[Renaud]

What do you object to exactly if the biometric data is on device only?

I’m not sure what is the privacy risk there. The apps that authenticate you don’t have access to biometric data.

The main risk I see is if that data was compromised and made available for something else, but I haven’t seen any breach of that that ended up being useful for anything?

Or maybe I missed something?

[Ajay-p]

I don't trust the device, the maker, the company behind the facial recognition technology, and you. If I give software access to analyzing my face it opens the door to overt and covert acts that further erode my privacy.

But really, I don't need a reason other than I'm uncomfortable with it. I worry about people who are comfortable with it..

[marcellus23]

If you don't trust the manufacturer, then it doesn't matter whether you turn Face ID off, those sensors are still pointing at your face. Do you physically keep the face ID sensors covered by tape or something? And how do you avoid other people's phones/cameras seeing you?

[warkdarrior]

And if you don't trust the manufacturer, how do you make sure you identified and covered or disabled all of the sensors on the device?

[vel0city]

And you don't trust the manufacturer with a scan of your face, but you put a significant amount of communications and positional data and logins through it.

[catlikesshrimp]

>And how do you avoid other people's phones/cameras seeing you?

You are missing the point.

>those sensors are still pointing at your face

some phones have a popup front camera. The camera is inside the phone. It is obscured and it would be alarming if it pop up on its own accord.

[overstay8930]

Do you avoid going out in public? Are you never going to step foot in an airport? What is your threat model here? Because it's pretty trivial for anyone to get a 3d scan of your face without you realizing it.

This just sounds like textbook paranoia to me (as in, the actual dictionary definition as an illogical fear that impedes your normal life), because there's nothing reasonable about thinking FaceID is compromised to the point that you have increased your personal safety by not using it.

[kxrm]

> illogical fear that impedes your normal life

I don't agree with the premise that disabling bio-metric security impedes a normal life. Nor has OP given me any reason to believe they are afraid of it in the situations you described.

Passwords and pass codes (when managed well) are perfectly normal security tools to use to ensure your privacy on a device you own.

[lovethevoid]

You can’t ensure your privacy on a “device you own” if you don’t trust the device manufacturers.

[phone8675309]

> Because it's pretty trivial for anyone to get a 3d scan of your face without you realizing it.

Maybe we should do something about this rather than being defeatist and giving up on privacy.

[dylan604]

I don't want to upset or scare you, but if you've ever been in a picture that someone else has posted online to any social platform, your face has already been tagged, recognized, and a very thick file exists about you and everything you do, like, know, associate, etc.

[phkahler]

>> but if you've ever been in a picture that someone else has posted online to any social platform, your face has already been tagged, recognized, and

And that is a completely different issue. The OP just wants to prevent that type of thing when they can.

If I walked up to several individuals (maybe even you) on the street with a camera and tried to take a close-up, a lot of them would object. I don't think "why not let me take it, it's already online someplace" would be a convincing reason to allow it.

[eminent101]

> If I walked up to several individuals (maybe even you) on the street with a camera and tried to take a close-up, a lot of them would object. I don't think "why not let me take it, it's already online someplace" would be a convincing reason to allow it.

In many jurisdictions including where I live in, taking pictures at public places is allowed by law whether or not some other human happens to be in the frame of my picture. It is called "incidental inclusion".

Others can request me to exclude them from my picture but they can only request, they cannot force me to do so. Of course, if someone asked, I am going to be nice to them and try and exclude them from the picture. Others could also try and move a bit this way or that way so that they don't get included in my picture. We live in a society and we can work it out.

In reality though, nobody makes such a request because most people know the law and they know that if they are out there in the public, they could become part of other pictures by incidental inclusion.

[mrguyorama]

"Incidental inclusion" does not cover walking right up to someone and putting a camera in their face. Like, "incidental" is literally in the term.

[eminent101]

> "Incidental inclusion" does not cover walking right up to someone and putting a camera in their face. Like, "incidental" is literally in the term.

Correct! I don't see where I implied otherwise!

[catlikesshrimp]

> on the street with a camera and tried to take a close-up.

I might break your phone. How difficult would it be to sue me and for what purpose?

[gabeio]

> > on the street with a camera and tried to take a close-up.

> I might break your phone. How difficult would it be to sue me and for what purpose?

Easily. Damaging someone else's property is not even remotely on the same level as taking a photo of someone? How do I know it wasn't their _job_ to do so?

Honestly if you think that level of escalation is okay I hope to never meet you in person.

And trust me I find people taking photos of me creepy also but it's easier to block my face myself than to smash the person's device and expect to walk away.

[dylan604]

Why would I sue you? I'd just press charges for assault

[fragmede]

With how small cameras are these days, you can buy a pinhole camera and tuck it into your shirt and record everything without anyone being the wiser. Face as biometrics doesn't really work. Mother's and daughters and twins have similar enough face shapes to fool FaceID.

