Author Topic: Might the iPhone X open with a photograph of your face?  (Read 6569 times)

0 Members and 1 Guest are viewing this topic.

Online xrunner

  • Super Contributor
  • ***
  • Posts: 4784
  • Country: us
  • hp>Agilent>Keysight>?
Might the iPhone X open with a photograph of your face?
« on: September 13, 2017, 12:54:16 pm »
Was debating this with some friends. Certainly if you lost it and a random person found it they would not have your photo, but what if an untrustworthy family member or girlfriend or boyfriend wanted to break into your iPhone X? Could they hold your photograph up to it and open the phone?
I am a Test Equipment Addict (TEA) - by virtue of this forum signature, I have now faced my addiction
 

Offline Assafl

  • Frequent Contributor
  • **
  • Posts: 582
Re: Might the iPhone X open with a photograph of your face?
« Reply #1 on: September 13, 2017, 01:02:18 pm »
My understanding was that instead of taking a 2d shot and comparing it (which both leads to obvious attacks and to false negatives as you age or become hirsute) - they simply looked at the face in 3d.

They simply build a 3d model as you move your noggin and check if the face topography matches.

A potential attack would be to use a Madame Tussaud style 3d mannequin. But I guess even that can be secured against by requiring facial features like eyes and lips to move. So one could use animatronics to move a Madame Tussaud mannequin.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #2 on: September 13, 2017, 02:22:21 pm »
Was debating this with some friends. Certainly if you lost it and a random person found it they would not have your photo, but what if an untrustworthy family member or girlfriend or boyfriend wanted to break into your iPhone X? Could they hold your photograph up to it and open the phone?
Watch the keynote. They expressly state that they designed it to not only reject photos, but to reject even cinema-grade masks they had made by Hollywood fx artists.

Additionally, it won't work without a gaze, apparently. So it won't unlock if it's looking at you, but you're not looking back.

In the keynote, they said that in testing, they arrived at a 1 in 1 million chance of false positives with it (compared to 1 in 50K with Touch ID), but that the error rate rises with close relatives and "evil twins" (with slide of Spock and his Mirror Universe evil twin). So I suspect that actual identical twins who haven't diverged due to injury or weight gain/loss probably have a high chance of being able to unlock their phones.

Indeed, it looks like it uses a rudimentary 3D camera to map the face. The infrared "dot projector" looks similar in concept to the laser holographic autofocus Sony used in some early-2000s digital cameras, which projected a diamondplate-like pattern of red stripes that the AF system could use to focus very quickly even with zero ambient light. (I have no idea why that system wasn't used more. It worked beautifully.)
« Last Edit: September 14, 2017, 10:03:56 am by tooki »
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #3 on: September 13, 2017, 03:17:08 pm »
It wouldn't be the first camera that can be fooled with a photograph, though Microsoft's Surface range has shown that pretty good security is possible. That has been tested with twins and not even that fooled the Surface cameras.

I think they use a mixture of 2D, 3D and infrared to record unique vein patterns.
 

Online xrunner

  • Super Contributor
  • ***
  • Posts: 4784
  • Country: us
  • hp>Agilent>Keysight>?
Re: Might the iPhone X open with a photograph of your face?
« Reply #4 on: September 13, 2017, 04:42:38 pm »
Well, you can be sure as the sun rises if I ever got an iPhone X I'd try like hell to get it to open on a photograph of myself. It's my nature to do so.  ;)
I am a Test Equipment Addict (TEA) - by virtue of this forum signature, I have now faced my addiction
 

Offline RGB255_0_0

  • Frequent Contributor
  • **
  • Posts: 774
  • Country: gb
Re: Might the iPhone X open with a photograph of your face?
« Reply #5 on: September 13, 2017, 05:19:48 pm »
They have to get it working on the owner's own face before writing about others breaking it.
Your toaster just set fire to an African child over TCP.
 
The following users thanked this post: Beamin, ThunderCat

Offline mcinque

  • Supporter
  • ****
  • Posts: 1035
  • Country: it
  • I know one thing: that I know nothing
Re: Might the iPhone X open with a photograph of your face?
« Reply #6 on: September 13, 2017, 09:02:21 pm »
They have to get it working on the owner's own face before writing about others breaking it.
^-^ :-DD
I'm basically still a rookie and because of this, even with the best intentions, I often say bullshits
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #7 on: September 13, 2017, 09:23:00 pm »
Indeed, it looks like it uses a rudimentary 3D camera to map the face. The infrared "dot projector" looks similar in concept to the laser holographic autofocus Sony used in some early-2000s digital cameras, which projected a diamondplate-like pattern of red stripes that the AF system could use to focus very quickly even with zero ambient light. (I have no idea why that system wasn't used more. It worked beautifully.)

The infrared dot projector is very likely part of the Primesense depth sensing technology (the other part is an IR camera) that Apple has bought some years ago. Aka the same thing as the first Kinect  from Microsoft (the newer Kinects work on a different principle).

If it is using really that then good luck making it work in sunlight or brightly lit rooms, for example. The original Kinect was hopeless in such situations, because the dot patterns projected by the laser projector got washed out by the ambient infrared light and the camera couldn't capture them.
 

Offline ThunderCat

  • Contributor
  • Posts: 12
Re: Might the iPhone X open with a photograph of your face?
« Reply #8 on: September 14, 2017, 01:48:28 am »
If memory serves, the phone has to have been unlocked at least once that day with the passcode before using the facial recognition. Can anyone confirm?

Great thread.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #9 on: September 14, 2017, 09:59:40 am »
If memory serves, the phone has to have been unlocked at least once that day with the passcode before using the facial recognition. Can anyone confirm?

Great thread.
I don't know how it is with Face ID, but Touch ID requires the passcode every 48h, as well as after 5 failed fingerprint scans. (Oddly, Touch ID on Mac does not require the account password every 48h, which tripped up a friend of mine who got so used to Touch ID on his MacBook that he forgot the password  :palm: )
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #10 on: September 14, 2017, 10:02:33 am »
Indeed, it looks like it uses a rudimentary 3D camera to map the face. The infrared "dot projector" looks similar in concept to the laser holographic autofocus Sony used in some early-2000s digital cameras, which projected a diamondplate-like pattern of red stripes that the AF system could use to focus very quickly even with zero ambient light. (I have no idea why that system wasn't used more. It worked beautifully.)

The infrared dot projector is very likely part of the Primesense depth sensing technology (the other part is an IR camera) that Apple has bought some years ago. Aka the same thing as the first Kinect  from Microsoft (the newer Kinects work on a different principle).

If it is using really that then good luck making it work in sunlight or brightly lit rooms, for example. The original Kinect was hopeless in such situations, because the dot patterns projected by the laser projector got washed out by the ambient infrared light and the camera couldn't capture them.
Good question. Given Apple's camera and image processing prowess, and the fact that they're based in sunny California, and how crazy brightly lit most Apple retail stores are, I am quite confident that they've tested it in very bright situations and got it to work properly.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 3969
  • Country: au
Re: Might the iPhone X open with a photograph of your face?
« Reply #11 on: September 14, 2017, 10:03:14 am »
I wonder how long it will be before government agencies apply to Apple, Google and all the rest of them with a request to "find this person for us" and have it match your face with your ID, fingerprint, GPS location, web history, etc... etc...
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #12 on: September 14, 2017, 10:07:05 am »
I wonder how long it will be before government agencies apply to Apple, Google and all the rest of them with a request to "find this person for us" and have it match your face with your ID, fingerprint, GPS location, web history, etc... etc...
That's why, just as with Touch ID, Face ID doesn't store the facial map outside of the quasi-write-only Secure Enclave security processor inside the SOC. The Secure Enclave receives the data from the Face ID sensors and then compares internally and simply delivers the passcode to the OS if it matches. iOS itself has no access to the stored facial map.
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 5834
  • Country: nl
Re: Might the iPhone X open with a photograph of your face?
« Reply #13 on: September 14, 2017, 10:12:32 am »
It looks like that phone is scanning 24/7. The demo seems to have failed due to the fact that other people have moved and placed it during staging setup prior to the presentation.

Quote
“People were handling the device for stage demo ahead of time,” says a rep, “and didn’t realize Face ID was trying to authenticate their face. After failing a number of times, because they weren’t Craig, the iPhone did what it was designed to do, which was to require his passcode.” In other words, “Face ID worked as it was designed to.”

Pretty rediculous IMO , do you think those people were directly looking into the camera, probably not, just transporting the thing it starts to look around to see if it can recognize your face, hmmmmmmm
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #14 on: September 14, 2017, 10:23:29 am »
It takes only a glance. Not an extended stare. Either way, not sure why you think that's ridiculous. Face ID, like Touch ID, is just a biometric proxy for your passcode. It makes absolute sense to err on the side of a false negative, and to reject brute force unlock attempts.
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 5834
  • Country: nl
Re: Might the iPhone X open with a photograph of your face?
« Reply #15 on: September 14, 2017, 12:28:17 pm »
It takes only a glance. Not an extended stare. Either way, not sure why you think that's ridiculous. Face ID, like Touch ID, is just a biometric proxy for your passcode. It makes absolute sense to err on the side of a false negative, and to reject brute force unlock attempts.
Because it is doing it 24/7 not only when you want to log in. It looks like it is scanning for face continuously, if it is lying on the desk or in the car, drains the battery and as the demo showed it can work opposite to what you like: easy but safe login. Except when any person walks by three times you can again enter your pincode, pretty useless. It should start scanning when someone is staring at the camera or shakes it or whatever.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #16 on: September 14, 2017, 01:58:36 pm »
But that IS exactly what it does!!! It doesn't attempt a face recognition that isn't looking directly at the screen. Even closed eyes will not trigger one, apparently.

