Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Dear Apple, The iPhone X and Face ID Are Orwellian and Creepy' (hackernoon.com)

Posted by BeauHD on from the big-brother dept.

Trent Lapinski from Hacker Noon writes an informal letter to Apple, asking "who the hell actually asked for Face ID?" and calling the iPhone X and new face-scanning security measure "Orwellian" and "creepy": For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy. I've been waiting 10-years since the first iPhone was announced for a full-screen device that is both smaller in my hand but has a larger display and higher capacity battery. However, I do not want these features at the cost of my privacy, and the privacy of those around me. While the ease of use and user experience of Face ID is apparent, I am not questioning that, the privacy concerns are paramount in today's world of consistent security breaches. Given what we know from Wikileaks Vault7 and the CIA / NSA capabilities to hijack any iPhone, including any sensor on the phone, the very thought of handing any government a facial ID system for them to hack into is a gift the world may never be able to return. Face ID will have lasting privacy implications from 2017 moving forward, and I'm pretty sure I am not alone in not wanting to participate.

The fact of the matter is the iPhone X does not need Face ID, Apple could have easily put a Touch ID sensor on the back of the phone for authentication (who doesn't place their finger on the back of their phone?). I mean imagine how cool it would be to put your finger on the Apple logo on the back of your iPhone for Touch ID? It would have been a highly marketable product feature that is equally as effective as Face ID without the escalating Orwellian privacy implications. [...] For Face ID to work, the iPhone X actively has to scan faces looking for its owner when locked. This means anyone within a several foot range of an iPhone X will get their face scanned by other people's phones and that's just creepy.

21 of 441 comments (clear)

  1. This guy has no idea how Face ID works by Archvile7 · · Score: 5, Insightful

    This article is so stupid. The author clearly has no idea how existing biometrics that Apple offers work. Touch ID stores information in a secure element, and nowhere else. No cloud, no device transfer methods, nothing - it is On Device only. Face ID is no different. In fact, it doesnâ(TM)t even store images of your face - it reduces your faceâ(TM)s geometry to a mathematical equation that is literally impossible to reverse engineer, due to the high levels of iOS hardware security. Read the damn iOS Security Guide, published and updated by Apple - it is FULL if information on how this stuff works, how keys are handled, how the Secure Enclave works, how encryption works across the OS and user data, itâ(TM)s a great read and would put these inane âoefearsâ to rest simply by understanding how it works. âoePeoples will always fear what they donâ(TM)t understandâ

    1. Re:This guy has no idea how Face ID works by pr0t0 · · Score: 4, Informative

      Actually, law enforcement can force you to use your fingerprint to unlock your phone. They just can't force you to use your passcode.

      --
      I'm sorry, but your opinion seems to be wrong.
    2. Re:This guy has no idea how Face ID works by DontBeAMoran · · Score: 4, Informative

      TL;DR

      Laws in the U.S.A. are fucked-up.

      --
      #DeleteFacebook
    3. Re:This guy has no idea how Face ID works by JonBoy47 · · Score: 4, Informative

      The iPhone 7/8 Touch ID sensor innately provides proximity/pressure sensitivity without need of moving parts. The sole value add function of the physical button is to provide tactile feedback to the user. By replacing the tactile feedback with haptic feedback using the vibration motor, Apple was able to eliminate all the moving parts from the home button, eliminating a significant source of repair claims on the entire device.

    4. Re:This guy has no idea how Face ID works by Kjella · · Score: 4, Informative

      Just a month ago the encryption key for the Secure Enclave firmware on the iPhone 5S's was found. While it doesn't mean someone can remote access the data from it, it does mean someone could load their own firmware on to an iPhone 5S's Secure Enclave.

      Hell no, lies and FUD. It just means someone has found the decryption key embedded in every copy of the Secure Enclave that Apple has used to obfuscate the code in transit. The updates are still signed, the signature check can't be disabled and the signing key only exists in Apple HQ, hackers can now begin to analyze the binary but there's no way for anyone else to alter it.

