual behaviour towards other streamers and their audience.

This has been all well and good, but while streamers often hold the majority of power while they are off and on screen, there is an aspect Twitch has overlooked and outright ignored: the audience.

Crop from a Twitch stream of mine where an individual came into chat to post something sexually obscene.

Twitch encourages community participation and provides tools which third-parties rely on to enable this in the video stream. Most common are displaying alongside the main content are the ongoing chat, events such as subscriptions or new followers, and in some cases even manipulating aspects of the game being played on stream. However, this participation comes as a double-edged sword.

While these interactions may drive traffic to the streamer and in turn potential revenue (many streamers rely on Twitch as their main source of income — this author does not and has no intention to do so, but has received money from streaming on the service), it may also provide an avenue for harassment.

It would be easy to say that removing audience participation could lessen the impact of harassment, but Twitch again makes it apparent that this aspect is important and even allows someone to obtain a refund for their subscription should the streamer not meet their expectations.

The audience harassment problem has on the surface remained unaddressed by Twitch for years. This has been further compounded by their legal team demanding any tools used to help coordinate moderation across multiple channels discontinue operating, with examples being OverRustle and Root Online.

When users complain to the company directly about problematic users, there is nary a response from on social media or via their own public support portal.

Should one try and follow the process Twitch provides, the solution is documented in such a way that resembles an infinite loop or you have to rely on third parties or a skillset not possessed by many, which of course is hampered by the chilling effect produced by the company’s terms of service.

The lacking response, the chilling effect by their legal team, and the lacklustre tools provided make Twitch’s remarks about “taking action against [harassment]” on social media ring hollow.

Tweet from January 12, 2021 where Twitch discusses its new harassment policy.

One problematic user often cited (referred to as MoS) when discussing chat harassment became present to me mid-way through 2020. After seeing them a number of times in friends’ streams and then eventually my own, I became interested in who they are and why they were so capable of being prolific across the service.

They first came to attention of Twitch streamers around 2017, but shortly before the pandemic hit in 2020, their behaviour intensified to the point where they registered well over a thousand accounts by the end of the year — data shows there were approximately 1,200 registrations, but in the year prior (2019) only had around 380. It was determined that these accounts and all of their behaviour is likely being performed by hand.

New accounts created by MoS on Twitch throughout 2020.

What became apparent through investigating the actions of MoS was that the process of becoming a Twitch user had a much lower bar than Twitter, which itself has been the constant source of news with respect to large numbers of accounts created to manipulate elections and public health.

Twitch’s inaction combined with the low bar to create accounts is likely enabling fraud and that may undermine their partner and affiliate programs.

Sample of offerings from “BigFollows”, a service which can provide you with inflated numbers of viewers, followers, and most concerning, subscribers. This service is spammed heavily in Twitch chats.

The ease of signing up for Twitch has enabled the ability for services to exist where you can pay to not only have additional followers, but “active” viewers (where you can pay a fee to have a larger viewer count for a period of time) and most curiously, new subscribers at a fraction of what would cost to pay directly to Twitch.

These services rely on the ease of account creation on Twitch which is the same ease that permits harassment by the likes of MoS and many more.

In one such example, using PayPal or cryptocurrency, you can purchase yourself or another streamer 50 additional subscribers for $70 USD, which is 28% of the price of what would have been spent if bought via Twitch themselves (approximately $250 USD).

Twitch does not openly offer bulk discounts for subscriptions — even if they did, it is unlikely to be at such a steep discount.

Based on my professional experience, it is likely that these subscriptions are fraudulently acquired using stolen credit cards or via gift cards acquired by scams. These subscriptions have to be attached to accounts in order for them to apply to the streamer.

Should someone inorganically wish to make partner, allowing them to earn more money from Twitch and have more prominence in attracting more viewers, meeting some of the more difficult requirements could be achieved by spending $200 to acquire the necessary subscribers and followers.

If this seems outlandish and improbable, there are bots which have made partner status — it is not my opinion that any examples shown or any accounts mentioned by me did so by the aforementioned means.

Twitch account “CommanderRoot” displaying statistics about users playing a game, with a purple-coloured checkmark next to their name on the bottom-right, indicating their partner status. Their account’s sole purpose is to idle in other people’s streams and collect data and nothing more with an obnoxious message delivered via Twitch’s moderation appeal system should you ban them.

Twitch’s continued silence on addressing harassments may continue. Though, I have hope that by pointing out the suspected fraud, the company will examine its account creation process and in turn make the bar to engage in such harassment significantly higher.

Increasing the difficulty of creating new accounts on the service could be a start towards making the site better for streamers and the audience alike.

However, I sincerely hope that this does not translate into making becoming partner more difficult for those who deserve and earned it.

If you’re interested in reading about this problem in detail, a PDF is available which outlines the issues in detail, where Twitch falls short, potential mitigations for streamers, details on who MoS might be, and much more.

This document is written as if this were a consulting gig by myself (I allocate time for pro-bono/subsidized work each month and have details about this service in the document) and should be treated as such due to the density of the material.

Download the PDF (5.4 MB)

As this document may be subject to revisions and is the copyright of me, do not share this on a public service (such as Scribd for example) and instead link to this blog post — I will enforce this as necessary.
An explanation for TransLink’s ransomware story and recommendations for those who live in Vancouver

Dec 4, 2020
If you want to skip the explanation, scroll to the bottom for what I suggest on what you should do next. This is also haphazardly written so ignore the typos and grammatical errors you find here.