As for battery, I assume it's simply using the proximity sensor to determine when something is at the right distance, then turns on the actual Face ID system then.

Where in the demo did you see it work not easy and not safe??
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 5834
  • Country: nl
Re: Might the iPhone X open with a photograph of your face?
« Reply #17 on: September 14, 2017, 03:33:24 pm »
Did you read my quote in the first post. That is what happened during the demo, other persons only moving the phone or walking near the phone made the demo fail and that is how it is supposed to work?
So if you are not using your phone you should put it in a black bag so it doesn't see anyone and start to prematurely identify bypassers?
I am getting to old for this s€€t.
« Last Edit: September 14, 2017, 03:36:49 pm by Kjelt »
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #18 on: September 15, 2017, 09:07:46 am »
Did you read my quote in the first post. That is what happened during the demo, other persons only moving the phone or walking near the phone made the demo fail and that is how it is supposed to work?
So if you are not using your phone you should put it in a black bag so it doesn't see anyone and start to prematurely identify bypassers?
I am getting to old for this s€€t.
I saw the quote, it's just that I don't infer absurd hysterics out of it like you have. "Handling the device" certainly does not mean people just walking by or just moving it. They were probably either handholding them to verify that they were ready (cables secure, charged, on wifi, etc), or actually playing with them to get a nice look at them.

I would be extremely surprised if the Face ID system did not use the accelerometer and proximity sensors to activate - anything else would probably use too much power anyway. You can't have a camera and two high power IR illuminator systems running all the time and not drain the battery excessively!
 

Z80

  • Guest
Re: Might the iPhone X open with a photograph of your face?
« Reply #19 on: September 15, 2017, 10:07:08 am »
Does anyone know what problem this pointless wanky gimmik is supposed to solve?  Maybe this is Apple's way of getting a patent on the human face.  :=\
 

Offline RGB255_0_0

  • Frequent Contributor
  • **
  • Posts: 774
  • Country: gb
Re: Might the iPhone X open with a photograph of your face?
« Reply #20 on: September 15, 2017, 11:27:13 am »
Does anyone know what problem this pointless wanky gimmik is supposed to solve?  Maybe this is Apple's way of getting a patent on the human face.  :=\
Apple could not get touch ID working with Samsung's OLED display so this was their only alternative to an 'easy' method of unlocking the device.
Your toaster just set fire to an African child over TCP.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #21 on: September 15, 2017, 06:47:38 pm »
Does anyone know what problem this pointless wanky gimmik is supposed to solve?  Maybe this is Apple's way of getting a patent on the human face.  :=\
Apple could not get touch ID working with Samsung's OLED display so this was their only alternative to an 'easy' method of unlocking the device.
I would guess that getting it to work was easy, but that the problem is that to locate your finger quickly onto a sensor, it needs to be something you can feel by touch, which in turn would have meant distortion on the display glass.

BTW, do we know it was Samsung OLED, or is that just speculation? I would have intuitively assumed it was from LG, but I haven't done any research on the matter.
 

Offline Red Squirrel

  • Super Contributor
  • ***
  • Posts: 2465
  • Country: ca
Re: Might the iPhone X open with a photograph of your face?
« Reply #22 on: September 15, 2017, 07:01:57 pm »
I'm not a fan of any kind of biometric style authentication.  People want to kill the concept of the password because it does have it's flaws, but I still think it's the best way to go.  I like Android's pattern system, I just wish it was more versatile, like that you can use the same dot twice.  Perhaps even add more dots. 

The issue with finger print, face recognition etc is 1: how accurate is it really, will someone that looks very close to you be able to trigger it?  And 2: you can more easily be forced to unlock it.  Someone can use it on you while you're unconscious for example.  I could see police beating you if you refuse to let them in then they'll just use it on you after they knocked you out.  But a password, it has to come from you and be you specifically inputing it, assuming you did not write it down anywhere.

Biometric could work nicely as a two factor auth system though.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #23 on: September 15, 2017, 07:46:20 pm »
I'm not a fan of any kind of biometric style authentication.  People want to kill the concept of the password because it does have it's flaws, but I still think it's the best way to go.  I like Android's pattern system, I just wish it was more versatile, like that you can use the same dot twice.  Perhaps even add more dots. 

The issue with finger print, face recognition etc is 1: how accurate is it really, will someone that looks very close to you be able to trigger it?  And 2: you can more easily be forced to unlock it.  Someone can use it on you while you're unconscious for example.  I could see police beating you if you refuse to let them in then they'll just use it on you after they knocked you out.  But a password, it has to come from you and be you specifically inputing it, assuming you did not write it down anywhere.

Biometric could work nicely as a two factor auth system though.
While I fully agree that phone OSes should offer an option of using biometric with 2FA (I'm kinda baffled as to why they don't!), I don't think you've done your homework on how biometric logins work on current phones.

I haven't looked into to how Android implements it, so I won't make any guesses. But here's a simplified explanation of how iOS does it:

Biometric login (be it Touch ID or Face ID) is simply a proxy for the passcode. The "Secure Enclave" security processor (which runs its own realtime OS, totally separate from iOS), when the phone boots up, must first be "fed" the passcode, because it doesn't actually have it stored across reboots. (The same initial passcode entry on boot is also used to unlock the OS, such that the passcode can even be passed to the Secure Enclave.) For security purposes as well as to make sure you don't forget the passcode, the Secure Enclave automatically discards the passcode every 48h, forcing you to re-enter it manually.

Additionally, failed biometric login attempts (2 with Face ID, 5 with Touch ID) will also trigger the Secure Enclave to forget the passcode, thus necessitating re-entry. There's also a system setting to delete the phone's storage decryption keys after 10 failed passcode entries, causing the phone's contents to be fully, instantly, and irretrievably erased. (There is no user-visible counter of the attempts, so that a cop or thief who is trying to coerce you into divulging the passcode cannot know how many attempts remain, nor indeed whether the auto-erase function is enabled at all. If enabled, it simply erases the phone on the spot once the 10th incorrect passcode has been entered.)

In iOS 11, the new emergency screen (triggered by pressing the sleep/wake button 5 times in a row) also tells the Secure Enclave to discard the passcode, giving you a way to quickly disable biometric login without leaving evidence. (For example, you can quickly press the button 5 times while waiting in line at airport security.)

In both Touch ID and Face ID, the biometric signature is not transmitted to the CPU and iOS; it remains solely within the Secure Enclave, totally unavailable to iOS, and thus unavailable to both law enforcement and hackers/malware. The Secure Enclave, in essence, only feeds back to iOS whatever data it was told to hold in escrow (like the passcode, and the decryption key for the system keychain) when biometric login succeeds. [speculation]Given this, and the fact that the iPhone X can use the Face ID sensors for augmented reality, it stands to reason that either a) the Face ID/Secure Enclave subsystem can feed anonymized (non-personalized) face position data out to iOS, without allowing the facial signature to be output, or b) the Face ID sensor data is fed to iOS, which sends sensor data to the Secure Enclave for computation of the signature and future comparison. I strongly suspect that approach (a) is used, since (b) has far more opportunity for abuse. [/speculation]

Touch ID can be used on an unconscious person (which is why some people recommend not registering your thumbprint, but instead using other fingers, such that cops would likely use up the 5 attempts on your thumbs before getting to the finger that works). Face ID, on the other hand, requires a deliberate, active gaze, and apparently also locks automatically when you look away. Between that and that you only get 2 attempts before it disables Face ID, the chances of an unconscious or uncooperative person's face being used to unlock are extremely small.

Apple just stated the false-positive (i.e. random chance of a stranger being able to unlock) rate for Touch ID as 1 in 50K, and for Face ID as 1 in 1 million, with the rate rising significantly with close relatives.


Ultimately, though, the original goal of biometric logins isn't to be more secure than a passcode, it's to be more secure than nothing at all, which is apparently what tons of people were doing before Touch ID. (I forget the statistics, but it was shockingly high to me.)

Apple publishes a document called the iOS Security Guide that goes into the security architecture in great detail. The current version is from March 2017, so I expect an updated version for iOS 11 and Face ID to come out next spring at the latest.



A much larger issue, IMHO, than the technical situation is the legal one. To me (and many others), it's obvious that the law should expressly address when you can and cannot be compelled to unlock your device, regardless of unlock method. But for historical reasons, and ones of what I consider obtuse interpretation of the law, in the US, you cannot be compelled to provide a passcode/password (though the government is now holding someone indefinitely for refusing to divulge a decryption password, egregiously violating the law IMHO), but you can be compelled to provide physical attributes, like fingerprints or the appearance of your face. This is why the ability to quickly and surreptitiously disable biometric login without leaving evidence (as Apple is doing in iOS 11) is hugely important.
« Last Edit: September 15, 2017, 07:48:28 pm by tooki »
 

Online xrunner

  • Super Contributor
  • ***
  • Posts: 4784
  • Country: us
  • hp>Agilent>Keysight>?
Re: Might the iPhone X open with a photograph of your face?
« Reply #24 on: September 17, 2017, 12:34:56 pm »
Quote
Does Apple's facial recognition technology compromise security for convenience?

