
Interview: Apple’s Craig Federighi about Face ID - craigkerstiens
https://techcrunch.com/2017/09/15/interview-apples-craig-federighi-answers-some-burning-questions-about-face-id/
======
DCKing
I don't get it. This focus on FaceID seems to me some successful marketing
spin by Apple, and the media seem to be drinking the Coolaid (again). Face
recognition in my book is not a replacement for a fingerprint reader.

See I don't doubt that FaceID will be good. I don't doubt the quality Apple
provides when they introduce features like this. I'm sure it will work
amazingly well, because unlike almost all previous implementations Apple
actually makes purposeful hardware for it.

The thing is, I don't want to look at my phone to unlock it. With a
fingerprint reader - on my current Xperia and my current iPhone - my phone is
unlocked _before_ it faces me. I unlock it when I get it out of my pocket. I
unlock it while lying on the table when it's facing the ceiling. I unlock it
to peek at messages in meetings under the table. Needing to face your phone to
unlock it seems to just be a really weird concession to me. As others point
out, it also seems to be a minor concession security wise. It seems to be some
typical form-over-function Apple thing again - UX and security concessions for
a better looking phone. They should've slapped a fingerprint reader on the
back once it turned out the under-the-screen fingerprint reader wasn't viable.

Having to go through some ritual to face your phone and slide it open to
unlock feels like a hassle and a downgrade. Especially on a €1000+ phone. So
yeah, the Apple distortion field is still a real thing it seems. Or maybe the
way I use my phone is weird. But either way, I don't get it.

~~~
MBCook
How is this less secure?

I really don't see what's so bad. To use my phone I have to look at it. So as
long as it unlocks fast enough (reportedly it does) them it's a non-issue.

> I unlock it when I get it out of my pocket.

Once you look at it, it will be unlocked.

> I unlock it while lying on the table when it's facing the ceiling.

Depending on how you're positioned this maybe an issue.

> I unlock it to peek at messages in meetings under the table.

If you can look at the screen from a reasonable angle then it can see you and
unlock.

I wish people would stop bashing this stuff 15m after it's announced in the
presentation. Let's see what the security white paper says. Let's see what
reviewers who have been allowed to use it say (they couldn't enroll at the
event).

Until then this is all straw man arguments (on both sides, my comments are
based on Apple reasonably delivering what they promise).

~~~
DCKing
I'm not sure you fully understand my post. Again, I'm totally willing to go
along with Apple's story for a 100% in the way it works. But they're pretty
clear in their presentation and marketing that you have to 1) look at your
phone and 2) slide to unlock it with your finger.

But this is much slower and are far less flexible than picking your phone out
of your pocket, or from anywhere else, with your finger on the sensor. And
nobody is mentioning that this is a downgrade.

You see, FaceID is not 100% new. Face unlock existed on the Galaxy Nexus. It
also existed in much improved form on the Lumia 950 and Galaxy Note 7. I will
100% grant you that FaceID will be far more accurate still than these
implementations. But accuracy is not the issue here: all these methods imply a
two step face unlocking ritual, which again is a downgrade over no ritual with
a fingerprint scanner.

In the end it seems pretty clear to me that face unlock - in _any_ form - will
be far less seamless than finger unlock. It makes your phone slightly less
easy to use. Yet Apple seems to be successfully arguing that it's an upgrade
or at least an equivalent. But it just can't be, no matter how good their
implementation is. That's what I don't get.

~~~
threeseed
1\. You've never used the device so making statements like "this is much
slower" is pointless conjecture.

2\. FaceID is completely different to the Nexus which is based solely on 2D
image recognition and is easily able to be forged and doesn't work in low
light conditions.

3\. From what Craig said in the Daring Fireball interview it will actually be
much faster than TouchID since the authentication apparently happens in
parallel to the unlock operation.

~~~
DCKing
I'm not sure why I get this response. You seem to imply I have issue with the
quality of Apple's next gen implementation, which I have twice explained I
don't. Or you imply that I can't have an opinion on the concept of and hassle
involved with face unlocking in general, which (as I also already explained)
has been around for years and Apple clearly has not made any conceptual
changes to.

