'Dear Apple, The iPhone X and Face ID Are Orwellian and Creepy'

Trent Lapinski from Hacker Noon writes an informal letter to Apple, asking "who the hell actually asked for Face ID?" and calling the iPhone X and new face-scanning security measure "Orwellian" and "creepy": For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy. I've been waiting 10-years since the first iPhone was announced for a full-screen device that is both smaller in my hand but has a larger display and higher capacity battery. However, I do not want these features at the cost of my privacy, and the privacy of those around me. While the ease of use and user experience of Face ID is apparent, I am not questioning that, the privacy concerns are paramount in today's world of consistent security breaches. Given what we know from Wikileaks Vault7 and the CIA / NSA capabilities to hijack any iPhone, including any sensor on the phone, the very thought of handing any government a facial ID system for them to hack into is a gift the world may never be able to return. Face ID will have lasting privacy implications from 2017 moving forward, and I'm pretty sure I am not alone in not wanting to participate.

The fact of the matter is the iPhone X does not need Face ID, Apple could have easily put a Touch ID sensor on the back of the phone for authentication (who doesn't place their finger on the back of their phone?). I mean imagine how cool it would be to put your finger on the Apple logo on the back of your iPhone for Touch ID? It would have been a highly marketable product feature that is equally as effective as Face ID without the escalating Orwellian privacy implications. [...] For Face ID to work, the iPhone X actively has to scan faces looking for its owner when locked. This means anyone within a several foot range of an iPhone X will get their face scanned by other people's phones and that's just creepy.

Whiner

Who asked for the original Macintosh or iPhone either? People often don't know what they've been missing out on until you show it to them. This person obviously doesn't understand Apple's history and the way they operate.

Re:Whiner

Who asked for the original Macintosh or iPhone either?

Neither of those require giving up private information for a product. Do we need facial rec. to unlock a stupid phone? Heck, no. You could easily come up with a dozen, quick means to unlock a phone, that did not involve privacy violation. So we can assume this method was deliberately chosen to invade the privacy of users.

Re:Whiner

[lucm]

Face unlock is face unlock. Spin it any way you want, it's just face unlock and Apple is playing catch-up as usual. They don't even need to innovate anymore because there's people like you who cream their panties about any minuscule thing they see on their iPhone and go around babbling about it.

Apple make average phones that are 2-3 years behind the curve and carry an obscene price tag. If you want to give them money, have at it, but this here is not your grandma's bingo parlor, you can't just throw in lame tech keywords and expect people to faint.

Re:Whiner

[pjt33]

I'm not sure that I see the relevance of the expectation of privacy in public places. What about the expectation of privacy in private places? The phone isn't going to detect the transition between the two and adjust its behaviour.

Re:Whiner

[phayes]

Like touchscreen = touchscreen, hidef screens = hidef screens, fingerprint reader = fingerprint reader, trackpad = trackpad, etc...

Except that people who used Apple’s implementation of these and many other technologies panned as “2-3 years behind the curve” realize that Apples implementation is the first widely available _GOOD_ implementation of them.

I used touchscreens on phones for years before the iPhone. They all sucked.

Hidef screens on PCs, same (mostly due to poor OS support).

Fingerprint readers that worked 1/4 of the time (and were trivially spoofed), same thing, in fact my most recent Samsung work phone STILL only unlocks after multiple tries.

Apple’s Magic Trackpad & MacOS’ gesture support are _still_ better than everyone else’s.

But you go ahead and stick your fingers in your ears while muttering “late to the game” & “expensive”.

Re:Whiner

[TheFakeTimCook]

Who asked for the original Macintosh or iPhone either?

Neither of those require giving up private information for a product. Do we need facial rec. to unlock a stupid phone? Heck, no. You could easily come up with a dozen, quick means to unlock a phone, that did not involve privacy violation. So we can assume this method was deliberately chosen to invade the privacy of users.

1. Apple's FaceID Facial Recognition, including Enrollment, is done entirely on the iPhone. And any Recognition Data on the phone is stored in the Secure Enclave, inaccessible to everyone, including Apple. So there simply isn't any treasure-trove of Facial Recognition data for anyone to scoop up.

2. The Facial Recognition data stored in the Secure Enclave cannot be used to reconstruct the Face that is Enrolled. Again, nothing to be gained, even if someone could manage to extract the FaceID data from the phone in the first place.