 CBS News September 16, 2017, 12:13 PM

Apple executives unveiled the iPhone X this week along with facial recognition technology called Face ID. The iPhone's latest feature, which uses a 3-D scan of the user's face to unlock the phone, is also raising questions about privacy and security.

"We should be clear that this is a compromise of the security of your phone for convenience," said Wired magazine senior writer Andy Greenberg. He joined "CBS This Morning: Saturday" to discuss how the technology works, whether it can be tricked and why using a six-digit passcode is more secure than anything else.

"It's not gonna be that easy to spoof your face as it has been for the Galaxy S8 or other facial recognition systems where you could just show it a photograph," Greenberg explained. "The new iPhone, the iPhone X, is going to use tens of thousands of infrared dots on your face that it projects itself, and then uses an infrared camera to see how those are distorted."

Despite the advanced technology Apple is using, Greenberg said, "I've talked to hackers who've said they're going to break this." "Apple seems to have this war on inconvenience where even just having to have one button on your phone is too many. They want the experience to be so seamless that you don't even notice the features or notice the security," Greenberg said.

Greenberg said there are a few reasons why biometrics aren't the best way to ensure security. A simpler feature is better for protecting your privacy.

"The safest thing you can do is turn off your fingerprint reader, your face print reader and just use that six-digit pin code which is remarkably difficult to break in an iPhone," Greenberg said. "The six-digit passcode is just mathematically almost impossible to guess given the number of tries Apple offers you."

Last year, the FBI was unable to break into an iPhone locked with a six-digit password.

"You can be very easily coerced to show your finger or, more easily, your face to someone who wants to break into your phone, whether that's a mugger or a kidnapper or the police," Greenberg said. 

But what worries Greenberg more is what the adoption and widespread use of this technology could mean for the future of privacy.

"It's going to train Americans to use their face as a security mechanism. And once we're used to that, it's just a matter of time until tech companies are uploading those faces -- and Apple is not -- but maybe Amazon or Google will create a database of face prints," he said. "If they keep that centralized database or if a government agency does then it's only a matter of time until it leaks and then we're really in trouble in terms of privacy and security."

https://www.cbsnews.com/news/how-apples-facial-recognition-technology-compromises-security/

I am a Test Equipment Addict (TEA) - by virtue of this forum signature, I have now faced my addiction
 

Offline Kjelt

  • Super Contributor
  • ***
  • Posts: 5834
  • Country: nl
Re: Might the iPhone X open with a photograph of your face?
« Reply #25 on: September 17, 2017, 01:01:45 pm »
Indeed the largest problem with biometrics is that you can not revoke or change your biometric data.
If it is stolen/copied once you are powned. That is why you always should use a hash or abstraction of the data with a changeable key for instance and never store the raw biometric data it self.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #26 on: September 17, 2017, 03:03:20 pm »
Indeed the largest problem with biometrics is that you can not revoke or change your biometric data.
If it is stolen/copied once you are powned. That is why you always should use a hash or abstraction of the data with a changeable key for instance and never store the raw biometric data it self.
That last bit is the exact problem with most biometric data: you can't. A password is the exact same every time, so you can compare hashes. A scanned finger will never be the exact same twice, so you cannot make a hash. Due to this, you will need to store much more identifying information, which leads to the possibility of them being stolen. They are working hard on all sorts of mitigating strategies, but so far, this has always been the problem.

Add to that the problem of not being able to change the data, and you are setting yourself up for problems.
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #27 on: September 17, 2017, 03:50:29 pm »
If you train a computer to recognize a face, it will also "recognize" a printed photo of that person.
"What the large print giveth, the small print taketh away."
 

Offline glarsson

  • Frequent Contributor
  • **
  • Posts: 807
  • Country: se
Re: Might the iPhone X open with a photograph of your face?
« Reply #28 on: September 17, 2017, 03:56:25 pm »
If you train a computer to recognize a face, it will also "recognize" a printed photo of that person.
No. Unless you train it to ignore the depth, temperature and movement information from the 3d camera.
The Samsung implementation will recognize a photo held in front of the 2d camera.
The Apple implementation will not recognize a photo held in front of the 3d camera.
 
The following users thanked this post: tooki

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #29 on: September 17, 2017, 04:00:20 pm »
If you train a computer to recognize a face, it will also "recognize" a printed photo of that person.
If you use an infrared camera instead of a normal one, or the two combined, the system will be able to discern paper from living flesh without trouble.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #30 on: September 17, 2017, 04:22:46 pm »
If you train a computer to recognize a face, it will also "recognize" a printed photo of that person.
Please, folks, watch the keynote before you comment...
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #31 on: September 17, 2017, 04:35:03 pm »

International agreements contain rules to the effect that if a multinational corporation gives one country some privilege they all likely deserve 'like' privileges-  Also, corporations get a substantial amount of money from countries as compensation for various kinds of data.

Those factors probably play into these kinds of hardware/software decisions, as well as events too.

« Last Edit: September 17, 2017, 04:52:57 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #32 on: September 17, 2017, 04:58:21 pm »
I based that on an experiment I did with OpenCV, which did think it was me when presented with a black and white laser printed photograph.  You're right in that an IR or combination thermographic/multispectral image of somebody is likely totally different than a printed photo and I'm sure, impossible to use to fool a well designed sensor.

Similarly, the use of gummi bears by high school students trying to get out of classes might fool some fingerprint sensors but likely not a high quality one.



Quote from: glarsson on Today at 09:56:25>Quote from: cdev on Today at 09:50:29
If you train a computer to recognize a face, it will also "recognize" a printed photo of that person.
No. Unless you train it to ignore the depth, temperature and movement information from the 3d camera.
The Samsung implementation will recognize a photo held in front of the 2d camera.
The Apple implementation will not recognize a photo held in front of the 3d camera.
"What the large print giveth, the small print taketh away."
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #33 on: September 17, 2017, 08:30:37 pm »
Info on the Apple depth camera - it is, as I have thought, the PrimeSense sensor, aka Kinect 1:

https://www.theverge.com/circuitbreaker/2017/9/17/16315510/iphone-x-notch-kinect-apple-primesense-microsoft
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #34 on: September 17, 2017, 10:03:25 pm »
If this camera does not detect heat - only the 3d nature of a viewed object then a styrofoam wig head with a wraparound version of somebody's photo printed on it might be "recognized" as that person.

I see the makings of a potentially great YouTube video here! Dave, you already have the makings of this video!
« Last Edit: September 17, 2017, 10:05:42 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #35 on: September 17, 2017, 10:12:12 pm »
If this camera does not detect heat - only the 3d nature of a viewed object then a styrofoam wig head with a wraparound version of somebody's photo printed on it might be "recognized" as that person.

I see the makings of a potentially great YouTube video here! Dave, you already have the makings of this video!
I think I mentioned this before, but similar technology on the Surface Pro devices could not be fooled by identical twins. That's quite an impressive feat, if you ask me.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #36 on: September 18, 2017, 09:07:32 am »
If this camera does not detect heat - only the 3d nature of a viewed object then a styrofoam wig head with a wraparound version of somebody's photo printed on it might be "recognized" as that person.

I see the makings of a potentially great YouTube video here! Dave, you already have the makings of this video!
Dude... Watch. The. Keynote.  |O  |O

They talk about this...
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #37 on: September 18, 2017, 05:02:29 pm »
If this camera does not detect heat - only the 3d nature of a viewed object then a styrofoam wig head with a wraparound version of somebody's photo printed on it might be "recognized" as that person.

I see the makings of a potentially great YouTube video here! Dave, you already have the makings of this video!
Dude... Watch. The. Keynote.  |O  |O

They talk about this...

Tone it down, the keynote says actually very little about how it works.

Cdev is right. The "camera" (more accurately infrared camera and an IR projector, the rest doesn't really play a major role in the system) measures only depth and that is used to reconstruct the face. Similar things have been done with Kinect as well, including measurement of heart rate from the minuscule bulging of veins in your face (but that was Kinect 2 which doesn't have the PrimeSense system - Kinect 1 couldn't do it because of the low framerate, not necessarily a constraint that the Apple's system has). It certainly does not measure heat like a thermal camera (despite the BS heat image shown in the keynote)! The IR camera is only used to detect the dot pattern projected by the dot projector and that is used to calculate the shape. It is a basic structured light system, they just managed to miniaturize it using the PrimeSense IP and Apple's experience with building portable electronics. You don't even need any neural networks BS, only simple trigonometry to triangulate the point cloud and then reconstruct the 3D mesh from it.

If you want an explanation how this system works, there is a good basic video here:

It is the same method that has been used for the various 3D scanning apps available for Kinect and pretty much all structured light based 3D scanners (e.g. the cheap stuff based on a webcam + laser pointer with an object on a turntable).

So yes, that styrofoam head + photo printout attack is potentially plausible but not a very practical attack - if they train the system on the shape of the face, the fake head would have to be the exact duplicate of the victim's head. A generic foam head wouldn't work. Good luck obtaining something like that.

« Last Edit: September 18, 2017, 05:10:24 pm by janoc »
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #38 on: September 18, 2017, 07:22:50 pm »
Photogrammetry using something like VSFM can do that.

