
IPhone 5S: How safe is your fingerprint with Touch ID? - recordcore
http://scinotions.com/2013/09/according-to-apple-your-fingerprints-are-safe-with-touch-id-but-are-they-really/
======
probablyfiction
This article doesn't really answer the question it poses. Unless there is some
huge security flaw that cannot be fixed, this marks the beginning of
mainstream fingerprint recognition. Other companies will quickly follow suit.
Yes, fingerprint technology has been around for a while, but it's always been
either an optional accessory or used in a niche case where heightened security
was required. Apple's use of fingerprint as ID is new and groundbreaking in
this context.

There; I've said more of substance than the author said in his whole article.

------
daughart
It seems like Apple has been clear about the security of your fingerprint on
your iPhone. Could the NSA be hacking your phone and retrieving this
information? Nothing is impossible, but probably not if Apple has done what
they describe.

A lot of the paranoia on Reddit and even HN seems misplaced to me. Federal and
state governments already have large fingerprint databases. Most of you
probably don't even remember when the police visited your grade school and
taught the class about finger printing. Guess that they were collecting. So
it's possible but unlikely that the federal government will collect your
fingerprint data. However, we KNOW that the federal government is widely
collecting communication metadata. This information is a much greater threat
to freedom than your fingerprint. Both datasets are identifying, but one
reveals a lot of additional information - about your lifestyle, habits,
politics, speech, ideas, etc. The fingerprint conveys none of these.

The government has lots of ways to identify you if they want to. Most of these
methods of identification are MUCH easier to implement than fingerprints
(communication metadata and patterns, face recognition, license plate
tracking, etc.). In the end, making a cell phone call is more convenient but
less secure than other types of communication, but we accept this trade-off.
The trade-off for using a fingerprint to facilitate dozens of daily
interactions with your phone seems possibly more favorable in terms of
privacy.

~~~
itsmequinn
I feel like the mention of the NSA and PRISM in this article is so tangential
to the issue as to be misplaced. Why mention the NSA here when there's no
evidence or reason to suppose that they'd want to mass-collect our fingerprint
data specifically? I mean, I suppose anything that is sent over the internet
might be intercepted and stored/analyzed by the government but it's getting to
the point where NSA and PRISM are just popular buzz words adopted by anyone
and everyone trying to make a name for themselves in the tech community
("check out my app that pokes fun at the NSA and PRISM issue", "5 reasons I
will be protecting my data from NSA/PRISM").

I'm not saying there's no threat to privacy here just that there are a lot of
reasons other than the NSA and PRISM that make data privacy important and that
we should be focused on the larger issues.

~~~
DanBC
I agree that the shoe-horning of NSA / GCHQ into every possible thread is
tiresome.

But are you aware that US Government already collects and stores very many
fingerprints?

Here's a 2008 Reuters article: ([http://www.reuters.com/article/2008/03/25/us-
security-finger...](http://www.reuters.com/article/2008/03/25/us-security-
fingerprints-idUSN2538685320080325))

> The U.S. government has been collecting digital fingerprints and photographs
> of nearly all non-citizens aged 14 and up entering the country since 2004,
> officials said, in a Homeland Security program called US-VISIT, at a cost of
> $1.7 billion.

> [...] On an average day, almost 14,400 international visitors undergo the
> fingerprinting process at Kennedy, officials said.

> More than 2,000 criminal and visa fraud cases have been detected by the
> screening process, introduced in response to security concerns following the
> attacks of September 11, 2001, U.S. officials said.

They fingerprint vast numbers of people, and use "detection of criminals" as a
reason, but don't seem to catch that many people.

See also DNA gathering - the UK has a huge horrible DNA database. It's easy to
get on that database (be arrested) and hard to get taken off that database.

I wouldn't be surprised if fingerprints were being stored by some government
agency somewhere. Not sure that'd be NSA, because there's not much they can do
with it.

------
lvh
This article appears to contain very little substance, and basically just asks
the question, asserts that "nothing is safe in the digital world", and
provides no evidence or argumentation.

Don't get me wrong, I think fingerprint scanners are probably broken until
proven otherwise, but this article does nothing to enlighten anyone...

------
twiceaday
Just like with passwords, Apple probably keeps a salted hash of your
fingerprint instead of the real deal.

