Slashdot Mirror
Apple Recommends Children Under 13, Twins and Siblings Do Not Use Face ID On iPhone X (theguardian.com)
According to a security guide published Wednesday, Apple recommends that children under the age of 13 do not use Face ID on the iPhone X due to the probability of a false match being significantly higher for young children. The company said this was because "their distinct facial features may not have fully developed." They also recommend that twins and siblings do not use the new feature. The Guardian reports: In all those situations, the company recommends concerned users disable Face ID and use a passcode instead. With Face ID, Apple has implemented a secondary system that exclusively looks out for attempts to fool the technology. Both the authentication and spoofing defense are based on machine learning, but while the former is trained to identify individuals from their faces, the latter is used to look for telltale signs of cheating. "An additional neural network that's trained to spot and resist spoofing defends against attempts to unlock your phone with photos or masks," the company says. If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice -- just like a human.
Do they really need to specify both twins and siblings?
Slashdot: providing anti-social weirdos a soapbox, since 1997.
Like most people on Earth?
Too many compromises, too many security holes.
Apple promote Touch ID has having 1 in 50,000 chance of false positive, while Face ID is 1 in 1,000,000
If it acquires resources on instantiation like a duck, then its a shared_ptr<Duck>
The wonderful trend of feature-removal in the modern computing and electronics world. Take a feature like using a fingerprint, and then instead of ADDING facial recognition, REPLACE the fingerprint technology, which worked pretty darn well, with something that doesn't work properly for massive portions of the population. We have sheephumping morons running, and ruining, everything...
Due to the nature of false positives, this is pretty irrelevant.
Before going it the NSA database.
I remember seeing those Snapchat face filters and being like "Here comes the Man." But in this instance, I really don't see how the privacy thing enters into it. The Secure Enclave on iOS is the real deal down at the hardware level in these phones; I don't see anyone (well, I haven't looked to hard either) thinking the government(s?) are making a vast fingerprint DB with Touch ID profiles...and Face ID is same technology just with a different input.
I would like to subscribe to your newsletter
to a child under 13 ? The chances of it being lost or stolen are quite high!
Its because they are pushing the data somewhere. Those under 13 fall under the Child online protection Act so apple wants none of that.
1/1,000,000
Unless you're under 13 or have a sibling.
Perhaps they just mean out of all 7.5 billion faces in the world right now, 7,500 of them will unlock your phone. I assume there is really, really fine print about the chances being much higher if the face belongs to someone who looks similar to you, like a twin or even a sibling.
It's all bullshit. Whatshisfuck stood on stage and claimed that it was orders of magnitude more secure and reliable than TouchID. What happened?
If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice -- just like a human.
Nope. If a "perfect" mask is made, the defensive system won't notice. And neither will a human. And if a "good" mask is made, the defensive system won't notice, but a human will.
Your system isn't usable for children under 13 because "their distinct facial features may not have fully developed"? Bullshit. It isn't usable because it doesn't work well. 12 year olds have faces as distinct as any other human face, far more distinct than a fingerprint, etc. You are using a high res 3D ("depth sensing") camera, thousands of points of detection, etc., etc., right?
If you can't distinguish 2 faces your shit is broken.
If you can't recognize 1 face as being the same your shit is broken.
If you can't walk the line between false positives and false negatives, you lie and dream up some shit about a defensive mechanism that's always working even when Face ID isn't working right, or Face ID not working because your faces haven't aged to distinction yet.
Bullllllllllllllllllllllllllllllllllshiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiit!
Yet did Apple ever tell 12 year olds Touch ID wouldn't work for them? Or siblings?
Has anyone ever produced a Touch ID collision using 2 different fingerprints? It's easy enough to fool by cloning the targets fingerprints, despite claims to the contrary, but has anyone actually encountered a case where someone using Touch ID has found someone else that passes their Touch ID check?
Apple promote Touch ID has having 1 in 50,000 chance of false positive, while Face ID is 1 in 1,000,000
For sufficiently loose definitions of 1 in 1,000,000, apparently.