Actually, there are lots of tools that can do exactly that, create a super accurate point cloud and 3d model from a bunch of generic images.

Anybody who has been photographed enough times to have a corpus of photos likely has enough of their data online that an attacker could easily use it to make that 3d model.

For at least two decades people have been doing all sorts of cool stuff with photogrammetry and computers. Its not hard at all, just take a bunch of pictures of something, throw them all in a folder and the software does the work of creating a 3d reconstruction of it.

I have played around with it. 

Its not hard. You have to take a lot of images in a systematic way to get a model with no holes or artifacts. But it does work well.

Here is one possible application. Architecture. Somebody wants to build an addition onto their home but they dont have the original plans. They want an accurate 3d model of their home but they cant afford to hire a professional plan maker. So they do it via photogrammetry.

What do they do, they simply walk around and through it and take a huge number of photos from as many angles as possible and then use software like VSFM and CMVS to create a sparse point cloud and reconstruct a 3d model of it, both outside and inside.  Time expended, maybe an afternoon or so.. maybe even less once you get good at it.  A drone could likely automate the capture process and optimize the fly through and capture of both the exterior and the interior. 

Likewise with a person, even if there were no known photos of somebody online, when they were outside a drone could literally fly around that persons head even at a distance, take enough photos of them and zap, a computer could reconstruct a 3d model of them from that imagery.

Just as when you are making a panorama out of a series of images that overlap, each image can be used to stitch that one to the previous and next one. Then the software takes it one step further- extracting the geometry, It can then draw a texture over the shape. just as you do in your own mental map.
« Last Edit: September 18, 2017, 08:00:26 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #39 on: September 18, 2017, 07:54:20 pm »
If this camera does not detect heat - only the 3d nature of a viewed object then a styrofoam wig head with a wraparound version of somebody's photo printed on it might be "recognized" as that person.

I see the makings of a potentially great YouTube video here! Dave, you already have the makings of this video!
Dude... Watch. The. Keynote.  |O  |O

They talk about this...

Tone it down, the keynote says actually very little about how it works.

Cdev is right. The "camera" (more accurately infrared camera and an IR projector, the rest doesn't really play a major role in the system) measures only depth and that is used to reconstruct the face. Similar things have been done with Kinect as well, including measurement of heart rate from the minuscule bulging of veins in your face (but that was Kinect 2 which doesn't have the PrimeSense system - Kinect 1 couldn't do it because of the low framerate, not necessarily a constraint that the Apple's system has). It certainly does not measure heat like a thermal camera (despite the BS heat image shown in the keynote)! The IR camera is only used to detect the dot pattern projected by the dot projector and that is used to calculate the shape. It is a basic structured light system, they just managed to miniaturize it using the PrimeSense IP and Apple's experience with building portable electronics. You don't even need any neural networks BS, only simple trigonometry to triangulate the point cloud and then reconstruct the 3D mesh from it.

If you want an explanation how this system works, there is a good basic video here:

It is the same method that has been used for the various 3D scanning apps available for Kinect and pretty much all structured light based 3D scanners (e.g. the cheap stuff based on a webcam + laser pointer with an object on a turntable).

So yes, that styrofoam head + photo printout attack is potentially plausible but not a very practical attack - if they train the system on the shape of the face, the fake head would have to be the exact duplicate of the victim's head. A generic foam head wouldn't work. Good luck obtaining something like that.
My point was that not only would a generic head not work, the keynote expressly addresses even reproductions of actual persons' heads, namely that they had Hollywood FX artists prepare masks of them, and made sure it doesn't recognize those.
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #40 on: September 18, 2017, 08:09:06 pm »
This kind of model was being made commercially 20 years ago. Originally they used Lidar but now it can be done using ordinary photography or video as the source data used to create whats called a point cloud.

Of course "Hollywood Fx artists" - unless they had access to the persons facial geometry, could easily make a representation of somebody that looked like them but whose proportions would not be exact enough to relate to one another in the way a 3d model would mathematically. For that they need to use a computer and a corpus of person-identified photos, say from the iphoto or facebook or twitter or microsoft or google database, to make that model.

Computers are making it possible to save a lot of money in film production using photogrammetry and related technologies, in combination with motion capture.

Producers and directors can use different actors - make one actor look like somebody else, using motion capture in front of a green screen/chroma keyed background and photogrammetry derived models.
« Last Edit: September 18, 2017, 08:28:14 pm by cdev »
"What the large print giveth, the small print taketh away."
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #41 on: September 18, 2017, 11:20:56 pm »
Photogrammetry using something like VSFM can do that.

Actually, there are lots of tools that can do exactly that, create a super accurate point cloud and 3d model from a bunch of generic images.

Anybody who has been photographed enough times to have a corpus of photos likely has enough of their data online that an attacker could easily use it to make that 3d model.

Um, nope. For that to work the images need to be taken with a calibrated camera (i.e. you need to know the focal length, the optic center and the distortion parameters of the lenses + the size of the sensor) and have enough common features so that you can relate them together. A few random photos of someone taken with unknown cameras and who knows how processed will not do (even having the EXIF information is not sufficient!) if you want a geometrically accurate (not only visually plausible - e.g. good enough for film) model.

A plausible looking 3D reconstruction is possible to generate using a neural network from a single image already. However I very much doubt that this would be enough to fool the FaceID, because the details won't be correct.

Anyhow, this is a rather pointless discussion - nobody is going to build a 3D model of your face out of foam so that they can unlock your iPhone. A mugger will rather force you to unlock it at knife/gunpoint and police can compel you to unlock it in many jurisdictions or you will risk prison.

The FaceID (together with all biometrics) IS NOT meant to be a replacement for a pass code. It is only a slightly more convenient replacement for screen unlocking (aka the old slide-to-unlock) or the fingerprint.

So even if the phone was unlockable with a printed photo it wouldn't matter - it is not really meant to be some sort of fool-proof security barrier! Apple is being very explicit about this.


« Last Edit: September 18, 2017, 11:40:09 pm by janoc »
 
The following users thanked this post: tooki

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #42 on: September 18, 2017, 11:35:50 pm »
My point was that not only would a generic head not work, the keynote expressly addresses even reproductions of actual persons' heads, namely that they had Hollywood FX artists prepare masks of them, and made sure it doesn't recognize those.

Right, I think there you are correct. Unless the facial features are correct down to ~1mm (it is unlikely the system can resolve much finer details that this - it would need huge resolution and processing power => poor battery life), it most likely won't work. 

Film grade masks are never going to be that accurate - they only need to be visually similar, not geometrically identical to work. Moreover masks are never 100% rigid, so the dimensions e.g. between eyes or the distance between nostrils and the corners of the mouth won't match due to stretching.

Probably the only way to obtain a sufficiently accurate model would be to make a perfect cast of someone's head or a 3D scan and then fabricate it e.g. using a professional 3D printer - but that still fools only the geometry test.

It is rather trivial to algorithmically check that there is heartbeat (pulsing veins modulate the facial dimensions with a periodic signal) and that the eyes blink. I am pretty sure Apple is checking basic things like that. So I am not too worried about an attack like this. Barring a fatal bug/oversight in the implementation it is more than good enough for the intended purpose - which is unlocking the phone (aka replacing the slide-to-unlock/fingerprint). It is actually more secure than the fingerprint because those are much easier to capture and fake, fooling the commonly available scanners.

People who care about their data use a passcode/password instead.
« Last Edit: September 18, 2017, 11:41:53 pm by janoc »
 
The following users thanked this post: tooki

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #43 on: September 18, 2017, 11:41:47 pm »
Um, nope. For that to work the images need to be taken with a calibrated camera (i.e. you need to know the focal length, the optic center and the distortion parameters of the lenses + the size of the sensor) and have enough common features so that you can relate them together. A few random photos of someone taken with unknown cameras and who knows how processed will not do (even having the EXIF information is not sufficient!) if you want an accurate (not only visually plausible - e.g. good enough for film) model.

A plausible looking 3D reconstruction is possible to generate using a neural network from a single image already. However I very much doubt that this would be enough to fool the FaceID, because the details won't be correct.

Anyhow, this is a rather pointless discussion - nobody is going to build a 3D model of your face out of foam so that they can unlock your iPhone. A mugger will rather force you to unlock it at knife/gunpoint and police can compel you to unlock it in many jurisdictions or you will risk prison.

The FaceID IS NOT meant to be a replacement for a pass code. It is only a slightly more convenient replacement for screen unlocking (aka the old slide-to-unlock) or the fingerprint.

So even if the phone was unlockable with a printed photo it wouldn't matter - it is not really meant to be some sort of fool-proof security barrier! Apple is being very explicit about this.
How do you figure this is not meant to replace a pass code? It certainly seems to be. The finger print sensor was meant to be a quick and easy replacement for the pass code and this is a replacement of the finger print sensor. Apple explicitly saying it's not meant to be a fool proof security barrier is simple mitigation for any liability issues.

Also, police is luckily only able to compel people in a few places, and that's highly controversial.
 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #44 on: September 18, 2017, 11:47:13 pm »
Does anyone else not like the idea of some corporation having your picture as well as your GPS location your texts email contacts and browser history? Mix that with a consumer report and a credit report and I would imagine with all that you could make a psychological profile of someone that was really spot on.

