I don't get it. This focus on FaceID seems to me some successful marketing spin by Apple, and the media seem to be drinking the Coolaid (again). Face recognition in my book is not a replacement for a fingerprint reader.
See I don't doubt that FaceID will be good. I don't doubt the quality Apple provides when they introduce features like this. I'm sure it will work amazingly well, because unlike almost all previous implementations Apple actually makes purposeful hardware for it.
The thing is, I don't want to look at my phone to unlock it. With a fingerprint reader - on my current Xperia and my current iPhone - my phone is unlocked before it faces me. I unlock it when I get it out of my pocket. I unlock it while lying on the table when it's facing the ceiling. I unlock it to peek at messages in meetings under the table. Needing to face your phone to unlock it seems to just be a really weird concession to me. As others point out, it also seems to be a minor concession security wise. It seems to be some typical form-over-function Apple thing again - UX and security concessions for a better looking phone. They should've slapped a fingerprint reader on the back once it turned out the under-the-screen fingerprint reader wasn't viable.
Having to go through some ritual to face your phone and slide it open to unlock feels like a hassle and a downgrade. Especially on a €1000+ phone. So yeah, the Apple distortion field is still a real thing it seems. Or maybe the way I use my phone is weird. But either way, I don't get it.
I really don't see what's so bad. To use my phone I have to look at it. So as long as it unlocks fast enough (reportedly it does) them it's a non-issue.
> I unlock it when I get it out of my pocket.
Once you look at it, it will be unlocked.
> I unlock it while lying on the table when it's facing the ceiling.
Depending on how you're positioned this maybe an issue.
> I unlock it to peek at messages in meetings under the table.
If you can look at the screen from a reasonable angle then it can see you and unlock.
I wish people would stop bashing this stuff 15m after it's announced in the presentation. Let's see what the security white paper says. Let's see what reviewers who have been allowed to use it say (they couldn't enroll at the event).
Until then this is all straw man arguments (on both sides, my comments are based on Apple reasonably delivering what they promise).
I'm not sure you fully understand my post. Again, I'm totally willing to go along with Apple's story for a 100% in the way it works. But they're pretty clear in their presentation and marketing that you have to 1) look at your phone and 2) slide to unlock it with your finger.
But this is much slower and are far less flexible than picking your phone out of your pocket, or from anywhere else, with your finger on the sensor. And nobody is mentioning that this is a downgrade.
You see, FaceID is not 100% new. Face unlock existed on the Galaxy Nexus. It also existed in much improved form on the Lumia 950 and Galaxy Note 7. I will 100% grant you that FaceID will be far more accurate still than these implementations. But accuracy is not the issue here: all these methods imply a two step face unlocking ritual, which again is a downgrade over no ritual with a fingerprint scanner.
In the end it seems pretty clear to me that face unlock - in any form - will be far less seamless than finger unlock. It makes your phone slightly less easy to use. Yet Apple seems to be successfully arguing that it's an upgrade or at least an equivalent. But it just can't be, no matter how good their implementation is. That's what I don't get.
Wait until it's been out in the wild for a while. I've heard that Apple employees say going back to an old device after using one with Face ID feels weird... because Face ID is just so seamless, you never have to think about it, it basically just feels like your phone is always unlocked.
But it’s the same exact ritual as TouchID. Both unlock your phone as soon as you complete the necessary action (placing your finger on the center, showing the phone your face).
That doesn’t dismiss the lock screen, to do that you either have to press the home button or swipe up.
1. You've never used the device so making statements like "this is much slower" is pointless conjecture.
2. FaceID is completely different to the Nexus which is based solely on 2D image recognition and is easily able to be forged and doesn't work in low light conditions.
3. From what Craig said in the Daring Fireball interview it will actually be much faster than TouchID since the authentication apparently happens in parallel to the unlock operation.
I'm not sure why I get this response. You seem to imply I have issue with the quality of Apple's next gen implementation, which I have twice explained I don't. Or you imply that I can't have an opinion on the concept of and hassle involved with face unlocking in general, which (as I also already explained) has been around for years and Apple clearly has not made any conceptual changes to.
Let me clarify for the third time. My opinion is the following: no face unlock mechanism can be as good as a fingerprint unlock for the flexibility and speed of use as explained above. FaceID will likely be far and away the best face unlock method we've ever seen but it's still a face unlock method and therefore slower and more restrictive than a fingerprint unlock. What I don't get is that nobody else is talking about it, because Apple has successfully spun the discussion to be about the quality of FaceID as opposed to the (lack of) merits for face unlocking on smartphones.
I'd actually be excited to have face unlock on laptops and PCs (actually that exists already as Windows Hello, but dedicated hardware would be nice). But on phones I consider it to be inferior to fingerprints conceptually.
> When did you last unlock your phone without subsequently looking at it?
I unlock my phone and then not look at it when making phone payments (Apple Pay will definitely take a step back with this). I also switch between maps and driving apps in the car while keeping my eyes on the road. I often peek at something on my screen well outside of the FOV of any front camera. My use of my unlocked phone is not at all limited to things I need to take my face's positioning in account for.
