shape
carat
color
clarity

Why I won't give Apple my fingerprint

kenny

Super_Ideal_Rock
Premium
Joined
Apr 30, 2005
Messages
34,500
Apple's newest iPhones introduce a fingerprint feature.
Now instead of remembering passwords you can just touch your iPhone to give it your fingerprint.

I am concerned hackers will get my fingerprint and thus steal my identity and go on an FCD shopping spree but have them mailed to THEIR address not mine.

I also do not trust the NSA and the US government.
Fingerprints are very tempting to use as a lojack to track our movements, communications and activities.

One of Snowden's leaked documents tells us Apple has already handed over our private information to the government.

Apparently a US senator agrees with me.

SNIP

A senior US senator believes the fingerprint recognition technology featured in Apple's new iPhone 5S raises "substantial privacy questions".

Senator Al Franken, chairman of the influential Senate Judiciary Subcommittee on Privacy, Technology and the Law, has written to Apple boss Tim Cook explaining his security concerns.

After stealing someone's thumbprint, hackers could "impersonate you for the rest of your life," he wrote.

Apple has yet to comment on the letter.

Mr Franken wants answers to a number of questions, such as:

whether the fingerprint data stored locally on the mobile phone chip in encrypted form could ever be stolen and converted into digital or visual form that would be usable by hackers or fraudsters
whether the iPhone 5S transmits any diagnostic information about the Touch ID system back to Apple or any third parties
how well customer fingerprint data will be protected and kept private
the exact legal status of such fingerprint data.
Mr Franken has asked Apple to answers his questions within a month of receiving his letter.

Meanwhile, hackers are gearing up to try to crack Apple's Touch ID technology.

END SNIP

The rest of the story: http://www.bbc.co.uk/news/technology-24177851
 
Re: Why I don't like giving Apple my fingerprint

+1 on this, Kenny, with you all the way.
 
iluvshinythings|1379707852|3524347 said:
It's don't understand why Apple implemented fingerprint security in the first place. Microsoft tried it a couple of years and it failed miserably.

http://www.networkworld.com/communi...stroys-entire-security-model-windows-accounts

This may be a dumb question, but how can a fingerprint be stolen?

The same way any other data can be stolen.
All computer code is written by smart humans.
Other smart (or even smarter) humans, aka hackers, can also crack computer code.
It is like picking a lock in that it gives the hacker the same access to data that the password holder has.
 
Yes... and no.

99% of the people you meet think their passwords are secure, and are confident that the media in/by which they employ said passwords are secure. At least 95% of that 99% are wrong - often laughably so!

Good security is *hard*. And *expensive*. And the concept of a "password" is a fundamentally idiotic and anachronistic solution that is now so thoroughly ingrained in modern society that to consider alternatives is terrifying... but that doesn't mean that those alternatives aren't actually a heck of a lot better 8)

Fingerprinting actually seems like a great idea - whatever key is generated is almost guaranteed to be unique, which takes a lot of the stupid out of letting people manage their own passwords. IF the reader works well, IF the resolving software works well, and IF it isn't a total PITA to use! But... well, that's rarely the case! I wouldn't hold not acquiescing to Microsoft's failure against Apple's R&D corp though - MS has a colourful history of bungling developments and releases, and I think there are enough die-hard Apple fanatics who'll guineapig absolutely anything they come out with to make it worth experimenting with, even if the end result is just confirming that it's a flop, and usability is Apple's forte...
 
Yssie|1379709593|3524370 said:
Yes... and no.

99% of the people you meet think their passwords are secure, and are confident that the media in/by which they employ said passwords are secure. At least 95% of that 99% are wrong - often laughably so!

Good security is *hard*. And *expensive*. And the concept of a "password" is a fundamentally idiotic and anachronistic solution that is now so thoroughly ingrained in modern society that to consider alternatives is terrifying... but that doesn't mean that those alternatives aren't actually a heck of a lot better 8)

Fingerprinting actually seems like a great idea - whatever key is generated is almost guaranteed to be unique, which takes a lot of the stupid out of letting people manage their own passwords. IF the reader works well, IF the resolving software works well, and IF it isn't a total PITA to use! But... well, that's rarely the case! I wouldn't hold not acquiescing to Microsoft's failure against Apple's R&D corp though - MS has a colourful history of bungling developments and releases, and I think there are enough die-hard Apple fanatics who'll guineapig absolutely anything they come out with to make it worth experimenting with, even if the end result is just confirming that it's a flop, and usability is Apple's forte...

But you can change a password.
You can't change your fingerprint, or the pattern in your iris.

If you find out some hacker has stolen your password you can change it to stop the future bleeding.
If you find out some hacker has stolen your finger print what are you going to do?
 
I don't own any Apple products... ::)
 
I guess I don't understand how a hacker could USE an acquired fingerprint? There is no way to make a Leibish purchase, as that was your example, with a fingerprint. That only requires a credit card number, billing address, which is info that is likely already in a whole lotta databases if you regularly shop online. Same with iris info. I have a retina scanner at work to get into my PC3 facilities - unless someone rips out my eye, without damaging the retina, how could they USE that info?
 