Then NSA gets it. Then we have an administration that looks for all the people that disagree with it. Then its dec 31st 1983...  :scared:
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #45 on: September 18, 2017, 11:53:53 pm »
Does anyone else not like the idea of some corporation having your picture as well as your GPS location your texts email contacts and browser history? Mix that with a consumer report and a credit report and I would imagine with all that you could make a psychological profile of someone that was really spot on.

Then NSA gets it. Then we have an administration that looks for all the people that disagree with it. Then its dec 31st 1983...  :scared:
Guess what? With the data most of us surrender voluntary or by law, eerily accurate profiles can be, and already are being built. There are many examples of algorithms predicting people's behaviour and wishes more accurately than those people can do themselves already, and this is only the start.

One neat example would be the girl that got flyers in the mail about pregnancy related stuff. She had hidden that information from her father, but looking at her purchasing information, the store had figured it out. That's an example now five years old, when profiling was in its infancy compared to today.

http://www.businessinsider.com/the-incredible-story-of-how-target-exposed-a-teen-girls-pregnancy-2012-2
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #46 on: September 18, 2017, 11:57:46 pm »
How do you figure this is not meant to replace a pass code? It certainly seems to be. The finger print sensor was meant to be a quick and easy replacement for the pass code and this is a replacement of the finger print sensor. Apple explicitly saying it's not meant to be a fool proof security barrier is simple mitigation for any liability issues.

Also, police is luckily only able to compel people in a few places, and that's highly controversial.

No, it is not simply a liability issue. Biometrics, be it a fingerprint, retina scan or geometric configuration of your face are good to identify you because they are for all practical reasons unique - authentication.

However, they are horrible as a password - authorization. Something acting as a password must be by definition a secret known only to the people authorized to access the protected information. Otherwise there is no need for a password if everyone knows it.

That's a problem with biometrics. We are "leaking" biometric information everywhere we go - every object we touch, every hair we lose (DNA), ever photograph or video that is taken of us. That's like having a few buckets with copies of your house keys made and then leaving them everywhere with a note containing your address. Worse, the house locks (or passwords) can be changed. Your biomarkers are with you for life and the moment they are public, you are screwed if you use them as a password.

So if someone uses biometrics alone as a mean of access control for some feature or authorization of some operation, they are morons and will get compromised sooner or later. This is why Apple is explicit about this.

If you choose to use FaceID or fingerprint to unlock the phone instead of a password you are prioritizing convenience over security. And Apple is telling you as much. Ignore at your own peril.

 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #47 on: September 19, 2017, 12:01:42 am »
Does anyone else not like the idea of some corporation having your picture as well as your GPS location your texts email contacts and browser history? Mix that with a consumer report and a credit report and I would imagine with all that you could make a psychological profile of someone that was really spot on.

Then NSA gets it. Then we have an administration that looks for all the people that disagree with it. Then its dec 31st 1983...  :scared:

Do you have a smartphone, Beamin? If you do, then you better throw it away. All this data you are describing is available to both Google (if you have an Android phone) and Apple (if you are iPhone user). And probably ton of other companies that have some form of "telemetry" in almost every app you have installed.

Including the purchasing information and credit reports (in the countries that use those). Seriously, NSA probably couldn't care less about it but Google has built their entire business model on selling this information (that we voluntarily give them!) to advertisers.

 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #48 on: September 19, 2017, 12:07:30 am »
Does anyone else not like the idea of some corporation having your picture as well as your GPS location your texts email contacts and browser history? Mix that with a consumer report and a credit report and I would imagine with all that you could make a psychological profile of someone that was really spot on.

Then NSA gets it. Then we have an administration that looks for all the people that disagree with it. Then its dec 31st 1983...  :scared:

Do you have a smartphone, Beamin? If you do, then you better throw it away. All this data you are describing is available to both Google (if you have an Android phone) and Apple (if you are iPhone user). And probably ton of other companies that have some form of "telemetry" in almost every app you have installed.

Including the purchasing information and credit reports (in the countries that use those). Seriously, NSA probably couldn't care less about it but Google has built their entire business model on selling this information (that we voluntarily give them!) to advertisers.
I'm aware of this and I don't like it. The few apps I do use are closed as soon as I am done using them and I never will download "Free" apps where in exchange to play candy crush you are giving away all your personal info. I have found the best way to combat this is not to try and avoid it but rather put out a lot of misinformation. Since I can't stop my family from using face book I made several accounts under my name. They have pictures and everything they are close to my actual info but all the important parts are not quite right. Much harder to figure out which one is real when you don't know there are fakes and certainly not worth the effort of trying.
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #49 on: September 19, 2017, 12:28:09 am »
The FaceID IS NOT meant to be a replacement for a pass code. It is only a slightly more convenient replacement for screen unlocking (aka the old slide-to-unlock) or the fingerprint.

So even if the phone was unlockable with a printed photo it wouldn't matter - it is not really meant to be some sort of fool-proof security barrier! Apple is being very explicit about this.
How do you figure this is not meant to replace a pass code? It certainly seems to be. The finger print sensor was meant to be a quick and easy replacement for the pass code and this is a replacement of the finger print sensor. Apple explicitly saying it's not meant to be a fool proof security barrier is simple mitigation for any liability issues.
As I explained in a long comment above, the primary motivator for Touch ID (and thus now Face ID) was the people who used no passcode at all, despite the hoops you have to jump through to configure an iPhone to use no passcode. But indeed, nobody is claiming that Touch ID and Face ID are infallible, only that they're pretty decent. Which they are. Again, Apple is specifying a 1 in 50000 false positive rate for Touch ID, and 1 in 1 million for Face ID (except for close relations, with an unspecified lower accuracy). Combined with the limits on failed biometric authentication attempts (5 for Touch ID, 2 for Face ID) before the passcode is demanded, either one is still significantly more secure than a 4-digit passcode.

Does anyone else not like the idea of some corporation having your picture as well as your GPS location your texts email contacts and browser history? Mix that with a consumer report and a credit report and I would imagine with all that you could make a psychological profile of someone that was really spot on.

Then NSA gets it. Then we have an administration that looks for all the people that disagree with it. Then its dec 31st 1983...  :scared:

Do you have a smartphone, Beamin? If you do, then you better throw it away. All this data you are describing is available to both Google (if you have an Android phone) and Apple (if you are iPhone user). And probably ton of other companies that have some form of "telemetry" in almost every app you have installed.

Including the purchasing information and credit reports (in the countries that use those). Seriously, NSA probably couldn't care less about it but Google has built their entire business model on selling this information (that we voluntarily give them!) to advertisers.


Apple does not have that information, actually. They say they don't collect it, and with the scrutiny Apple gets from its haters, if Apple was sending it back contrary to its claims, somebody would have called them out on it by now. On the contrary, Apple is building a reputation as the only major IT vendor to actively fight for user privacy, to the extent of re-engineering its products to make it impossible for Apple to access user data, fighting the US government on decryption, etc. Remember, Apple doesn't make its money on selling user data and ad revenue, they're actively fighting that...

Edit: P.S. Look into Apple's research on "differential privacy", a method of aggregating data while making it mathematically impossible to identify a specific user or even seeing their data.
« Last Edit: September 19, 2017, 12:31:57 am by tooki »
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #50 on: September 19, 2017, 12:29:15 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
"What the large print giveth, the small print taketh away."
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #51 on: September 19, 2017, 12:38:33 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
(I assume this is a reply to the post before my comment.)

Or indeed, the accelerometers that some insurance companies offer, giving you a discount for being a "good" driver by seeing how much hard acceleration and hard braking you do, whether you speed, etc.
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #52 on: September 19, 2017, 12:39:19 am »
You do realize that if they did say they had collected "information xyz" they would then have to give it to all governments where Apple products were sold.  They couldn't give it to just some of them and not others. because under international law, they are all equal.

So, unless they want to have to give all of any specific kind of information they collect to all governments that want it, equally, they have to claim to not be able to access it for any of them.

Even if that's ridiculous.

Quote from: tooki on Today at 18:28:09

Apple does not have that information, actually. They say they don't collect it, and with the scrutiny Apple gets from its haters, if Apple was sending it back contrary to its claims, somebody would have called them out on it by now. On the contrary, Apple is building a reputation as the only major IT vendor to actively fight for user privacy, to the extent of re-engineering its products to make it impossible for Apple to access user data, fighting the US government on decryption, etc. Remember, Apple doesn't make its money on selling user data and ad revenue, they're actively fighting that...

Edit: P.S. Look into Apple's research on "differential privacy", a method of aggregating data while making it mathematically impossible to identify a specific user or even seeing their data.





Some kind of
zero-knowledge proof?
« Last Edit: September 19, 2017, 12:53:52 am by cdev »
"What the large print giveth, the small print taketh away."
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #53 on: September 19, 2017, 12:39:29 am »
No, it is not simply a liability issue. Biometrics, be it a fingerprint, retina scan or geometric configuration of your face are good to identify you because they are for all practical reasons unique - authentication.

However, they are horrible as a password - authorization. Something acting as a password must be by definition a secret known only to the people authorized to access the protected information. Otherwise there is no need for a password if everyone knows it.

