Author Topic: Might the iPhone X open with a photograph of your face?  (Read 6553 times)

0 Members and 1 Guest are viewing this topic.

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #50 on: September 19, 2017, 12:29:15 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
"What the large print giveth, the small print taketh away."
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 4995
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #51 on: September 19, 2017, 12:38:33 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
(I assume this is a reply to the post before my comment.)

Or indeed, the accelerometers that some insurance companies offer, giving you a discount for being a "good" driver by seeing how much hard acceleration and hard braking you do, whether you speed, etc.
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #52 on: September 19, 2017, 12:39:19 am »
You do realize that if they did say they had collected "information xyz" they would then have to give it to all governments where Apple products were sold.  They couldn't give it to just some of them and not others. because under international law, they are all equal.

So, unless they want to have to give all of any specific kind of information they collect to all governments that want it, equally, they have to claim to not be able to access it for any of them.

Even if that's ridiculous.

Quote from: tooki on Today at 18:28:09

Apple does not have that information, actually. They say they don't collect it, and with the scrutiny Apple gets from its haters, if Apple was sending it back contrary to its claims, somebody would have called them out on it by now. On the contrary, Apple is building a reputation as the only major IT vendor to actively fight for user privacy, to the extent of re-engineering its products to make it impossible for Apple to access user data, fighting the US government on decryption, etc. Remember, Apple doesn't make its money on selling user data and ad revenue, they're actively fighting that...

Edit: P.S. Look into Apple's research on "differential privacy", a method of aggregating data while making it mathematically impossible to identify a specific user or even seeing their data.





Some kind of
zero-knowledge proof?
« Last Edit: September 19, 2017, 12:53:52 am by cdev »
"What the large print giveth, the small print taketh away."
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #53 on: September 19, 2017, 12:39:29 am »
No, it is not simply a liability issue. Biometrics, be it a fingerprint, retina scan or geometric configuration of your face are good to identify you because they are for all practical reasons unique - authentication.

However, they are horrible as a password - authorization. Something acting as a password must be by definition a secret known only to the people authorized to access the protected information. Otherwise there is no need for a password if everyone knows it.

That's a problem with biometrics. We are "leaking" biometric information everywhere we go - every object we touch, every hair we lose (DNA), ever photograph or video that is taken of us. That's like having a few buckets with copies of your house keys made and then leaving them everywhere with a note containing your address. Worse, the house locks (or passwords) can be changed. Your biomarkers are with you for life and the moment they are public, you are screwed if you use them as a password.

So if someone uses biometrics alone as a mean of access control for some feature or authorization of some operation, they are morons and will get compromised sooner or later. This is why Apple is explicit about this.

If you choose to use FaceID or fingerprint to unlock the phone instead of a password you are prioritizing convenience over security. And Apple is telling you as much. Ignore at your own peril.
If you look back at my earlier posts in this thread, I'm very aware of the issues with biometrics. The definition of authentication is confirming whether someone is who he claims to be, which is what this feature does. It's akin to a user name and password. You're allowed to interact with the user data and settings because of this authentication, just like a user name and password would.
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #54 on: September 19, 2017, 12:54:57 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
What do you think happens to the price of health insurance for those unwilling or unable to show the same? They will be required to pay much more, eliminating the benefits of an insurance. The point of insurance is to spread the risks over a large pool of people. If everyone pays for his own risks and costs, it's not insurance any more. You just pay your own bills, plus an insurance company. With better detection and predication of risks, the concept of insurance is becoming ever more problematic.

That's even before any discussion about privacy and having to fully surrender data of all aspects of your life to save a buck. Or not save a buck, because in the end, it'll inevitably all even out and end up where it started. It'll probably hurt quite a few people's feelings in the process too, as research indicates that most of us consider ourselves better than average when it comes to most things, with general health and lifestyle and driving cars being notable examples of self deceit on a grand scale :D
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #55 on: September 19, 2017, 01:19:13 am »
I agree with you totally, but because of the Understanding on Committments in Financial Services we're likely stuck with the FS status quo that existed on February 26, 1998 in a number of areas, health insurance being one of them. What I described to you is consistent with what that will require.

Ive already said too much.


