Having data that proves something and producing data that proves something are two differing things. One is science and the other is pseudo-science.
In this case it has nothing to do with science, just business. Google produces data for advertisers that proves their ads are working (or not, as the case may be).
Online advertising doesn't work and Google now has hard data to prove it.
Google's financial success is directly attributable to the fact that Google has hard data to prove that online advertising does work, and exactly how well specific ad campaigns are working. Combining click data and online retailer site analytics allows Google to tell advertisers exactly how their ads are working (or not). That same level of information hasn't been available for brick and mortar retailers who advertise online though. This seems like an effort to fix that.
My first thought was how Google would have access to that information?
My guess is that it's from the retailers themselves. They have an interest in understanding how well their online advertising campaigns are working, and by providing information to Google they can "close the loop", seeing exactly how their online ads did or did not turn into sales.
If this is about closing the loop on item advertising (rather than store brand advertising), it really has to be provided by the retailers, because only they have the item-level detail. The credit card issuer knows how much you spent and when and where, but not what you bought (except what can be inferred from the type of store).
Honestly, I don't know why people find this surprising. It's a very natural extension of how Google works with online retailers. Google has long been able to tell online retailers how effective their ad campaigns were by correlating analytics from the retailer's site with information about advertising clicks. With access to retailer site analytics, Google can determine what percentage of clicks turn into sales.
That allows advertisers to understand exactly how effective their advertising dollars are -- which is the core problem that has plagued the advertising business forever. The old saw in the advertising world is "I know that 50% of my advertising budget is working... I just don't know which 50%". Google's financial success is as much attributable to the solving of that problem as it is to solving the problem of how to find what people are looking for on the Internet. Knowing what ads are working and not working allows retailers to optimize their advertising strategy, to either generate more sales or generate the same amount of sales with less ad expenditure.
So, it seems to me that this is just the logical extension of that same model for brick and mortar retailers who advertise online. Retailers can give Google access to transaction data, and Google can correlate it with ad clicks to determine how effective the ad campaigns are.
Also, I thought the issue with Colbert's comment was that he tried to insult Trump by claiming that he performs homosexual acts as if that were something to be ashamed of.
Nope. That's how Trump's partisans tried to spin it, but that's not at all what Colbert was doing. Watch the monologue. There isn't really any doubt about the intent.
Trump has made many attempts to silence speech he doesn't like, like kicking major news organizations out of the White House press corps, to name just one example among many. He undertstands that the system stops him from doing it, but he clearly sees that as a bug, not a feature. Watch the monologue, Colbert makes this point quite well.
The original complaint was that the system in and of itself is not a good security system due to it being useful for identification but NOT authentication, and any system that uses it for both, is easily and irrevocably broken.
No, the original complaint was that biometrics (in general, not this specific system) are insecure because you can't change your body parts. Read back up the thread.
Also, no system under discussion uses biometrics for both identification and authentication. I don't know what you're talking about.
You keep changing the circumstances to justify your argument. Now we're up to armed guard in a nuclear weapons facility as proof that a biometric authentication system is somehow "secure".
I was illustrating a highly secure implementation, to demonstrate that it's the system as a whole that matters.
Sorry but "put a big guy holding a gun next to it" doesn't fix the broken authentication mechanism, it just prevents others from trying to take advantage of the fact it's broken.
You missed the point. It's not the gun that matters, it's the scrutiny of the finger, which makes fooling the scanner extremely difficult... and hence the security not broken.
The point is that context matters. If you can't see that, you really don't understand how to analyze security systems.
And the subset of that group which is willing to accept that aliens may be the most likely answer, based on current knowledge and theories.
Since we have zero knowledge of, or evidence for, aliens, I don’t see how that can ever be the most likely answer.
We also have zero knowledge of, or evidence for, the lack of aliens. The law of parsimony suggests that since we have no specific reason to believe that we're unique in the universe, we should assume that we're not.
When you consider the immense distances between stars, and the vast aeons of time our galaxy has existed, even if life had arisen elsewhere and, against all odds, evolved intelligence, the chances of them being our contemporaries is, well, astronomical.
This is only true if you believe that intelligent life is extremely rare and/or short-lived.
Also, Fermi’s Paradox.
Fermi's Paradox ignores the fact that human recorded history, and especially human technological history, is a vanishingly short interval of time. Given the abundance in the universe, there's no reason for an interstellar traveling species to be particularly interested in our planet. It seems likely that the only thing remotely interesting about Earth is us, and we've only been a detectable feature for a little under a hundred years (when we started pumping out radio waves). Given the light-speed propagation delay of that information, even assuming intelligent, spacefaring species are relatively abundant, how many can even know we exist yet? For that matter, we may *still* not be advanced enough to be interesting to interstellar travelers. Also, even if Earth is interesting enough for a visit, who's to say they didn't drop by several thousand years ago. How would we know unless they stayed? For that matter, they could have stopped by just a few hundred years ago, and as long as they were circumspect we'd never have noticed.
No, I think the only thing that the Fermi Paradox line of thought tells us is that faster than light travel probably is as impossible as we currently think it is. If FLT were feasible, then it's much more likely that someone within the ~200 light-year sphere within reach of our radio waves might have noticed us and have had time to come visit. Assuming we're interesting enough to visit, that is, which is a big assumption.
Actually, it wasn't intended to be that much of a joke. A little, sure, but the only source of humor was the shock value.
His real point, and his reason for using such a surprisingly crude phrase, was a very serious one. He was making the point that in America one can say the nastiest things possible about the most powerful government officials without fear of consequences. His rant was about free speech, about how crucial it is and about how Trump has absolutely no respect for it... but in spite of Trump's lack of respect for the principle, the principle holds, and Trump's power can do nothing about it.
When you understand the whole context, this FCC ruling is an important victory for all Americans, even those who found it offensive. Which, to be honest, included me, though I understood the point and appreciated the value of the point and the fact that the very offensiveness of the comment was what made the point forceful.
In trying to say the most insulting, offensive thing he could think of to paint Donald Trump with, he thought of an act of love between two men.
With all respect, I don't think the phrase "cock holster" implies any sort of love, regardless of the genders involved. It doesn't imply an act of giving pleasure, it implies use as a storage location.
Your nuclear weapons plant security is a pipe dream.
Have you ever worked in nuclear weapons security? I have. I have a very good idea of what is and is not practical in that context.
However, I will readily admit that I exaggerated both systems; I described a phone scanner that is considerably worse than real devices, and a nuclear weapons storage entry scanner that is probably stricter than what would really be implemented.
I wasn't claiming that iris is generally better than fingerprint, I was saying that it's likely more secure against penetration by a phone thief. Security is context-dependent, and in that context iris is probably harder to get past than fingerprint. Iris is probably less secure than fingerprint against friends and family, who probably have many high-quality photographs of your eyes, and can easily get more.
I suspect that the speed and accuracy of the fingerprint scanner adds more to it's convenience than the iris scanner
Perhaps. If the iris scanner is extremely good and fast it could actually be more convenient than fingerprint. Suppose that all you had to do was to point your phone vaguely in the direction of your face (as you must do to look at it), and it unlocked in 50 ms (instantly, from a human perspective).
Additionally, despite leaving my prints on my phone, the odds of retrieving one that is clear enough to work with are relatively low.
Not as much as you might think. A couple of guys on my team tested Nexus 4, 5 and 6 a couple of years ago, and found that all three of them captured great fingerprints that could be recovered by shining a light on the device at the correct angle and taking a photograph with another phone. The N5 and N6 were actually better than the N4, even though the N4 has a glass back. Smooth plastic seems to hold fingerprints better than glass, even though they're less visible. They tend to smudge a little more easily on glass, I think.
Assuming you're the AC above, after your initial response you have zero right to expect any sort of reasoned discussion. And I have fed you far more than I should.
You constantly ignore the problem. I don't talk about secrecy. I don't talk about rotation.
I talk about that a compromised security system has to be replaced or to be repaired -- whatever the breach was.
But you can't neither replace nor repair your own biometrics. Once they are compromised, they stay compromised.
You're confusing the system with the data.
Okay, let's try this. Suppose I have two systems: my phone, and the nuclear weapons storage facility that I work at. The phone has a cheap scanner will accept anything that looks vaguely like my fingerprint. The nuclear weapons storage facility has a high-quality fingerprint scanner with such tight matching parameters that I must scrub my finger clean before attempting to scan it, and is overseen by an armed guard who checks that my finger is my finger, nothing more and nothing less. He knows how to spot fake finger overlays.
Now, suppose that someone steals my phone, lifts my fingerprint off of it, makes a photocopy, and my phone accepts that photocopy and unlocks. The phone has been completely compromised.
Now, does this also compromise the nuclear weapons storage facility?
Porat was asked a question that was about a gender-related complaint and Schmidt apparently stopped the complaint from being discussed
Yeah, I mean Gods forbid Eric Schmidt the goddamned chairman of the fucking board have the temerity to open his mouth to lead the discussion when an exalted womyn is dropping her pearls of wisdom before the ungrateful swine.
I mean...the nerve.
Yeah, how dare she expect that she should feel comfortable at work.
If being interrupted by the opposite sex is a "gender-related" thing by now then I should top the charts of oppression and my wife has a lot of 'splainin to do.
The problem wasn't the interruption so much as the context. Porat was asked a question that was about a gender-related complaint and Schmidt apparently stopped the complaint from being discussed and turned it into a joke. Depending on the nature of the complaint, that could be really hurtful to the person who'd screwed up their courage enough to ask such a question in front of the whole company (I'm assuming the "large company meeeting" was the weekly whole-company TGIF).
Note that although I work for Google, and occasionally read "Yes, at Google", I haven't read anything about the described scenario other than what's in the summary here. I don't know the context, or even if it really happened. I'm just commenting on the hypothetical.
I'll add that I think the mailing list is awesome. Its purpose isn't to chastise anyone, or tell management about problems... those are HR functions and shouldn't be handled through an open mailing list. Its purpose is simply to raise awareness of the fact that sometimes really bad things happen at Google. Google is an open, friendly, egalitarian place and it's tempting for people to think that sexual harrasment, racial discrimination, etc., couldn't happen at Google. The mailing list shows otherwise and serves to help people learn to notice it. It also serves to raise awareness of the small ways in which people make their co-workers uncomfortable, often without even realizing it. It exposes people to different viewpoints and broadens their outlook.
The mailing list is a good thing. You should start one at your workplace.
I think by now everyone on Slashdot knows that biometrics provide very little actual security.
It depends on the context and on the details of the biometric system. Of course, this is *always* true; "security" not only isn't a boolean, it's not even a continuum. It's an n-dimensional tensor. To determine what security you have, you have to think about the avenues of attack, the nature of likely attackers and the risk that you're trying to protect against.
For example, it would be fine to use a fingerprint sensor to control access to a nuclear missile silo. The fingerprint sensor wouldn't be the only element of the security system, but it would be perfectly reasonable to use as a method to authenticate an authorized individual... as long as the system ensures that faking fingerprints is extremely difficult. Given an armed guard who is trained to spot fake finger overlays, and with instructions to detain or kill anyone who attempts to subvert the system, the security level would be quite high.
In fact, nuclear weapon security *does* rely on biometric authentication, but it's normally the old-fashioned face recognition kind, where one human attempts to match another human's face against a small photo on a plastic card. Fingerprint scanners are harder to fool than that, assuming the guard doesn't know the entrant personally.
Of course, we're talking about biometric scanners in consumer devices, where the attacker has complete freedom to try anything he likes to fool them. That's a different context.
That said, they do provide a very real solution to a very real problem. My phone has too much information on it to leave completely unprotected, but at the same time, I unlock it so many times a day that entering a long and complex passphrase each time is impractical.
Yes, this is the reason biometric authentication on phones is a good idea. Now, if you have really important data on your phone a fingerprint may still not be good enough. You have to decide.
I see the fingerprint authentication on my phone as being enough to stop my toddler from doing too much harm to my settings, or my friends from pranking me at the bar
It's worth pointing out that against your friends and family, a fingerprint is probably more secure than a simple password (or PIN or pattern; they're all passwords). Unless you have unusual friends or family, it's very likely that they would find shoulder surfing much easier than manufacturing a fake fingerprint, even though they have ready access to your prints.
it's also enough to foil the vast majority of casual pickpockets
Here's an area where iris authentication may be better than fingerprint. A phone thief who is willing to go to the effort of manufacturing gummi fingers to fool fingerprint scanners is likely to be able to lift a copy of your fingerprints off of the surface of your phone. He's less likely to be able to get an infrared photograph of your eye.
Now if I was asked to use biometrics to authenticate my car, house, workplace, or bank account, I'd object a lot more
Are you sure your phone isn't a key to any of those things? Odds are good that it *is* a key to your bank account.
Any pair of key and lock which is compromitted should be replaced. You change your locks once someone broke in your home, or someone has a key you don't trust any longer. You change your password once you notice someone was in your account. But you can't change your biometrics. So what happens to the locks your biometrics were the key to?
Locks are a bad analogy, just like passwords. Locks also rely on secrecy, in this case on the secrecy of the shape of the key.
Rather than trying to analogize, analyze the security of biometric systems directly, on their own basis. Assume that the biometric data is known to the attacker (this is the only reasonable assumption), and if rotation were feasible, that that attacker would also know the new data. Think about the contexts in which the system will be used, and the obstacles that the attacker must overcome in order to successfully present the known data to the system. Those obstacles represent the security level of the system. Secrecy is irrelevant, therefore rotation is irrelevant.
Fingerprint scanners can be fooled fairly easily. Two easy to fool things may discourage casual access, but it's hardly TLA type stuff. It's well within the reach of crazy ex or business rival.
In general, if TLA security is your goal, you have two realistic options: (1) Hide among the masses or (2) give up. It's a certainty that no consumer-level device will keep you secure if you're being targeted by a nation-state.
With respect to fingerprint, etc., scanners in phones, just keep in mind that biometric authentication is strictly weaker security than a PIN[1] and you're good.
[1] "Weaker than a PIN" is an approximation. Whether or not it's true depends on who the attacker is. If the attacker is a nation-state, it's absolutely true. If it's your friend or family member.... biometric auth may be stronger than a PIN against someone who's in a position to shoulder surf.
This answer assumes errorneously that I would consider biometric information a secret.
Okay, working from the assumption that biometrics are public information, it's easy to see why rotation is irrelevant. The whole purpose of password rotation is that passwords provide security only if they are secret, and secrecy erodes over time. Rotation is how we fix loss of secrecy. But biometrics are not secret and therefore there would be no security benefit of rotation even if you could do it.
You can take a database of potential matches and narrow it down probabilistically using biometrics, but absolute identification cannot be achieved. There is no guarantee of uniqueness, and even if there were, the matching process is inherently fuzzy and imprecise, so even if two people absolutely have different fingerprints (or whatever), it may still be that their prints are similar enough that the matching process decides they're the same.
You cannot authenticate their intent that way. That's why we have PIN numbers and passwords.
In general, you can't authenticate intent with PIN numbers or passwords either, unless the password in question is only ever used for exactly one purpose, which is rarely true. What you can do is to offer a clear question to the user and let them answer. The process of answering provides an indication of intent, and this is true whether the process requires merely clicking "Okay" or typing a 20-digit random number. The more difficult the process the less likely it is that you're going to get an inadvertent approval (lacking intent), but that's still independent of the type of process.
It's reasonable to use a password as part of an intent-determination process. It's equally reasonable to use a biometric. In both cases you must take care to structure the process to minimize the chance of inadvertent approvals.
Biometrics are really analogous to user names, not passwords.
They're neither. Usernames require uniqueness and exactness of matching that biometrics lack. Matching efficiency of biometrics is also absysmally low, compared to good usernames.
Passwords require secrecy that biometrics lack.
Biometrics simply do not fit into the username/password security model. Biometrics can provide useful security, depending on the context and the requirements, but they work differently. To work well, they also need to be paired with a username (like passwords do), so that you can tell which data to try to match the livescan against. So they're more similar to passwords than to usernames, but they're not much like passwords because they are not and cannot be secret. What security they have derives from the difficulty (or not) of faking the scanner into believing that the data presented is a real body part. In this case, that difficulty is obviously very low. That doesn't make it useless, it just means that it's only appropriate for contexts that require only a low level of security but more than "swipe to unlock".
The only real problem with these consumer device biometric authentication scanners is that consumers often believe them to have a higher level of security than they do. As long as everyone understands that they are strictly weaker than a password, and potentially much weaker, we're good.
Slashdot Mirror
Having data that proves something and producing data that proves something are two differing things. One is science and the other is pseudo-science.
In this case it has nothing to do with science, just business. Google produces data for advertisers that proves their ads are working (or not, as the case may be).
Is this why every sales clerk these days asks for an email address whenever you buy something with a credit card?
I haven't encountered that. I would guess that is more so they can email promotions to you.
Online advertising doesn't work and Google now has hard data to prove it.
Google's financial success is directly attributable to the fact that Google has hard data to prove that online advertising does work, and exactly how well specific ad campaigns are working. Combining click data and online retailer site analytics allows Google to tell advertisers exactly how their ads are working (or not). That same level of information hasn't been available for brick and mortar retailers who advertise online though. This seems like an effort to fix that.
My first thought was how Google would have access to that information?
My guess is that it's from the retailers themselves. They have an interest in understanding how well their online advertising campaigns are working, and by providing information to Google they can "close the loop", seeing exactly how their online ads did or did not turn into sales.
If this is about closing the loop on item advertising (rather than store brand advertising), it really has to be provided by the retailers, because only they have the item-level detail. The credit card issuer knows how much you spent and when and where, but not what you bought (except what can be inferred from the type of store).
Honestly, I don't know why people find this surprising. It's a very natural extension of how Google works with online retailers. Google has long been able to tell online retailers how effective their ad campaigns were by correlating analytics from the retailer's site with information about advertising clicks. With access to retailer site analytics, Google can determine what percentage of clicks turn into sales.
That allows advertisers to understand exactly how effective their advertising dollars are -- which is the core problem that has plagued the advertising business forever. The old saw in the advertising world is "I know that 50% of my advertising budget is working... I just don't know which 50%". Google's financial success is as much attributable to the solving of that problem as it is to solving the problem of how to find what people are looking for on the Internet. Knowing what ads are working and not working allows retailers to optimize their advertising strategy, to either generate more sales or generate the same amount of sales with less ad expenditure.
So, it seems to me that this is just the logical extension of that same model for brick and mortar retailers who advertise online. Retailers can give Google access to transaction data, and Google can correlate it with ad clicks to determine how effective the ad campaigns are.
Oops, forgot to respond to this part:
Also, I thought the issue with Colbert's comment was that he tried to insult Trump by claiming that he performs homosexual acts as if that were something to be ashamed of.
Nope. That's how Trump's partisans tried to spin it, but that's not at all what Colbert was doing. Watch the monologue. There isn't really any doubt about the intent.
Trump has made many attempts to silence speech he doesn't like, like kicking major news organizations out of the White House press corps, to name just one example among many. He undertstands that the system stops him from doing it, but he clearly sees that as a bug, not a feature. Watch the monologue, Colbert makes this point quite well.
The original complaint was that the system in and of itself is not a good security system due to it being useful for identification but NOT authentication, and any system that uses it for both, is easily and irrevocably broken.
No, the original complaint was that biometrics (in general, not this specific system) are insecure because you can't change your body parts. Read back up the thread.
Also, no system under discussion uses biometrics for both identification and authentication. I don't know what you're talking about.
You keep changing the circumstances to justify your argument. Now we're up to armed guard in a nuclear weapons facility as proof that a biometric authentication system is somehow "secure".
I was illustrating a highly secure implementation, to demonstrate that it's the system as a whole that matters.
Sorry but "put a big guy holding a gun next to it" doesn't fix the broken authentication mechanism, it just prevents others from trying to take advantage of the fact it's broken.
You missed the point. It's not the gun that matters, it's the scrutiny of the finger, which makes fooling the scanner extremely difficult... and hence the security not broken.
The point is that context matters. If you can't see that, you really don't understand how to analyze security systems.
And the subset of that group which is willing to accept that aliens may be the most likely answer, based on current knowledge and theories.
Since we have zero knowledge of, or evidence for, aliens, I don’t see how that can ever be the most likely answer.
We also have zero knowledge of, or evidence for, the lack of aliens. The law of parsimony suggests that since we have no specific reason to believe that we're unique in the universe, we should assume that we're not.
When you consider the immense distances between stars, and the vast aeons of time our galaxy has existed, even if life had arisen elsewhere and, against all odds, evolved intelligence, the chances of them being our contemporaries is, well, astronomical.
This is only true if you believe that intelligent life is extremely rare and/or short-lived.
Also, Fermi’s Paradox.
Fermi's Paradox ignores the fact that human recorded history, and especially human technological history, is a vanishingly short interval of time. Given the abundance in the universe, there's no reason for an interstellar traveling species to be particularly interested in our planet. It seems likely that the only thing remotely interesting about Earth is us, and we've only been a detectable feature for a little under a hundred years (when we started pumping out radio waves). Given the light-speed propagation delay of that information, even assuming intelligent, spacefaring species are relatively abundant, how many can even know we exist yet? For that matter, we may *still* not be advanced enough to be interesting to interstellar travelers. Also, even if Earth is interesting enough for a visit, who's to say they didn't drop by several thousand years ago. How would we know unless they stayed? For that matter, they could have stopped by just a few hundred years ago, and as long as they were circumspect we'd never have noticed.
No, I think the only thing that the Fermi Paradox line of thought tells us is that faster than light travel probably is as impossible as we currently think it is. If FLT were feasible, then it's much more likely that someone within the ~200 light-year sphere within reach of our radio waves might have noticed us and have had time to come visit. Assuming we're interesting enough to visit, that is, which is a big assumption.
We can only guess his reasons since we don't know what was going on in his head.
You haven't watched the monologue. He explained his rationale very clearly. There was no ambiguity, and no need for guessing.
he just made a crude unfunny joke
Actually, it wasn't intended to be that much of a joke. A little, sure, but the only source of humor was the shock value.
His real point, and his reason for using such a surprisingly crude phrase, was a very serious one. He was making the point that in America one can say the nastiest things possible about the most powerful government officials without fear of consequences. His rant was about free speech, about how crucial it is and about how Trump has absolutely no respect for it... but in spite of Trump's lack of respect for the principle, the principle holds, and Trump's power can do nothing about it.
When you understand the whole context, this FCC ruling is an important victory for all Americans, even those who found it offensive. Which, to be honest, included me, though I understood the point and appreciated the value of the point and the fact that the very offensiveness of the comment was what made the point forceful.
Agreed, ordinary proof is sufficient.
In trying to say the most insulting, offensive thing he could think of to paint Donald Trump with, he thought of an act of love between two men.
With all respect, I don't think the phrase "cock holster" implies any sort of love, regardless of the genders involved. It doesn't imply an act of giving pleasure, it implies use as a storage location.
Sorry, but it is your turn to be labelled without evidence. Prepare for 7 and a half more years of it, bigot.
So... you can't substantiate your claim. Big surprise.
Your nuclear weapons plant security is a pipe dream.
Have you ever worked in nuclear weapons security? I have. I have a very good idea of what is and is not practical in that context.
However, I will readily admit that I exaggerated both systems; I described a phone scanner that is considerably worse than real devices, and a nuclear weapons storage entry scanner that is probably stricter than what would really be implemented.
I think you misunderstood my point.
I did. Thanks for the clarification.
As for iris being better than fingerprint.
And I think you misunderstood mine :-).
I wasn't claiming that iris is generally better than fingerprint, I was saying that it's likely more secure against penetration by a phone thief. Security is context-dependent, and in that context iris is probably harder to get past than fingerprint. Iris is probably less secure than fingerprint against friends and family, who probably have many high-quality photographs of your eyes, and can easily get more.
I suspect that the speed and accuracy of the fingerprint scanner adds more to it's convenience than the iris scanner
Perhaps. If the iris scanner is extremely good and fast it could actually be more convenient than fingerprint. Suppose that all you had to do was to point your phone vaguely in the direction of your face (as you must do to look at it), and it unlocked in 50 ms (instantly, from a human perspective).
Additionally, despite leaving my prints on my phone, the odds of retrieving one that is clear enough to work with are relatively low.
Not as much as you might think. A couple of guys on my team tested Nexus 4, 5 and 6 a couple of years ago, and found that all three of them captured great fingerprints that could be recovered by shining a light on the device at the correct angle and taking a photograph with another phone. The N5 and N6 were actually better than the N4, even though the N4 has a glass back. Smooth plastic seems to hold fingerprints better than glass, even though they're less visible. They tend to smudge a little more easily on glass, I think.
Assuming you're the AC above, after your initial response you have zero right to expect any sort of reasoned discussion. And I have fed you far more than I should.
You constantly ignore the problem. I don't talk about secrecy. I don't talk about rotation.
I talk about that a compromised security system has to be replaced or to be repaired -- whatever the breach was.
But you can't neither replace nor repair your own biometrics. Once they are compromised, they stay compromised.
You're confusing the system with the data.
Okay, let's try this. Suppose I have two systems: my phone, and the nuclear weapons storage facility that I work at. The phone has a cheap scanner will accept anything that looks vaguely like my fingerprint. The nuclear weapons storage facility has a high-quality fingerprint scanner with such tight matching parameters that I must scrub my finger clean before attempting to scan it, and is overseen by an armed guard who checks that my finger is my finger, nothing more and nothing less. He knows how to spot fake finger overlays.
Now, suppose that someone steals my phone, lifts my fingerprint off of it, makes a photocopy, and my phone accepts that photocopy and unlocks. The phone has been completely compromised.
Now, does this also compromise the nuclear weapons storage facility?
Porat was asked a question that was about a gender-related complaint and Schmidt apparently stopped the complaint from being discussed
Yeah, I mean Gods forbid Eric Schmidt the goddamned chairman of the fucking board have the temerity to open his mouth to lead the discussion when an exalted womyn is dropping her pearls of wisdom before the ungrateful swine.
I mean...the nerve.
Yeah, how dare she expect that she should feel comfortable at work.
If being interrupted by the opposite sex is a "gender-related" thing by now then I should top the charts of oppression and my wife has a lot of 'splainin to do.
The problem wasn't the interruption so much as the context. Porat was asked a question that was about a gender-related complaint and Schmidt apparently stopped the complaint from being discussed and turned it into a joke. Depending on the nature of the complaint, that could be really hurtful to the person who'd screwed up their courage enough to ask such a question in front of the whole company (I'm assuming the "large company meeeting" was the weekly whole-company TGIF).
Note that although I work for Google, and occasionally read "Yes, at Google", I haven't read anything about the described scenario other than what's in the summary here. I don't know the context, or even if it really happened. I'm just commenting on the hypothetical.
I'll add that I think the mailing list is awesome. Its purpose isn't to chastise anyone, or tell management about problems... those are HR functions and shouldn't be handled through an open mailing list. Its purpose is simply to raise awareness of the fact that sometimes really bad things happen at Google. Google is an open, friendly, egalitarian place and it's tempting for people to think that sexual harrasment, racial discrimination, etc., couldn't happen at Google. The mailing list shows otherwise and serves to help people learn to notice it. It also serves to raise awareness of the small ways in which people make their co-workers uncomfortable, often without even realizing it. It exposes people to different viewpoints and broadens their outlook.
The mailing list is a good thing. You should start one at your workplace.
I think by now everyone on Slashdot knows that biometrics provide very little actual security.
It depends on the context and on the details of the biometric system. Of course, this is *always* true; "security" not only isn't a boolean, it's not even a continuum. It's an n-dimensional tensor. To determine what security you have, you have to think about the avenues of attack, the nature of likely attackers and the risk that you're trying to protect against.
For example, it would be fine to use a fingerprint sensor to control access to a nuclear missile silo. The fingerprint sensor wouldn't be the only element of the security system, but it would be perfectly reasonable to use as a method to authenticate an authorized individual... as long as the system ensures that faking fingerprints is extremely difficult. Given an armed guard who is trained to spot fake finger overlays, and with instructions to detain or kill anyone who attempts to subvert the system, the security level would be quite high.
In fact, nuclear weapon security *does* rely on biometric authentication, but it's normally the old-fashioned face recognition kind, where one human attempts to match another human's face against a small photo on a plastic card. Fingerprint scanners are harder to fool than that, assuming the guard doesn't know the entrant personally.
Of course, we're talking about biometric scanners in consumer devices, where the attacker has complete freedom to try anything he likes to fool them. That's a different context.
That said, they do provide a very real solution to a very real problem. My phone has too much information on it to leave completely unprotected, but at the same time, I unlock it so many times a day that entering a long and complex passphrase each time is impractical.
Yes, this is the reason biometric authentication on phones is a good idea. Now, if you have really important data on your phone a fingerprint may still not be good enough. You have to decide.
I see the fingerprint authentication on my phone as being enough to stop my toddler from doing too much harm to my settings, or my friends from pranking me at the bar
It's worth pointing out that against your friends and family, a fingerprint is probably more secure than a simple password (or PIN or pattern; they're all passwords). Unless you have unusual friends or family, it's very likely that they would find shoulder surfing much easier than manufacturing a fake fingerprint, even though they have ready access to your prints.
it's also enough to foil the vast majority of casual pickpockets
Here's an area where iris authentication may be better than fingerprint. A phone thief who is willing to go to the effort of manufacturing gummi fingers to fool fingerprint scanners is likely to be able to lift a copy of your fingerprints off of the surface of your phone. He's less likely to be able to get an infrared photograph of your eye.
Now if I was asked to use biometrics to authenticate my car, house, workplace, or bank account, I'd object a lot more
Are you sure your phone isn't a key to any of those things? Odds are good that it *is* a key to your bank account.
Any pair of key and lock which is compromitted should be replaced. You change your locks once someone broke in your home, or someone has a key you don't trust any longer. You change your password once you notice someone was in your account. But you can't change your biometrics. So what happens to the locks your biometrics were the key to?
Locks are a bad analogy, just like passwords. Locks also rely on secrecy, in this case on the secrecy of the shape of the key.
Rather than trying to analogize, analyze the security of biometric systems directly, on their own basis. Assume that the biometric data is known to the attacker (this is the only reasonable assumption), and if rotation were feasible, that that attacker would also know the new data. Think about the contexts in which the system will be used, and the obstacles that the attacker must overcome in order to successfully present the known data to the system. Those obstacles represent the security level of the system. Secrecy is irrelevant, therefore rotation is irrelevant.
Fingerprint scanners can be fooled fairly easily. Two easy to fool things may discourage casual access, but it's hardly TLA type stuff. It's well within the reach of crazy ex or business rival.
In general, if TLA security is your goal, you have two realistic options: (1) Hide among the masses or (2) give up. It's a certainty that no consumer-level device will keep you secure if you're being targeted by a nation-state.
With respect to fingerprint, etc., scanners in phones, just keep in mind that biometric authentication is strictly weaker security than a PIN[1] and you're good.
[1] "Weaker than a PIN" is an approximation. Whether or not it's true depends on who the attacker is. If the attacker is a nation-state, it's absolutely true. If it's your friend or family member.... biometric auth may be stronger than a PIN against someone who's in a position to shoulder surf.
This answer assumes errorneously that I would consider biometric information a secret.
Okay, working from the assumption that biometrics are public information, it's easy to see why rotation is irrelevant. The whole purpose of password rotation is that passwords provide security only if they are secret, and secrecy erodes over time. Rotation is how we fix loss of secrecy. But biometrics are not secret and therefore there would be no security benefit of rotation even if you could do it.
Which means that rotation is a red herring.
You can ID people with iris,fingerprint,DNA.
You can't, really.
You can take a database of potential matches and narrow it down probabilistically using biometrics, but absolute identification cannot be achieved. There is no guarantee of uniqueness, and even if there were, the matching process is inherently fuzzy and imprecise, so even if two people absolutely have different fingerprints (or whatever), it may still be that their prints are similar enough that the matching process decides they're the same.
You cannot authenticate their intent that way. That's why we have PIN numbers and passwords.
In general, you can't authenticate intent with PIN numbers or passwords either, unless the password in question is only ever used for exactly one purpose, which is rarely true. What you can do is to offer a clear question to the user and let them answer. The process of answering provides an indication of intent, and this is true whether the process requires merely clicking "Okay" or typing a 20-digit random number. The more difficult the process the less likely it is that you're going to get an inadvertent approval (lacking intent), but that's still independent of the type of process.
It's reasonable to use a password as part of an intent-determination process. It's equally reasonable to use a biometric. In both cases you must take care to structure the process to minimize the chance of inadvertent approvals.
Biometrics are really analogous to user names, not passwords.
They're neither. Usernames require uniqueness and exactness of matching that biometrics lack. Matching efficiency of biometrics is also absysmally low, compared to good usernames.
Passwords require secrecy that biometrics lack.
Biometrics simply do not fit into the username/password security model. Biometrics can provide useful security, depending on the context and the requirements, but they work differently. To work well, they also need to be paired with a username (like passwords do), so that you can tell which data to try to match the livescan against. So they're more similar to passwords than to usernames, but they're not much like passwords because they are not and cannot be secret. What security they have derives from the difficulty (or not) of faking the scanner into believing that the data presented is a real body part. In this case, that difficulty is obviously very low. That doesn't make it useless, it just means that it's only appropriate for contexts that require only a low level of security but more than "swipe to unlock".
The only real problem with these consumer device biometric authentication scanners is that consumers often believe them to have a higher level of security than they do. As long as everyone understands that they are strictly weaker than a password, and potentially much weaker, we're good.