That's a problem with biometrics. We are "leaking" biometric information everywhere we go - every object we touch, every hair we lose (DNA), ever photograph or video that is taken of us. That's like having a few buckets with copies of your house keys made and then leaving them everywhere with a note containing your address. Worse, the house locks (or passwords) can be changed. Your biomarkers are with you for life and the moment they are public, you are screwed if you use them as a password.

So if someone uses biometrics alone as a mean of access control for some feature or authorization of some operation, they are morons and will get compromised sooner or later. This is why Apple is explicit about this.

If you choose to use FaceID or fingerprint to unlock the phone instead of a password you are prioritizing convenience over security. And Apple is telling you as much. Ignore at your own peril.
If you look back at my earlier posts in this thread, I'm very aware of the issues with biometrics. The definition of authentication is confirming whether someone is who he claims to be, which is what this feature does. It's akin to a user name and password. You're allowed to interact with the user data and settings because of this authentication, just like a user name and password would.
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #54 on: September 19, 2017, 12:54:57 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
What do you think happens to the price of health insurance for those unwilling or unable to show the same? They will be required to pay much more, eliminating the benefits of an insurance. The point of insurance is to spread the risks over a large pool of people. If everyone pays for his own risks and costs, it's not insurance any more. You just pay your own bills, plus an insurance company. With better detection and predication of risks, the concept of insurance is becoming ever more problematic.

That's even before any discussion about privacy and having to fully surrender data of all aspects of your life to save a buck. Or not save a buck, because in the end, it'll inevitably all even out and end up where it started. It'll probably hurt quite a few people's feelings in the process too, as research indicates that most of us consider ourselves better than average when it comes to most things, with general health and lifestyle and driving cars being notable examples of self deceit on a grand scale :D
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #55 on: September 19, 2017, 01:19:13 am »
I agree with you totally, but because of the Understanding on Committments in Financial Services we're likely stuck with the FS status quo that existed on February 26, 1998 in a number of areas, health insurance being one of them. What I described to you is consistent with what that will require.

Ive already said too much.


Quote from: Mr. Scram on Today at 18:54:57>Quote from: cdev on Today at 18:29:15
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
What do you think happens to the price of health insurance for those unwilling or unable to show the same? They will be required to pay much more, eliminating the benefits of an insurance. The point of insurance is to spread the risks over a large pool of people. If everyone pays for his own risks and costs, it's not insurance any more. You just pay your own bills, plus an insurance company. With better detection and predication of risks, the concept of insurance is becoming ever more problematic.

That's even before any discussion about privacy and having to fully surrender data of all aspects of your life to save a buck. Or not save a buck, because in the end, it'll inevitably all even out and end up where it started. It'll probably hurt quite a few people's feelings in the process too, as research indicates that most of us consider ourselves better than average when it comes to most things, with general health and lifestyle and driving cars being notable examples of self deceit on a grand scale :D
"What the large print giveth, the small print taketh away."
 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #56 on: September 19, 2017, 01:23:06 am »
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
That to me is the worst because most health condition you can't choose because you are born with them. Why should people with diabetes or who where in an accident have to pay more or not be able to afford life saving health insurance? Isn't not being enough of a burden as it is? They are playing god with who gets to live long healthy lives and who gets sick and dies all to maintain profit. There are some things you just shouldn't be allowed to make money off of.
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #57 on: September 19, 2017, 01:32:08 am »
Its not health insurance that saves those lives, its health care!

But then again, we're told again and again that life is unequal. In some countries, people know from birth that they are going to have to clean up the bodies of dead people and animals, its predestined. Other people live a life of meditation and priestly reflection. What if we started considering things like healthcare and higher education to be a right? Then how do we decide who gets the best and who gets the worst? We would have to attempt to do the best we could with everybody. Same thing with immensely profitable cancer drugs. What about when we set up colonies on Mars. Should we just give air away?  See the problem? Suppose in 50 years most things are done by machines. Most people then wont have incomes. Machines will do all those unpleasant things that people are paid to do now. Sure, high skill very complex jobs will still exist but the meat and potatoes jobs of which there are literally billions will be very rapidly becoming solved problems - solved by technology.

Please let me stop now or I'll get in trouble


Quote from: Beamin on Today at 19:23:06

That to me is the worst because most health condition you can't choose because you are born with them. Why should people with diabetes or who where in an accident have to pay more or not be able to afford life saving health insurance? Isn't not being enough of a burden as it is? They are playing god with who gets to live long healthy lives and who gets sick and dies all to maintain profit. There are some things you just shouldn't be allowed to make money off of.
"What the large print giveth, the small print taketh away."
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #58 on: September 19, 2017, 02:17:13 am »
In the US alcohol was illegal for a period during the Great Depression, leading to the creation of a vast force of quasi police whose job was finding and eliminating alcohol everything. After the worst of the Great Depression they abolished the laws against alcohol and this huge police force.

Suppose we hypothesize that a vast surveillance state was being created. It would be logical that it would employ a lot of people. And they will need that because techniology is making predictable jobs easy to automate. The pace of these changes are rapidly increasing.

However, if every electronic device or service has got some 'additional functionality', lots and lots of people, all around the world, will need to have security clearances- so they can interact with this infrastructure. which will be almost everywhere.

All those jobs will be exempt from being outsourced, because its national security. They may be the only secure jobs unless you're literally world class in something.

People may "voluntarily" surrender their right to have opinions for economic security.

Quote from: Mr. Scram on Today at 18:54:57>Quote from: cdev on Today at 18:29:15
Look at it this way, people may voluntarily give up all sorts of information to get deals on things, health insurance is a good example. Maybe an "in shape" but middle aged 53 year old American male who otherwise could not afford health insurance with any deductible rate could get a deal where they only had to pay a fifth as much if querying their 'track record' demonstrated they consistently ran five miles a day. As long as they kept running, health insurance would continue to cost them only a fifth as much as it would otherwise until they turn 55.
What do you think happens to the price of health insurance for those unwilling or unable to show the same? They will be required to pay much more, eliminating the benefits of an insurance. The point of insurance is to spread the risks over a large pool of people. If everyone pays for his own risks and costs, it's not insurance any more. You just pay your own bills, plus an insurance company. With better detection and predication of risks, the concept of insurance is becoming ever more problematic.

That's even before any discussion about privacy and having to fully surrender data of all aspects of your life to save a buck. Or not save a buck, because in the end, it'll inevitably all even out and end up where it started. It'll probably hurt quite a few people's feelings in the process too, as research indicates that most of us consider ourselves better than average when it comes to most things, with general health and lifestyle and driving cars being notable examples of self deceit on a grand scale :D
« Last Edit: September 19, 2017, 02:26:22 am by cdev »
"What the large print giveth, the small print taketh away."
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #59 on: September 19, 2017, 02:26:13 am »
You do realize that if they did say they had collected "information xyz" they would then have to give it to all governments where Apple products were sold.  They couldn't give it to just some of them and not others. because under international law, they are all equal.

So, unless they want to have to give all of any specific kind of information they collect to all governments that want it, equally, they have to claim to not be able to access it for any of them.

Even if that's ridiculous.
Why is it ridiculous? Why is it, to you, implausible or impossible that Apple in fact does not collect that information? I mean, Apple literally re-engineered iOS security to make it impossible for them to unlock devices, so that they are incapable of unlocking them for law enforcement. As you correctly (if perhaps a bit condescendingly) wrote, Apple has to treat all governments the same. The best way to do that is to actually make it secure, not to pretend to! Imagine the fallout if they lied about it and a government proved it!!! It's far wiser to just actually lock it down the way they claim they do. Then anyone who tries to verify the claims will find that they are accurate.

Or are you folks really that paranoid? I would think that with security researchers, jailbreakers and hackers, and Apple haters in general, all trying to break into Apple's stuff constantly, and/or trying to find any possible dirt on Apple, that there would be ample evidence if Apple were lying about its security features.


Quote from: tooki on Today at 18:28:09

Edit: P.S. Look into Apple's research on "differential privacy", a method of aggregating data while making it mathematically impossible to identify a specific user or even seeing their data.

Some kind of
zero-knowledge proof?

Man, do I wish you'd just use, and master, normal quote forum tags instead of this blockquote HTML tag stuff. (Or are you using some app or something to access the forums instead of the website?)

Anyway, I don't think zero-knowledge proof is the same, but cryptography is not even distantly one of my areas of expertise, so I can't say with any semblance of certainty. Hence my suggestion to look it up.
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #60 on: September 19, 2017, 02:40:53 am »
There are global economic governance institutions that regulate telecommunications. According to Edward Snowden, corporations are required to give all governments access to all of the information they collect under these treaties which exist at an international level.

Disputes that arise are not settled by national courts, there is a special private arbitral court system set up for those kinds of "investor versus state" disputes. Corporations can sue countries, countries cannot sue corporations at that level.

Imagine how valuable face recognition data is. You can scan everybody walking down a street and know who they all are within a quarter second. You can get a good idea of their emotional state from their facial expression. This is an extremely valuable technology commercially.

Imagine if you had a snapshot of a person which included their emotional state, perhaps also heart rate which as was pointed out can be derived from tiny micromovements and color changes in the infraed part of the spectrum.

Suppose you had this data at a very great many instants in time, along with their locations.

What do people do after something important happens to them?

Quote from: tooki on Today at 20:26:13>Quote from: cdev on Today at 18:39:19
You do realize that if they did say they had collected "information xyz" they would then have to give it to all governments where Apple products were sold.  They couldn't give it to just some of them and not others. because under international law, they are all equal.