#DeleteChrome
"Having a twin", "having at least one sibling", or "being under the age of 13", is just one of those unforeseeable contingencies Apple has had to contend with. It joins the likes of "being left handed", "the comic strip Dick Tracy being prior art to everything about the Apple Watch", and "heterosexuality".
Inheritance is the sincerest form of nepotism.
Apple did specify "siblings that look like you",
Yes, but what they mean is siblings that look like you according to an algorithm which also thinks that all kids under 13 look alike. This doesn't exactly inspire much confidence especially if this is the algorithm protecting your Apple Pay cards on your phone. Mind you at the price they are charging you probably won't have much money left on those cards for your look alike to access.
So ... about 8,000 people on this planet can unlock my phone?
With a pass token that I can neither change nor keep secret to boot...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Hey, earlier models could do this even without 3 failed attempts. All you had to do is repair it when it breaks.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
*gasp*
Don't tell me Apple is now anti-LBQTBBQWTFKMA?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
And if it CANNOT be changed even with your consent it is not fit as a security token either. It's great for identity, but it could hardly be worse for authorization.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You must have forgotten that part where this feature is not compulsory. You may continue to use a passcode.
If Apple didn't counter-indicate FaceID for children, they would probably be violating COPA - the act that makes it so companies cannot start fucking around with your data til you are 13. Well, at least, not as freely.
Your ad here. Ask me how!
Everyone else recommends nobody use crappy gimmicks like Face ID.
"Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
I am blessed with young twin babies, they are not identical - boy and girl, so they should be different enough for the system. But in general even if they were identical, I would expect that most twins aren't split between good and evil, meaning in practice it wouldn t be an issue for each of them to use faceid on their own phone. It is a matter of trust if you mind that your twin cannot unlock your phone.
Similarly my wife and I use touchid and we also know the passcode of each other's phone, sometimes it is usful to be able to unlock the other phone.
Too many compromises, too many security holes.
Apple promote Touch ID has having 1 in 50,000 chance of false positive, while Face ID is 1 in 1,000,000
"Promote" is an odd word to use, almost like it's marketing and not real statistics based on experiments or even predictions. Is there a white paper or published study (preferably peer-reviewed) behind those numbers, or is it just insanely incredible marketing?
So ... about 8,000 people on this planet can unlock my phone?
And since they generally have to look like you, the odds that one of those 8000 people is someone of the same race, same heritage, even someone you know, are related to, and perhaps even live...
-facepalm-
You can also probably just disable the screen lock feature entirely.
It's possible you can even use the new Applephone without ever connecting to the Apple servers or having an account with Apple. You can probably use it as a dumbphone.
I might be wrong on this second part, of course.
"Designed in California by Apple."
I would recommend no one should use Face ID, or the IphoneX for that matter.
The NSA thanks you for the updated face scans.
Have you ever fallen asleep at the keybhanusdiog?
"If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice -- just like a human". If the mask or photo is "completely perfect" then how will it tell? If it can tell, then by definition the mask is not perfect.
I strongly suspect that the "not for kids under 13" is mainly to head off legal issues due to the US rules that kids under 13 need explicit parental permission to enroll in services that affect their privacy.
That's also the reason why facebook and many other internet companies' terms and conditions all require you to be at least 13 to sign up as well, they simply don't want to have to deal with the hassle of verifying/validating and keeping records that an actual adult explicitly authorized their kid signing up. If a kid ignores the EULA signs up anyway, then they 'lied' during the signup and facebook can't be held responsible for letting them in.
I went to a trade fair, for IT in schools.
Against my wishes, I was asked to research biometric logins.
Pretty much every single stall that offered anything even remotely like that told me one thing (usually after much probing, or literally having to ask outright if it would work).
They don't work reliably enough for kids. Fingerprints. Iris scans. Face recognition. Every vendor told me the same thing, but they weren't actually ADVERTISING that (obviously). They said they would be good enough for, say, a library where people can just type in a name when it failed but for anything that needed a vague semblance of success, the kid would have to be at last 9/10/11.
As far as I was concerned, this was a welcome relief as I could honestly say that every vendor had said their products wouldn't be suitable for the product research I was asked to do. But it did make me wonder why they were there, still.
Apparently until they're "grown up", about 15/16, the chances of having to constantly re-register them are high and they had an awful lot of product returns etc. where people were using them with younger users.
In a way, a great thing. But I was also surprised that the tech was just that fragile.
Buy the 8, SE, 7 or 6S (or Droid) and vote with your wallet against this half arsed system AND save a bundle in the process.
To vote with your wallet, you need to buy from another party. Otherwise they think you just arent rich enough and will want it when it gets cheaper.
It is, it is just that those odds are met in about 80% of the cases. In other words: in 20% of the time it works all the time.
Don't fight for your country, if your country does not fight for you.
Marketing speak, and to hit the numbers they just added a whole lot of restrictions.
iPhone 9: The new Face ID has a 1 in 1,000,000,000 false positive rate. Note to achieve this your face needs to be permanently and uniquely disfigured in a horrible industrial accident. However we don't suggest you use this feature if you lost your nose completely, only if it is bent in a non-standard direction. Using it without a nose may cause a false positive for other disfigured people who also lost their noses.
Apple recommends doing a lot of heroin as a child as you may end up with heterochromia and the missmatched eye colours can further help to secure your device.
One in a million means that there are likely to be around 6,000 people in the world that can unlock your phone. Spread across the world, that's fine, but they're likely to be clustered geographically close to you because people typically migrate slowly and similar phenotypes are likely to be clustered - TFA shows the worst case of this: children of the same parents are often physically similar and many people live near relatives. In contrast, the distribution of fingerprints appears to be fairly uniform - siblings and even monozygotic twins often have completely different fingerprint patterns. This is the same problem as DNA 'fingerprinting'. Statistically, there are likely to be around 50 people in the UK who have the same DNA fingerprint, which seems like a good ratio for law enforcement, but they're similarly likely to be geographically clustered, so you may have 10-20 of them in the same city as the perpetrator, making the false positive rate very high.
I am TheRaven on Soylent News
twins make up a bit under 5% of births, identical twins about 0.4%, siblings that look similar would probably push that to 10% or higher. The ability to scan someones face and produce realistic models is also not difficult and can be done without you even being aware it is happening. I would say that 1 in a million is bullshit number and probably comes with a disclaimer of "under ideal conditions" which would limit it to random members of the public trying to access the phone of someone unrelated.
It's probably even possible to not buy that phone at all and get a different one!
...Face ID sucks!
Know what would be nice? A face recognition app that tells me the name of the person I'm talking to. I have a little bit of trouble with faces, even when it comes to close friends, so it would be nice if I had some Augmented Reality overlay to tell me who they are when I haven't seen them for a while. Luckily, so far other people recognise me readily enough so that compensates for my deficiency.
Now... if this app I'm suggesting could also tell identical twins apart... that would be awesome.
"Everybody's naked underneath" -- The Doctor
This is the same problem as DNA 'fingerprinting'. Statistically, there are likely to be around 50 people in the UK who have the same DNA fingerprint..
Not that I'm doubting your 'integrity' (fwiw, I'm not) but this is a new statistic to me and one which, if true, is seriously troubling.
Would you, by any chance, have a reference to a reliable source for this figure? If that reference went into detail regarding accuracy based on number of STR's used or the number of sample sites or the like so much the better.
I have had a quick search online but I'm not seeing anything that would suggest a figure anywhere remotely close to the one you give (ignoring immediate family for a second, a 1 in 64 billion chance of a similar profile doesn't give rise to your statistic in a population of about 65 million people). Hence a link would be greatly appreciated. Thanks, in advance!
The probability that a random person in the population could look at your iPhone X and unlock it using Face ID is approximately 1 in 1,000,000 (versus 1 in 50,000 for Touch ID)... The probability of a false match is different for twins and siblings that look like you as well as among children under the age of 13, because their distinct facial features may not have fully developed. If you're concerned about this, we recommend using a passcode to authenticate.
Until we have some third party testing on how easy it is to fool Face ID, I'm reserving judgment.
1 in 1,000,000 with 5% confidence ;-)
Would you, by any chance, have a reference to a reliable source for this figure?