Quote from: Mr. Scram on Today at 18:54:57>Quote from: cdev on Today at 18:29:15
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
What do you think happens to the price of health insurance for those unwilling or unable to show the same? They will be required to pay much more, eliminating the benefits of an insurance. The point of insurance is to spread the risks over a large pool of people. If everyone pays for his own risks and costs, it's not insurance any more. You just pay your own bills, plus an insurance company. With better detection and predication of risks, the concept of insurance is becoming ever more problematic.

That's even before any discussion about privacy and having to fully surrender data of all aspects of your life to save a buck. Or not save a buck, because in the end, it'll inevitably all even out and end up where it started. It'll probably hurt quite a few people's feelings in the process too, as research indicates that most of us consider ourselves better than average when it comes to most things, with general health and lifestyle and driving cars being notable examples of self deceit on a grand scale :D
"What the large print giveth, the small print taketh away."
 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #56 on: September 19, 2017, 01:23:06 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
That to me is the worst because most health condition you can't choose because you are born with them. Why should people with diabetes or who where in an accident have to pay more or not be able to afford life saving health insurance? Isn't not being enough of a burden as it is? They are playing god with who gets to live long healthy lives and who gets sick and dies all to maintain profit. There are some things you just shouldn't be allowed to make money off of.
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #57 on: September 19, 2017, 01:32:08 am »
Its not health insurance that saves those lives, its health care!

But then again, we're told again and again that life is unequal. In some countries, people know from birth that they are going to have to clean up the bodies of dead people and animals, its predestined. Other people live a life of meditation and priestly reflection. What if we started considering things like healthcare and higher education to be a right? Then how do we decide who gets the best and who gets the worst? We would have to attempt to do the best we could with everybody. Same thing with immensely profitable cancer drugs. What about when we set up colonies on Mars. Should we just give air away?  See the problem? Suppose in 50 years most things are done by machines. Most people then wont have incomes. Machines will do all those unpleasant things that people are paid to do now. Sure, high skill very complex jobs will still exist but the meat and potatoes jobs of which there are literally billions will be very rapidly becoming solved problems - solved by technology.

Please let me stop now or I'll get in trouble


Quote from: Beamin on Today at 19:23:06

That to me is the worst because most health condition you can't choose because you are born with them. Why should people with diabetes or who where in an accident have to pay more or not be able to afford life saving health insurance? Isn't not being enough of a burden as it is? They are playing god with who gets to live long healthy lives and who gets sick and dies all to maintain profit. There are some things you just shouldn't be allowed to make money off of.
"What the large print giveth, the small print taketh away."
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #58 on: September 19, 2017, 02:17:13 am »
In the US alcohol was illegal for a period during the Great Depression, leading to the creation of a vast force of quasi police whose job was finding and eliminating alcohol everything. After the worst of the Great Depression they abolished the laws against alcohol and this huge police force.

Suppose we hypothesize that a vast surveillance state was being created. It would be logical that it would employ a lot of people. And they will need that because techniology is making predictable jobs easy to automate. The pace of these changes are rapidly increasing.

However, if every electronic device or service has got some 'additional functionality', lots and lots of people, all around the world, will need to have security clearances- so they can interact with this infrastructure. which will be almost everywhere.

All those jobs will be exempt from being outsourced, because its national security. They may be the only secure jobs unless you're literally world class in something.

People may "voluntarily" surrender their right to have opinions for economic security.

Quote from: Mr. Scram on Today at 18:54:57>Quote from: cdev on Today at 18:29:15
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
What do you think happens to the price of health insurance for those unwilling or unable to show the same? They will be required to pay much more, eliminating the benefits of an insurance. The point of insurance is to spread the risks over a large pool of people. If everyone pays for his own risks and costs, it's not insurance any more. You just pay your own bills, plus an insurance company. With better detection and predication of risks, the concept of insurance is becoming ever more problematic.

That's even before any discussion about privacy and having to fully surrender data of all aspects of your life to save a buck. Or not save a buck, because in the end, it'll inevitably all even out and end up where it started. It'll probably hurt quite a few people's feelings in the process too, as research indicates that most of us consider ourselves better than average when it comes to most things, with general health and lifestyle and driving cars being notable examples of self deceit on a grand scale :D
« Last Edit: September 19, 2017, 02:26:22 am by cdev »
"What the large print giveth, the small print taketh away."
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 4995
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #59 on: September 19, 2017, 02:26:13 am »
You do realize that if they did say they had collected "information xyz" they would then have to give it to all governments where Apple products were sold.  They couldn't give it to just some of them and not others. because under international law, they are all equal.