      --
      Live today, because you never know what tomorrow brings
    5. Re:This guy has no idea how Face ID works by 93+Escort+Wagon · · Score: 5, Informative

      In iOS 11, just click the power button 5 times - that temporarily disables both TouchID and FaceID, requiring a passcode to unlock the phone

      --
      #DeleteChrome
  2. Get a grip by MikeMo · · Score: 5, Insightful

    This guy is just making stuff up. First off, he has no idea if people around the phone owner also get scanned. Secondly, Apple doesn't take a picture of anyone, only a hash of a mathematical representation of the 3D scan of the facial contours created from the 3D projector. And finally, it doesn't send that (irreversible) hash anywhere - it stores it internally in the Secure Enclave, so it wouldn't even matter if they *where* scanning other faces.

    Get a grip, man, I'm sure you can find other things to hate them for, you don't have to make stuff up!

    Why didn't anyone hate on Samsung for *actually* taking pictures?

    1. Re:Get a grip by Gabest · · Score: 4, Insightful

      Because only evil Chinese and Russian companies work with their government.

  3. Re:Whiner by Anonymous Coward · · Score: 5, Insightful

    Who asked for the original Macintosh or iPhone either?

    Neither of those require giving up private information for a product. Do we need facial rec. to unlock a stupid phone? Heck, no. You could easily come up with a dozen, quick means to unlock a phone, that did not involve privacy violation. So we can assume this method was deliberately chosen to invade the privacy of users.

  4. Windows Hello by Roger+W+Moore · · Score: 5, Insightful

    It's also available for Microsoft Surface devices which just goes to show how much things have changed. Now it's no problem when MS does it but when Apple does it's "Orwellian and creepy".

    1. Re: Windows Hello by Anonymous Coward · · Score: 5, Insightful

      Wait... wut...

      Apple is the only company that's doing this with IR scanners that actually detect the shape of your face, not just doing image comparisons.

      Apple is the only company giving hard guarantees that the facial recognition data is never going to leave the device.

      That is, they're the only company respecting your security, and your privacy. Why on earth would they be the only one you don't trust with it?

    2. Re:Windows Hello by zieroh · · Score: 4, Informative

      AFAICT if you have an iPhone 10 you're stuck with using your face to unlock your phone whether you like it or not.

      This is just plan false.

      --
      People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
    3. Re: Windows Hello by Freischutz · · Score: 5, Interesting

      Wait... wut...

      Apple is the only company that's doing this with IR scanners that actually detect the shape of your face, not just doing image comparisons.

      Apple is the only company giving hard guarantees that the facial recognition data is never going to leave the device.

      That is, they're the only company respecting your security, and your privacy. Why on earth would they be the only one you don't trust with it?

      For the same reason a developer just told me that MacOS is closed source, so when I first told him, and then (because he did not believe me) showed him this:

      https://opensource.apple.com/

      .. he defaulted to claiming that the source may be out there but Apple will sue you for breach of IP rights and copyright violation if you modify the code. So I told him I've fixed bugs in OS X/MacOS using that source code and sent them to Apple and have yet to be sued. At that point he changed the subject to talk about how Aqua is closed source which is true but Aqua is also not part of MacOS any more than X11 is an integral part of Linux and I can point out to you plenty of closed source software that runs on Linux. That does not make Linux closed source, it just means that Linux is able to run closed source software. Some people just have to hate something for no particular reason and invent insane bullshit stories about it, for some it's immigrants, for others it's broccoli, for these people it's Apple. Apple is a greedy soulless corporation, but I don't think they are any more greedy or soulless than many other greedy soulless corporations like for example Google and Samsung.

  5. Re: Whiner by DontBeAMoran · · Score: 4, Interesting

    One in 50K false positive was for Touch ID. The false positive for Face ID is one in 1 million.

    --
    #DeleteFacebook
  6. Re:I'm going to be LMAO, by zieroh · · Score: 4, Insightful

    when October 31st rolls around and everyone who has an iPhone 10 and is wearing a mask discovers that they have to take off part of their costume just to make a phone call.

    I'm guessing you don't work on anything more complicated than a horoscope generator, then. Clearly, the fallback in this case would be the passcode. Did you seriously not consider that? And because you didn't actually consider that possibility, did you seriously not consider that Apple engineers would consider it? Or were you just trying to score snark points?

    Seriously, which is it? I want to know.

    --
    People who say "sheeple" have about as much sophistication as an AOL user, and in fact are probably actually AOL users.
  7. Spoiler alert by 93+Escort+Wagon · · Score: 5, Funny

    It recently leaked that - in the opening scene of Game Of Thrones Season 8, we'll see Arya Stark successfully unlock Littlefinger's iPhone X using his face.

    --
    #DeleteChrome
  8. Re:Whiner by pjt33 · · Score: 5, Insightful

    I'm not sure that I see the relevance of the expectation of privacy in public places. What about the expectation of privacy in private places? The phone isn't going to detect the transition between the two and adjust its behaviour.

  9. Re:Whiner by phayes · · Score: 5, Insightful

    Like touchscreen = touchscreen, hidef screens = hidef screens, fingerprint reader = fingerprint reader, trackpad = trackpad, etc...

    Except that people who used Apple’s implementation of these and many other technologies panned as “2-3 years behind the curve” realize that Apples implementation is the first widely available _GOOD_ implementation of them.

    I used touchscreens on phones for years before the iPhone. They all sucked.

    Hidef screens on PCs, same (mostly due to poor OS support).

    Fingerprint readers that worked 1/4 of the time (and were trivially spoofed), same thing, in fact my most recent Samsung work phone STILL only unlocks after multiple tries.

    Apple’s Magic Trackpad & MacOS’ gesture support are _still_ better than everyone else’s.

    But you go ahead and stick your fingers in your ears while muttering “late to the game” & “expensive”.

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  10. Re:Whiner by angel'o'sphere · · Score: 5, Insightful

    4. Placing a TouchID sensor on the back of the phone is a singularly horrible idea from a usability standpoint
    That is nonsense.
    There are plenty of phones that have the touch sensor on the backside, and my friends who own such phones, love it.

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  11. Re: Whiner by bsDaemon · · Score: 5, Informative

    The watch word of the day is "normalization," isn't it? Apple including facial recognition technology helps normalize the idea and numb people to its use in a way thet Microsoft and Samsung apparently weren't because lack of hipster cred. But now that Apple has done it, it will go "mainstream" (i.e., people will realize it is where it was and think that's new. Also will want to add it other places).

    There is only a bit of snark there. But frankly, yes, facial recognition technology is more invasive than fingerprint readers because i don't have to touch the phone. It is passive collection technology. And it isn't even necessarily the fact that Apple is using it for login (biometrics should replace user names, not passphrases) or that scan data is held in the SEP. it is that Apple has a chip in the phone that can do reasonably accurate scans at a good rate. Its probably only a matter of time before a Square-like device is made leveraging the ability to provide minority-report like indenrification of shoppers (and then they'll helpfully airplay ads and coupons to people!)

    Like I said, some degree of snark there. But if any company can push pervasive biometric identification beyond "z0mg government spying!!" to "this is totally normal and acceptable. I don't remeber a world wherein my face wasn't scanned 300 times a day creating an irrefutable log of my movements and actions throughout the day! Isn't it a totally wonderful and acceptable social norm?!," well that would be Apple.

  12. Re:Whiner by fred6666 · · Score: 4, Insightful

    1. Apple's FaceID Facial Recognition, including Enrollment, is done entirely on the iPhone. And any Recognition Data on the phone is stored in the Secure Enclave, inaccessible to everyone, including Apple.

    How do you know, you've looked at the source code?