I am a computer security professional who has worked in the field for over a decade and the story about TransLink finding itself subject to ransomware is not a new story to me nor is it an overly sophisticated attack. The unfortunate reality is that the transit agency fell subject to an attack that has become more common over the past few years in both the public and private sector as the tactic is fairly effective to unprepared organizations.

The idea that this is a “sophisticated new type of ransomware attack” is a bit exaggerating as this has happened repeatedly for years. A famous example includes local Seth Rogan’s movie, The Interview leading to North Korea breaching Sony Pictures and dumping out their data after having disabled their entire computer network [1]. Combine this tactic with ransomware [2], and you can hold hostage an entire organization until you receive an payout.

What is new is that this has become a popular business for organized crime, typically from abroad. When I say that this is being run as a business, they are engaging in negotiations through customer service [3]. The first instance of ransomware being used to run a business dates back to 1989 where you were required to send at least US$189 via mail to have your hard drive unlocked [4].

An example of the 1989 AIDS virus, which required you to pay to unlock your computer.

TransLink was also not alone this past week as an American retailer was also subjected to the same malware by the same group [5]. The malware in itself appeared earlier in the fall of this year, but it only picked up from where another group left off [6]. Additionally, Montreal’s transit agency found itself subject to a similar attack in October [7] as did a hospital in the city too [8].

So while “new” is correct when talking about the malware or group itself, the methodology is not new and only a few years younger than I am old. The attacks are via e-mail and while you can do your best to filter things out, you cannot expect that everyone is going to be perfect and someone somewhere is going to click a link. Anti-virus and other software cannot prevent this behaviour and it won’t always detect that someone gave their password to a website that looks legitimate despite it being not their own.

The main concerns you should have for TransLink in all of this are two:
1. How is their payment processor handling this?
2. How far did they get into TransLink’s systems?
The second one to me is the most important as the first one is actually the least troubling situation.

In the statement, it is mentioned that TransLink does not store fare payment data. If the agency is following industry standards for handling payment, this is likely the case.

What is often the case especially since TransLink uses a third-party to handle payment via credit and debit is that when you have something like an auto-reload on to your Compass card, the agency only knows your credit card number for a brief period until they get a token from their processor. This brief period is often barely a second and that token is strictly for them to use when trying to process your card for that initial payment and any subsequent payments later on.

If someone were to steal those tokens, without them knowing how the payment processor created them they will never be able to get the details about your card. The payment processor themselves likely doesn’t know the card either and instead follows whatever Visa, MasterCard, or American Express tells them to send transactions later on [9].

However, this doesn’t mean that the attackers could not have gotten your payment details when in transit during that time they were in contact with the payment processor. If you have in the past few months changed your payment details on the Compass portal, pay extra special attention to your credit card statement just in case.

Details TransLink does have about you personally if you used the Compass portal include your name, address, what cards you possess, trip history, your e-mail address, and your password. That password should be changed if you haven’t changed it already and if it is the same as your e-mail, not only should that password be changed too but it shouldn’t match what you just changed your Compass account to

Personally, changing your password and having to keep an eye on your credit card statement is the least worrying thing. My next concern is this: how far did they get into the network?

Child in front of a workstation at SkyTrain control (TransLink)

My daily work involves security with industrial control. Industrial control (sometimes called “SCADA”) is just a fancy way of describing physical, moving equipment that is controlled by computers. These things can include power plants, traffic lights, heating and cooling systems, and of course transportation systems. With SkyTrain being fully automated, it is to me an industrial control system of which is super fascinating and have written about before [10].

Problems with the computers operating SkyTrain are an ongoing phenomenon [11]. It is easy to suggest that the problem has to do with the aging computers [12], but unlike the corporate world where desktops and servers are refreshed every few years and the personal world where you may opt to get a new computer as soon as the power cord goes, the industrial control world doesn’t have that luxury as the devices have to work in a state for years because their task is to be reliable and not disrupted. As a result, they’re not cheap [13], so replacing them is often discouraged as they’re usually designed to be extensible not for just a decade but sometimes up to half-a-century.

However, being that they’re old, they’re likely susceptible to tampering. We have had many instances where they’ve taken out power plants, HVAC systems, and power plants to name just a few [14].

My concerns are really this:
1. Can TransLink verify that their control systems were not reached?
2. How can TransLink verify this and assuage my fears?
3. What did the attackers specifically get access to?
Being that the attackers had printed the ransom message on their multi-function printers, they did have network access to the business network, but without any further information all I can assume is that they have this aspect under control.

These sort of breaches are really painful and I hope that TransLink’s cyber security team is able to get a weekend to relax. Having had a few incidents that ate up weeks of my life in the past, I know what they’re experiencing and they have my sympathies.

As for me, I will be requesting a copy of the report they get from whichever security outfit they hire.

What are my recommendations for you?
- Change your password on your Compass Card account. Use a password manager and don’t reuse the same password everywhere. If your password for Compass is the same as your e-mail address, change that too.
- If you have provided a new credit card via that website in the past three months, pay extra attention to your statements
- Keep an eye on any future recommendations from TransLink with respect to your payment card details
If you have any questions, feel free to ping me on Twitter. I do not work for TransLink so I cannot speak for them if you want to know more specifics.