From what I understand apple has no access to your fingerprint, it's only recognized by your individual phone. It's stored on the hardware level on a chip that has no communication ability outside the phone.
 
I actually think it's quite a dumb idea - and in the end will flop; as its more of a gimmick than real security.

The phone is not storing your fingerprint. It is only storing a location pattern of key points from a partial print.

The problem is that to make it work with any kind of reliability the size of the partial print must shrink - which actually increases the odds of others having the same pattern.

More importantly, finger print scanners as security locks have failed miserably. There are far to many false readings. What happens when Techie finds out that they cannot access their phone as the reader is a hit hit miss hit hit hit miss miss hit hit.... you get my drift. If your hands are hot and sweaty... miss. If your ill and slightly swollen... miss, if you're female and its that time of the month... The actual stories of all the failures of finger print scanners is huge.

The only way to get around those issues is to either do a full rolling fingerprint - with properly cleaned hands (your fingerprint is about an inch or more wide). That cannot be normally done "on the fly"

Alternately you can make the detected pattern so simple that it can be matched by 10-20% of the population (which is what Apple must have done).

Also, people making silicone copies of your fingerprints have historically fooled all fingerprint scanners.

IT and Security tested finger print scanners (the $5-$10,000 kind) where I work a few years ago - and by the time they were done the idea was quite dead as for something to implement in the nuclear plant world.

Anyway - I suspect its a feature that will actually be disabled rather quickly by many.

Have a great day,

Perry
 
Credit card companies floated the idea of fingerprint i.d. but it's never gotten off the ground, thank goodness. I wouldn't go for it at all. I don't have any Apple products but would definitely not hand over my prints to anybody. I don't trust the gov't or businesses not to give them out or not to get hacked. No way.

--- Laurie
 
We own Apple devices but I won't give my fingerprint, either... I have my locator turned off, as well. The only time I turn it on is if I'm going somewhere w/my kids that we normally don't go or are if we're on vacation, in case I loose my phone.
 
I read that cell phones can be tracked even when they're off; it was in an article about all the ways gov't follows people. It said the only way not to be tracked is to remove the battery.

Anybody know if that's correct?

--- Laurie
 
JewelFreak|1379798857|3524919 said:
I read that cell phones can be tracked even when they're off; it was in an article about all the ways gov't follows people. It said the only way not to be tracked is to remove the battery.

Anybody know if that's correct?

--- Laurie

I'm curious too.
My $19.95 dumb-phone does not have any GPS feature.
Does that mean I don't have to remove my battery to not be trackable?
 
kenny|1379799912|3524938 said:
JewelFreak|1379798857|3524919 said:
I read that cell phones can be tracked even when they're off; it was in an article about all the ways gov't follows people. It said the only way not to be tracked is to remove the battery.

Anybody know if that's correct?

--- Laurie

I'm curious too.
My $19.95 dumb-phone does not have any GPS feature.
Does that mean I don't have to remove my battery to not be trackable?

Partially correct: Your phone can be tracked just by triangulating its location from Cell Phone Towers even if there is no GPS feature. Thus, you can either take the batteries out - which stops the trackability of the phone; or you can store it in a heavy metal box that prevents enough signals from getting to/from the phone for the cell phone towers to even know that the phone is there. You can then take the phone out of the box when you wish to make a call. Note - you obviously cannot receive an incoming call when the phone is in a box as the cell towers do not even know it is there.

There is a 3rd option involving jamming technology - which is not legal for anyone to use (only government agencies can legally use jammers).

Have a great day,

Perry
 
Fingerprinting sounds like more trouble than it's worth. What if you cut your finger and have to wear a bandage? How will it work then?
 
with you on this, Kenny.
its bad enough we give up so much info to "the system".
 
Again, they don't have your fingerprint. It's like going to disney world. You go in the gate, they measure 5 points on your fingerprint for a match but they don't actually store your print. Your points are on a chip inaccessible to apple or anyone else. Watch the keynote address in June. My son is a developer and went to the conference. You are all paranoid for nothing.
And what are you doing that you don't want your location known? What if you were carjacked and location services were off? Or you got lost in the woods? Or you phone was stolen? At least the police could find you. I have nothing on there that I care if I am tracked.
 
For the record, if you've been arrested, work in finance, work in law enforcement or any other secured or cleared type of job, "they" already have your fingerprint. And technically, anything you touch "they" can pull it from.

I don't really think this is THAT big of a deal. The ones that want to track you, have been doing so for years, much longer than you knew about, and already know what you're up to, and how to find you if they want to. If you don't want it to continue, don't have a computer, don't have a phone, don't have a residence with utilities, and pay cash for everything. They don't need the unique number sequence this item applied to your fingerprint to do it.
 
Hi All,

I needed to have my fingerprints taken when i volunteered to do some work at the jail where I live. I never even thought about the Gov't now being able to track me because I am in their data base. I have had no hint of the Gov't caring about what I do for the last 20yrs, which is when I gave my fingerprints.