I don't particularly appreciate being accused of a failure of imagination and then having to respond to an arbitrary limited assumption of my smartphone use. It's not my imagination that's the problem here.
But the point is moot. My entire issue with it that I don't want to wait to initiate unlocking once it's in front of my face. Even if FaceID is instant, and I would accept that all my use is in the FOV of the front camera, Apple still requires me to slide to unlock the device.
you don't have to "look at it" -- as long as there's line of sight it should work. I pretty much agree with your position though, just wanted to clarify that as long as the infrared scanner can find your eyes/nose you're good to go. Another commenter pointed out that you need to swipe, which supports your point that it's slower than touch ID. maybe I'm getting pulled in by the Cook RDF, but I'm cautiously optimistic.
Face ID requires looking at the phone, and then swiping up. The swipe is what takes the extra time. It means that your phone is not ready to use by the time you look at it.
Touch ID lets you do the touch before you look at the phone. The phone unlocks while you take it out of your pocket, so by the time you look at it, it's already unlocked.
You have to fumble about for the home button and do an extra click for Touch ID - it's not much different, except it requires less precision/friction on the part of the user for Face ID presumably.
Face ID should also significantly improve the UX around all interactions that used Touch ID prior (Apple Pay, authentication for third party apps, etc.).
No, I brought it up once in my original post as minor compromise in security. As other have pointed out, it might be less secure as you could be more easily be manipulated to unlock your device by accident. It's a minor thing.
>I wish people would stop bashing this stuff 15m after it's announced in the presentation. Let's see what the security white paper says. Let's see what reviewers who have been allowed to use it say (they couldn't enroll at the event).
I don't see why it upsets you that someone doesn not like a product. Every comment does not need to be supported by a scientific study, or even be objective in any way. Your own comment is speculative.
Please note that this feature does not exist in isolation. Apple has not invented face unlock - nor have they invented reliable face unlock. You can unlock your Lumia 950 and Galaxy Note 8 (or 7 if you still have one) reliably with your face and it's just not as convenient or quick as using your finger because face unlock fundamentally is not as convenient as the fingerprint in my opinion.
I'm fine with "X says this, and Y disagrees" much more than "you're wrong for having an opinion". Also, I don't know about you, but I have disliked several products which I didn't purchase, and did not even try out. We're not all robots here ! :)
My issue is not that someone has an opinion on something they don’t own, as you said that’s perfectly reasonable because no one buys everything.
My annoyance is that people have an opinion on something that no one has used.
It’s perfectly fine to have an opinion about the Galaxy S8 without owning one. There were reviews and now there are other owners who you can look to find out how well parts of it work.
With the iPhone X we don’t even have refused to tell us if the feature works or not so complaints about it are pure conjecture.
People are entitled to their opinions, my issue is that right now no ones opinions are based on anything other than marketing and preconceive notions. And that means that some of these deep discussion threads about whether a feature works correctly or not aren’t productive in any way. But that’s not stopping anyone from bashing things.
>> I unlock it to peek at messages in meetings under the table.
> If you can look at the screen from a reasonable angle then it can see you and unlock.
You don't need to be able to see the camera to respond to messages in the bottom half of the screen. And even so, larger iPhones already allow double tapping home to bring the top of the screen down for one-handed interaction, which means you can already do everything but camera stuff (right?) with the camera obscured.
That’s a heck of a corner case, and I’ve got a secret for you - everyone else in the meeting who cares already knows you’re looking st your phone. You’re not hiding it as well as you think you are.
It's a mistake to underestimate the impact of small delays. Developers ruthlessly cull their editor configurations to avoid little delays here and there. A delay every time you want to use your phone sounds annoying.
There are plenty of contexts I'd like to use my phone where face recognition isn't available: on a bus at night with no light, so as not to disturb others.
4. The parent article indicates "It uses only infrared and existing light, which means it will work in darkness without any more light than is coming off of the phone’s screen."
..that seemingly knowledgable folks can be still confused.
Bringing new tech to market isn't easy, but convincing folks that it's not a rehash of existing tech is hard too.
I understand the pain of delays, but I'm guessing hats not an issue. Apple tends to be pretty strict about that kind of thing.
> [...] on a bus at night with no light, so as not to disturb others.
That's why the phone has an IR light emitter, so it can work in total darkness. The images in the presentation where the phone lit the person's face up or projected dots on it were simulations to give you an idea what it's doing, but it's all done with IR.
Its entirely IR based though, including a built in IR projector, so whether its night, or even completely pitch black, should theoretically in practice not matter at all. Given humans can't see the light from the IR projector I doubt it's going to wake anyone up either!
It's not new but they're doing it differeny. Craig said in the article that as long as it can see your eyes and nose (maybe mouth too?) it can see enough to unlock. You don't need to be square to the phone.