So, unless they want to have to give all of any specific kind of information they collect to all governments that want it, equally, they have to claim to not be able to access it for any of them.

Even if that's ridiculous.
Why is it ridiculous? Why is it, to you, implausible or impossible that Apple in fact does not collect that information? I mean, Apple literally re-engineered iOS security to make it impossible for them to unlock devices, so that they are incapable of unlocking them for law enforcement. As you correctly (if perhaps a bit condescendingly) wrote, Apple has to treat all governments the same. The best way to do that is to actually make it secure, not to pretend to! Imagine the fallout if they lied about it and a government proved it!!! It's far wiser to just actually lock it down the way they claim they do. Then anyone who tries to verify the claims will find that they are accurate.

Or are you folks really that paranoid? I would think that with security researchers, jailbreakers and hackers, and Apple haters in general, all trying to break into Apple's stuff constantly, and/or trying to find any possible dirt on Apple, that there would be ample evidence if Apple were lying about its security features.


Quote from: tooki on Today at 18:28:09

Edit: P.S. Look into Apple's research on "differential privacy", a method of aggregating data while making it mathematically impossible to identify a specific user or even seeing their data.

Some kind of
zero-knowledge proof?

Man, do I wish you'd just use, and master, normal quote forum tags instead of this blockquote HTML tag stuff. (Or are you using some app or something to access the forums instead of the website?)

Anyway, I don't think zero-knowledge proof is the same, but cryptography is not even distantly one of my areas of expertise, so I can't say with any semblance of certainty. Hence my suggestion to look it up.
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #60 on: September 19, 2017, 02:40:53 am »
There are global economic governance institutions that regulate telecommunications. According to Edward Snowden, corporations are required to give all governments access to all of the information they collect under these treaties which exist at an international level.

Disputes that arise are not settled by national courts, there is a special private arbitral court system set up for those kinds of "investor versus state" disputes. Corporations can sue countries, countries cannot sue corporations at that level.

Imagine how valuable face recognition data is. You can scan everybody walking down a street and know who they all are within a quarter second. You can get a good idea of their emotional state from their facial expression. This is an extremely valuable technology commercially.

Imagine if you had a snapshot of a person which included their emotional state, perhaps also heart rate which as was pointed out can be derived from tiny micromovements and color changes in the infraed part of the spectrum.

Suppose you had this data at a very great many instants in time, along with their locations.

What do people do after something important happens to them?

Quote from: tooki on Today at 20:26:13>Quote from: cdev on Today at 18:39:19
You do realize that if they did say they had collected "information xyz" they would then have to give it to all governments where Apple products were sold.  They couldn't give it to just some of them and not others. because under international law, they are all equal.

So, unless they want to have to give all of any specific kind of information they collect to all governments that want it,
equally, they have to claim to not be able to access it for any of them.

Even if that's ridiculous.
Why is it ridiculous? Why is it, to you, implausible or impossible that Apple in fact does not collect that information? I mean, Apple literally re-engineered iOS security to make it impossible for them to unlock devices, so that they are incapable of unlocking them for law enforcement. As you correctly (if perhaps a bit condescendingly) wrote, Apple has to treat all governments the same. The best way to do that is to actually make it secure, not to pretend to! Imagine the fallout if they lied about it and a government proved it!!! It's far wiser to just actually lock it down the way they claim they do. Then anyone who tries to verify the claims will find that they are accurate.

Or are you folks really that paranoid? I would think that with security researchers, jailbreakers and hackers, and Apple haters in general, all trying to break into Apple's stuff constantly, and/or trying to find any possible dirt on Apple, that there would be ample evidence if Apple were lying about its security features.

Quote from: cdev on Today at 18:39:19>Quote from: tooki on Today at 18:28:09

Edit: P.S. Look into Apple's research on "differential privacy", a method of aggregating data while making it mathematically impossible to identify a specific user or even seeing their data.