[MrDrMcCoy]

Theoretically, those kinds of images lack the necessary detail to qualify as biometric data. If they somehow do, then the whole category becomes invalid for that purpose.

I personally oppose all forms of biometrics for security, as it can neither be invalidated, nor is it safe from physical coercion. I also oppose biometric use for "tracking attention" because it's none of anybody's business but mine.

[fragmede]

tracking attention when you're driving is everyone's business. I'd rather you have a camera in your car making sure you're looking at the road, than have to drive next to someone who is on their cellphone and is trusting the self driving feature of their car.

[MrDrMcCoy]

There's a difference between tracking attention locally for driving as you suggest, and doing so for advertising and mobile device security, which is what the conversation was previously about.

While I consider your example valid in a vacuum, it poses a substantial privacy and financial risk in the real world. If a car that tracks attention also phones home, your insurance carrier may raise your rates or cancel your plan for occasional glances away (sneezes, children, etc), regardless of an actual problem on the road. Such measures ought to only exist locally within a car, but I have absolutely no faith that it will be implemented that way given the current data shared along those lines.

[fragmede]

I am moving the discussion somewhat but it's not a theoretical. Ford's Blue Cruise system has a camera that looks at the drivers eyes to make sure the driver is watching the road and not texting. It covers a large amount of freeways. it's not as good as Tesla's full self driving but it very much does the job of driving on the freeway in traffic for you.

[jobs_throwaway]

Or walked through any major city. There's cameras ~everywhere.

[EncomLab]

Or driven anywhere there are (fucking) Flock cameras...

[happyopossum]

> If I give software access to analyzing my face

I have the legal right to ‘analyze your face’ if you are out in public. Why do you believe that there’s something special about a highly secured, on device FaceID capture that makes it more dangerous than a guy with a camera across the street?

[gretch]

If you don’t trust them, then your act of not giving “software access” does nothing.

[jzb]

Some folks may find collecting biometric data inherently creepy. I mean, yeah, there's also "what might happen when* it's leaked" but ... I just don't like it. It feels maximally invasive.

* These days, I'd assume when, not if.

[kjs3]

You can change a password, you can't change your face. Agreed that we have yet to see the mass-hack based on biometric data that generates the ohshit moment, but from a risk perspective 'it hasn't happened yet' is cold comfort.

[exe34]

> you can't change your face

if you get involved with the wrong/right sort of people, they might do it for you

[catlikesshrimp]

I would rather change my password. Easier, faster, less painful. And it doesn't affect how others perceive me.

[giantrobot]

The biometric data is not your password. It's used to unlock a session token. Getting that session token requires a "what you know" password. There's lots of events that invalidate that session token not the least of which on phones is multiple presses on the lock button (on iOS at least).

[domador]

Yet in many cases it is. I've come across various systems where there is no "what you know" password only a "what you look like" password.

[kjs3]

Yup. I guess if you don't do much of this "it's not a password" sounds like "there's no risk".

[domador]

My own main objection is to biometric data being used as a password, since it is a publicly-viewable, likely-duplicatable password that can never be changed. My second objection is to the possibility of physical injury to me by someone that really wants to steal my credentials.

[dfxm12]

it is a publicly-viewable, likely-duplicatable password that can never be changed.

Is this true? I mean, you can't really show an iPhone a photo of your face to unlock it, can you? Or are you thinking of a different attack vector?

My second objection is to the possibility of physical injury to me by someone that really wants to steal my credentials.

This possibility exists even if your creds are something you know. It also exists if your creds are something you have, and you happen to have them on your person.

[domador]

> This possibility exists even if your creds are something you know. It also exists if your creds are something you have, and you happen to have them on your person.

I can hand over my credentials or secrets to a thief without injury to myself, but I can't safely hand myself over, or a piece of me.

[jerbear4328]

> Is this true? I mean, you can't really show an iPhone a photo of your face to unlock it, can you? Or are you thinking of a different attack vector?

If you have the information that the iPhone wants to see, it is possible to create a synthetic face matching that data and hold it up in front of the phone.[1] You could also probably open up the phone and hotwire the sensors to give the hardened processor holding your Face ID data the readings it wants.

Both of these things are super difficult to do, and much further out of reach of your average thief than simply printing out a picture of the person's face, but the point remains that it is theoretically possible.

[1] Bkav Corporation has made masks that can fool Face ID for about $150: https://www.pcmag.com/news/researchers-claim-they-can-dupe-i... https://www.bkav.com/top-new/-/view-content/65202/bkav-s-new...

[Zambyte]

For what it's worth, you can be beaten with a wrench until you cough up a password also. Obviously there is a difference, but it's worth considering and understanding that.

[domador]

Or I can cough up my password long before that, but if they need my biometrics, then they'll have to hold on to me personally... or a piece of me.