That's because you're still thinking about unlocking, then using your phone. What you're describing is the ease of the unlock step BEFORE using your phone. The big change for me with TouchID is that now, my first thought isn't unlocking the phone. I put my thumb on the home button to USE my phone, not to UNLOCK my phone so I can use it.
My guess is FaceID will be the same. You WILL be looking at the phone because you look at the phone to USE it. When you do, it will be unlocked fast enough that you don't think about unlocking (you see the screen transition, but your thoughts will be on using the phone not on the unlock that already happened).
Well, one use case I have is my phone sits on my desk arms reach away. I can lay my index finger on the touch id and check if I have a message. I don't have to lift my phone to use it.
Not saying I can't adjust my behavior. We all have our own way of using our devices.
Lay your phone on a table about 6 inches right of your shoulder. It's perfectly possible and easy to read and use your phone this way, but your face is completely out of the camera's field of view.
FWIW I can never get TouchID to work when imm running and my hands are sweaty and the phone is covered in sweat too. Typing my pin is even harder because half my taps don’t register.
That would help with the unlock step, but then how do you interact with the phone? The touchscreen wont work well as you've said putting in the pin isn't easy.
Yeah, but doing 4 taps to change playlists or go from podcast to audiobook is a loooot easier than 4 taps + 6 tap pin + failing to touchid so you get the pin input.
Is it? Before touch sensors became the norm people would put in their PIN every few minutes. It would get picked up by countless security cameras. You could talk to a stranger for 2 minutes and pick up their PIN if you didn't avert your eyes.
And most people didn't use a PIN at all, because it was too much bother.
A PIN isn't perfectly secure; someone can watch you enter it with a security camera or can tell which buttons you pressed from the finger impressions on the screen.
Yes, the PIN is the least secure way of unlocking a phone, by a wide margin.
If someone can shoulder surf while I unlock my phone with a PIN, then they can watch which buttons I press and now they can unlock my phone too. If I use the fingerprint reader to unlock, then they have no chance.
And a complex 40+ character password is much more secure than a 4-6 number pin. There is always a trade off, I personally don't want to press 7 times on my screen everytime I want to use it.
I have a PIN that's longer than 6 digits, and it's just ingrained in muscle memory after a short time. It's not a big difference to a shorter PIN for me.
What makes TouchID secure is not the fingerprint reader, it's the "Secure Enclave"--a dedicated computing environment for storing secrets that is separated from the main processing system.
Even if you never use the fingerprint reader, an iPhone with TouchID is still more secure than your Galaxy because the PIN is stored in the Secure Enclave.
TouchID is more conventient than a PIN, and it's no less secure because the fingerprint hash is also stored in the SE chip.
To be even more fair: all Android phones you can buy today have a 'secure enclave'. It's been a recommended feature for Google Play certification since Android 5.0, mandatory since 6.0, and part of all Qualcomm, Mediatek, Huawei and Samsung SoCs for years. In your Android phone's settings, go to Lock screen & security, and look at "Credential storage". Unless your phone is ancient, you will see that the storage type is hardware-backed. My Nexus 4 from 2012 has it.
This is another one of those things where Apple marketing fares much better than their competitors :)
I do agree that FaceID is a bit less convenient than TouchID - the "unlock while taking out of pocket" is a good example.
I also agree that FaceID might be easier to "socially engineer" or obtain by force in the sense that you could just point it at someone's face or trick them into looking at it. Less so with someone's thumb on the home button.
At the end of the day though, I think these concerns are overstated. No modern security method can guarantee 100% protection - you can watch someone input their PIN, steal their phone and force their face into it, or force someone to put their thumb on it. The last one is the most secure in this sense, for sure, but I'm of the opinion that if you've gotten yourself into one of these situations, this is far from your security bottleneck in the first place.
Someone will inevitably bring up the point of law enforcement / 4th amendment breaches, but there are safeguards with the new iPhone X that circumvent these issues.
And of course, you can always decide to just use a PIN and nothing else :)
Actually FaceID will make it faster to get into your phone. Today if you swipe on a notification, you get prompted to authenticate your fingerprint. Now that step is gone -- you just go straight in.
As for opening the home screen, I think your worries are misplaced. You have to look at your phone in order to use it, and FaceID is instantaneous and works at sharp angles, so there's no need to unlock it ahead of time. All it does is replace the button press with a swipe.
The early reports are that it doesn't feel like a ritual at all. It's more like it just makes the whole authentication step go away.[1]
How about using it in a room with over 100F temperature. Hopefully nobody endures that sort of conditions on a regular basis anymore, use the fallback mechanisms for those situations. Except cars of course -- those without AC.
> So, if you were in a case where the thief was asking to hand over your phone – you can just reach into your pocket, squeeze it, and it will disable Face ID. It will do the same thing on iPhone 8 to disable Touch ID.
I imagine that authorities will catch on pretty quickly: "keep your hands up and away from your pockets while we retrieve your device." It would have to happen before any kind of duress.
One scenario where it would be really useful is being pulled over in a car. Give your phone a quick squeeze before you even stop the car. It'll also be a more convenient way to disable the feature before going through customs.