I don't have the original source for the number. I heard it in a Royal Institution Christmas Lecture Series ('Faraday Lecture') about 15-20 years ago. The fingerprinting technology may have improved since then, though given how long it takes before a new technique can be approved for use in court, I'd be surprised if it's much different.
I am TheRaven on Soylent News
Apple confirms what I have thought for years. All kids look alike.
It doesn't work.
Yes, and the distribution of those people is important. If fingerprints have 150,000 people randomly distributed through the entirety of earth's population that would unlock your phone, that's not bad. It would be pretty hard to find one of those people. It would be much better than say, in the worst case, that the 7,500 people that can unlock your phone with FaceID happen to be your 7,500 closest relatives, which would be fairly easy to find. This is an extreme example, but it demonstrates my point in the importance of the distribution.
SIG FAULT: Post index out of bounds.
"So you're saying there's a chance... YES!" -- Lloyd
SIG FAULT: Post index out of bounds.
This is one of the few times I have seen "incredible" used to mean what it actually means. Well done, sir.
SIG FAULT: Post index out of bounds.
Really? You think it's easier to copy the contours and depths of a face than a fingerprint that you can collect with a piece of tape?
SIG FAULT: Post index out of bounds.
Well, I actually did learn that I have someone who looks stunningly like me without even being related to me in any way. Unlike me, though, he can actually play the guitar and sing, otherwise you could think he's my twin.
So it needn't even be someone living with you or related to you. But of course you're right, the chances are vastly higher in your own family.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
What about sheep ?
You can't make a safe distinction between sheep's faces.
So why did Apple implement this face recognition is beyond me.
aaaaaaa
I haven't ever bought an iPhone, but I wouldn't be surprised if you couldn't even make emergency calls unless you've set up your iTunes account.
1:1,000,000 for a random fucking stranger maybe -- but it sure as hell seems higher than that if they're warning about /siblings that look like you/. That's even identical, that's fairly close. This should raise fidelity questions of the scans, and the need for this shitty technology in the first place.
A one in a thousand chance that somebody who "looks just like you" can unlock your phone is still pretty low.
Of course news about a fake are Fake News.
That is so wrong it's not even funny. They had nothing to do with the development of the fingerprint sensor... They bought the company over, right underneath Google which was planning to do it on their next phone
How dare they buy a company that Google wanted to buy to pretend they developed something!
Of course news about a fake are Fake News.
And if it CANNOT be changed even with your consent it is not fit as a security token either. It's great for identity, but it could hardly be worse for authorization.
Hunh? I'll break your nose for free. "Problem" solved, motherfucker.
Of course news about a fake are Fake News.
You must have forgotten that part where this feature is not compulsory. You may continue to use a passcode.
Yeah, but the chances that your twin (even non-identical) knows your birthday you use as your passcode are 100%.
Of course news about a fake are Fake News.
We're doing something we think is cool, fuck whomever it doesn't work for.
You can't use your phone to make phone calls if your are dumb. And heck, are you dumb as fuck.
Of course news about a fake are Fake News.
Yes, and the distribution of those people is important. If fingerprints have 150,000 people randomly distributed through the entirety of earth's population that would unlock your phone, that's not bad. It would be pretty hard to find one of those people. It would be much better than say, in the worst case, that the 7,500 people that can unlock your phone with FaceID happen to be your 7,500 closest relatives, which would be fairly easy to find. This is an extreme example, but it demonstrates my point in the importance of the distribution.
Errm, dude, only in our home town everybody under 30 looks like the postman.
Of course news about a fake are Fake News.
This is the same problem as DNA 'fingerprinting'. Statistically, there are likely to be around 50 people in the UK who have the same DNA fingerprint..
Not that I'm doubting your 'integrity' (fwiw, I'm not) but this is a new statistic to me and one which, if true, is seriously troubling.
Would you, by any chance, have a reference to a reliable source for this figure? If that reference went into detail regarding accuracy based on number of STR's used or the number of sample sites or the like so much the better.
https://youtu.be/ScmJvmzDcG0?t...
Of course news about a fake are Fake News.
Thanks, I think (bloody geoblocking...)
I'll find a US proxy at some point and give it a look.