[Kattywumpus]

I do not want FaceID, and will resist it as long as possible. I do not want to normalize the idea that security should depend on a camera taking images of my face and environment. I am not alone in this, and believe this is one reason the iPhone X is selling poorly.

[DonaldPShimoda]

FaceID doesn't "take images of your face and environment" though. It uses a dot projection (the pattern is unique to each phone) to produce a 3D approximation of your face's structure, and collapses this into some sort of mathematical representation of your face. This information is stored in a separate chip on the phone which the OS does not have access to (and it never leaves your phone; Apple isn't using your face for processing in the cloud or anything). By their statistics, FaceID is an order of magnitude less likely to result in false positives than TouchID.

And aside from this, for people who are truly concerned about security, Apple recommends not using either FaceID or TouchID anyway (as both can be compelled by court order in the US).

[Kattywumpus]

> FaceID doesn't "take images of your face and environment" though.

From "How Apple's New FaceID Works" at Gizmodo:

"Face ID starts with an image of your face, but builds on top of it with the TrueDepth’s dot projector, which will invisibly project over 30,000 dots onto your face each time you look at your phone, creating and building on its map of your features.

"'We use the image and the dot pattern to push through neural networks to create a mathematical model of your face,' Apple’s Phil Schiller explained."

- https://gizmodo.com/how-apples-new-face-id-works-1803813400

Your objection to my objection might be that FaceID doesn't store the images it takes, but uses them to construct a facial map that it stores instead.

But even if that were any better, that's not true, either.

From Apple's iOS Security Guide:

"Once it confirms the presence of an attentive face, the TrueDepth camera projects and reads over 30,000 infrared dots to form a depth map of the face, along with a 2D infrared image. This data is used to create a sequence of 2D images and depth maps, which are digitally signed and sent to the Secure Enclave."

- https://www.apple.com/business/docs/iOS_Security_Guide.pdf

The public nature of your face inherently makes access to your phone less secure than the private nature of your fingerprints or even a PIN. But it's not the security of the phone, or the photos or face map stored on it that trouble me.

It's the camera-based security paradigm I reject. It reduces resistance to a surveillance society, and increases the incentives for other businesses to use face-identifying software, which destroys privacy in the real world. I don't want people to get used to surrendering their privacy to access their data, and I won't buy a phone that sends a market signal telling the corporate world that I accept these kind of privacy-destroying technologies.

Anyway, thanks for the thoughtful response.

[yladiz]

Are you arguing that a face map and high resolution infrared photo is more public than a fingerprint?

[Kattywumpus]

No. I'm saying that your face is more public than your fingerprint, and that makes your phone less secure. That's not my primary reason for being against FaceID, but it's an obvious truth that Apple has engaged in a lot of misdirection about.

[MBCook]

There is no evidence the iPhone X is selling poorly.

However even if it was my guess is surveys would show the $1k starting price would be a WAY bigger factor than privacy.

[kayoone]

> and believe this is one reason the iPhone X is selling poorly

Nah, the average apple buyer does not care about that at all.

[germainelol]

Yeah, I much prefer the button-less touch ID approach. Was kinda disappointed the new S9/S9+ also went with face ID.