I think what April says is most interesting. Apple doesn't have your fingerprints. I have also read that even when the courts use fingerprints at trial, they only use a certain number of points to conclude that they can only belong to the criminal.. There are others who could fill the same criterion, but it is always downplayed. So. even the court case fingerprinting does not really exclude all others.
Not as an exact science as they would have us believe.

IMO your social security is the worst offender for tracking. I resent that. Gov't is surely into our lives too much.


Oh Kenny, you were in the service weren't you? Doesn't the Govt already have your fingerprints? Annette
 
smitcompton|1379880322|3525334 said:
Oh Kenny, you were in the service weren't you? Doesn't the Govt already have your fingerprints?

Yes and yes, and that chances nothing about how I feel about what Apple's doing.
 
JewelFreak|1379798857|3524919 said:
I read that cell phones can be tracked even when they're off; it was in an article about all the ways gov't follows people. It said the only way not to be tracked is to remove the battery.

Anybody know if that's correct?

--- Laurie

They always take the battery out in shows like Breaking Bad, so it's probably right. ;) I have no idea but it's funny that people are so paranoid about phone stuff, but give away all kinds of personal info on the internet w/out any hesitation.

The only way to ensure a person is not tracked or whatever is to live entirely off the grid. Everything people say can be tracked so it's actually kind of important NOT to say things that the wrong person can misinterpret.

One example:
http://kotaku.com/jailed-league-of-legends-player-it-s-been-blown-out-o-754179072
 
German group claims to have hacked Apple iPhone fingerprint scanner

A group of German hackers claimed to have cracked the iPhone fingerprint scanner on Sunday, just two days after Apple Inc launched the technology that it promises will better protect devices from criminals and snoopers seeking access.

Two prominent iPhone security experts told Reuters that they believed the German group, known as the Chaos Computing Club, or CCC, had succeeded in defeating Apple's Touch ID, though they had not personally replicated the work.

"Fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints," a hacker named Starbug was quoted as saying on the CCC's site.

Two days. It took them 2 days. :|

Full article http://news.yahoo.com/german-group-claims-hacked-apple-iphone-fingerprint-scanner-023223193--finance.html
 
kenny|1379711313|3524382 said:
Yssie|1379709593|3524370 said:
Yes... and no.

99% of the people you meet think their passwords are secure, and are confident that the media in/by which they employ said passwords are secure. At least 95% of that 99% are wrong - often laughably so!

Good security is *hard*. And *expensive*. And the concept of a "password" is a fundamentally idiotic and anachronistic solution that is now so thoroughly ingrained in modern society that to consider alternatives is terrifying... but that doesn't mean that those alternatives aren't actually a heck of a lot better 8)

Fingerprinting actually seems like a great idea - whatever key is generated is almost guaranteed to be unique, which takes a lot of the stupid out of letting people manage their own passwords. IF the reader works well, IF the resolving software works well, and IF it isn't a total PITA to use! But... well, that's rarely the case! I wouldn't hold not acquiescing to Microsoft's failure against Apple's R&D corp though - MS has a colourful history of bungling developments and releases, and I think there are enough die-hard Apple fanatics who'll guineapig absolutely anything they come out with to make it worth experimenting with, even if the end result is just confirming that it's a flop, and usability is Apple's forte...

But you can change a password.
You can't change your fingerprint, or the pattern in your iris.

If you find out some hacker has stolen your password you can change it to stop the future bleeding.
If you find out some hacker has stolen your finger print what are you going to do?

Sure you can Kenny - just take up cooking, or a stringed instrument! the left sides of my second and third fingertips don't even HAVE print patterns anymore thanks to the violin & viola ::)

I wouldn't believe the software is designed to re-create a complete map of your fingerprint - I think it probably takes a handful of points as a key. So you could "hack" it to re-create the key, but I doubt you could use that key to actually represent a fingerprint in detail :sick: Really though, I do see what you're saying about unchangeability...
 
Ooh the question how does someone steal your fingerprint reminds me of the Torchwood episode, where the bad guys needed to get in a high security place: they kidnap the employee and... cut off his hands :o
Yuck.

I'm not against use of biometrics for security purposes (iris scans, fingerprinting) but I would personally wait until tech is more stable, or there is alternative way of getting into phone if fingerprint doesn't work (it's not all or nothing).
 
I got my new iPhone and you can continue to use the password and turn off or not enter the fingerprint. It is really convenient!
 
I've had to use my fingerprint at work for a long time now...to clock in and out and to pull meds. I think this is standard practice in most hospitals now. Even before this, when I worked in the school system, we had to be fingerprinted during the interview process. Like it or not it seems as if technology is heading in this direction. I can't get paid without my fingerprint. My job won't even print paper checks anymore! That being said, I have the new iPhone and if you don't want to use your print its no big deal. Heck, I don't even keep my phone locked because my toddler likes to use it during the day. The only time I lock it is when I go to work and then I can still choose a standard PIN number if I want. No biggie.
 
GET 3 FREE HCA RESULTS JOIN THE FORUM. ASK FOR HELP
Top