Now that we have to consider the iPhones to be backdoored by the NSA, I wonder whether I really want to give them my fingerprint together with the rest of my data. I'm also not so sure whether a fingerprint can't still be easily faked (like it was possible on that Mythbusters episode for example).
Personally, I think I'd rather stay with my passcode.
Did you btw know that you can turn off "simple passcode" and then use a purely numeric longer passcode? In that case the iPhone will still show the big easy-to-hit numeric keyboard allowing you to type in the arbitrary length numeric code.
Yes. It's not as safe as a long alphanumeric password, but this gets annoying SO quickly, I'd rather type in my 8 digits.
For those who want to believe it, I doubt there is any amount of information that could ever be released to convince them that the NSA isn't spying on people anymore.
I'm not snarking at all. I'm observing that comments about the NSA are entirely apropos given the current climate we live in. Yes, you're right, at this point, it would take something extremely radical to convince us that the NSA isn't spying on us anymore. Therefore, we should expect comments about the NSA and spying to become a part of the common dialog regarding technology and personal information. Asking them to go away is just asking people to stick their head in the sand and ignore it.
The comments will go away when the issue goes away. The issue isn't going to go away. Therefore, don't expect the comments to, either. Welcome to the world we now live in.
But you are accomplishing absolutely nothing here. Being annoying and ineffective doesn't help your cause. Do you know that Jesus loves you and he wants to save your soul?
You might as we'll be discussing religion or politics here. This is not the place. I heard your warning the first ten times.
We're talking about it, aren't we? We haven't forgotten this issue, distracted like children by the latest shiny toy. Even in the face of the things that traditionally kill news stories, we're talking about it.
Change starts by making enough people aware of and angry about the issue that the politicians can't afford to support these programs any more. If we're just distracted the next time $TECH_TOY or $NATURAL_DISASTER comes along, then nothing at all will change.
I don't particularly care if people find my anger at the NSA's systemic intrusion of our privacy annoying. I care more about that particular issue than I do what a random person on the internet whom I've never met might think of me. I care more about keeping you talking about the issue than I do about you liking me.
No, we aren't talking about anything. The original comment speculates that the NSA has a backdoor into every iPhone, and uses that as the foundation for a comment about whether it's a good idea to store a copy of your fingerprint locally on the device.
There is no new information about the NSA there. Just more speculation.
If you are in Europe then you may have better enforced laws protecting you. If you are in Africa your government might not have the expertise and resources to spy on you. If you are in China, well...
Ok, I kinda misunderstood the GP's point, but even then, as Europeans our governments still have gone some lengths in protecting Europeans' privacy.
For instance, something in the safe-harbor blabla says citizen data handled by public angencies in Europe is not allowed to go through US nor, obviously, to be stored in the US. This rule is not new: in my previous job we had to ditch gmail and gapps in order to comply, and it was f*ing painful.
Oh brother. We care about legitimate privacy issues but now you are suggesting that becoming the equivalent of the Westboro Baptist Church on these matters will somehow be effective.
It won't.
The adolescent libertarian smell combined with semi-hysterical, semi-supported outrage on this issue is rapidly beginning to stink.
Sigh. I'm not advocating in any way for being obnoxious douchecanoes for the sake of desperately screaming for airtime. I'm saying that this is an important issue related to the topic of discussion, and that I'm not going to let the fact that talking about it annoys some people dissuade me from talking about it.
We know that the NSA has their hooks into US hardware and software vendors. At this point, it's difficult to trust the promises that US-based companies make about security and privacy because we know that they're being compelled to lie. That's an extremely important variable in the discussion of a new piece of internet-connected hardware that collects biometrics. Dismissing discussion of it as "annoying" is juvenile and myopic.
Talking about privacy implications of a new device in a discussion about said new device is now the equivalent of picketing the funerals of soldiers because you don't like gay people?
I am a fan of hyperbole, but at least keep it coherent... At the very least, cheald is on topic while they are notoriously not.
You called discussing the NSA spying on everyone, subverting the American system as well as the faith in the constitution similar to evangelising that Jesus loves you?
Wow - that has to be hands down the absolute most ignorant, ridiculous and bullshit comment I have ever read on HN.
This is The Best place to be talking about the National Security Agency Technologically spying on everyone, building in parallel infra and forcing the biggest tech companies in the world via court gags and threats to providing them with access to encrypted user data.
Your comment is mind-boggling, to me, how you could even think this is not the place!
He did no such thing. Making a passing reference to the NSA whenever remotely possible is not discussion, let alone action. Perhaps we could leave such talk to the submissions that are actually about the NSA? Believe it or not, many of us are already familliar with the topic; as we are of Jesus.
I don't think that this was a passing reference - a passing reference would have been him saying "I wonder if the NSA can read my text messages on this phone" when texting is an expected feature on any modern phone.
Fingerprint scanners are not yet prevalent in modern smartphones, and fingerprints are one of the primary ways that law enforcement can trace / track individuals. If the NSA, which has already been shown to have backdoors into Apple's systems, was able to access fingerprint data on a massive scale, this would be a massive affront to privacy for millions of users around the world.
pilif's comment was absolutely relevant to discussion of the iPhone 5S launch, as one of the phone's primary new features has the potential to be a massive security and privacy breach given information we've recently learned regarding Apple's close relationship with the NSA.
>But you are accomplishing absolutely nothing here. Being annoying and ineffective doesn't help your cause. Do you know that Jesus loves you and he wants to save your soul?
To quote him. Please explain how he "did no such thing"
He's talking about this submission, not this site. There are dozens and dozens of other submissions where NSA discussion is more on-topic, and anybody here is free to submit their own article on the topic for discussion. That way, people that want to discuss the NSA at that moment can do so, and people that want to talk about something else can do so, too.