3. Apple did not invest the large cost to develop FaceID (which is not just a Kinect), and more importantly, did not add the cost of the FaceID hardware to the cost of the iPhone X, thus increasing the price of the phone, on a whim. Market pressures to increase screen area without increasing overall phone size, versus the apparently so-far insurmountable technical difficulties in integrating a TouchID sensor-like function into the Display assembly (which is what Apple wanted to do), added-up to making Facial Recognition the only PRACTICAL solution.

4. Placing a TouchID sensor on the back of the phone is a singularly horrible idea from a usability standpoint, and thus would have been instantly, and rightly, rejected by Apple's Product Design team for the iPhone. While most Users CAN reach a touch sensor located on the back of the phone, some cannot; but much more importantly, it forms a blind, poorly-locate-able Target, for something you would likely use several times per day. Whereas, Apple's FaceID system provides a simple to "hit" target, as it apparently works at almost any angle, so long as the camera and illuminator can see all the parts of the face it uses for its Recognition. And it also still uses the side of the phone that users normally deal with, rather than creating a blind "UI" Target on the side opposite of the one Users normally deal with.

5. You can use a Passcode/Passphrase if you don't like FaceID for whatever reason. Apple isn't forcing this on anybody.

6. You can simply buy another phone.

Re:Whiner

1. Apple's FaceID Facial Recognition, including Enrollment, is done entirely on the iPhone. And any Recognition Data on the phone is stored in the Secure Enclave, inaccessible to everyone, including Apple.

We'll just have trust them, right. LOL.

2. The Facial Recognition data stored in the Secure Enclave cannot be used to reconstruct the Face that is Enrolled. Again, nothing to be gained, even if someone could manage to extract the FaceID data from the phone in the first place.

LOL, that data is like a hashed password. You just need to generate enough "artificial faces" (guessed passwords) before it matches the data.

3. Apple did not invest the large cost to develop FaceID (which is not just a Kinect), and more importantly, did not add the cost of the FaceID hardware to the cost of the iPhone X, thus increasing the price of the phone, on a whim. Market pressures to increase screen area without increasing overall phone size, ...

LOL, I think now that they have everyone's fingerprints, they want everyone's face IDs as well. This is way worse than fingerprint ID. With cameras everywhere, "they" can track you the moment you step out of your house (thanks to the morons who handed over a high-res 3D scan of their faces). Who invests so much time and money into a stupid password manager, unless there were some juicy side benefits?

5. You can use a Passcode/Passphrase if you don't like FaceID for whatever reason.

The smart and semi-smart folks will avoid faceID. But the rest of the (ignorant) population won't.

Apple isn't forcing this on anybody.

Is there a place where you can place black tape to block the faceID scanner? If there isn't one, then it's forcing it on everybody.

Re:Whiner

[angel'o'sphere]

4. Placing a TouchID sensor on the back of the phone is a singularly horrible idea from a usability standpoint
That is nonsense.
There are plenty of phones that have the touch sensor on the backside, and my friends who own such phones, love it.

Re:Whiner

[phayes]

I generally with most of what you wrote but do note that those selecting about specific attributes and whining about them are often missing the forest for the trees. Focusing on the details is falling into the same trap of those ridiculing the iPod and predicting it's failure that begat the meme here on slashdot (No wireless. Less space than a nomad. Lame.). I, like most people selected my phone by looking at all it's attributes (including OS reliability, security and expected lifetime for my part).

OLED screens of sufficient quality and lifetime are still supply constrained with a single source (Samsung though Apple has gifted LG with billions of $ to be able to catch up & become a second source). The Notch isn't an issue for most people and allows the use of larger front-side sensors that make face recognition much better (less spoofable, more reliable) while still keeping enough room for useful notification space. It resembles the touchID/fingerprint sensors in that android phones often had narrower fingerprint readers and ToughID uses round sensors and is much more reliable & faster.

Your 3 year old S6 may indeed have proven to be of sufficient quality/lifetime but Samsung was incapable of furnishing enough screens for themselves & Apple and the expected lifetime had yet to be proven. That's less of an issue with Android phones because their mean used lifetime is so much shorter than iPhones are. Fewer care when the phone they replaced has faded than those who expect to continue using it for another 2-3 years.

Did Apple reneg on the 2x pixel requirement being unavoidable when they announced it? You _know_ this to be a falsehood because you'd seen the updated code to support it and all the applications had been updated to support other resolutions at that date? No, you don't. That Apple used the 2X pixel application framework updates to prepare the way for future non 2X phones and sufficient compatible apps didn't appeal to you so you chose to believe the worst, Ockhams Razor be damned.

As for the headphone jack, it's a popular whine among geeks, but much like changeable internal batteries, the great majority don't care.

Re:Whiner

[conquistadorst]

Neither of those require giving up private information for a product. Do we need facial rec. to unlock a stupid phone? Heck, no. You could easily come up with a dozen, quick means to unlock a phone, that did not involve privacy violation. So we can assume this method was deliberately chosen to invade the privacy of users.

I typically hate the response I'm about to give since I've always felt it to be a cover-all-cop-out but this time I think this is an instance where it does apply. You're under no obligation to buy it. If they miscalculate a technology or marketing decision, you and everyone else should "punish" them by simply not buying the phone. Corporations aren't democratic. At best, you can stretch them to qualify as a republic with money being your elected representative. We can sit here and criticize them all day but if the phone sells like hot cakes because people love this feature, then we're just wrong.

Re:Whiner

[fred6666]

1. Apple's FaceID Facial Recognition, including Enrollment, is done entirely on the iPhone. And any Recognition Data on the phone is stored in the Secure Enclave, inaccessible to everyone, including Apple.

How do you know, you've looked at the source code?

This guy has no idea how Face ID works

[Archvile7]

This article is so stupid. The author clearly has no idea how existing biometrics that Apple offers work. Touch ID stores information in a secure element, and nowhere else. No cloud, no device transfer methods, nothing - it is On Device only. Face ID is no different. In fact, it doesnâ(TM)t even store images of your face - it reduces your faceâ(TM)s geometry to a mathematical equation that is literally impossible to reverse engineer, due to the high levels of iOS hardware security. Read the damn iOS Security Guide, published and updated by Apple - it is FULL if information on how this stuff works, how keys are handled, how the Secure Enclave works, how encryption works across the OS and user data, itâ(TM)s a great read and would put these inane âoefearsâ to rest simply by understanding how it works. âoePeoples will always fear what they donâ(TM)t understandâ

Re:This guy has no idea how Face ID works

[DontBeAMoran]

You know what I fear? The fact that we're in 2017 and Slashdot still doesn't support UTF-8.

Get a grip

[MikeMo]

This guy is just making stuff up. First off, he has no idea if people around the phone owner also get scanned. Secondly, Apple doesn't take a picture of anyone, only a hash of a mathematical representation of the 3D scan of the facial contours created from the 3D projector. And finally, it doesn't send that (irreversible) hash anywhere - it stores it internally in the Secure Enclave, so it wouldn't even matter if they *where* scanning other faces.

Get a grip, man, I'm sure you can find other things to hate them for, you don't have to make stuff up!

Why didn't anyone hate on Samsung for *actually* taking pictures?

Re:Get a grip

[Gabest]

Because only evil Chinese and Russian companies work with their government.

Tape and passcode, any who?

[Balial]

If I can understand this guy's ramblings, he doesn't like that FaceID is so powerful, and he wishes he could unlock his iPhone X another way.

So stick some tape over the front facing camera and use a passcode. Get over it. People have been doing this with their laptop cameras for years.

Even if his argument was based in reality, which I'm not sure it is, there's a well-known work-around.

Windows Hello

[Roger+W+Moore]

It's also available for Microsoft Surface devices which just goes to show how much things have changed. Now it's no problem when MS does it but when Apple does it's "Orwellian and creepy".

Re: Windows Hello

Wait... wut...

Apple is the only company that's doing this with IR scanners that actually detect the shape of your face, not just doing image comparisons.

Apple is the only company giving hard guarantees that the facial recognition data is never going to leave the device.

That is, they're the only company respecting your security, and your privacy. Why on earth would they be the only one you don't trust with it?

Re:Nonsense really

Original comment: "it appears they won't yet be able to force you to facial unlock the phone"

Follow-up comment: "IANAL but my understanding is there is no legal precedent yet."

These claims are not remotely in agreement. In fact, they are opposites: If there is no legal precedent one way or the other, then of course police will take the presumed liberty to do whatever they want, and dare the courts to stop. And in many cases not even then. That's like, almost the entire history of policing in a nutshell.

Not mandatory

[seven+of+five]

Don't like face ID?
Use a passcode. Or no security at all...

Re:I'm going to be LMAO,

[zieroh]

when October 31st rolls around and everyone who has an iPhone 10 and is wearing a mask discovers that they have to take off part of their costume just to make a phone call.

I'm guessing you don't work on anything more complicated than a horoscope generator, then. Clearly, the fallback in this case would be the passcode. Did you seriously not consider that? And because you didn't actually consider that possibility, did you seriously not consider that Apple engineers would consider it? Or were you just trying to score snark points?

Seriously, which is it? I want to know.