Some kind of
zero-knowledge proof?

Man, do I wish you'd just use, and master, normal quote forum tags instead of this blockquote HTML tag stuff. (Or are you using some app or something to access the forums instead of the website?)

Anyway, I don't think zero-knowledge proof is the same, but cryptography is not even distantly one of my areas of expertise, so I can't say with any semblance of certainty. Hence my suggestion to look it up.
"What the large print giveth, the small print taketh away."
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 4995
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #61 on: September 19, 2017, 02:46:46 am »
There are global economic governance institutions that regulate telecommunications. According to Edward Snowden, corporations are required to give all governments access to all of the information they collect under these treaties which exist at an international level.

Disputes that arise are not settled by national courts, there is a special private arbitral court system set up for those kinds of "investor versus state" disputes. Corporations can sue countries, countries cannot sue corporations at that level.

Imagine how valuable face recognition data is. You can scan everybody walking down a street and know who they all are within a quarter second. You can get a good idea of their emotional state from their facial expression. This is an extremely valuable technology commercially.

Imagine if you had a snapshot of a person which included their emotional state, perhaps also heart rate which as was pointed out can be derived from tiny micromovements and color changes in the infraed part of the spectrum.

Suppose you had this data at a very great many instants in time, along with their locations.

What do people do after something important happens to them?
What are you talking about??!

It's pretty straightforward to design the hardware to simply not expose that information to the CPU at all, as Apple does with Touch ID (there's no info yet on Face ID, but I expect it's similarly sandboxed).

As for anything else, like location data... again, if you don't collect it to begin with, you can't share it even if subpoenad.
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #62 on: September 19, 2017, 03:12:50 am »
I have to bow out of this thread.

Frankly, remaining here and the fellowship of people here is more important to me and my sanity than explaining big global problems.
« Last Edit: September 19, 2017, 03:26:22 am by cdev »
"What the large print giveth, the small print taketh away."
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #63 on: September 19, 2017, 03:19:26 am »
What are you talking about??!

It's pretty straightforward to design the hardware to simply not expose that information to the CPU at all, as Apple does with Touch ID (there's no info yet on Face ID, but I expect it's similarly sandboxed).

As for anything else, like location data... again, if you don't collect it to begin with, you can't share it even if subpoenad.
The SEP isn't quite fully separated from the main processor, which may or may not allow for interaction that exposes some or all data. The recent release of the encryption key will certainly have a lot of researchers poking it from various angles to find out.
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 4995
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #64 on: September 19, 2017, 03:22:54 am »
What are you talking about??!

It's pretty straightforward to design the hardware to simply not expose that information to the CPU at all, as Apple does with Touch ID (there's no info yet on Face ID, but I expect it's similarly sandboxed).

As for anything else, like location data... again, if you don't collect it to begin with, you can't share it even if subpoenad.
The SEP isn't quite fully separated from the main processor, which may or may not allow for interaction that exposes some or all data. The recent release of the encryption key will certainly have a lot of researchers poking it from various angles to find out.
My understanding of the Secure Enclave is that, while it is part of the SOC, it's a separate CPU with separate memory, with separate buses to the security hardware, running a separate OS, such that the main CPU has no access whatsoever, beyond the barebones interface provided for authentication.

What encryption key release?
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #65 on: September 19, 2017, 03:47:16 am »
]My understanding of the Secure Enclave is that, while it is part of the SOC, it's a separate CPU with separate memory, with separate buses to the security hardware, running a separate OS, such that the main CPU has no access whatsoever, beyond the barebones interface provided for authentication.

What encryption key release?
There is some interaction between the AP and SEP at boot to set things up, which seems to leave some room to play with. The SEP also uses memory in the AP area, which is dynamically designated each boot. There also is the mailbox system, which allows data to be transferred back and forth between the AP and SEP, albeit in a limited fashion. The SEP is incredibly well protected and, as you say, almost a discrete SoC, but not quite. Of course, these things are subject to change between chip versions as Apple tightens its security, so what applies to this or previous generations may or may not do so to new devices.