To put it another way: the problem is not the topic. It's the tactic of derailing every other topic that people want to talk about just because you think something else is too important to be ignored. That tactic, as well-intended as it might be, has a history of driving good users away from once-good fora precisely because it's so annoying to not be able to talk about anything else.
How is it not on-topic to discuss NSA surveillance in a discussion about one of the world's most popular internet-connected devices collecting biometric data under the control of a large American corporation?
It is becoming crystal clear that people really do not understand how important this issue is, the degree to which it permeates this industry and how farked we are if we cannot begin to understand the foundational position we require in order to change it.
Thank you for your succinct statement, I have very little faith we will get through this any time soon given the reaction I see on HN, Reddit and other sites where the most seemingly qualified among us to do anything cannot even comprehend how pernicious this problem is.
With all due respect, howling "snark" is at least as annoying and creating at least as much noise. Think about that for a while. There are up and down arrows for expressing your discontent. Everything else--including this--is noise, not signal.
And yet, the OP's comment is the top-voted comment in the thread, which would indicate the the democratic consensus of the HN readership is that this is worth talking about.
Well now you are backtracking into a semi-legitimate interpretation of your comment as not snarky. If you didn't mean to snark you could have just originally said
"We should expect comments about the NSA and spying to become a part of the common dialog regarding technology and personal information. Asking them to go away is just asking people to stick their head in the sand and ignore it."
That is a useful comment that would further the discussion. So I will now respond to that, since I don't want to debate what snark means.
I don't mind useful or constructive comments about technology and the NSA, but most of the comments I see are very reactionary and misinformed and painfully naiive. They are similar to all the old comments on stories about Microsoft where people would say things like "Micro$oft is obviously evil" and such.
So if a comment is interesting and useful, and happens to be about the NSA, then great. I haven't seen many of those.
I chose brevity, and can see how it would be interpreted as snark. I wasn't aiming for that, but it was a simple question that deserved a simple answer, IMO.
> I don't mind useful or constructive comments about technology and the NSA, but most of the comments I see are very reactionary and misinformed and painfully naiive.
Perhaps our energy would be better spent pointing out why these comments are naiive and misinformed, rather than discussing whether they're worth saying at all, then?
The security and related technological implications of the device seem relevant to any potential user and completely on topic to me. Agree it's unfortunate that battery life, form factor etc are overshadowed by recent revelations, and regrettable that Apple chose such a tasteless feature in the circumstances.
Comments about the virtue of weight and thinness never go away, are they helpful? Comments about the importance of good UI design never go away, are they helpful? Comments about IT security never go away, are they helpful? Comments about performance never go away, are they helpful? Comments about the importance of battery life never go away, are they helpful? Comments about privacy never go away, are they helpful?
The answer to all of the above, if we assume that talking about a product is 'helpful' to begin with, is "Yes." Privacy is simply something that people are going to consider and discuss from now on. There is no reason we should treat it differently from the other things we consider.
Most of those topics are not sidelined by "everything they tell us is a lie and should be replaced by uninformed speculation." If we're discussing the importance of battery life, a comment such as "How do we know they aren't lying? Maybe the new iPhone doesn't even have a battery and requires you to turn a hand crank." is not helpful.
You know what I like? Talking about tech stuff on tech sites. You know what I don't like? Random NSA comments on anything that has to do with some device which operates on electricity.
Now you're making a suggestion that somehow people simply "want to believe it," as if we're wandering around with tinfoil hats muttering on street corners.
At this point, the overwhelming evidence is that we are being spied upon at a scale never seen before in history. Legal checks and balances such as search warrants are consider inconveniences to be routed around with border confiscations.
I would begin to believe things are changing when I see officials on both sides of the Canada-US border going to jail--yes, jail--for things like spying on their ex-spouses or for routing around search warrants.
But they are! And this is a very important issue to be dealt with. I'm very disappointed by all the companies and all governments involved, and I earn money writing iOS and cloud-applications. And I understand it's bad for business, but the issue is too important to be ignored.
The new iPhone will have an option to store your fingerprint. This has EVERYTHING to do with the NSA. It is highly relevant. How can you be so blind and not see it?
Sarcastic or not, it's an important point. You are giving up a significant attribute of your identity to the protection of a US technology company. Whether that bothers you (or not) depends on how much you value your privacy.
If they don't already have your fingerprints on file, which depending on where you live happens as a kid in case you go missing, get a drivers license, etc.
If the NSA wants to target you specifically, you're fucked no matter what unless you move to a cave. No point in being needlessly worried. I'm more worried about this causing someone to cut off my finger while stealing my phone than I am the NSA coming after me.
You know what? Neither are derisive comments that imply the NSA is not, in fact, violating our privacy. You'd have to be out of your goddamned mind to actually think they've stopped.
> For those who want to believe it, I doubt there is any amount of information that could ever be released to convince them that the NSA isn't spying on people anymore.
The NSA is a spy agency, of course they are spying on people. Unless the NSA ceases to exist it will spy on people. They are not actively trying to claim otherwise (only that they try really hard to only spy on people who are in someway connected to someone who is not an American or has been designated dangerous).
Please stop using snark. Use snide, sarcastic, or cynical instead. Snark is a word that's better off being forgotten in some dictionary of colloquial terms.
"Snark" means "snide remark" and is absolutely not an HNism. Hell, I think I learned it from my mother (who no doubt used it at me). Despite heavy use, the word retains clear meaning, even as used by stanleydrew above in his otherwise foolish comment.
MORE snark? I think a case could be made that the comment you responded to was snarky, but just barely. The comment several levels up that was the first labeled as snarky is one I just can't see being such.
We take for gospel that the NSA is spying on everyone in the world via every hardware device that has been created in the USA because of a few powerpoint slides. Interesting.
Wow. Sounds like somebody isn't paying enough attention.
> In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
> At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
Please do your duty as a human being and read more.