The tech community's reaction to this stuff seems to boil down to "it does not solve every single problem therefore it is pointless." Which is silly, although to be fair it seems to be the tech community's reaction to a lot of things.
>> disable the feature before going through customs
I keep seeing people mention locking the phone before going through customs. This accomplishes nothing. If they ask for your device, you are required to unlock it. If you refuse to unlock, best case scenario means you turn around and go home. Worst case scenario, you are detained as a criminal. If your plan is to fight back and not allow the agents access to your phone, you won't be making it across the border. Bringing the device with you means you must be willing to unlock without causing a fuss. The only way to "win" is to not bring the device.
This is not true when entering the US as a citizen. They cannot compel me to unlock the phone with a password and they cannot hold me for more than a short period over it. The worst they can do is confiscate the phone.
I'm not saying this is true of Face ID but if you set a pin, and there is also a much less secure way to unlock the phone, then yeah the pin was pointless because attackers will just go through the path of least resistance.
Said another way, the chain is only as strong as its weakest link.
If I see someone crawling through my neighbor's window, I'll investigate maybe even call police to request a drive-by. Walking through their unlocked door, I won't.
disagree, this is far from contrived. the fact is that someone can grab this phone from
you and onlock it without requiring any kind of force - the only protection you have in such a scenario is to not lock eyes with it, which requires quite a bit of preparedness.
"keep your hands up and away from your pockets while we retrieve your device"
LOL. Now the police have the right to physically search random people? The police can do nothing if you put your hand in your pocket and disable the phone.
Except shoot you because they are afraid you are reaching for a gun. Last thing in the world I would do when a cop says, "put your is hand up," is reach into my pocket.
How many times have you had a cop point a gun at you or order you to hold your hands up?
You are worried about a tiny percentage of cases. Most people are worried about border agents (who have authority as much as 100 miles inland) or cops in traffic stops asking to see their phones. 99% of the time you will be able to hand them the phone and disable it before they get it. They aren't allowed to ask you for the pin-code, so it's game-set-match at that point.
If you want to protect against a police who at gun point would not allow you yourself to retrieve your phone from your pocket, but rather search you an take it themselves, you should not use any biometric feature, be it FaceID or TouchID. They can force you to put your fingerprints on the phone. You should then just use a long and secure pin code, which they currently cannot obtain legally from you.
Honestly I struggle to understand why this is something that Apple should be designing around? If law enforcement has the authority to search your phone and they have a reason to do it they should do it... it's not Apple's job to protect you from law enforcement.
Is is possible to disable Face ID? If so, would disabling Face ID prior to ever committing a crime / getting arrested result in some sort of non-compliance / bad faith charge against the accused?
Did you even read TFA or any other info about it? It’s an alternative to your PIN - it doesn’t replace your PIN, and t isn’t required. Just like TouchID.
Not true. He was at Oracle around 1992 where he worked on "druid" user interface builder, then he went to NeXT where we worked on WebObjects then he went to Ariba where he was CTO, then to Apple. (Source: I worked alongside him in the early 90's.)
Wil Shipley had a pretty good write up of Craig's Apple history, going back to meeting him at NeXT. Obviously it's just Wil's opinions, but an interesting read nonetheless.
> “On older phones the sequence was to click 5 times [on the power button] but on newer phones like iPhone 8 and iPhone X, if you grip the side buttons on either side and hold them a little while – we’ll take you to the power down [screen]. But that also has the effect of disabling Face ID,” says Federighi. “So, if you were in a case where the thief was asking to hand over your phone – you can just reach into your pocket, squeeze it, and it will disable Face ID. It will do the same thing on iPhone 8 to disable Touch ID.”
How would FaceID be used to authenticate In-App-Purchases? Currently it's a finger on the home button, but I'd be somewhat scared if looking at the screen is all that's necessary to confirm a purchase. I'm pretty sure a second confirmation will be used, but I'm curious.
From a pure statistical comparison (as also presented in the keynote) your face is more unique than your fingerprint in normal situation. When talking about edge cases (like someone trying very hard to rob you) then both of them have their own drawbacks.
So from this points of view I don't see any major difference betweeen them.
If you trust TouchId then you can trust FaceId in the sense of correctly indentifying while paying that YOU are the one who is authorizing the payment.
I don't think there will be another confirmation other than the payment Flow implemented by the apps.
That's not what I meant. I'm interested in the UX. When I accidentally click to purchase an IAP currently, nothing happens until I actually confirm it with TouchID. With FaceID it could presumably already have confirmed the purchase because I looked at the screen too long.
If it works anything like Apple Pay, you'll be required to push the side button to confirm a purchase. The Face ID piece will simply authorize you but there's still an action required to make the purchase.
I trust Apple's security team to have implemented this in a way that preserves safety and privacy. Apple have shown themselves to be very good at that.
That said, I find Face ID extraordinarily troubling, because it normalizes the idea that your phone actively scans your facial features during use. Just like carrying around an always-on pocket beacon became part of the 'new normal' with the introduction of the smartphone, a phone that looks back at you during use will become part of the new normal, too.
When you combine this with business models that rely not just on advertising, but on promises to investors around novelty in advertising, and machine learning that has proven extremely effective at provoking user engagement, what you end up with is a mobile sensor that can read second-by-second facial expressions and adjust what is being shown in real time with great sophistication. All that's required is for a company to close the loop between facial sensor and server.
Apple is unlikely to be this company. But Google, Facebook and Amazon are. What I anticipate is the next generation of Home and Echo to have cameras (Amazon is already moving in this direction), along with whatever piece of hardware Facebook produces. The idea of devices that look back at you will gain acceptance, just like always-listening voice assistants have gained acceptance. All of these will become input sources to learning algorithms.
What is already an incredibly potent toolchain for political manipulation will become even more powerful, with no oversight, accountability, or even much understanding by those who built it on the way it can be profitably used and misused. Its effects will be field-tested in democratic elections that affect the lives of billions.
This is what Zeynep Tufekci has called the architecture for networked fascism, and by manufacturing a mass-market device with active facial scanning, with the best of intentions, Apple has moved us a big step further along this dismal road.
I was going to say that the way to avoid this eventuality is to insist that any competing system have the same granularity of permissions and compartmentalization that it presumably will on iOS - but then I realized that, naturally, the very same applications that stand to use this technology in the creepiest ways will also add user-facing features to encourage the granting of these permissions.
So Facebook will add its own spin on animoji, requiring full face-tracking permissions - and then begin quietly mapping emotional response to every timeline entry.
Yep - as happened with microphones. 'Enable microphone to call your friends - and to let us listen in background for ultrasound advertisement ids form nearby televisions'.
Just because apple did it better, doesn't mean they did it first or enabled it. Android has had face unlock for years and the S8 added 'iris unlock' also. They all have problems, since flat images defeat them compared to this more advanced version, but that doesn't mean it wouldn't be improved later.
The tech is out of bag and apple not doing it would just delay it by a few years. Managing a world where microphones and worse are everywhere and are being used by autocracy is how we should be acting going forward. Accepting that this is the world and dealing with the changes should be the focus, not trying to prevent tech that will be created whether or not some people like it.
edit: I do agree with your tweet about how it changes social norms although.
My point is very much about normalizing the use of this technology, not denying its existence or claiming that Apple invented it.
We've been able to bug houses for years, but only recently did Google and Amazon normalize it by selling an always-on network-connected microphone (and now camera) as a consumer product.
Samsung already did face unlock in a very insecure and unusable way. They are guaranteed to continue to try to improve it and guaranteed to make those versions insecure as well.
Apple built it with secure enclave, so they are actively protecting your privacy.
What I worry about is drivers. Texting while driving has been illegal in multiple places for years but to this day it is downright easy to find an example of someone still doing it. Now imagine these fools deciding to turn away and look because their phone is not unlocking otherwise...
This is a great point, and probably way more impactful than anything else mentioned in this thread. People will continue to be shitheads and use their phone while driving, that's inevitable, and this could make that even more distracting.
Now they've got to take their eyes off the road for a second, or fumble with holding the phone above the wheel.
Not necessarily. I've been in a classroom, opened my phone with the fingerprint sensor, written a reply to an IM I just received, glanced down to confirm that auto-correct got my language right, and hit send. It's not that frequent, but I have done it.
A relevant note from the interview is official confirmation that the 5-presses-of-sleep/wake-disables-Touch-ID is intended as a privacy move. (and adds new info that the iPhone 8 has an easier squeeze-only trigger for this feature.)
I only had a quick skim of the article so maybe I missed it but is there a quick disable for Face ID like there is for Touch ID?
Can law enforcement just hold the phone up to your face and unlock it? We all know Touch ID is not protected under the 5th Amendment so I am going to assume Face ID is not either.
Aside from being able to disable Face ID by squeezing the side buttons, it apparently disables and requires a passcode after 2 failures (compared to 5 for Touch ID). It's not clear yet to me what counts as a failure, though: if someone gets the phone before you can squeeze it then holds it up to your face but you don't look at the phone (Face ID is said to "require your attention" to unlock), does that count as a failure?
The article said you'll be able to use the new method (hold sleep/wake and volume button for 5 seconds to require a passcode to unlock – i.e. disabling face/touch id).
You'd have to be super serious about security to disable either of them. If you are a high ranking government official, or super secret spy, maybe. Because with FaceID they can't spoof it with a photo, they can't break into the secure enclave to get your facial map data, and even if they are able to take a high resolution 3D photo of your face and build an identical mask to your face, it probably won't work.
This and TouchID are the most secure authorization features ever created, because 100% of people will use them,, and less than 1% will create long passcodes.
Yep. They are designed to be more secure than no password or a simple 4 (now 6) digit PIN. Troy Hunt's article that was posted in the last two days had a very balanced view of it.
The problem with the pin is that you can easily see people entering them, and then you can easily get in. With TouchID and FaceID that part is a lot more difficult.
Given how well the implemented TouchID a few years ago I'm not surprised. I don't remember seeing any major criticism of TouchID, just amsome praise from security folk for how well thought out the implementation was.
It will be interesting to see what developers can do with the sensor, especially for AR. I wonder if you could stick two iphones together back to back and have one "see" the world in 3D and have the other augment it in some way.
> Developers ... [are] given a depth map they can use for applications ... This can also be used in ARKit applications.
This has me very excited. ARKit already does an impressive job of tracking as you move around your environment, and the major thing that seems lacking is being able to map existing objects to know where they are in relation to virtual ones.
If they do this well, especially when it comes to automatically obfuscating virtual objects with real ones, it could allow ARKit to be used for creating much more immersive experiences.
The comments about the "attention" detail make it sound like they have tested this extensively with diverse groups. But I've wondered if they had anyone "red team" to see if they could fool it. Faces are less private than fingerprints, and I imagine the police would jump to buy a tool that can unlock phones. Statistics about the false-positive rate are mostly meaningless in an adversarial case. Maybe it is mentioned in the forthcoming white paper.
Possibly, but it's also easy to pick up someone's fingerprint from anything they've touched after the fact. With faces, you have to actively record/3D scan someone. It's not clear whether e.g. security cam footage will be sufficient fidelity to reconstruct a 3D face in enough detail, but this will be interesting to find out.
In case anyone missed it, Apple claimed false positive rates for Touch ID were 1 in 50,000 and for Face ID were 1 in 1,000,000.
> Statistics about the false-positive rate are mostly meaningless in an adversarial case.
I imagine what those special effect masks were for, to test for the adversarial case. I also imagine that's why there's an IR camera too -- I'm not sure what wavelength of IR this is, but it seems distinct from the depth mapping, and would be more difficult to fool on a mask.
> It's not clear whether e.g. security cam footage will be sufficient fidelity to reconstruct a 3D face in enough detail, but this will be interesting to find out.
That would be NSA-grade security cameras, and based on the photorealistic masks they tested, even that shouldn't be good enough.
The thing I've been wondering about is the "invisible dots" that they map to your face, obviously they are visible to something, and if someone wanted your face info could we build something to capture that data either en masse or say with a sensor built into a doorway or such.
edit: or even a fake iphone and I hand you mine and ask you to play a game that I'm building that steals your face data.
The basic idea (as I understand it) it to project a grid of even dots (or some other known pattern). Once they land on a 3D surface you can tell how close the surface is by how close together the dots are and how angled the surface is based on how the dots skew.
It requires the projector, a camera, and the distance between the two. But it's relatively simple (in theory, I imagine it's quite hard in practice).
right, that's my point, what does an iphone face id-ing in the vicinity of a Kinect look like? I'd can't wait to read about what fascinating ways people figure out to attack this.
I was wondering the same. I think it might be quite easy to capture the IR video for replay attack, but it's quite hard to reproduce. Capturing would require just a device that replicates iPhones camera setup, and storing the IR image. Or just use iPhone if you can somehow access the raw IR image data.
If the identification requires just image, it could be printed on a black paper with IR ink (or just white?). Apparently they also look for life signals, so it might require video. In that case, it can't be produced with normal display, but maybe with some sort of old-school analog film and IR light.
This kind of attack (if it works) could be mitigated by adding random IR dots, which would be different each time.
>But I've wondered if they had anyone "red team" to see if they could fool it.
It would be a phenomenal oversight on their part if they failed to do this. As in, the only reason I wouldn't deem it criminal negligence would be because the legal bar for that WRT people's personal data is so low.
The thing I'm really looking forward to with Face ID is when apps are using it. Fine for unlocking the phone, but think about it.
Right now, if you access your bank, Dropbox, 1Password etc. you open the app, wait for the Touch ID dialog to appear, then move your finger from the screen (where it was) and to the Touch ID to authorize.
With Face ID; just open the app, and you're authorized. This is a HUGE thing in regards of usability.
Law enforcement don't have to guess which of your 10 fingers you used for touch id, they don't need your consent to handcuff you and then point the phone at your face to get into your personal info. With touch if they have to get you to do something you comply it's your fingers with this it seems much easier for authoritarians to abuse.
But it won't work if your eyes are closed, or not looking at the screen. All it takes is 5 fails, and then your face is no longer an authentication token.
I haven't seen anything that explains what constitutes a failure. It seems plausible no eye contact wouldn't constitute a failure. It also seems plausible it would, but they may have to be more relaxed about what constitutes an "attempt" as looking at the phone is less definite than placing a finger on the sensor.
Security wise, maybe they could implement a feature where if you look at the phone with a recorded grimace (one eye closed, or blinking fast or raised eyebrows etc etc) it would disable faceid. So if someone wants to force you to unlock it you just comply and make a face
I'm wondering whether Apple sees this technology totally replacing TouchID, or if they will continue to offer it in the next 3-5 years on some devices?
Word on the street was that they were planning on including both TouchID and FaceID in the X, but scrapped it earlier this year due to low yields during mass production[0].
Sure, because facial recognition has many applications outside of unlocking your phone, including the trivial ones like Animoji and the new selfie features that were demoed at the Apple event.
I remember having to force myself to set a PIN because it got in the way. I'm sure the idea of a phone that doesn't need any intervention to unlock it has always been the plan.
> If there are 5 failed attempts to Face ID, it will default back to passcode. (Federighi has confirmed that this is what happened in the demo onstage when he was asked for a passcode — it tried to read the people setting the phones up on the podium.)
Well, on the demo onstage, he did not enter the passcode after being asked for it. He just said "Let me try that again". Is it just a cover up?
Interesting to see accessibility (for vision-impaired users) pop up here. Good to see that Apple thought about that and came up with something. I wonder if enabling the accessibility mode will result in haptic feedback that the device was unlocked.
- If you haven’t used Face ID in 48 hours, or if you’ve just rebooted, it will ask for a passcode.
- If there are 5 failed attempts to Face ID, it will default back to passcode. (Federighi has confirmed that this is what happened in the demo onstage when he was asked for a passcode — it tried to read the people setting the phones up on the podium.)
- Developers do not have access to raw sensor data from the Face ID array. Instead, they’re given a depth map they can use for applications like the Snap face filters shown onstage. This can also be used in ARKit applications.
- You’ll also get a passcode request if you haven’t unlocked the phone using a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.
Lots of people in the threads here yesterday seemed to misunderstand how these things are implemented. Importantly, you cannot set up FaceID without first setting up a password (biometrics are a carrot for getting users to set up passwords, not intended to subsume passwords), and you'll still be prompted for a passcode around once a week so you won't go forgetting it.
AFAIK you need to be actively looking at the screen and touch the screen for it to unlock.
Simply glancing at the phone sitting on your desk will not cause it to unlock, as far as I can tell.
There's speculation that the demo failure was because they had staff clean/handle the devices before the demo - i.e., they both looked at the device and touched the screen. Of course, lots of uncertainty around this particular botched demo.
This is what the article says, but it's also been reported to take just 2 failures with Face ID before requiring a passcode (as opposed to 5 with Touch ID). I can't remember now if that was said by Apple directly on Tuesday, but I've seen the "2" figure reported several places, so I'm not certain which is right.
But it's pretty simple to convert a depth map to a mesh, so I'm not sure how this offers protection. Perhaps the depth maps the developers are given are decently low-res?
Protection from what? You’re willingly pointing a 3D camera at your face and giving a 3rd party permission to use the data. What exactly are you seeking protection from?
How? They can't access the secure enclave. If they make a fake 3D mask out of the map identical to your face, it's not going to work either, they've tested that.
This isn't Samsung dumping underbaked technologies on the world. Apple actually puts some thought into these things.
I think the concern is more around privacy the face data: Apple says they don't store it on their servers or track it, but how good a model of your face can they get from the depth map they get.
E.g., would Snapchat or Facebook now be able to pull a 3d model of the face of all their iPhone X users into their own servers?
The 4 hour rule sounds VERY annoying. It means for example I'll be forced to type my passcode after waking up. So many years of Touch ID will make such a burden UNBEARABLE.
I think that's a misinterpretation. Here is the full quote:
> You’ll also get a passcode request if you haven’t unlocked the phone using a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.
You already need a password if you haven't used TouchID in 48 hours.
This rule seems to exist to make sure you have to enter your password after about a week if by then you go over 4 hours without using FaceID.
You don't need to use a password any time you go more than 4 hours. I agree that would be insane and would be much stricter than what they apply to TouchID (which they say is less secure).
EDIT: I notice the GP's comment seems to have been edited since the time you posted yours.
That's not the way I understand it. I read it as "you'll need the pass if you haven't unlocked with touch id in 6.5 days AND you'll need the pass if you haven't unlocked with face id in 4 hours"
This interpretation is very unlikely, given that it would be redundant with the first bullet point: "If you haven’t used Face ID in 48 hours [...] it will ask for a passcode".
Assuming that Apple engineers aren't stupid, the correct interpretation is "we want people to enter their passwords at least once a week so they don't forget them, but we also don't want to bother them if they're in the middle of something". So yes, once a week, you will be forced to type your password upon waking up.
I read it as "you need to enter your password if you haven't used your phone in a week, but if you use your phone every day, you only have to enter your password after each reboot"
That part was worded in a bit of a clumsy manner I think. It is in combination with not entering the passcode in X many days, as it already is with Touch ID (You may have already experienced this occasionally - waking up and randomly needing to enter your passcode instead of being able to use Touch ID).
Touch ID had the same 4 hour rule. Note that the 4 hours time limit only comes into play if it's been 6.5 days since you last used your passcode. The full rule ensures that you need your passcode approximately once a week, and the 4 hour thing basically just means you won't be surprised with a passcode request 5 minutes after you successfully unlocked it with your face.
I asked this question because as I know, some devices that use similar technology with IR emitter and IR camera don't work in sunlight. They're Microsoft Kinect, Intel Realsense, Leapmotion... That happens because sunlight is a bigger IR source that overlap on IR light from IR Emitter, then makes the IR camera cannot get the correct dot images.
Before the iPhone implemented it, every fingerprint scanner I used either took forever or was miserably unreliable. I was skeptical iPhone's scanner could do a good job. It proved me wrong.
Similarly, every facial recognition technology I have used has either taken forever or was miserably unreliable. This time I'm not betting against Apple.
Wow, so the facial recognition is both used and trained in the secure enclave. Imagine a future where you could root your phone by showing it a picture of an artfully encoded payload printed on paper.
How did Apple get consent from a billion people to use their likeness in their training set of images? Is it possible to train a facial recognition software acurately using different photos of the same person VS different people all together?
Everyone who downvoted totally missed the point, that stating you trained with a billion images is a useless statistic. If i trained with a billion images of a firehydrant how does that help me distinguish a lamp post? For all we know it could have been 100 pictures of 10000 people.
But yea, totally worth the negative 5 karma for some reason.
I can unlock my phone with my fingerprints in the dark (example, at bed during the night). Do I have to turn on the light to use FaceID or do I have to type in a PIN instead? That would be progress /sarcasm.
I could also unlock my phone and my tablet with my face (don't remember how Sony and Samsung call that method) but it means that I have to point their cameras to me. Maybe it's me but their cameras tend to point to the ceiling when I'm holding them. Fingerprints are faster. Even the swipe pattern on the tablet is faster.
FaceID is probably more about the current impossibility of adding the fingerprint sensor to the bezelless and thin iPhone X. I expect Apple to solve that at the next iteration. FaceID would stay and be useful for some purposes, but people will be back at unlocking iPhones with their fingers.
1. 2 phones (at least 1 with an IR camera, such as another Iphone X)
2. a helper app
3. access to 10+ photos of the victim (Facebook typically)
4. a small mirror
With the helper app:
1. capture the suspect's phone's unique IR dot pattern by shining their phone at white piece of paper, recording it with the helper app (the helper phone needs an IR camera of course, such as another Iphone X)
2. makes 3d model of persons face from the FB pictures
3. generates 2 animated videos of their face, 1 just a normal color video and another with the dot pattern applied
4. now you need to show the 2 videos to FaceID, using the mirror to show the correct video the the corresponding camera
They tested it against lifelike face masks, I doubt that would work, fortunately. They mentioned an IR camera, wouldn't be surprised if they're checking temperature as well.
People misunderstood what the static face masks were for. The static face masks were not for testing against a face-mask attack. They were for testing FaceID. As far as testing goes, the mask was assumed to be a stand-in for the real person.
I re watched the video, and you're right. They said they used the masks to help prevent against mask attacks.
To the extent that it worked, we don't know. Since I am very familiar with the tech, I know that IR light does not have any special properties in detecting a mask vs human skin. But I assume the nueral network they trained looks for movement of some sort.
> Since I am very familiar with the tech, I know that IR light does not have any special properties in detecting a mask vs human skin.
Since you're familiar with the tech, you'll be aware that humans, who are alive, emit IR light which can be picked up by an IR camera, and a mask, which is not, does not.
"IR" as in the heat coming of a human body is very different from "IR light" that is used in setups like this. Just like a cheap phone camera might be able to see the IR from a TV remote, but can't see body heat.
And even if it could, heating a mask to body temperature isn't all that difficult.
Its simply astounding that so many people are drinking the Apple kool-aid. The avalanche of complaints that will be unleashed after the release of this phone will be massive and sudden. If you think that this tech will work as flawlessly and without trouble as Apple claims, I have some bridges to sell you in Houston.
See I don't doubt that FaceID will be good. I don't doubt the quality Apple provides when they introduce features like this. I'm sure it will work amazingly well, because unlike almost all previous implementations Apple actually makes purposeful hardware for it.
The thing is, I don't want to look at my phone to unlock it. With a fingerprint reader - on my current Xperia and my current iPhone - my phone is unlocked before it faces me. I unlock it when I get it out of my pocket. I unlock it while lying on the table when it's facing the ceiling. I unlock it to peek at messages in meetings under the table. Needing to face your phone to unlock it seems to just be a really weird concession to me. As others point out, it also seems to be a minor concession security wise. It seems to be some typical form-over-function Apple thing again - UX and security concessions for a better looking phone. They should've slapped a fingerprint reader on the back once it turned out the under-the-screen fingerprint reader wasn't viable.
Having to go through some ritual to face your phone and slide it open to unlock feels like a hassle and a downgrade. Especially on a €1000+ phone. So yeah, the Apple distortion field is still a real thing it seems. Or maybe the way I use my phone is weird. But either way, I don't get it.