
Police told to avoid looking at recent iPhones to avoid lockouts - tekacs
https://www.engadget.com/2018/10/13/police-told-to-avoid-looking-at-iphone-x/
======
techsupporter
Discussion on a similar article here:
[https://news.ycombinator.com/item?id=18208954](https://news.ycombinator.com/item?id=18208954)
(65 comments)

------
nnd
A quick reminder: on iPhone X you can hold power button + one of the volume
up/down buttons for 2 seconds to temporarily disable Face ID.

~~~
jorvi
And if your movement is restricted, “Hey Siri, who am I?” will also trigger a
lockout requiring a PIN.

Edit: for clarification - this will not lock your phone by itself. If your
phone is locked (so on your lockscreen with the lock icon still there) it will
trigger a lockout and won’t allow biometric authentication until your PIN has
been entered.

~~~
1123581321
This does not work on an XS.

Neither do “lock my phone,” “disable Face ID,” or “require passcode.”

Edit: I was wrong - it does work for me when the phone is locked.

~~~
jorvi
Edit: see my parent comment or my response to joshstrange.

~~~
1123581321
Ah, I got it to work. Thank you!

------
Chazprime
Probably best not to disable the “Require Attention” option for facial
recognition - then if your eyes are closed or not focused on the phone, it
won’t unlock.

------
netgusto
Maybe a stupid question, but how comes they cannot just obstruct the front
sensors for faceid to fail?

~~~
orcs
That's what I thought. Just like making sure the phone doesn't connect to the
internet so it can't be remotely wiped. I don't own an iPhone so I might be
wrong but can't the cop just tape over the camera/sensor?

~~~
janekm
Most likely they would place it in a shielding bag to cover both issues.

------
jimworm
A PSA on biometric security's weakness against coercion - including law
enforcement, but likely more often abusive spouses or employers.

~~~
icebraining
Unlike the courts, an abusive spouse or employer won't presume innocence. They
will take your initial refusal to insert PIN/password as proof of guilt and
coerce you into doing so.

~~~
rocqua
With a spouse the 'threat' is that they can unlock your phone when you're
sleeping. This isn't about giving in to coercion, but about covert access.

Not sure how this works with an employer though.

~~~
flixic
That's why iPhones have "Require Attention" option, that checks that your eyes
are open and looking into the TrueDepth sensor.

~~~
pbhjpbhj
How do they cope against a video of you, like if I pretend to take a selfie
but video instead, oh whoops .. but then I have a video to use to unlock your
phone?

Or police could use the mugshot process to get a video?

~~~
icebraining
The iPhone camera makes a 3D "scan" by projecting infrared dots onto the face,
so putting a screen or sheet in front won't work.

[https://en.wikipedia.org/wiki/Structured-
light_3D_scanner](https://en.wikipedia.org/wiki/Structured-light_3D_scanner)

~~~
pbhjpbhj
Cool, I missed that development; seems it needs a bit of work to crack -
[https://www.wired.com/story/hackers-say-broke-face-id-
securi...](https://www.wired.com/story/hackers-say-broke-face-id-security/).

------
sbr464
Dupe
[https://news.ycombinator.com/item?id=18208954](https://news.ycombinator.com/item?id=18208954)

------
ysr23
[european here] I can't read this article as there is no way to opt-out of the
tracking - isn't this in breach of GDPR?

~~~
ZoomStop
A fellow HN detailed how he did it here, seems extremely non-intuitive.

[https://news.ycombinator.com/item?id=17235923](https://news.ycombinator.com/item?id=17235923)

~~~
yholio
It's somewhat easier to just browse in Firefox's private mode all the time
with trakingprotection enabled and no 3rd party cookies. Nothing is shared
with the tracking networks and any cookie set by the site itself is deleted at
the end of the session. As for the consent and GDPR annoyances themselves,
they can be killed easily with uBlock (along with the ads etc.).

Welcome to the smooth, no-tracking surfing experience of circa 2003.

~~~
jhabdas
Hope you're also using garlic encryption and blocking other apps which might
(probably are) sniping on you anyway.

------
andraganescu
Oath's gdpr wizard îs torture. I hope they will pay their share of fines for
it, just to compensate for the time wasted ...

~~~
IshKebab
Me too but has anyone actually been fined for this sort of thing yet? I tried
to report one site to the UK ICO and didn't even get an automated email reply.

Seems like the law exists but there's nobody to enforce it.

------
jhabdas
Though the iPhone X series uses a special chip to store the face I never read
it doesn't site the face of others. None of this really matters though as any
"authority" looking at your phone has the power to force you to unlock it
against your will.

New Zealand, for example, recently instituted a $5000 maximum fine for
individuals at airports who are unwilling to unlock their phones even asked by
"officials".

Both the US and NZ, along with several other countries, are part of the same
surveilance ring. So if you think not looking at your phone matters in the
slightest it doesn't. Not at all.

~~~
qwertay
Seems like it would be best to totally wipe all of your devices before
crossing a boarder and restore from backup over the internet when you are over
it.

~~~
pandapower2
Curious what the border control response is to being handed a phone that has
clearly been wiped immediately before the flight.

~~~
_jal
What are they going to do, demand a replacement with real data?

It is the phone you're traveling with. The point is supposed to be about
bringing illegal stuff into the country. A blank phone contains none. If they
want to explain that they need fed juicy private stuff for admission, well,
I'd love to hear all the details about that.

~~~
pbhjpbhj
I imagine they're going to view you with suspicion and so detain you for
[further] interview; probably add you to a watch list?

A completely blank phone suggests you're naively hiding something: like
carrying an empty box with an obvious fake bottom. Enticing stuff for a TLA
agent I imagine.

~~~
_jal
> A completely blank phone suggests you're naively hiding something

I'd see that more as "proudly refusing to play along", but interpretations of
course will differ. I'm willing to add little fuck-yous in the notes and pics,
if that helps interpretation.

Push back, people. Meekly bending over because you don't want to be
_inconvenienced_ is quite literally asking for more.

------
goldenkey
Thats just comically funny. "Hey cellmate, I need you to punch my face in."
"You sure dude?" "Yeah, they are gonna make me unlock my phone today...gotta
make it fail!"

~~~
dang
Could you please stop posting unsubstantive comments to Hacker News?

~~~
goldenkey
What exactly is unsubstantive about the ridiculousness of forced face ID
unlocks as referenced in the article?

------
quickthrower2
That is a good reason not to use face recognition.

~~~
philipbjorge
On iPhone X, you can hold the power button and volume up for 5 seconds and it
will lock the phone, disable Face ID, and force entering your passcode to
unlock.

~~~
tehmaco
You can also tap the power button five times in a row, which brings up the
emergency screen (Power Off, Medical ID, SOS call), but also disables face
recognition until a pin unlock has happened.

~~~
reneherse
Note this initiates an alarm and emergency call, with a three second window in
which to cancel. Quite a surprise!!

------
smaili
Very strange. I submitted this story about a half day ago and was marked as a
dupe.

~~~
dang
Not so strange; it's just that moderators don't see everything.

------
kgwxd
Face id and finger print id, unless used in addition to, not instead of, a
passcode, are convenience features, not security features. Removing the
"something you know" part of digital security makes anything else just shy of
useless. Apple should remove the options or start using honest terminology in
the configuration steps if they actually care about security.