So, unless they want to have to give all of any specific kind of information they collect to all governments that want it,
equally, they have to claim to not be able to access it for any of them.

Even if that's ridiculous.
Why is it ridiculous? Why is it, to you, implausible or impossible that Apple in fact does not collect that information? I mean, Apple literally re-engineered iOS security to make it impossible for them to unlock devices, so that they are incapable of unlocking them for law enforcement. As you correctly (if perhaps a bit condescendingly) wrote, Apple has to treat all governments the same. The best way to do that is to actually make it secure, not to pretend to! Imagine the fallout if they lied about it and a government proved it!!! It's far wiser to just actually lock it down the way they claim they do. Then anyone who tries to verify the claims will find that they are accurate.

Or are you folks really that paranoid? I would think that with security researchers, jailbreakers and hackers, and Apple haters in general, all trying to break into Apple's stuff constantly, and/or trying to find any possible dirt on Apple, that there would be ample evidence if Apple were lying about its security features.

Quote from: cdev on Today at 18:39:19>Quote from: tooki on Today at 18:28:09

Edit: P.S. Look into Apple's research on "differential privacy", a method of aggregating data while making it mathematically impossible to identify a specific user or even seeing their data.

Some kind of
zero-knowledge proof?

Man, do I wish you'd just use, and master, normal quote forum tags instead of this blockquote HTML tag stuff. (Or are you using some app or something to access the forums instead of the website?)

Anyway, I don't think zero-knowledge proof is the same, but cryptography is not even distantly one of my areas of expertise, so I can't say with any semblance of certainty. Hence my suggestion to look it up.
"What the large print giveth, the small print taketh away."
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #61 on: September 19, 2017, 02:46:46 am »
There are global economic governance institutions that regulate telecommunications. According to Edward Snowden, corporations are required to give all governments access to all of the information they collect under these treaties which exist at an international level.

Disputes that arise are not settled by national courts, there is a special private arbitral court system set up for those kinds of "investor versus state" disputes. Corporations can sue countries, countries cannot sue corporations at that level.

Imagine how valuable face recognition data is. You can scan everybody walking down a street and know who they all are within a quarter second. You can get a good idea of their emotional state from their facial expression. This is an extremely valuable technology commercially.

Imagine if you had a snapshot of a person which included their emotional state, perhaps also heart rate which as was pointed out can be derived from tiny micromovements and color changes in the infraed part of the spectrum.

Suppose you had this data at a very great many instants in time, along with their locations.

What do people do after something important happens to them?
What are you talking about??!

It's pretty straightforward to design the hardware to simply not expose that information to the CPU at all, as Apple does with Touch ID (there's no info yet on Face ID, but I expect it's similarly sandboxed).

As for anything else, like location data... again, if you don't collect it to begin with, you can't share it even if subpoenad.
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #62 on: September 19, 2017, 03:12:50 am »
I have to bow out of this thread.

Frankly, remaining here and the fellowship of people here is more important to me and my sanity than explaining big global problems.
« Last Edit: September 19, 2017, 03:26:22 am by cdev »
"What the large print giveth, the small print taketh away."
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #63 on: September 19, 2017, 03:19:26 am »
What are you talking about??!

It's pretty straightforward to design the hardware to simply not expose that information to the CPU at all, as Apple does with Touch ID (there's no info yet on Face ID, but I expect it's similarly sandboxed).

As for anything else, like location data... again, if you don't collect it to begin with, you can't share it even if subpoenad.
The SEP isn't quite fully separated from the main processor, which may or may not allow for interaction that exposes some or all data. The recent release of the encryption key will certainly have a lot of researchers poking it from various angles to find out.
 

Online tooki

  • Super Contributor
  • ***
  • Posts: 5029
  • Country: ch
Re: Might the iPhone X open with a photograph of your face?
« Reply #64 on: September 19, 2017, 03:22:54 am »
What are you talking about??!

It's pretty straightforward to design the hardware to simply not expose that information to the CPU at all, as Apple does with Touch ID (there's no info yet on Face ID, but I expect it's similarly sandboxed).

As for anything else, like location data... again, if you don't collect it to begin with, you can't share it even if subpoenad.
The SEP isn't quite fully separated from the main processor, which may or may not allow for interaction that exposes some or all data. The recent release of the encryption key will certainly have a lot of researchers poking it from various angles to find out.
My understanding of the Secure Enclave is that, while it is part of the SOC, it's a separate CPU with separate memory, with separate buses to the security hardware, running a separate OS, such that the main CPU has no access whatsoever, beyond the barebones interface provided for authentication.

What encryption key release?
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #65 on: September 19, 2017, 03:47:16 am »
]My understanding of the Secure Enclave is that, while it is part of the SOC, it's a separate CPU with separate memory, with separate buses to the security hardware, running a separate OS, such that the main CPU has no access whatsoever, beyond the barebones interface provided for authentication.

What encryption key release?
There is some interaction between the AP and SEP at boot to set things up, which seems to leave some room to play with. The SEP also uses memory in the AP area, which is dynamically designated each boot. There also is the mailbox system, which allows data to be transferred back and forth between the AP and SEP, albeit in a limited fashion. The SEP is incredibly well protected and, as you say, almost a discrete SoC, but not quite. Of course, these things are subject to change between chip versions as Apple tightens its security, so what applies to this or previous generations may or may not do so to new devices.

About a month ago, the encryption key for the SEP firmware was released, which should greatly increase the likelihood of people finding vulnerabilities in at least older devices. It does, however, not mean a comprise of security itself.

https://www.macrumors.com/2017/08/18/hacker-releases-decryption-key-secure-enclave/
 
The following users thanked this post: tooki

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #66 on: September 19, 2017, 09:13:58 pm »
I'm aware of this and I don't like it. The few apps I do use are closed as soon as I am done using them and I never will download "Free" apps where in exchange to play candy crush you are giving away all your personal info.

I guess you are not aware that e.g. the location services are built-in into the OS and are running (and reporting back to Google) regardless of whether you use some app or not, even with wifi & GPS disabled - they will actually turn wifi on for scanning every once in a while to try to identify your position. I think the only exception is if the device is in the flight mode. Your e-mails, contacts, calendar are also stored on Google's servers. So whatever your apps are doing is quite irrelevant with the Google elephant in the room.

If you are an iPhone user, then most likely you are using their cloud services too. That Apple isn't selling advertising (yet) doesn't mean it is not collecting the data (or at least doesn't have them available in one form or another).


I have found the best way to combat this is not to try and avoid it but rather put out a lot of misinformation. Since I can't stop my family from using face book I made several accounts under my name. They have pictures and everything they are close to my actual info but all the important parts are not quite right. Much harder to figure out which one is real when you don't know there are fakes and certainly not worth the effort of trying.

That's fairly naive, cumbersome and, worse, doesn't really work unless you do it on a massive scale - which attracts attention by itself.

While you or me would have a difficulty identifying which account and which information is true, someone like Facebook that has access to the data from your mobile devices, sees which accounts are active when, can correlate the information with websites visited (every website that hosts the FB login button reports your visit back to FB even if you don't login there, it is enough that your browser has the FB cookie from some earlier login). They have also similar data for your "friends" who are linked to your account. And more recently they have even biometric information about your body size, your gender etc. if you are Oculus Rift user (which is owned by Facebook).

From this amount of data it is very easy to filter out the fake info - it doesn't match with the data collected from elsewhere. It is easy to lie but it is incredibly difficult to lie completely consistently - and the data mining algorithms are pretty good at rooting that out.

 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #67 on: September 19, 2017, 09:48:02 pm »
I'm aware of this and I don't like it. The few apps I do use are closed as soon as I am done using them and I never will download "Free" apps where in exchange to play candy crush you are giving away all your personal info.

I guess you are not aware that e.g. the location services are built-in into the OS and are running (and reporting back to Google) regardless of whether you use some app or not, even with wifi & GPS disabled - they will actually turn wifi on for scanning every once in a while to try to identify your position. I think the only exception is if the device is in the flight mode. Your e-mails, contacts, calendar are also stored on Google's servers. So whatever your apps are doing is quite irrelevant with the Google elephant in the room.

If you are an iPhone user, then most likely you are using their cloud services too. That Apple isn't selling advertising (yet) doesn't mean it is not collecting the data (or at least doesn't have them available in one form or another).
I don't use apples cloud services and only put things in google I wouldn't mind someone else seeing.

Quote
I have found the best way to combat this is not to try and avoid it but rather put out a lot of misinformation. Since I can't stop my family from using face book I made several accounts under my name. They have pictures and everything they are close to my actual info but all the important parts are not quite right. Much harder to figure out which one is real when you don't know there are fakes and certainly not worth the effort of trying.

That's fairly naive, cumbersome and, worse, doesn't really work unless you do it on a massive scale - which attracts attention by itself.

While you or me would have a difficulty identifying which account and which information is true, someone like Facebook that has access to the data from your mobile devices, sees which accounts are active when, can correlate the information with websites visited (every website that hosts the FB login button reports your visit back to FB even if you don't login there, it is enough that your browser has the FB cookie from some earlier login). They have also similar data for your "friends" who are linked to your account. And more recently they have even biometric information about your body size, your gender etc. if you are Oculus Rift user (which is owned by Facebook).