About a month ago, the encryption key for the SEP firmware was released, which should greatly increase the likelihood of people finding vulnerabilities in at least older devices. It does, however, not mean a comprise of security itself.

https://www.macrumors.com/2017/08/18/hacker-releases-decryption-key-secure-enclave/
 
The following users thanked this post: tooki

Online janoc

  • Super Contributor
  • ***
  • Posts: 3105
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #66 on: September 19, 2017, 09:13:58 pm »
I'm aware of this and I don't like it. The few apps I do use are closed as soon as I am done using them and I never will download "Free" apps where in exchange to play candy crush you are giving away all your personal info.

I guess you are not aware that e.g. the location services are built-in into the OS and are running (and reporting back to Google) regardless of whether you use some app or not, even with wifi & GPS disabled - they will actually turn wifi on for scanning every once in a while to try to identify your position. I think the only exception is if the device is in the flight mode. Your e-mails, contacts, calendar are also stored on Google's servers. So whatever your apps are doing is quite irrelevant with the Google elephant in the room.

If you are an iPhone user, then most likely you are using their cloud services too. That Apple isn't selling advertising (yet) doesn't mean it is not collecting the data (or at least doesn't have them available in one form or another).


I have found the best way to combat this is not to try and avoid it but rather put out a lot of misinformation. Since I can't stop my family from using face book I made several accounts under my name. They have pictures and everything they are close to my actual info but all the important parts are not quite right. Much harder to figure out which one is real when you don't know there are fakes and certainly not worth the effort of trying.

That's fairly naive, cumbersome and, worse, doesn't really work unless you do it on a massive scale - which attracts attention by itself.

While you or me would have a difficulty identifying which account and which information is true, someone like Facebook that has access to the data from your mobile devices, sees which accounts are active when, can correlate the information with websites visited (every website that hosts the FB login button reports your visit back to FB even if you don't login there, it is enough that your browser has the FB cookie from some earlier login). They have also similar data for your "friends" who are linked to your account. And more recently they have even biometric information about your body size, your gender etc. if you are Oculus Rift user (which is owned by Facebook).

From this amount of data it is very easy to filter out the fake info - it doesn't match with the data collected from elsewhere. It is easy to lie but it is incredibly difficult to lie completely consistently - and the data mining algorithms are pretty good at rooting that out.

 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #67 on: September 19, 2017, 09:48:02 pm »
I'm aware of this and I don't like it. The few apps I do use are closed as soon as I am done using them and I never will download "Free" apps where in exchange to play candy crush you are giving away all your personal info.

I guess you are not aware that e.g. the location services are built-in into the OS and are running (and reporting back to Google) regardless of whether you use some app or not, even with wifi & GPS disabled - they will actually turn wifi on for scanning every once in a while to try to identify your position. I think the only exception is if the device is in the flight mode. Your e-mails, contacts, calendar are also stored on Google's servers. So whatever your apps are doing is quite irrelevant with the Google elephant in the room.

If you are an iPhone user, then most likely you are using their cloud services too. That Apple isn't selling advertising (yet) doesn't mean it is not collecting the data (or at least doesn't have them available in one form or another).
I don't use apples cloud services and only put things in google I wouldn't mind someone else seeing.

Quote
I have found the best way to combat this is not to try and avoid it but rather put out a lot of misinformation. Since I can't stop my family from using face book I made several accounts under my name. They have pictures and everything they are close to my actual info but all the important parts are not quite right. Much harder to figure out which one is real when you don't know there are fakes and certainly not worth the effort of trying.

That's fairly naive, cumbersome and, worse, doesn't really work unless you do it on a massive scale - which attracts attention by itself.

While you or me would have a difficulty identifying which account and which information is true, someone like Facebook that has access to the data from your mobile devices, sees which accounts are active when, can correlate the information with websites visited (every website that hosts the FB login button reports your visit back to FB even if you don't login there, it is enough that your browser has the FB cookie from some earlier login). They have also similar data for your "friends" who are linked to your account. And more recently they have even biometric information about your body size, your gender etc. if you are Oculus Rift user (which is owned by Facebook).

From this amount of data it is very easy to filter out the fake info - it doesn't match with the data collected from elsewhere. It is easy to lie but it is incredibly difficult to lie completely consistently - and the data mining algorithms are pretty good at rooting that out.

How do you know this? That's not sarcasm I seriously would like to know.
 
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #68 on: September 20, 2017, 02:42:03 am »
He's right, also there is a substantial body of academic literature on it and a growing public debate on whether its wise to let this be done to society.

If any of you want to verify this for yourselves, you should download a program like wireshark which includes tshark which is the command line version- on a machine with two NICs between your wireless access point and the network. (Otherwise the traffic wont be visible) Note that the packets are all encrypted with TLS so you wont know what it is they are sending, just that they are.

Well put.

Quote from: janoc on Today at 15:13:58>
I guess you are not aware that e.g. the location services are built-in into the OS and are running (and reporting back to Google) regardless of whether you use some app or not, even with wifi & GPS disabled - they will actually turn wifi on for scanning every once in a while to try to identify your position. I think the only exception is if the device is in the flight mode. Your e-mails, contacts, calendar are also stored on Google's servers. So whatever your apps are doing is quite irrelevant with the Google elephant in the room.

If you are an iPhone user, then most likely you are using their cloud services too. That Apple isn't selling advertising (yet) doesn't mean it is not collecting the data (or at least doesn't have them available in one form or another).
« Last Edit: September 20, 2017, 02:51:50 am by cdev »
"What the large print giveth, the small print taketh away."
 

Online janoc

  • Super Contributor
  • ***
  • Posts: 3105
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #69 on: September 20, 2017, 09:57:34 am »


Quote from: Beamin on Today at 07:48:02 AM

How do you know this? That's not sarcasm I seriously would like to know.
 



Part of my background is in artificial intelligence and data processing. However, there is a lot of work published on the topic.

For example using Netflix data: https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf

Quote
We apply our de-anonymization methodology to the
Netflix Prize dataset, which contains anonymous movie
ratings of 500,000 subscribers of Netflix, the world’s
largest online movie rental service. We demonstrate
that an adversary who knows only a little bit about
an individual subscriber can easily identify this subscriber’s
record in the dataset. Using the Internet
Movie Database as the source of background knowledge,
we successfully identified the Netflix records of
known users, uncovering their apparent political preferences
and other potentially sensitive information.



Or for social networks showing the linking of various auxiliary data sources in order to complete the information:
https://arxiv.org/abs/1703.09028

And that is just quick googling. Search for "deanonymization" and you will find a lot of info:
https://scholar.google.fr/scholar?hl=en&q=deanonymization&btnG=&as_sdt=1%2C5&as_sdtp=

These kinds of attacks are possible because of the huge databases of information and the necessary computing power becoming available in the recent years. Why do you think data scientists (original job description was "data mining") and "AI"  specialists are in such high demand today? Everyone and their grandma is mining their customer databases - it is often the most valuable thing the company has and many "products" sold today are little more than a cheap throwaway gimmick meant to collect your data. Why do you think applications like Whatsapp, Instagram or Facebook are free? You pay with your personal information.

* I have put AI in quotes, because most of the work is not really AI in the classic sense but using things like deep neural networks to extract more information from the large datasets.

 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #70 on: September 20, 2017, 08:34:28 pm »


Quote from: Beamin on Today at 07:48:02 AM

How do you know this? That's not sarcasm I seriously would like to know.
 



Part of my background is in artificial intelligence and data processing. However, there is a lot of work published on the topic.

For example using Netflix data: https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf

Quote
We apply our de-anonymization methodology to the
Netflix Prize dataset, which contains anonymous movie
ratings of 500,000 subscribers of Netflix, the world’s
largest online movie rental service. We demonstrate
that an adversary who knows only a little bit about
an individual subscriber can easily identify this subscriber’s
record in the dataset. Using the Internet
Movie Database as the source of background knowledge,
we successfully identified the Netflix records of
known users, uncovering their apparent political preferences
and other potentially sensitive information.



Or for social networks showing the linking of various auxiliary data sources in order to complete the information:
https://arxiv.org/abs/1703.09028

And that is just quick googling. Search for "deanonymization" and you will find a lot of info:
https://scholar.google.fr/scholar?hl=en&q=deanonymization&btnG=&as_sdt=1%2C5&as_sdtp=

These kinds of attacks are possible because of the huge databases of information and the necessary computing power becoming available in the recent years. Why do you think data scientists (original job description was "data mining") and "AI"  specialists are in such high demand today? Everyone and their grandma is mining their customer databases - it is often the most valuable thing the company has and many "products" sold today are little more than a cheap throwaway gimmick meant to collect your data. Why do you think applications like Whatsapp, Instagram or Facebook are free? You pay with your personal information.

* I have put AI in quotes, because most of the work is not really AI in the classic sense but using things like deep neural networks to extract more information from the large datasets.

So how can you lay low? I use the iPhone and don't use any free apps and the only other app is uber which get shut off after wards because they state in their privacy policy they will keep collecting  location anytime the app is on. I don't facebook twitter or do any social media. My biggest vulnerability is gmail and browsing history. I use firefox with ghostery and tor. I'm switching to my own email server. I also "opt out" of any type of "sharing" like with the bank and capital one. I don't do any cloud based services.

You can make a psychological profile of someone just off their youtube comments. I know that making the fake accounts has made it harder to find my info as I had someone try to look me up (a girl I met in real life before our first date). She told me she could find hardly any info on me like she has with other people. Shes not an IT expert but she is the average person who is going to represent the extent on which most people would try to find your info.

So my question is what am I missing since I know there are things I don't even know about.
« Last Edit: September 20, 2017, 08:45:42 pm by Beamin »
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #71 on: September 20, 2017, 08:51:59 pm »
So how can you lay low? I use the iPhone and don't use any free apps and the only other app is uber which get shut off after wards because they state in their privacy policy they will keep collecting  location anytime the app is on. I don't facebook twitter or do any social media. My biggest vulnerability is gmail and browsing history. I use firefox with ghostery and tor. I'm switching to my own email server. I also "opt out" of any type of "sharing" like with the bank and capital one. I don't do any cloud based services.

You can make a psychological profile of someone just off their youtube comments. I know that making the fake accounts has made it harder to find my info as I had someone try to look me up (a girl I met in real life before our first date). She told me she could find hardly any info on me like she has with other people. Shes not an IT expert but she is the average person who is going to represent the extent on which most people would try to find your info.

So my question is what am I missing since I know there are things I don't even know about.
Don't use a smartphone. If you must, use one with a specially selected ROM and applications. Although using any sort of mobile phone yields massive amounts of information about the user, which gives eerily accurate insights into his or her life.
 

Online cdev

  • Super Contributor
  • ***
  • Posts: 5449
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #72 on: September 20, 2017, 09:10:56 pm »
I would think that not using a cell phone might flag one for suspicion as well!

The bizarre thing is that every measure of crime that Ive seen seems to say that crime has been steadily falling for decades. Also, statistically the risks of being a victim of terrorism are almost nil. Not to say that it doesn't ever happen, but I think there are likely hundreds of larger risks. History also teaches us that absolute power corrupts, and enabling devices of every kind to collect data is a change that brings us much less in the way of benefit than risks, one that I think is very likely to be misused.

I concluded a long time ago that there really is no need for all of this "stuff" unless it could be made in such a way that really preserved privacy, which I don't trust others to tell me, so what I am really saying in, untill the average person actually has the knowledge to understand the technical issues, its a mistake to internet enable peoples lives to the degree they are doing. Especially I think a "cashless" society (which they really want) would be a mistake. There will be abuse and eventually a backlash against it.

Why aren't any of these issues being debated in the media in any detail? (they are being debated in the technical press, but few people read it.)

One question I have is why?

Why now?

Who picks the defaults for web browsers, and operating systems, for example, Whose needs are driving the proliferation of privacy destroying features and why?
« Last Edit: September 20, 2017, 09:49:34 pm by cdev »
"What the large print giveth, the small print taketh away."
 
The following users thanked this post: tooki, Beamin

Online Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9248
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #73 on: September 20, 2017, 09:36:59 pm »
I would think that not using a cell phone might flag one for suspicion as well!

The bizarre thing is that every measure of crime that Ive seen seems to say that crime has been steadily falling for decades. Also, the risk of being a victim of terrorism is almost nil. So there really is no need for all of this "stuff". None.
Note I wasn't talking about raising suspicion, but about the data you surrender. Not having a smartphone or social media accounts does raise suspicions, as we've already seen.

Also, we all know you shouldn't let facts ruin a good story ;)
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf