FaceID is 2.5 years ahead of the competition

[79wjd]

4 minutes ago, DrMacintosh said:

Or you know your Constitutional rights......

 

that is if you are a U.S. Citizen. I don’t live in a police state and I’m not going to submit to authority willingly. 

You really need to work on your quoting skills....

3 minutes ago, DrMacintosh said:

If you got caught and they knew you had drugs. 

 

They have no reason to search your phone without a warrant and I’m damn well going to make them get one if they want to search mine. 

The only time you'd be disabling FaceID is if you got caught and knew they had something on you.....the same thing applies. Otherwise, you just wouldn't have had FaceID enabled in the first place. 

 

They have no reason to search your home without a warrant either.... They either have something on you (and you know it) -- and you disable FaceID quickly (this would also be a done in the heat of moment thing since otherwise you could just disable in settings as if you never used it), or they don't -- in which case you don't do anything. It's the EXACT same scenario as flushing drugs down the toilet.

[DrMacintosh]

5 minutes ago, djdwosk97 said:

in which case you don't do anything. It's the EXACT same scenario as flushing drugs down the toilet.

Protecting my rights isn’t limited to only when I’m guilty. 

 

Even if if I have nothing in my home that is illegal and cops ask to search I will require them to get a warrant. 

[DrMacintosh]

5 minutes ago, djdwosk97 said:

You really need to work on your quoting skills....

It’s not me, it’s the forums. I’m quoting the right people, the forum says nope.

[Commodus]

11 minutes ago, bob345 said:

It being used a security solution is poor implementation. Depth mapping with a projected ir grid is great for tracking detailed motion and scanning objects in 3d, but for a security solution i would not trust it. I have already messed with fooling an xbox kinect which uses the same kind of depth mapping technique as face id. All you need is to know the ir grid spacing at a known distance, an image of the subject. With the 2d image (preferably 2 a side profile and front profile to more easily interpolate your own depth map in a software like blender) all you then need is something like ITO coated PET film, an inkjet printer, and a laser cutter to laser drill holes in the printed image on the ito coated film that match up with you interpolated depth map based on the devices ir grid spacing. All you need then is an ir source that you shine in from behind. All these systems do to identify an object is look at the way the projected grid is deformed paired with traditional 2d imaging to interpolate distance and shape. Like i said before, not as easy as just printing a picture, but its easily within a days work if you have access to the required tools.

Yeah, all you need is elaborate knowledge of how to fool depth mapping systems and several hours of work using tools that few if any thieves have on hand.  And that's assuming it works exactly like Kinect does... clearly the base technology is the same (Apple did snap up PrimeSense), but is the implementation merely miniaturized, or are there tweaks?

 

I'm reminded of what I've said to people who freak out at the thought of people using gel-based fake fingers to unlock phones: if would-be intruders have the know-how, time and willpower to build a fake to get into your device... you have much, much more to worry about than the security of your phone.  Namely, you should probably be asking your colleagues at the CIA or MI5 for a rescue, because your deep cover spy operation has been compromised.

[vanished]

2 hours ago, mynameisjuan said:

The fact that security would have to fall back to a method that is more secure really speaks for the security of passwords.

Or at least a testament to the established, consistent, and reliable nature of them.  A single code that will always work, and any other code that doesn't work is an easy concept to grasp, but facial recognition is, perhaps understandably so, seen as "magical" to a certain degree... it's "fuzzy".  I can see them not wanting to trust it exclusively in the event that for some reason it suddenly doesn't work one morning.

 

Also, to reiterate what I said before, security is only as good as the weakest link, and adding an additional method to any existing method can only make the total weaker, regardless of how strong both are.  But, also to reiterate from before, so long as people recognize they're doing this (using a fingerprint or face) for convenience and not for security, I guess it's fine.  I just would hate to see someone adding or switching to a fingerprint thinking that it's super sci-fi and must be 1000x more secure, when in face the opposite is true.

2 hours ago, Sniperfox47 said:

Even now, if you have touch ID enabled it's as a bypass for your passcode, not to replace it (Just like Android's Smart Lock and Imprint). And someone can correct me if I'm wrong, but I don't believe iOS let's you use it two-factor, only as a bypass (since there's the chance it fails).

 

1 hour ago, DrMacintosh said:

Optional 

 

So one says the passcode is always present as a fall back, one says face/touch ID can totally replace it... which is it?

1 hour ago, djdwosk97 said:

How the hell will that not fall under destruction of evidence.....

What, locking your phone?  How would it fall under that?  You'd not destroying anything.

[79wjd]

1 hour ago, DrMacintosh said:

Protecting my rights isn’t limited to only when I’m guilty. 

 

Even if if I have nothing in my home that is illegal and cops ask to search I will require them to get a warrant. 

An officer can't just force you to unlock your phone unless you've already been arrested at that point, and so, making it impossible to access the data on the phone, would constitute destruction of evidence. 

1 hour ago, DrMacintosh said:

It’s not me, it’s the forums. I’m quoting the right people, the forum says nope.

 No one else has the problem. It's you. 

Just now, Ryan_Vickers said:

What, locking your phone?  How would it fall under that?  You'd not destroying anything.

Using a feature that instantly turns off FaceID thereby making it impossible to unlock the device. That seems just as much destroying as flushing something down the toilet -- something flushed down the toilet can still technically be retrieved.  

[vanished]

Just now, djdwosk97 said:

Using a feature that instantly turns off FaceID thereby making it impossible to unlock the device. That seems just as much destroying as flushing something down the toilet -- something flushed down the toilet can still technically be retrieved.  

You're just switching from one method of unlocking to another.  The fact that the police are legally allowed to force you to unlock it if you use one, but not the other is of no consequence

[Hiitchy]

13 hours ago, Enderman said:

Apple is actually far behind android.

My android phone can read my thoughts and verify that it is actually me based on what I am thinking about, then it allows me to enter the rest of the 5-step verification process.

1- password

2- fingerprint

3- iris scan

4- facial scan

5- person come to my house to verify it is me

Then i can safely and securely get into my android phone.

 

 

"Hello, is your name so and so?"
"No"

*takes phone and runs away*

[DrMacintosh]

2 hours ago, djdwosk97 said:

That seems just as much destroying as flushing something down the toilet -- something flushed down the toilet can still technically be retrieved.  

Don’t think there are any court cases that have ruled that. Apple is going to do it, and if law enforcement has a problem with it they can arrange a court date. 

 

Apple has no problem with squaring up with the law. 

[AresKrieger]

16 hours ago, DrMacintosh said:

If Apples stats were to be believed, getting a duplicate fingerprint is 1:50,000 while getting a

It's less than that, closer to 1:500,000 to a million for a fingerprint to match possibly less but we have so few cases to draw legit statistics for it, also in the case of twins their prints are different but faces are the same so........

[LAwLz]

6 hours ago, DrMacintosh said:

Smaller usually means more advanced.

You can't be for real... Steve might be dead, but this relation distortion field is alive and well it seems.

 

5 hours ago, mrchow19910319 said:

I've seen a lot of people saying you shouldn't use Face ID because police will force you to unlock your phone. 

or something like that. 

This is US only: That's correct, but they can do the same with TouchID.

A court ruled that biometric passwords are not protected by the fifth amendment, so you have to comply with those requests.

 

5 hours ago, DrMacintosh said:

And you think your local phone thief is going to make those? 

I don't think he is talking about local thieves, since even a password on the top 100 most common passwords will protect you from that. Even a flawed early-gen fingerprint scanner that can easily be fooled with a silicon molded glove would protect from that.

When it comes to security, you should not design it to protect against the low-tier thieves. You should design it to be strong against even a big threat like the US government.

 

 

5 hours ago, DrMacintosh said:

Yes. The A11 Bionic and the Neural Engine aren't going to give a crap about anything. Apple overpowers their phones for good reason. 

It doesn't matter how overpowered the A11 is if the limiting factors are the sensors and optics.

You can't overcome low resolution with processing power.

 

5 hours ago, djdwosk97 said:

Regardless, if you're going to get involved in criminal activities, then it is probably best to not be walking around with a tracking device that has sensitive information on it.

Pleading the fifth is often used by innocent people because some things can be seen as evidence despite not being evidence.

Imagine if you had been super mad at someone and sent a few messages saying you hoped that person died. If that person ends up dead, then showing those messages to the police will be really bad even if you are innocent.

 

5 hours ago, DrMacintosh said:

Optional 

Wait, it is not forced? I am 99.99% sure it was forced with TouchID, so I don't see why it wouldn't be forced with FaceID.

Just so that we are on the same page here. What Ryan is asking is if you have to have a password/PIN if you use FaceID, or if it is possible to configure it so that FaceID is the only way to unlock your device. That is to say, there are absolutely no backups. If FaceID for some reason can't detect your face, then it is impossible to get into the phone. That's what he is asking.

 

5 hours ago, DrMacintosh said:

Evidence isn’t evedicne if it isn’t legally obtained. Any illegally obtained evidence cannot be admitted. 

I'm going to need a [Citation Needed] on this, and preferably some precedence case. People (in the US) have at several points been forced to unlock their devices because they suspect that they contain evidence.

They just need some reason to suspect you hide evidence on the device.

 

4 hours ago, DrMacintosh said:

They have no reason to search your phone without a warrant and I’m damn well going to make them get one if they want to search mine. 

You speak as if getting a warrant in the US is difficult...

The FISA Court which has been operating since 1979 has approved 18,742 warrants and rejected a total of 4. Those 4 rejects were all made in 2004 and after being submitted for reconsideration they were partially granted.

 

 

 

By the way everyone, according to Apple the reason why FaceID failed during the live demo was because if FaceID fails to detect a face that is yours a couple of times it will require your password. So if your friends picks up your phone and pass it around a bit you won't be able to unlock it with your face.

Great design...

[79wjd]

 

Quote

I'm going to need a [Citation Needed] on this, and preferably some precedence case. People (in the US) have at several points been forced to unlock their devices because they suspect that they contain evidence.

They just need some reason to suspect you hide evidence on the device.

I don't have a source because I'm lazy, but illegally gathered evidence (from a government party) is inadmissible. I believe that if I (as a non-public entity individual) break into your house and provide what I steal as evidence then it CAN be legally used (although there would still be potential issues of me tampering with and voiding the evidence, but from a legal standpoint it would be valid).

 

With that said, probable cause / imminent danger / plain sight are all valid enough reasons for law enforcement to collect evidence. If an officer is walking by your house and he hears a woman screaming that a man has a knife and is going to kill her then he can break into the house and anything he sees would be in plain sight and therefore admissible in court (even if it has nothing to do with the attempted murder).

 

20 minutes ago, LAwLz said:

By the way everyone, according to Apple the reason why FaceID failed during the live demo was because if FaceID fails to detect a face that is yours a couple of times it will require your password. So if your friends picks up your phone and pass it around a bit you won't be able to unlock it with your face.

Great design...

This is something that I mentioned in one of the previous threads -- Apple has to have a good enough way to detect accidental and intentional unlock attempts otherwise this will become a royal pain in the ass. But the thing is, it is necessary behavior in order to prevent an infinite number of unlock attempts. 

[DrMacintosh]

53 minutes ago, LAwLz said:

What Ryan is asking is if you have to have a password/PIN if you use FaceID, or if it is possible to configure it so that FaceID is the only way to unlock your device.

No. 

 

54 minutes ago, LAwLz said:

By the way everyone, according to Apple the reason why FaceID failed during the live demo was because if FaceID fails to detect a face that is yours a couple of times it will require your password. So if your friends picks up your phone and pass it around a bit you won't be able to unlock it with your face.

The phone reset because it had restarted. FaceID was not disabled from trying to unlock with the wrong face too many times, it was disabled completely because it had just rebooted. 

[DrMacintosh]

18 minutes ago, anthonyjc2010 said:

Back on topic... No my fingers were not wet, oily, or dirty. I did it after thoroughly cleaning them and the sensor still wasn't operating properly.

People with certain skin disorders have a hard time with TouchID. At that point everything is on your biology and not the sensor. It works for the greatest common denominator and you just don't fall into that. 

[DrMacintosh]

52 minutes ago, djdwosk97 said:

I don't have a source because I'm lazy, but illegally gathered evidence (from a government party) is inadmissible.

Getting a source for this requires digging through more court cases than its worth just to prove what you learned in your U.S. Gov't class in High School.

[DrMacintosh]

1 hour ago, AresKrieger said:

closer to 1:500,000 to a million for a fingerprint to match possibly less but we have so few cases to draw legit statistics for it,

Then your number is arbitrary and useless. 

[DrMacintosh]

1 hour ago, AresKrieger said:

also in the case of twins their prints are different but faces are the same so........

When you have to criticise the niche of a niche you know the argument isn't going anywhere. 

[AresKrieger]

19 minutes ago, DrMacintosh said:

Then your number is arbitrary and useless. 

My point was that it is 10x that number at worse but I couldn't get an accurate number because it is so rare, after looking it up it seems that finger prints are essentially unique (ie we've never found two that matched fully despite comparing millions) but they can be close enough to fool someone comparing two so that likely would fool something like touch id.

 

18 minutes ago, DrMacintosh said:

When you have to criticise the niche of a niche you know the argument isn't going anywhere. 

The idea that some random person who steals your phone is going to have the same finger print is also niche (if not impossible) so touche.

[vanished]

40 minutes ago, DrMacintosh said:

No. 

No as in no, it is not possible to configure it so that FaceID is the only way to unlock your device?  Then to answer my question from before, it is forced to have a password.  Therefore, if you're thinking that having FaceID will help people who typically choose weak passwords, you're out of luck since they still need to have one, and what's worse, how much do you bet that they'll be more inclined to make it even weaker than usual since they think they won't be using it much if at all?

[DrMacintosh]

24 minutes ago, Ryan_Vickers said:

No as in no, it is not possible to configure it so that FaceID is the only way to unlock your device?  Then to answer my question from before, it is forced to have a password. 

It is not possible to use FaceID only. You are not forced to have a password unless you want to use FaceID. 

 

25 minutes ago, Ryan_Vickers said:

Therefore, if you're thinking that having FaceID will help people who typically choose weak passwords, you're out of luck since they still need to have one

Nobody is saying that 

 

26 minutes ago, Ryan_Vickers said:

how much do you bet that they'll be more inclined to make it even weaker than usual since they think they won't be using it much if at all?

I dont see why biometrics dont give people an incentive to have more complex passwords since you almost never have to enter them. 

[DrMacintosh]

50 minutes ago, AresKrieger said:

The idea that some random person who steals your phone is going to have the same finger print is also niche (if not impossible) so touche.

And having your identical twin unlock your iPhone X is also unlikely. It can happen but thats also going to affect 0.2% of people on earth. so basically nobody cares and FaceID is still amazing. 

[79wjd]

1 minute ago, DrMacintosh said:

I dont see why biometrics dont give people an incentive to have more complex passwords since you almost never have to enter them. 

Because realistically there are still times when a password is necessary and frankly most people don't have much sensitive information or don't care enough about what's on their phone to bother with something more complex. 

[DrMacintosh]

Just now, djdwosk97 said:

Because realistically there are still times when a password is necessary and frankly most people don't have much sensitive information or don't care enough about what's on their phone to bother with something more complex. 

That's on them and there is nothing any company can do to help them. 

[vanished]

4 minutes ago, DrMacintosh said:

It is not possible to use FaceID only. You are not forced to have a password unless you want to use FaceID. 

Ok, that's what I was wondering.

4 minutes ago, DrMacintosh said:

Nobody is saying that 

Really?  It seemed like you were saying that earlier.  You agreed to a post that pointed out how the odds of guessing a password are much higher than the pure math would suggest since many people choose bad ones. And then you also literally said,

8 hours ago, DrMacintosh said:

These types of analysis ignore easily guessable passcodes and patterns. FaceID and TouchID eliminate those risks. 

"FaceID and TouchID eliminate those risks. "  Well, clearly, they do not, since you still need that password.

 

4 minutes ago, DrMacintosh said:

I dont see why biometrics dont give people an incentive to have more complex passwords since you almost never have to enter them. 

Yes, that would be the logical thing to do, but then, having a strong password would also be the logical thing to do, but people often don't.  I'm just trying to get inside the head of the kind of person who makes the code "123456"

[DrMacintosh]

8 minutes ago, Ryan_Vickers said:

since you still need that password.

Only when you no longer have the access to the phone. Passcodes are decent fallbacks to a more secure technology. 

 

8 minutes ago, Ryan_Vickers said:

You agreed to a post that pointed out how the odds of guessing a password are much higher than the pure math would suggest since many people choose bad ones.

And? People with weak passwords do make it more likely that you could guess a passcode. You can't guess a face or a fingerprint. I don't see how that suggests any hypocrisy on my part. FaceID and TouchID eliminate the ability for your main mode of security to be simply guessed. 

 

FaceID on its own does replace the passcode, but because of liability, using only FaceID is a terrible idea since any number of things could occur to cause FaceID to fail and you would be SoL which is exactly why Apple does not allow users to disable the passcode if FaceID is on.