When the NSA themselves is calling Apple "Big Brother" and the consumers "Zombies" -- then its damn hard to not be pretty worried about their capabilities.
Yes. There is zero evidence of any type of NSA backdooring your iPhone nonsense. It would be great to read HN (where I thought we were more technically inclined than the rest of the net) for a day without unfounded nonsensical claims.
This isn't just some random tinfoilhat idea that came out of nowhere. Remember CarrierIQ on Android? The NSA is real, the tinfoil-hats have been validated whether you believe it or not. From the NSA's point of view, having everyone's fingerprint on file would be fantastic and we know they have the power to force Apple to cooperate.
In fact, I'm just assuming that's what will happen so now I'll be careful about borrowing anyone's iPhone. Everything about tech is going to be cross-examined with potential(read: definite future) data gathering usage by the NSA.
Yes, it is simply inconceivable that hard evidence of the activities of a spy agency might not be forthcoming...
We are dealing with the realm of speculation, but it is not speculation fueled by some sort of tinfoil hatted lunacy. With the role that smartphones fill in peoples' lives today, you are just going to have to come to grips with the fact that, going forward, some people are going to consider the privacy of new devices to be very relevant, and well worth discussing. Don't be surprised when people error on the side of caution.
You want to talk about battery life and color? Well I want to talk about display DPI and privacy. Learn to cope.
> In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
I know that you already dismiss the global surveillance from the NSA and other agencies because of your earlier comment "of a few powerpoint slides."
That leads me to believe that you're either part of an organization that's subverting the internet and assisting the NSA or you're willfully ignorant.
Fact is, your other comments point that you have not well-researched the situation.
Every week there's a new revelation of just how deep the surveillance really is-- not just "metadata" but ALL data is being collected. The NSA hacks into companies, pays off others for cooperation. Backdoors. Broken encryption. It's all there out in the open thanks to the documents that have been leaked.
You do harm to the liberty of others by dismissing these facts.
> because of your earlier comment "of a few powerpoint slides."
> It's all there out in the open thanks to the documents that have been leaked.
You dismiss his point that unsubstantiated documents is largely the source of all this speculation and then you remake a bunch of unsubstantiated claims, saying they are all proved by the aforementioned documents.
I think the point is that not everything people say is supported by the available documents, not that the documents aren't real. Moreover, not everything reported by the press is backed up by a document that we can go and read. Even your quote sites "someone familiar with the request", not a document leaked by Snowden.
That is to say: there are some things that we know and are verified (e.g. that there is a program, called PRISM, etc.) but other things where there's a lot of speculation, but less or no verification (e.g. that the iPhone is backdoored.)
Some of us like to distinguish between these things. Some of us don't. It doesn't help to call people names over it, though.
Backdooring iPhones does sound fantasical but that is not the only means your fingerprint data could conceivably make its way beyond your iPhone. I like that my fingerprint data is on precisely no computer anywhere. You don't have to be a massive conspiracy theory nut to feel slightly uneasy recording your fingerprint on anything.
So is the parent comment. A few PowerPoint slides doesn't warrant any ridiculous comments about the NSA backdooring your phone. It would be great if HN could stop with the NSA is everywhere-all-the-time-in-everything meme for a while, it would make reading the comments here much more relevant.
I guess if you want to constantly complain about the NSA spying on you, you are entitled. However, some of us have had enough of the complaining. After all, you're probably going to be doing it for the rest of your life. I'd rather not spend mine listening to it. So, can we clearly tag a thread as NSA rant, so those of us who don't want to hear it ad nauseam, we can skip the rehash.
This is the exact sort of attitude that has permitted us to get to the point where we even have to have a conversation about the government being engaged in massively intrusive spying programs. "I don't want to hear your whining about it" is a means of condoning these actions through silence. You are a part of the problem.
If you can comprehend what is going on here, you should be loud and obnoxious about it. Get people talking. Make it the focus and refuse to give up that focus. The only way this is going to change is to get so many people angry about it that it becomes more politically advantageous to oppose than support it. If you get angry about hearing about it, then I'll take that - you now have an incentive to help get it changed so people will shut up about it.
Essentially, you are asking me to discuss my politics here, where I draw the line, etc in a thread about the iPhone 5s. I know where you stand. I heard you the first ten times.
I'm not trying to stop you from having the discussion. Can you just label the thread "NSA can get your fingerprints off that iPhone 5S" and have at it. There is a time and a place for everything. Everyone here has heard about the NSA situation by now. The word is out.
> Essentially, you are asking me to discuss my politics here, where I draw the line, etc in a thread about the iPhone 5s.
Nope. I'm just asking you to not ask others to not discuss their politics. You're more than welcome to not participate in the conversation if it's not useful to you.
Sorry, you aren't going to change anyone's political opinions by yelling louder. There are plenty of people who are comfortable with the NSA, as well as plenty of people are not.
We really can't discuss the finer points here because no matter how polite I am, I will simply get voted down for not agreeing with the HN politics. By the way, recently I heard a few tech heavy-weights come out in favor of the NSA (e.g. Larry Ellison, Max Levchin).
Clearly other people feel the same way, since it is being upvoted. And if you don't care for reading NSA-related comments, either moderate his posts (outside of your jurisdiction, I'm guessing) or I suppose you'll have to deal with it by collapsing his threads with any number of HN plugins that exist.
Never. The claim that the NSA has infiltrated everything has the right amount of truthiness, and pushes all the right buttons, to give the HN/nerd crowd such a sense of unified culture, justness of cause, and "us v. them"-ness that it literally can never be replaced now. It's like asking when Christianity will finally get over this Jesus fellow and his crucifixion. That is the cause that transformed a bunch of heretical Jews into Christians.
HN, similarly, is just going to be the place where a bunch of libertarian-leaning programmers became, from my perspective, conspiracy theorists. But more charitably, maybe, we can say they are now radically opposed to government invasion of privacy.
The Snowden revelation, whatever you think of it, has been one of those events which divides time into before and after for this crowd.
I don't see how this is snarky. We know that data is being scooped up in an opportunistic manner. It would be foolish to not consider the security implications when deciding which devices/technology to adopt.
Urgh. When do we get to the point where I can read HN without comments complaining about very relevant NSA discussions being voted to the top?
It's foolish not to speculate on reasons why giving your thumbprint to a vendor may not be in your best interest. I'd much rather see the OP comment on the top of this discussion rather than some inane debate about whether the new phone is an incremental upgrade or an exciting evolution.
What was snarky about it? I hadn't properly considered that my fingerprint would likely end up with spy agencies if I used the new fingerprint service.
Hunch: it's got to do with the fact that anyone can upvote, not anyone can downvote, and there's a large enough audience that thinks every topic posted is fodder for the surveillance discussion (which isn't a stretch) and thinks that's the most important thing to upvote (IMO it's probably not, but welcome to democracy).
It is more than the NSA. Now I have to worry that other apps, services, and overall weak security on the iPhone will have my fingertips all over the place. If my phone is stolen, fingerprints gone. No thanks.
Probably a little while after the "Days since the last major NSA revelation about how deeply they are tracking everything we do and say even in 'private': __" sign has had a chance to increment to a significant time period. Right now it's more than a little distressing to have not seen the sign above single digits for what seems like a very long time.
I love how your comment about how noisey and pointless it is to mention the NSA on this post caused the entire comments section to become noise. I can't even find a non-NSA relevant post in this list.
Yes. And how exactly do we check this? Why is it that we can still trust Apple? For all we know, the data gets sent directly to the NSA or, if it doesn't, there might be some secret backdoor that will make the device send the data at a later point. The last round of leaks was specifically talking about backdoors with all bigger US companies in order to circumvent encryption.
That's what I means by "we have to consider the iPhones backdoored". Once you can't trust the device any more, all bets are off and thus we can't be sure that what Apple says they do with that fingerprint is what they actually are doing.
(edit: regarding jailbreaking, I seriously doubt that a sufficiently well-hidden backdoor would be found by a jailbreaker. Or have we found the backdoors in OSX or Windows yet? Since the latest leak, we know they are there)
This is incorrect - we do not know any particular products which are backdoored.
edit: Also, there is a difference between a subtle crypto vulnerability and sending data to a server that, according to the announcement, is designed to be protected in its own enclave and never sent anywhere. The latter would be far more obvious in the code and easier to spot.
Well, as a computer/network security professional, historically there are plenty examples of companies who have lied about the security of their systems (eg. "without your password, our flash drives cannot be decrypted" when in fact the key is not related to the password and stored in plaintext in a sector on the drive).
Which seems like the more likely covert NSA spy device? The iPhone fingerprint sensor that Apple prominently mentioned in a product launch or the hidden ATM fingerprint sensor that your bank says isn't there?
Well, you can't trust _any_ device if that's your line of thinking. Not an iPhone, not an Ubuntu phone, no device whatsoever. Not unless you've baked your own chips, or made some contraption running your software in parallel on different CPU architectures.
If you're going to do anything, including working on the computer you're typing your comments on, you have to trust a lot of parties. Some of that trust involves knowing who made the code, and some of it may involve the knowledge that the NSA will not be using their best, most secret backdoors against a whole lot of people.
If you don't trust the iPhone not to steal your fingerprints then you probably shouldn't own an iPhone -- fingerprint reader or not. I mean, that's sort of obvious, no?
What phone should you own instead? It seems like the only choice if you want to real privacy is to stop using a phone at all, but that's obviously unrealistic for many people.
Honestly, to effectively market this technology in today's waters, they have to say that it's kept local.
If they send out 8 bytes of your fingerprint data hidden in every picture you take (so your fingerprint can be regenerated by looking at your first 500 pictures) I doubt anyone will ever find it.
Makes me think of all these companies that your passwords are secure until one day, someone hacks their database and decrypts them. When confronted, the company says "But they were very secure, you should have mentioned that by 'secure' you meant "with one way encryption".
Am I understanding this correctly? What if the NSA went to Apple and said you have to get us access to everyone's fingerprints or you'll go to jail and other stuff, so Apple put a fingerprint scanner on the iPhone? It seems like a stretch to me.
How many webapps have encypted and stored their users password "only on their own servers", to later have them leaked via combination of exploit in 3rd party software that allowed the download of their DB and a little brute force?
Only difference on an iPhone is that there are literally 100s of thousand of apps that can possibly be exploited
In this case, the L2 cache is part of the A7, so that would be fair. I would guess this means it's also only stored in NVRAM local to the SOC and not persisted to the general flash filesystem.
I would guess they just tacked a bog-standard TPM chip into their SoC design. Biometric (fingerprint) sensors and TPM chips go together; see any enterprise-targeted laptop from the last five years.
Quite. It'll be a little hardware black box that nobody can see into, one that just gives a 'yes' or 'no' answer.
Additionally -- if things are like they used to be when I was in the biometrics world in the mid-90s -- the fingerprint template will be small and work like a one way hash; if you have the template you cannot reconstruct the fingerprint from it. It wouldn't really be very useful to the NSA or anyone else.
Serious question -- what is the big deal if someone gets your fingerprints? I can't think of the last time my fingerprint was used as some infallible method of identification, if ever. If the spooks want it, they already have it. I'd rather someone get their hands on my fingerprint than my passport, driver's license, and credit cards, and it seems much more difficult to steal than those things.
I think the fingerprint scanner is positioned not to be some indestructible lock like RSA or a safe-deposit box, but a reasonably decent deterrent like door locks and The Club. It seems to be at the same level of security as your iPhone passcode -- a well-equipped intruder can certainly get into your stuff, but your mom or a pickpocket won't be able to.
The problem is that I can't change my fingerprint. If it gets out by some third-party abusing the secret backdoor (or just abusing whatever other place you have your fingerprint stored), then they can potentially forge your fingerprint when committing a crime or when otherwise attempting to access resources you have access to.
When a third-party loses your password, you change it and life goes on (you are not reusing passwords, are you?). When a third-party loses your fingerprint, what do you do? Cut off your fingers? Grow a new hand?
Yes. The fingerprint information is supposed to be irreversibly hashed. But so are passwords. And yet we still see them being stored unencrypted. No. I'm very careful with my fingerprints.
Also, the data on my phone must be some of the most valuable data I have. When I lose my phone and you gain access, you immediately own all my online identities. My phone has SSH keys, it has the password to my Email account stored in its keychain (very handy for all these "I have forgotten my password" features on all the sites), it has my 2 factor authentication tokens - I can't even begin to imagine how bad it would be if somebody had access to my phone.
What does that even mean? You wear gloves in public all the time? You wipe down everything you touch?
Which makes me wonder, aren't one's finger prints all over your iPhone exterior anyway. If someone steals one's phone wouldn't it be easier to dust it for prints than crack the security on the digital copy?
Which makes me wonder, aren't one's finger prints all over your iPhone exterior anyway. If someone steals one's phone wouldn't it be easier to dust it for prints than crack the security on the digital copy?
Ding ding ding! We have a winner.
Almost as silly as not using a biometric logic because "what if they use a backdoor to get a photo of my face?"
Which makes the idea of a fingerprint reader on a phone somewhat nonsensical. Your password is all over the phone, and Mythbusters has proven how easy these are to fake.
Actually, it doesn't, because properly used biometric isn't a sole auth method. You want to use it coupled with at least a pin - then suddenly just looking over your shoulder isn't enough, you have to handle the phone carefully, or steal the fingerprints off your glass. That's more work, and makes it more costly and skill intensive. It's not impenetrable, but still quite efficient.
Good point. If it's two or more factors then the weakness of the fingerprint factor is not such a big deal. Is the iPhone 2 factor?
I think there is too much of an emphasis on using uniqueness for security. The idea is that if "It could only be you!" you are secure.
The sci-fi vision is a world where a fingerprint or retina scan is taken and that's it. There's no username needed, just the fingerprint itself is enough to confirm your identity. In reality, the idea of uniqueness for security actually would create security problems, because it removes the other factors involves, and biometric codes like fingerprint cannot be changed as needed (technically a fingerprint can be changed 9 times. A voice on the other hand cannot.)
An NFC tag/card/ring, seems much better to me, since these can be changed as needed and would be more difficult to hack than taking a fingerprint off the phone.
An armed thief could steal your ring or fob along with the phone, but they could also make you use your finger to unlock your phone for them. So I don't think that's really any added protection in that situation.
The thief that just grabs your phone off the counter or out of your pocket will have a much tougher time with the NFC tag than with the fingerprint.
This makes sense. However, the cops already have many peoples' fingerprints once they've been booked, and in general if someone wants your fingerprints they can usually get them. I think the question of fingerprint forgery is an important one but I would assume that in a real trial the evidence presented also considers the likelihood the fingerprints were forged.
That said, I can see how this could potentially dramatically increase the availability of public fingerprints if it were hacked. More importantly the fact you can't reset your fingerprint is something I overlooked. I do think that in general though anyone building a system that relies exclusively on a fingerprint as a highly hack-resistent security measure is foolhardy regardless of how prevalent fingerprint data is. In other words, your iPhone passcode isn't protecting your data anymore than your fingerprint if someone gets their hands on your phone, so I don't really see how this point is material to if it's a good idea to use fingerprints to unlock phones.
Simply publish your fingerprint somewhere - then if anyone uses it to impersonate you, it won't matter.
It's not quite the same with private keys because you can always generate some new keys and publicly revoke your key if it could have been compromised. Since you cannot regenerate your fingerprints and could have already lost them, simply revoke them up front.
In the country where I live (Switzerland), getting a drivers license thankfully does not involve somebody taking your fingerprint. Also, public transportation here rules to such an extent that not even having a drivers license is a perfectly valid option. I don't have one for example.
My passport also is one of the last ones you could get without it containing any biometric data.
As such, I'm reasonably sure that no third-party ever had access to my fingerprint. And I'd love for it to stay like this (see my parent comment for the reasons why)
Why do you care if anybody gets your fingerprint, if you have already decided nobody can be trusted with your fingerprint and thus will never trust fingerprint based authentication? Once you are at that point, it's like your eye color or something. I don't care if other people get my eye color, because I will never use it to authenticate.
I'd hypothesise it's more likely somebody will use your fingerprint to identify you than your eye colour. For example, at a crime scene if your fingerprints are found you can hardly say "oh, I don't trust my fingerprint so I won't authenticate with it, ignore that" - like it or not, it's seen as being at least something to investigate. On the flip side I imagine a witness who reports only "green eyes" won't have their case followed for very long.
Not the OP, but think a about it this way: your fingerprint is now in a central database backed-up by lots of processing power so someone can match it pretty quickly and, all of a sudden, you realize you can no longer commit anything "bad", ever, because "they" may catch you based on the data they have about you.
And to someone who may ask me "why would you want the freedom to do something bad?" I'll answer that three of the biggest monotheistic religions are based on a guy a girl who were allowed to do bad things (Adam and Eve). I'm agnostic myself but I find it pretty self-explanatory nevertheless , you just can't impose the lack of free-will on people.
But pragmatically, the more data they have, the more likely you are to show up as a false positive. Worst case; you handle something in a hardware store and it's later made into a bomb by a third party. You're going to need a solid alibi for that one.
Or you get placed at the scene of a protest even though you weren't present for it. Now you're on the terrorist list.
Additionally they can catch you more easily for victimless crimes, like if your fingerprints are on a bong they collect. I figure it's easy enough for them to stick you with a felony even without actively helping them get more data. So I'm trying to minimize the felonies I can be stuck with.
I don't agree with the fear, I'm just saying it's more likely somebody can be nefarious with your fingerprints than other things, regardless of whether you personally authenticate with them. For what it's worth, I don't agree there's an issue - I just don't think it's reasonable to compare fingeprints and eye colour.
It could depend on the state, but in America a driver's license is basically the de-facto form of ID. So, sometime back in the 50's or something, I believe fingerprints started to be taken as part of getting your license so that your fingerprints could be traced back to you for crime purposes. Similar to how in some states when you purchase a firearm, you are required to give the state a spent shell so that the state has a record of the "ballistic fingerprint" of your firearm.
The problem I see is that if they have a copy of your fingerprint, and then their computer says that matches a crime of sorts, what do you do then? You have to consider the false positives.
I don't have fingerprints. A large part of the world population doesn't have readable prints. What now? People on blood thinners, elderly people, Asians, women all have less distinctive prints. I don't have prints due to psoriasis.
Saying that fingerprints are a bad biometric because some people can't use them is like saying escalators are a bad idea because some people can't use them.
They might be a bad biometric but it's not because they aren't universally available to everyone.
When it's used as a gate, it is an issue. It took the Seattle PD and whatever agency actually issues civilian CAC (HSPD-12) a long, long time to get enough prints to allow me access to do my job. Both eventually had to accept three very partial prints as evidence.
The Feds have had my fingerprints for 8 years, because of a foreign adoption. In fact, they have two versions because my first fingerprints "expired" because it took so long for the adoption to happen. So they have an extra $800 from us-- Thanks USA! (tm).
Plus, as others have mentioned below, most conceal carry firearm permits will require it, at least here in Illinois.
So, the govt. already knows that I'm a registered Republican, they have my fingerprints (twice), they know I have a FOID (Firearm ID in Illinois), they know my travel patterns (via airlines, gas stations, etc).
I think the last of my worries is some fingerprint scanner on a smartphone. At least I won't have to type in my PIN to unlock it while driving...
Exactly. I've already had to give my fingerprint numerous times at the airport just to enter the United States. I figure the US government must already have it in numerous databases, so it's not a concern if they've backdoored Apple's devices to copy them again.
My question: Is digitized fingerprint information gathered from a given device useful? As in, could you run the prints gathered from an iPhone against, say, a DMV database? My intuition tells me that you couldn't. And that would gravely limit their utility value to the government.
My guess is that if the sensor works as well as they claim, including 360 degree orientation, it has to store a pretty complete profile of the fingerprint.
In my state, you're required to have the State Police add a digital scan of your fingerprints to the FBI database when you apply for a handgun license.
This is just another iteration of the "I have nothing to hide" argument, but now you're making it with f-ing fingerprints? Get a clue, nobody needs to have this argument again.
It is most certainly not a "I have nothing to hide" argument. It is a "what exactly is the value of a fingerprint in terms of identity theft?" It's a question of how dangerous, really, would access to the world's fingerprints be for a nefarious hacker. I'm not asking to be facetious, I honestly don't know the real answer relative to more standard security measures like passwords.
The same argument can be had for any individual piece of information. It's the amalgamation of all your personal data into the digital system of the internet that's dangerous, so it doesn't really tell us anything significant if your fingerprint by itself is valuable.
So use a passcode - the fingerprint feature is optional. That said, I doubt they are doing anything nefarious with it - if it eventually leaked that fingerprints were being sent to the NSA, the cost to Apple would be incalculable. I would bet, or at least hope, that Apple has designed the hardware involved to be subpoena proof - meaning that the design would make it impossible to remotely collect fingerprints even if a court ordered them to initiate efforts to do so.
So here is where "meta data" and direct access to app info gets really interesting.
Firstly - the NSA has no need to be able to access the fingerprint. The fact that the fingerprint is your passcode barometrically ties you to the device, without a doubt, and makes the meta data all that much more accurate.
What we know is that the NSA has complete upstream dominance, direct and indirect access to company data and extremely powerful correlation tools.
With the features of the 5S' "always on motion sensors, tied to health apps - they basically can construct not only WHO, WHERE, HOW, WHEN, you do something, they'd be able to go as far to be able to develop a "health number" into that dossier.
The fact of the matter is that while the Apple product is a nice shiny thing - and sure - as a phone and a tech, I'd love to use it -- but the data it produces about its users is 100% transparent to the NSA, based on everything we have seen so far. And more egregious; the fact that the NSA unabashedly abuses this access and does construct elaborate pictures of your behaviour then SHARES this with other agencies.
The passcode and fingerprint only serve to prevent the data the NSA IS collecting from being wrongly attributed to another human body.
The only new scenario I can think of here is if your fingerprint happens to be the same as some bad person - either by coincidence or an error in the scan. This could get you some unwanted attention.
Do you believe disabling the reader in a software-setting is enough to be sure it's not working? I don't. With all these NSA concerns going about, having a hardware fingerprint-reader on your smartphone that you can't avoid touching is something to think about.
Actually, random banknotes can usually be traced to a specific person, so any DNA traces could probably be linked - there have been experiments that show that majority of non-tiny banknotes are [A] put in ATM [B] given out to a known person; [C] given to a shop/vendor; [D] retrieved by the bank. So, given multiple banknotes, they could reasonably list the identities of people who shopped in that shop, simply by looking at the banknote serial numbers.
That I can understand, but it's "approximate" info on a banknote that probably has a couple of fingerprints. Even if the store had a video-camera, it's gonna be a bit tough to figure out exactly who gave a given $20 bill to the cashier. And since this person is using cash and not a creditcard, all they got is a (usually bad-quality) store-cam of someone that they think is the one who handed a given $20 bill to the cashier... meh, that's pretty fuzzy. Even if I told the FBI that I'm going to the mall and I will spend a $20 bill this Saturday, I think it would still be exceedingly difficult to find the exact bill unless they were tailing me the whole time. In which case I've already been located & identified by the FBI as a person-of-interest within their physical reach, so I'm already as good as dead.
They undoubtedly have the fingerprints of any American they care to (hell, they got mine during 4th grade when a police officer came to our school to "teach us about fingerprinting"). However iPhones are of course used throughout the world...
Even ignoring the specific issue of fingerprints, which I am not convinced is a major concern, the widespread use gives numerous other reasons for pause.
you accidentally touch it one time without cover - done. And all the stores where people come and try the devices... (personally as an immigrant i already have my fingerprints on file, so i have nothing to worry about, it is just very amusing to see how another couple of billions would be gathered as well once Android phones replicate the feature :)
the same statement about "not providing direct access" will get them off easily like it already did for them and Google/FB/etc in case of the rest of personal information.
I'd say it would be negligent on the part of NSA to not use such a convenient source of fingerprints of "foreign" persons :)
>at least hope, that Apple has designed the hardware involved to be subpoena proof
why would a corporation intentionally do it? Conspiracy of obstruction of [future] justice comes to mind.
Obstruction of justice can only occur if someone does something in response to a legal action that inhibits it. Fortunately it is not [yet] a crime to think ahead.
Even if I knew for a fact the NSA would get my fingerprint from my iPhone it would still be worth the convenience of having that fingerprint auth. I can legitimately stop putting in a pass code all the time and still have my phone be secure against random people using it, strangers finding it and getting access to my email, etc.
I would prefer the NSA not have my prints but virtually every other piece of data they collect is more likely to be used against me.
it HAS already leaked that emails, browsing, who knows what else, is being sucked up by NSA ... so apparently it doesn't matter. Apple is still selling plenty of iPhones, people are still using Gmail, etc etc. Apparently Americans don't much care.
Apple being added to PRISM would, from what I read, mean that content on Apple servers could be searched, not information stored on phones.
If iPhones phoned home information on stored on phones, I'd expect there to be a huge shitstorm and ample evidence of suspicious traffic. Do we have any evidence _at all_ that this has happened?
Yes, NSA can specifically target iPhones, which I think happens by backdooring the computer which is used to sync the device. One of the NSA slides had a private photo from an iPhone of 'a former senior government official of a foreign country'. http://www.spiegel.de/international/world/how-the-nsa-spies-...
Which is completely different scenario than "the iPhone being backdoored". You don't have to sync your device to a computer that is online, except for the first activation.
All I mean is that if you're using all of Apple's iCloud services (email, calendar, safari, not to mention iPhone backups to iCloud), your phone already "phones home" with a ton of info.
We know that the info can be sucked out of Apple (or Google, or Faceboob, etc) if the NSA wants to (for now).
So if they have your fingerprint data ... or even the ability to suck stuff off your phone ... then ... well qed
look obviously I'm in the minority, in caring about my biometrics being "built in" at such a "ground level" to a device that has so much connectivity to "the cloud" ... if you're not disturbed by this, then fine. I'm ok, you're ok. It is ok to hold different views.
Well, I'm in the camp that doesn't use any iCloud/Google services or Siri for security reasons, so I understand your point of view.
For me, it's very relevant whether we have any evidence that the government is collecting data residing _on_ iPhones on any scale, or whether the iPhone has any such capabilities built in. As far as I know, this hasn't been reported.
I know that Apple technically can push out a software update that would enable data collection or even covert audio recording, but in the end I have to make a decision on the likeliness of this vs. the convenience of having a smartphone handy.
Regarding fingerprint data, the US already has that and will continue to do so for 50 years, due to the fact that I had to travel to the US for work related reasons. Not happy about that, but, well, that's life.
Did you btw know that you can turn off "simple passcode" and then use a purely numeric longer passcode? In that case the iphone will still show the big easy-to-hit numeric keyboard allowing you to type in the arbitrary length numeric code.
Brilliant! I did not know that. I haven't been using Long Passcode Mode because I didn't want to type on the tiny keyboard to unlock 100 times a day.
Yes, absolutely. While the idea of fingerprint-purchasing might have interesting applications, what you mention should also be a serious concern.
The saddest part to me is that people are attempting to put an end to this worry by saying "well, Apple said they don't give apps access to it." And no other tech company has ever told us about any of their involvement and cooperation with the NSA in the collection of private user data.
People shouldn't wooed by this new feature and be blinded to its security implications. Start taking this stuff seriously, instead of what these companies are telling you.
Installing such machines in public or private property would require all sorts of legislation that doesn't yet exist otherwise the machine would be illegal in both of those environments because of existing legislation.
I acquired a passport in 2010, and left the country that year, and the year after, and was never asked for my fingerprints. You may be thinking of a program that applies only to non-citizens.
Not in the US, no. I ended up sending them my life story to convince them I was who I said I was, but they did not ask for fingerprints. I've never had to be fingerprinted for any reason. There is a palm geometry scan on file for me with a datacenter, but that works on a different principle.
How hard would it be to run a mobile scanner over public surfaces and correlate the data with security camera footage?
In any case, we're talking about devices that can already spy on you to an enormous extent (conversations, photos, e-mail, passwords, plenty more). Fingerprints seem way down the list of important things they could be stealing.
Actually, my gym (24 Hr Fitness) uses fingerprint scanners to sign people in. I hadn't really given it much thought before, but indeed, it would be possible for their system to be compromised and for my fingerprint data to be released into the wild...
Or to generate an artificial fingerprint that can fool scanners, and then use that to access an other service or data you have/use that is "secured" with fingerprint as the single authentication factor.
Since fingerprints can't be changed, he more widely they are used for authentication, the more likely that they will be compromised and the less useful they are for authentication.
That's a good argument against using fingerprint scanners as the only choice for authentication. They're not very secure, because they can potentially be stolen and faked.
However, it's not at all an argument against using fingerprint scanners as an optional choice for authentication, just because the scanner could be used to steal your fingerprint.
Fingerprint theft is a problem regardless. You can't really target systems that enable that theft, because it's an ever-present risk. Instead, worry about systems which fail due to such theft.
Fingerprints are fine for a gym, because who cares if somebody fakes yours. They're fine for a smartphone for many people, because it's intended to stop casual theft, not be an impenetrable barrier. Fingerprints should definitely not be used (at least on their own) for, say, nuclear launch authorizations or other things of similar import, because they can be stolen and faked.
Unless you have to also swipe a card in which case the fingerprint might be stored on the card. That how it's done where I live since you can't store peoples fingerprints without a good reason.
Yeah, I don't get it either. Wouldn't the fact that it could record all your conversations and movements and mobile data traffic be a much bigger problem?
I think it's prudent to note that Apple made specific guarantees of fingerprint privacy; however such explicit guarantees haven't been made for passcode privacy.
I am not concerned about my fingerprint data being part of some larger database.
However, if you're using a fingerprint to unlock, it's much harder to say "I've forgotten my password" - or stop them from using your finger while you're unconscious.
I don't think people are all that concerned about the dirty deeds of some nefarious black hat in this case. I think people are concerned about secret courts, a government that interprets its own laws, and a substantial portion of the public that hasn't graduated from issues commonly found in high school.
I don't know, the bureaucratic apathy coupled with decades old technology of your local DMV might make a decently effective example of security through obfuscation.
You don't _have_ to. You can root your iPhone and log all packets sent from the phone, and block out any stuff going to Apple (turn off iMessage, iCloud and Siri). For downloading apps etc, you can do that through iTunes and sync your iPhone using a cable.
You might be able to do this through a self hosted VPN too. Just setup your own Great Firewall that won't talk to apple. That way you don't have to root your phone. Not sure how much control you have over which traffic goes over a VPN connection though. And this might block your iMessages haha.
If we're assuming the worst, then nothing you use is safe. Google? No... Downgrade to a regular non-smart phone? I guess that's safer. They'll still have your phone records, though.
Are you similarly worried about the GPS in your iPhone that you presumably keep in your pocket wherever you go, which is tied to your credit card and billing account with the telephone company?
Generally speaking, because some regulatory agency or other would refuse or revoke certification of a device that has a "disable radio" feature that doesn't work.
I wouldn't assume that a device is incapable of accumulating GPS tracking information in "airplane mode" and forwarding it when the radio is turned back on, however, or that intelligence and law enforcement agencies would never quietly disable "airplane mode" in the course of specific investigations.
Airplane mode more or less disables the phone's transmitters, but not necessarily the receivers. Even if the baseband processor is told to shut down the radio, it can still be listening for a remote backdoor message, and subsequently enable the transmitter for some nefarious purpose - similar to a remote shell.
There's a branch of philosophy that takes this to your conclusion... we can't really trust anything in this world.
However, while the NSA has surely overstepped its bounds I don't believe it is omnipotent. At some point its influence ends. I'm still willing to believe in airplane mode. Perhaps next week's scoop will change that, but for now I'm somewhat confident it works.
Its not like it stores all the prints on all your hands...
Does the signature output of the sensor even resemble something that would be useful to a third-party? It seems doubtful that it dumps out a little JPEG... and it might not even be possible to reconstruct.
If the NSA has compromised everything, what's the point of all this paranoia? If you can't trust your software, your compiler, your operating system, your microprocessor, your network adapter, your router, or your ISP- you're hosed. It's over. You lost. So can we at least stop banging the war-drums?
There's either absolutely nothing you can do about it, or it's not as bad as you think and you are being wildly over fearful.
I don't think they compromised everything. From reading the last exposures it seems that they can wiretap Blackberry emails on a targeted basis, not on a dragnet basic(please tell if i'm wrong here).
But since we don't know if they compromised apple(an american company), and the benefits of fingerprint ID is not that big, maybe we need to think about not using it?
Just a thought... the third-party doctrine is what enables perfectly legal surveillance of most communications. However, something residing on your device and never entering a third party's possession would seem to be directly covered by "your papers" in the 4th amendment. The bar for lifting fingerprints out of your CPU is much higher than the bar for lifting emails out of Yahoo.
Not only that, but it can't be accessed by software either. Only the Touch ID sensor has hardware access to the actual fingerprint data, which is stored on separate memory on the A7 chip. That was in the keynote presentation.
Going at your premise and skipping over the fingerprint conversation: we have no evidence that the iPhone is backdoored. The NSA documents referred to scripts that were used on compromised computers that the phones were synced to, which indicates to me that they target unencrypted backup files.
I stopped having to worry about them keeping my fingerprints private when I turned 14. Turns out you need a license to drive a car down the road! How was I supposed to know?
and when you press the unlock button (containing the fingerprint reader that you think is inactive, but is actually still reading your prints) .... presto blammo hello mr nsa
Of course most HN users suspected it, but nobody else would listen. Now that there's proof, those who keep beating the drum are doing so because the public might still be paying attention and it might actually do some good.
Personally, I think I'd rather stay with my passcode.
Did you btw know that you can turn off "simple passcode" and then use a purely numeric longer passcode? In that case the iPhone will still show the big easy-to-hit numeric keyboard allowing you to type in the arbitrary length numeric code.
Yes. It's not as safe as a long alphanumeric password, but this gets annoying SO quickly, I'd rather type in my 8 digits.