[Nux]

There you go, more proof that most people don't give a shit about surveillance, privacy and the lot.

Here it is, the one device that can create the biggest fingerprint database in the world sold 9 million units in a couple of days. NSA must be jubilating.

Very "forward thinking" indeed.

[mikeash]

Cell phones are basically mobile spy boxes. If you carry a cell phone with you, then the government can record every conversation you have, track your position at all times, and steal every password you enter into the phone.

If you're already OK with that, why would you possibly care about your fingerprint? I don't get it.

[snom380]

You missed the part where the fingerprint is stored so it's not even accessible to the OS and are never stored online?

Oh, but I guess the NSA has a back door and will manage to collect them all without anyone noticing, right? Just like they record all the sound from your phone mic and upload it?

I'm all against unlawful spying by the NSA, but give me a break.

[logicallee]

>You missed the part where the fingerprint is stored so it's not even accessible to the OS and are never stored online?

I guess you missed the past 14 weeks of revelations. Either that or I admire your dedication to believing general company claims in the face of all evidence that this is not the status quo.

[snom380]

I didn't miss them, and I'd like you to link to the revelation that tha NSA routinely collects data stored locally on iPhones with Apples consent and involvement.

[Nux]

I take it you are OK with _lawful_ spying by the NSA?

I do not believe them the fingerprint is not stored.

People claim just a hash is saved, maybe - but what is stopping the gov for example to use the same algorithm and hash their existing fingerprint db?

[geuis]

No, it can't. Why people don't listen to the damn talks given by the people who build these things is beyond me.

It was explicitly said during the announcement that no fingerprint is actually stored. It looks for certain unique ridges and swirls and builds up a hash from that. That hash is the only thing communicated to Apple. No fingerprint data is transfered.

[Geee]

You're wrong. Nothing is communicated to Apple, ever. Fingerprint data stays in the secure memory on the A7 and the scanner is the only thing that has access to it. The system is completely closed to the device which contains the TouchID sensor. For example, you can't use your fingerprint to activate a new device.

[milesskorpen]

As people have written a thousand times so far, the finger print isn't saved off device. Yes, it is saved. But if someone can get your device, they can also get your fingerprint (probably from the screen of the same device).

[olleicua]

Since you are making this claim, I'll assume you've read the entire codebase of iOS. Is there anything stopping Apple from sending out an update that uploads the fingerprint?? Is there anything stopping the NSA from requiring Apple to do this?? It's not paranoia anymore.

[adolph]

From an Occam's Razor POV: it would be simpler for some agency to require a backdoor or transfer the character-based unlock, which they could apply whether the phone has a finger-reader or not. Since I haven't read the entire codebase of any of the operating systems I use, my paranoid self says "Expect root-ation!" while my normal self says "Get back to work, quit reading and writing internet commments!"

[snom380]

Given the fact that we've seen no evidence of such updates previously, and rather we've seen Apple take many steps to protect privacy and even seen NSA leaked slides detailing how they need access to PCs to read iPhone backups, I think it's extremely unlikely that they would ever take the risk of pushing an customer-wide software update.

If you are worried about being specifically targeted, you shouldn't use an off the shelf cellphone at all, and this discussion is moot.

[tedunangst]

Is it possible for software to even read the fingerprint from the sensor, as opposed to only asking the sensor if this fingerprint matches a previous fingerprint????

[snom380]

The processing happens on the A7 chip, but separated from the OS. Of course, the question is whether it's possible for Apple or someone else to update the fingerprint software to give back more data than just the yes/no, or if you could reconfigure the hardware so that the OS can talk to the sensor directly.

But again, I'm much more concerned about all the other information my cell phone operator, so this is quite simply just hysteria, and undermines the rightful concern us techies have about surveillance.

[tedunangst]

My theory is the hardware is isolated precisely to prevent a software bug (update) from being able to access the raw fingerprints. "Children's game steals fingerprints" is exactly the headline Apple doesn't want to see. But that's just speculation, maybe it is accessible.

[danabramov]

How about hardware design doesn't allow it because the thing being stored is a hash?

[joakleaf]

We've seen this for a couple of weeks now... The NSA can collect your finger print from the airport among other places already with technology specifically for this purpose.

How do they benefit from collecting your fingerprint from a phone?

What is it you think they can do with it that they cannot already do?

Tracking cookies from Facebook and Google can do far more to invade on your privacy.

[ChikkaChiChi]

Weird. I just travelled from Minneapolis, to Atlanta, and back again and I'm all but certain I did not actually touch ANYTHING in any airport.

[joakleaf]

When you enter the US, you've had to give your finger prints for many years now.

I've even been scanned once leaving.

That means they have a database of all US and non-US citizen's who has entered the country.

I am not a US citizen, but I don't understand why Americans have never complained about it?

[tedunangst]

Citizens aren't fingerprinted.

[joakleaf]

In that case, I stand corrected and I am sorry about that.

However, it does sound like it would be really easy for the US government to convince everybody that citizens should also have their finger prints scanned to confirm their identity.

In fact it is really really odd that they only scan foreigners to confirm their identity.

[ubernostrum]

The US isn't the only country that does this. Japan does it too, at least.

[tedunangst]

You didn't have to take off your shoes and put them through the DNA extraction device disguised as an x-ray machine?

[ChikkaChiChi]

Funny, except for the fact that I managed to look angry enough about the whole process that I did get a pat down.

I still get a kick out the the XKCD battery comic...

[jsz0]

I don't think the weird zealous paranoia does much to change their minds. If anything it might motivate 'normal people' to steer clear of questioning privacy issues.