From this amount of data it is very easy to filter out the fake info - it doesn't match with the data collected from elsewhere. It is easy to lie but it is incredibly difficult to lie completely consistently - and the data mining algorithms are pretty good at rooting that out.

How do you know this? That's not sarcasm I seriously would like to know.
 
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #68 on: September 20, 2017, 02:42:03 am »
He's right, also there is a substantial body of academic literature on it and a growing public debate on whether its wise to let this be done to society.

If any of you want to verify this for yourselves, you should download a program like wireshark which includes tshark which is the command line version- on a machine with two NICs between your wireless access point and the network. (Otherwise the traffic wont be visible) Note that the packets are all encrypted with TLS so you wont know what it is they are sending, just that they are.

Well put.

Quote from: janoc on Today at 15:13:58>
I guess you are not aware that e.g. the location services are built-in into the OS and are running (and reporting back to Google) regardless of whether you use some app or not, even with wifi & GPS disabled - they will actually turn wifi on for scanning every once in a while to try to identify your position. I think the only exception is if the device is in the flight mode. Your e-mails, contacts, calendar are also stored on Google's servers. So whatever your apps are doing is quite irrelevant with the Google elephant in the room.

If you are an iPhone user, then most likely you are using their cloud services too. That Apple isn't selling advertising (yet) doesn't mean it is not collecting the data (or at least doesn't have them available in one form or another).
« Last Edit: September 20, 2017, 02:51:50 am by cdev »
"What the large print giveth, the small print taketh away."
 

Offline janoc

  • Super Contributor
  • ***
  • Posts: 3109
  • Country: fr
Re: Might the iPhone X open with a photograph of your face?
« Reply #69 on: September 20, 2017, 09:57:34 am »


Quote from: Beamin on Today at 07:48:02 AM

How do you know this? That's not sarcasm I seriously would like to know.
 



Part of my background is in artificial intelligence and data processing. However, there is a lot of work published on the topic.

For example using Netflix data: https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf

Quote
We apply our de-anonymization methodology to the
Netflix Prize dataset, which contains anonymous movie
ratings of 500,000 subscribers of Netflix, the world’s
largest online movie rental service. We demonstrate
that an adversary who knows only a little bit about
an individual subscriber can easily identify this subscriber’s
record in the dataset. Using the Internet
Movie Database as the source of background knowledge,
we successfully identified the Netflix records of
known users, uncovering their apparent political preferences
and other potentially sensitive information.



Or for social networks showing the linking of various auxiliary data sources in order to complete the information:
https://arxiv.org/abs/1703.09028

And that is just quick googling. Search for "deanonymization" and you will find a lot of info:
https://scholar.google.fr/scholar?hl=en&q=deanonymization&btnG=&as_sdt=1%2C5&as_sdtp=

These kinds of attacks are possible because of the huge databases of information and the necessary computing power becoming available in the recent years. Why do you think data scientists (original job description was "data mining") and "AI"  specialists are in such high demand today? Everyone and their grandma is mining their customer databases - it is often the most valuable thing the company has and many "products" sold today are little more than a cheap throwaway gimmick meant to collect your data. Why do you think applications like Whatsapp, Instagram or Facebook are free? You pay with your personal information.

* I have put AI in quotes, because most of the work is not really AI in the classic sense but using things like deep neural networks to extract more information from the large datasets.

 

Offline Beamin

  • Super Contributor
  • ***
  • Posts: 1437
  • Country: us
  • If you think my Boobs are big you should see my ba
Re: Might the iPhone X open with a photograph of your face?
« Reply #70 on: September 20, 2017, 08:34:28 pm »


Quote from: Beamin on Today at 07:48:02 AM

How do you know this? That's not sarcasm I seriously would like to know.
 



Part of my background is in artificial intelligence and data processing. However, there is a lot of work published on the topic.

For example using Netflix data: https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf

Quote
We apply our de-anonymization methodology to the
Netflix Prize dataset, which contains anonymous movie
ratings of 500,000 subscribers of Netflix, the world’s
largest online movie rental service. We demonstrate
that an adversary who knows only a little bit about
an individual subscriber can easily identify this subscriber’s
record in the dataset. Using the Internet
Movie Database as the source of background knowledge,
we successfully identified the Netflix records of
known users, uncovering their apparent political preferences
and other potentially sensitive information.



Or for social networks showing the linking of various auxiliary data sources in order to complete the information:
https://arxiv.org/abs/1703.09028

And that is just quick googling. Search for "deanonymization" and you will find a lot of info:
https://scholar.google.fr/scholar?hl=en&q=deanonymization&btnG=&as_sdt=1%2C5&as_sdtp=

These kinds of attacks are possible because of the huge databases of information and the necessary computing power becoming available in the recent years. Why do you think data scientists (original job description was "data mining") and "AI"  specialists are in such high demand today? Everyone and their grandma is mining their customer databases - it is often the most valuable thing the company has and many "products" sold today are little more than a cheap throwaway gimmick meant to collect your data. Why do you think applications like Whatsapp, Instagram or Facebook are free? You pay with your personal information.

* I have put AI in quotes, because most of the work is not really AI in the classic sense but using things like deep neural networks to extract more information from the large datasets.

So how can you lay low? I use the iPhone and don't use any free apps and the only other app is uber which get shut off after wards because they state in their privacy policy they will keep collecting  location anytime the app is on. I don't facebook twitter or do any social media. My biggest vulnerability is gmail and browsing history. I use firefox with ghostery and tor. I'm switching to my own email server. I also "opt out" of any type of "sharing" like with the bank and capital one. I don't do any cloud based services.

You can make a psychological profile of someone just off their youtube comments. I know that making the fake accounts has made it harder to find my info as I had someone try to look me up (a girl I met in real life before our first date). She told me she could find hardly any info on me like she has with other people. Shes not an IT expert but she is the average person who is going to represent the extent on which most people would try to find your info.

So my question is what am I missing since I know there are things I don't even know about.
« Last Edit: September 20, 2017, 08:45:42 pm by Beamin »
Max characters: 300; characters remaining: 191
Images in your signature must be no greater than 500x25 pixels
 

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #71 on: September 20, 2017, 08:51:59 pm »
So how can you lay low? I use the iPhone and don't use any free apps and the only other app is uber which get shut off after wards because they state in their privacy policy they will keep collecting  location anytime the app is on. I don't facebook twitter or do any social media. My biggest vulnerability is gmail and browsing history. I use firefox with ghostery and tor. I'm switching to my own email server. I also "opt out" of any type of "sharing" like with the bank and capital one. I don't do any cloud based services.

You can make a psychological profile of someone just off their youtube comments. I know that making the fake accounts has made it harder to find my info as I had someone try to look me up (a girl I met in real life before our first date). She told me she could find hardly any info on me like she has with other people. Shes not an IT expert but she is the average person who is going to represent the extent on which most people would try to find your info.

So my question is what am I missing since I know there are things I don't even know about.
Don't use a smartphone. If you must, use one with a specially selected ROM and applications. Although using any sort of mobile phone yields massive amounts of information about the user, which gives eerily accurate insights into his or her life.
 

Offline cdev

  • Super Contributor
  • ***
  • Posts: 5465
  • Country: 00
Re: Might the iPhone X open with a photograph of your face?
« Reply #72 on: September 20, 2017, 09:10:56 pm »
I would think that not using a cell phone might flag one for suspicion as well!

The bizarre thing is that every measure of crime that Ive seen seems to say that crime has been steadily falling for decades. Also, statistically the risks of being a victim of terrorism are almost nil. Not to say that it doesn't ever happen, but I think there are likely hundreds of larger risks. History also teaches us that absolute power corrupts, and enabling devices of every kind to collect data is a change that brings us much less in the way of benefit than risks, one that I think is very likely to be misused.

I concluded a long time ago that there really is no need for all of this "stuff" unless it could be made in such a way that really preserved privacy, which I don't trust others to tell me, so what I am really saying in, untill the average person actually has the knowledge to understand the technical issues, its a mistake to internet enable peoples lives to the degree they are doing. Especially I think a "cashless" society (which they really want) would be a mistake. There will be abuse and eventually a backlash against it.

Why aren't any of these issues being debated in the media in any detail? (they are being debated in the technical press, but few people read it.)

One question I have is why?

Why now?

Who picks the defaults for web browsers, and operating systems, for example, Whose needs are driving the proliferation of privacy destroying features and why?
« Last Edit: September 20, 2017, 09:49:34 pm by cdev »
"What the large print giveth, the small print taketh away."
 
The following users thanked this post: tooki, Beamin

Offline Mr. Scram

  • Super Contributor
  • ***
  • Posts: 9326
  • Country: 00
  • Display aficionado
Re: Might the iPhone X open with a photograph of your face?
« Reply #73 on: September 20, 2017, 09:36:59 pm »
I would think that not using a cell phone might flag one for suspicion as well!

The bizarre thing is that every measure of crime that Ive seen seems to say that crime has been steadily falling for decades. Also, the risk of being a victim of terrorism is almost nil. So there really is no need for all of this "stuff". None.
Note I wasn't talking about raising suspicion, but about the data you surrender. Not having a smartphone or social media accounts does raise suspicions, as we've already seen.

Also, we all know you shouldn't let facts ruin a good story ;)
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf