Users worried about their privacy can always choose not to use it.
The more likely attack vector is simply capturing scenes through the front camera. That would give you, most of the time, an image of the face of the user, not just depth mapping information of questionable value.
But really, nearly everyone shares images of themselves online, so even that's of dubious value.
I'd challenge you to find any security expert who agrees that Face ID as Apple implements it can realistically result in useful biometric data being leaked to a hostile party. Apple supplies whitepapers documenting the secure enclave, I imagine there's one for Face ID.
Now, the question of whether Face ID is secure enough for any given user's needs as a local authentication is a perfectly valid question, and clearly for some users the answer is no. But, again, it's optional, and that's not at all the threat under discussion.
> Users worried about their privacy can always choose not to use it.
You make it look like it's easy for the normal Apple user to switch to Android. In fact it's quite the opposite and the whole situation is even worse because most of them won't even be aware of the dangers. The major reasons for people I know to chose an IPhone over an Android is the "ease of use" (resulting from the fact that their first smart phone was an IPhone already and they never tried anything different) and because they are "so confused with all the options/apps/general possibilities on Android". Those are the people who need to be especially protected. They are caged within a locked environment of a single US company. This alone should make you think.
> But really, nearly everyone shares images of themselves online, so even that's of dubious value.
This sentence together with this high tech approach you demonstrate on the rest of the comment is mind-boggling. As it's the most common approach of companies/individuals to abolish digital privacy all together. The old version of it was "I'm not afraid of X because I have nothing to hide". Horrifying, but now I understand where your attitude comes from.
Being born in a oppressive state, this is where I would actually use the word "stupid".
> I'd challenge you to find any security expert who agrees that Face ID as Apple implements it can realistically...
As I've wrote above. It may be that FaceID is not a big deal right now. We don't know it for sure since it's all locked down but we assume it. There is however still the ARKit and all those APIs using those depth/facial mapping capabilities. Those becoming the new standard for popular apps is just a matter of time and since you've already given rights to use the camera, those features will be (or are already?) a nice extra. So you see...we don't even need to reach out to possible changes from the paranoid government governing Apple and their data under and awaiting some patch to allow the access to FaceID data. It's far more accessible.
I wonder, would you allow your phone to take a drop of blood for authentication or where does your privacy actually start?
> You make it look like it's easy for the normal Apple user to switch to Android.
No, I'm saying Face ID is not mandatory on an iPhone X. You can use a passcode.
Nor am I saying privacy should be sacrificed on the altar of technology. I do my best to stay away from Google, and I try not to let Facebook know any more about me than necessary (and every day I contemplate ditching it, but there are a few important reasons to stick around).
There are plenty of ways to do biometric security wrong from a privacy standpoint. I trust Apple to do an earnest job of doing it right, because they have positive incentives to work for their user base rather than being a data collection/ad selling company.
And if biometrics aren't where you wish to place your faith, you can simply not enable the feature.
Would opting out of FaceID also lock down the feature completely for the APIs?
FYI: you can have an Android phone complete without a single google app or the google app store. LineageOS is the most popular alternative OS. There also other stores you can put on your phone. Like F-Droid, which hosts open source apps.
(i) You may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs)
-----
Let's wrap this up here.
- A user issues his fears based on a technology that is the topic here
- he gets downvoted into oblivion but no comment follows
- I trigger a comment by stating the obvious behavior prevalent on every single article posted here that may be or even is critical towards Apple
- you declare the users comment stupid based on your assumption that a single software use of the general feature may not be misused. Even though you can't know that because we are talking about a closed system and the APIs allow that without a possibility to opt-out (if you have already granted general camera permissions).
- you further state that users don't need privacy either way because they gave it all away. Which is actually the only really stupid statement in this discussion here
- after all that you even go so far damning another US company based on actually nothing. A company that allowed the world to develop their own open source operating system and app world after you've done everything to protect a company that provides you with a system you actually know only what they allow you to know about.
macintux, I couldn't have wished for more to demonstrate what is wrong here. There is a quasi cult behavior in the Apple fan base turning people into marketing machines ready to drop everything to protect the brand while condemning everybody else. You owe the guy an upvote. I don't care.
The more likely attack vector is simply capturing scenes through the front camera. That would give you, most of the time, an image of the face of the user, not just depth mapping information of questionable value.
But really, nearly everyone shares images of themselves online, so even that's of dubious value.
I'd challenge you to find any security expert who agrees that Face ID as Apple implements it can realistically result in useful biometric data being leaked to a hostile party. Apple supplies whitepapers documenting the secure enclave, I imagine there's one for Face ID.
Now, the question of whether Face ID is secure enough for any given user's needs as a local authentication is a perfectly valid question, and clearly for some users the answer is no. But, again, it's optional, and that's not at all the threat under discussion.