Let me clarify for the third time. My opinion is the following: _no face
unlock mechanism can be as good as a fingerprint unlock_ for the flexibility
and speed of use as explained above. FaceID will likely be far and away the
best face unlock method we've ever seen but it's still a face unlock method
and therefore slower and more restrictive than a fingerprint unlock. What I
don't get is that nobody else is talking about it, because Apple has
successfully spun the discussion to be about the quality of FaceID as opposed
to the (lack of) merits for face unlocking on smartphones.

I'd actually be excited to have face unlock on laptops and PCs (actually that
exists already as Windows Hello, but dedicated hardware would be nice). But on
phones I consider it to be inferior to fingerprints _conceptually_.

~~~
nicky0
Seems you have a failure of imagination. I'll try:

When did you last unlock your phone without subsequently looking at it?

Seems to me FaceID removes the need to first unlock, then use phone. New way
is: just use phone. So I expect FaceID to be faster to use.

~~~
DCKing
> When did you last unlock your phone without subsequently looking at it?

I unlock my phone and then not look at it when making phone payments (Apple
Pay will definitely take a step back with this). I also switch between maps
and driving apps in the car while keeping my eyes on the road. I often peek at
something on my screen well outside of the FOV of any front camera. My use of
my unlocked phone is not at all limited to things I need to take my face's
positioning in account for.

I don't particularly appreciate being accused of a failure of imagination and
then having to respond to an arbitrary limited assumption of my smartphone
use. It's not my imagination that's the problem here.

But the point is moot. My entire issue with it that I don't want to wait to
initiate unlocking once it's in front of my face. Even if FaceID is instant,
and I would accept that all my use is in the FOV of the front camera, Apple
still requires me to slide to unlock the device.

~~~
nunb
you don't have to "look at it" \-- as long as there's line of sight it should
work. I pretty much agree with your position though, just wanted to clarify
that as long as the infrared scanner can find your eyes/nose you're good to
go. Another commenter pointed out that you need to swipe, which supports your
point that it's slower than touch ID. maybe I'm getting pulled in by the Cook
RDF, but I'm cautiously optimistic.

------
wyc
> So, if you were in a case where the thief was asking to hand over your phone
> – you can just reach into your pocket, squeeze it, and it will disable Face
> ID. It will do the same thing on iPhone 8 to disable Touch ID.

I imagine that authorities will catch on pretty quickly: "keep your hands up
and away from your pockets while we retrieve your device." It would have to
happen before any kind of duress.

~~~
mikeash
One scenario where it would be really useful is being pulled over in a car.
Give your phone a quick squeeze before you even stop the car. It'll also be a
more convenient way to disable the feature before going through customs.

The tech community's reaction to this stuff seems to boil down to "it does not
solve every single problem therefore it is pointless." Which is silly,
although to be fair it seems to be the tech community's reaction to a lot of
things.

~~~
jayd16
>"it does not solve every single problem therefore it is pointless."

If its something to do with security then yes, it is pointless. It doesn't
matter how secure your door is if your window is open.

~~~
kalleboo
So you're saying I shouldn't even bother with a PIN?

~~~
jayd16
I'm not saying this is true of Face ID but if you set a pin, and there is also
a much less secure way to unlock the phone, then yeah the pin was pointless
because attackers will just go through the path of least resistance.

Said another way, the chain is only as strong as its weakest link.

------
favorited
I assumed this was a link to Conan's sketch. Gruber pointed out how surprising
it is "that Federighi is famous enough to spoof."

[http://www.loopinsight.com/2017/09/14/craig-federighi-on-
con...](http://www.loopinsight.com/2017/09/14/craig-federighi-on-conan/)

~~~
jkolyer
Federighi has been with Apple/NeXT for at least 27 years. I worked with him in
1996.

~~~
interlocutor
Not true. He was at Oracle around 1992 where he worked on "druid" user
interface builder, then he went to NeXT where we worked on WebObjects then he
went to Ariba where he was CTO, then to Apple. (Source: I worked alongside him
in the early 90's.)

~~~
favorited
Wil Shipley had a pretty good write up of Craig's Apple history, going back to
meeting him at NeXT. Obviously it's just Wil's opinions, but an interesting
read nonetheless.

[http://blog.wilshipley.com/2011/03/celebrating-betrand-
serle...](http://blog.wilshipley.com/2011/03/celebrating-betrand-serlet-and-
craig.html)

------
usaphp
> “On older phones the sequence was to click 5 times [on the power button] but
> on newer phones like iPhone 8 and iPhone X, if you grip the side buttons on
> either side and hold them a little while – we’ll take you to the power down
> [screen]. But that also has the effect of disabling Face ID,” says
> Federighi. “So, if you were in a case where the thief was asking to hand
> over your phone – you can just reach into your pocket, squeeze it, and it
> will disable Face ID. It will do the same thing on iPhone 8 to disable Touch
> ID.”

Interesting. I did not know that

~~~
saagarjha
It’s a new feature in iOS 11.

------
kiliankoe
How would FaceID be used to authenticate In-App-Purchases? Currently it's a
finger on the home button, but I'd be somewhat scared if looking at the screen
is all that's necessary to confirm a purchase. I'm pretty sure a second
confirmation will be used, but I'm curious.

~~~
gls2ro
From a pure statistical comparison (as also presented in the keynote) your
face is more unique than your fingerprint in normal situation. When talking
about edge cases (like someone trying very hard to rob you) then both of them
have their own drawbacks. So from this points of view I don't see any major
difference betweeen them. If you trust TouchId then you can trust FaceId in
the sense of correctly indentifying while paying that YOU are the one who is
authorizing the payment. I don't think there will be another confirmation
other than the payment Flow implemented by the apps.

~~~
kiliankoe
That's not what I meant. I'm interested in the UX. When I accidentally click
to purchase an IAP currently, nothing happens until I actually confirm it with
TouchID. With FaceID it could presumably already have confirmed the purchase
because I looked at the screen too long.

~~~
dpkonofa
If it works anything like Apple Pay, you'll be required to push the side
button to confirm a purchase. The Face ID piece will simply authorize you but
there's still an action required to make the purchase.

------
idlewords
I trust Apple's security team to have implemented this in a way that preserves
safety and privacy. Apple have shown themselves to be very good at that.

That said, I find Face ID extraordinarily troubling, because it normalizes the
idea that your phone actively scans your facial features during use. Just like
carrying around an always-on pocket beacon became part of the 'new normal'
with the introduction of the smartphone, a phone that looks back at you during
use will become part of the new normal, too.

When you combine this with business models that rely not just on advertising,
but on promises to investors around novelty in advertising, and machine
learning that has proven extremely effective at provoking user engagement,
what you end up with is a mobile sensor that can read second-by-second facial
expressions and adjust what is being shown in real time with great
sophistication. All that's required is for a company to close the loop between
facial sensor and server.

Apple is unlikely to be this company. But Google, Facebook and Amazon are.
What I anticipate is the next generation of Home and Echo to have cameras
(Amazon is already moving in this direction), along with whatever piece of
hardware Facebook produces. The idea of devices that look back at you will
gain acceptance, just like always-listening voice assistants have gained
acceptance. All of these will become input sources to learning algorithms.

What is already an incredibly potent toolchain for political manipulation will
become even more powerful, with no oversight, accountability, or even much
understanding by those who built it on the way it can be profitably used and
misused. Its effects will be field-tested in democratic elections that affect
the lives of billions.

This is what Zeynep Tufekci has called the architecture for networked fascism,
and by manufacturing a mass-market device with active facial scanning, with
the best of intentions, Apple has moved us a big step further along this
dismal road.

~~~
mortenjorck
I was going to say that the way to avoid this eventuality is to insist that
any competing system have the same granularity of permissions and
compartmentalization that it presumably will on iOS - but then I realized
that, naturally, the very same applications that stand to use this technology
in the creepiest ways will also add user-facing features to encourage the
granting of these permissions.

So Facebook will add its own spin on animoji, requiring full face-tracking
permissions - and then begin quietly mapping emotional response to every
timeline entry.

~~~
tomaskafka
Yep - as happened with microphones. 'Enable microphone to call your friends -
and to let us listen in background for ultrasound advertisement ids form
nearby televisions'.

------
makecheck
What I worry about is drivers. Texting while driving has been illegal in
multiple places for years but to this day it is downright easy to find an
example of someone still doing it. Now imagine these fools deciding to _turn
away and look_ because their phone is not unlocking otherwise...

~~~
sushisource
This is a great point, and probably way more impactful than anything else
mentioned in this thread. People _will_ continue to be shitheads and use their
phone while driving, that's inevitable, and this could make that even more
distracting.

Now they've got to take their eyes off the road for a second, or fumble with
holding the phone above the wheel.

~~~
stuartd
If you're going to use your phone while driving, then you're going to _have_
to look at it to do so. How you unlock it is irrelevant.

~~~
secabeen
Not necessarily. I've been in a classroom, opened my phone with the
fingerprint sensor, written a reply to an IM I just received, glanced down to
confirm that auto-correct got my language right, and hit send. It's not that
frequent, but I have done it.

------
minimaxir
A relevant note from the interview is official confirmation that the
5-presses-of-sleep/wake-disables-Touch-ID is intended as a privacy move. (and
adds new info that the iPhone 8 has an easier squeeze-only trigger for this
feature.)

~~~
satysin
I only had a quick skim of the article so maybe I missed it but is there a
quick disable for Face ID like there is for Touch ID?

Can law enforcement just hold the phone up to your face and unlock it? We all
know Touch ID is not protected under the 5th Amendment so I am going to assume
Face ID is not either.

~~~
redbergy
The article said you'll be able to use the new method (hold sleep/wake and
volume button for 5 seconds to require a passcode to unlock – i.e. disabling
face/touch id).

~~~
satysin
Thank you! Figured I had missed it skim reading on mobile :)

------
noncoml
My understanding is that FaceID and TouchID are more of convenience features
than security features, so I don't see what all the fuss is about.

Shouldn't one just disable both of them and use a long passlock code if they
are serious about security?

~~~
valuearb
You'd have to be super serious about security to disable either of them. If
you are a high ranking government official, or super secret spy, maybe.
Because with FaceID they can't spoof it with a photo, they can't break into
the secure enclave to get your facial map data, and even if they are able to
take a high resolution 3D photo of your face and build an identical mask to
your face, it probably won't work.

This and TouchID are the most secure authorization features ever created,
because 100% of people will use them,, and less than 1% will create long
passcodes.

------
thinbeige
Very good interview. It shows that this feature is well thought-out and
security-wise better than expected.

~~~
MBCook
Given how well the implemented TouchID a few years ago I'm not surprised. I
don't remember seeing any major criticism of TouchID, just amsome praise from
security folk for how well thought out the implementation was.

~~~
davidcbc
TouchID had a much lower bar to clear, just be better than a pin or password.

FaceID has to be at least as good as TouchID or it is a step back for the
iPhone.

------
ksk
It will be interesting to see what developers can do with the sensor,
especially for AR. I wonder if you could stick two iphones together back to
back and have one "see" the world in 3D and have the other augment it in some
way.

------
mithr
> Developers ... [are] given a depth map they can use for applications ...
> This can also be used in ARKit applications.

This has me very excited. ARKit already does an impressive job of tracking as
you move around your environment, and the major thing that seems lacking is
being able to map existing objects to know where they are in relation to
virtual ones.

If they do this well, especially when it comes to automatically obfuscating
virtual objects with real ones, it could allow ARKit to be used for creating
much more immersive experiences.

------
sigmar
The comments about the "attention" detail make it sound like they have tested
this extensively with diverse groups. But I've wondered if they had anyone
"red team" to see if they could fool it. Faces are less private than
fingerprints, and I imagine the police would jump to buy a tool that can
unlock phones. Statistics about the false-positive rate are mostly meaningless
in an adversarial case. Maybe it is mentioned in the forthcoming white paper.

~~~
Osmium
> Faces are less private than fingerprints

Possibly, but it's also easy to pick up someone's fingerprint from anything
they've touched after the fact. With faces, you have to actively record/3D
scan someone. It's not clear whether e.g. security cam footage will be
sufficient fidelity to reconstruct a 3D face in enough detail, but this will
be interesting to find out.

In case anyone missed it, Apple claimed false positive rates for Touch ID were
1 in 50,000 and for Face ID were 1 in 1,000,000.

> Statistics about the false-positive rate are mostly meaningless in an
> adversarial case.

I imagine what those special effect masks were for, to test for the
adversarial case. I also imagine that's why there's an IR camera too -- I'm
not sure what wavelength of IR this is, but it seems distinct from the depth
mapping, and would be more difficult to fool on a mask.

~~~
macintux
> It's not clear whether e.g. security cam footage will be sufficient fidelity
> to reconstruct a 3D face in enough detail, but this will be interesting to
> find out.

That would be NSA-grade security cameras, and based on the photorealistic
masks they tested, even that shouldn't be good enough.

~~~
Osmium
> photorealistic masks

But it's not yet clear how much photorealism matters vs. 3D shape, which may
be a lot lower fidelity.

------
jafingi
The thing I'm really looking forward to with Face ID is when apps are using
it. Fine for unlocking the phone, but think about it.

Right now, if you access your bank, Dropbox, 1Password etc. you open the app,
wait for the Touch ID dialog to appear, then move your finger from the screen
(where it was) and to the Touch ID to authorize.

With Face ID; just open the app, and you're authorized. This is a HUGE thing
in regards of usability.

I love it.

------
shams93
Law enforcement don't have to guess which of your 10 fingers you used for
touch id, they don't need your consent to handcuff you and then point the
phone at your face to get into your personal info. With touch if they have to
get you to do something you comply it's your fingers with this it seems much
easier for authoritarians to abuse.

~~~
eric_h
But it won't work if your eyes are closed, or not looking at the screen. All
it takes is 5 fails, and then your face is no longer an authentication token.

~~~
ajanuary
I haven't seen anything that explains what constitutes a failure. It seems
plausible no eye contact wouldn't constitute a failure. It also seems
plausible it would, but they may have to be more relaxed about what
constitutes an "attempt" as looking at the phone is less definite than placing
a finger on the sensor.

------
ssijak
Security wise, maybe they could implement a feature where if you look at the
phone with a recorded grimace (one eye closed, or blinking fast or raised
eyebrows etc etc) it would disable faceid. So if someone wants to force you to
unlock it you just comply and make a face

------
mthoms
I'm wondering whether Apple sees this technology totally replacing TouchID, or
if they will continue to offer it in the next 3-5 years on some devices?

~~~
stillmotion
Word on the street was that they were planning on including both TouchID and
FaceID in the X, but scrapped it earlier this year due to low yields during
mass production[0].

[0] [https://www.macrumors.com/2017/04/12/apple-struggling-
with-t...](https://www.macrumors.com/2017/04/12/apple-struggling-with-touch-
id-under-display/)

~~~
MBCook
Which is contradicted by this interview as well as discussions John Gruber has
had with some of his sources.

------
late2part
I was raised that MFA = something you have and something you know. Your face
and your fingerprint are the former. They're not passwords.

------
jpalomaki
Can't help thinking Face ID is something Apple had to do, not something they
really wanted.

Reading fingerprint with/through the touch screen [1] sounds a better
alternative if they ever get it working well enough.

[1]
[https://www.google.fi/amp/s/www.theverge.com/platform/amp/20...](https://www.google.fi/amp/s/www.theverge.com/platform/amp/2017/2/14/14615228/apple-
fingerprint-reader-patent-touch-id-smartphone-screen)

~~~
rahoulb
I remember having to force myself to set a PIN because it got in the way. I'm
sure the idea of a phone that doesn't need any intervention to unlock it has
always been the plan.

------
xz0r
> _If there are 5 failed attempts to Face ID, it will default back to
> passcode. (Federighi has confirmed that this is what happened in the demo
> onstage when he was asked for a passcode — it tried to read the people
> setting the phones up on the podium.)_

Well, on the demo onstage, he did not enter the passcode after being asked for
it. He just said "Let me try that again". Is it just a cover up?

~~~
rahoulb
He tried again then said let's switch to a backup - so a different phone?

~~~
xz0r
Yeah you're right. I missed that.

------
gnicholas
Interesting to see accessibility (for vision-impaired users) pop up here. Good
to see that Apple thought about that and came up with something. I wonder if
enabling the accessibility mode will result in haptic feedback that the device
was unlocked.

------
kibwen
Quoted bullet points FTA:

\- If you haven’t used Face ID in 48 hours, or if you’ve just rebooted, it
will ask for a passcode.

\- If there are 5 failed attempts to Face ID, it will default back to
passcode. (Federighi has confirmed that this is what happened in the demo
onstage when he was asked for a passcode — it tried to read the people setting
the phones up on the podium.)

\- Developers do not have access to raw sensor data from the Face ID array.
Instead, they’re given a depth map they can use for applications like the Snap
face filters shown onstage. This can also be used in ARKit applications.

\- You’ll also get a passcode request if you haven’t unlocked the phone using
a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.

Lots of people in the threads here yesterday seemed to misunderstand how these
things are implemented. Importantly, you cannot set up FaceID without first
setting up a password (biometrics are a carrot for getting users to set up
passwords, _not_ intended to subsume passwords), and you'll still be prompted
for a passcode around once a week so you won't go forgetting it.

~~~
nariinano
The 4 hour rule sounds VERY annoying. It means for example I'll be forced to
type my passcode after waking up. So many years of Touch ID will make such a
burden UNBEARABLE.

~~~
MBCook
I think that's a misinterpretation. Here is the full quote:

> You’ll also get a passcode request if you haven’t unlocked the phone using a
> passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.

You already need a password if you haven't used TouchID in 48 hours.

This rule seems to exist to make sure you have to enter your password after
about a week if by then you go over 4 hours without using FaceID.

You don't need to use a password _any time_ you go more than 4 hours. I agree
that would be insane and would be much stricter than what they apply to
TouchID (which they say is less secure).

EDIT: I notice the GP's comment seems to have been edited since the time you
posted yours.

~~~
kibwen
I copied the text directly from the article, unedited; it really is just
worded poorly (I did the same double-take).

~~~
MBCook
I remember thinking that when I read the article (I totally agree), but I
thought you had summarized it earlier instead of a literal copy.

Sorry.

------
limeblack
[removed]

~~~
mikestew
_I do not know how this works_

"...but that won't keep me from commenting." The answer you seek is in the
article that you didn't read.

------
dhanh
Can Face ID feature still work in outdoor environment, specially under
sunlight?

~~~
matthewmacleod
I think we can all be fairly confident that a key feature in Apple's flagship
new phone will work in sunlight, yes.

~~~
eric_h
I'm not sure if the weather in California really provides enough sunlight for
sufficient testing...

~~~
oceanswave
There's sunlight in California? Good gravy I need to get out more.

------
jccalhoun
I wonder if they licensed any tech from Microsoft because faceid seems to work
a lot like Windows Hello

------
fish_fan
Wow, so the facial recognition is both used and trained in the secure enclave.
Imagine a future where you could root your phone by showing it a picture of an
artfully encoded payload printed on paper.

~~~
MBCook
Come to think of it, that would make a great movie plot.

"It turns out an engineer hid a backdoor in the phone. You can unlock anyone's
phone if you can just show it The Macguffin.

But now he's died and the world is about to be blown up and we need to figure
out what was on his phone before it's too late.

We only have 36 hours left to find The Macguffin and unlock his phone before
FaceID won't work; his 75 character password is totally unguessable."

Hollywood? Get in touch.

------
blackflame7000
How did Apple get consent from a billion people to use their likeness in their
training set of images? Is it possible to train a facial recognition software
acurately using different photos of the same person VS different people all
together?

~~~
usaphp
He said "billion images" not "billion people".

~~~
blackflame7000
Everyone who downvoted totally missed the point, that stating you trained with
a billion images is a useless statistic. If i trained with a billion images of
a firehydrant how does that help me distinguish a lamp post? For all we know
it could have been 100 pictures of 10000 people.

But yea, totally worth the negative 5 karma for some reason.

------
pmontra
I can unlock my phone with my fingerprints in the dark (example, at bed during
the night). Do I have to turn on the light to use FaceID or do I have to type
in a PIN instead? That would be progress /sarcasm.

I could also unlock my phone and my tablet with my face (don't remember how
Sony and Samsung call that method) but it means that I have to point their
cameras to me. Maybe it's me but their cameras tend to point to the ceiling
when I'm holding them. Fingerprints are faster. Even the swipe pattern on the
tablet is faster.

FaceID is probably more about the current impossibility of adding the
fingerprint sensor to the bezelless and thin iPhone X. I expect Apple to solve
that at the next iteration. FaceID would stay and be useful for some purposes,
but people will be back at unlocking iPhones with their fingers.

~~~
Drakklor
No, it uses infrared so you do not need to turn on the lights

According to the leak from last week it should be able to unlock even if
laying flat on a table.

------
randyrand
How to hack FaceID:

You'll need:

1\. 2 phones (at least 1 with an IR camera, such as another Iphone X)

2\. a helper app

3\. access to 10+ photos of the victim (Facebook typically)

4\. a small mirror

With the helper app:

1\. capture the suspect's phone's unique IR dot pattern by shining their phone
at white piece of paper, recording it with the helper app (the helper phone
needs an IR camera of course, such as another Iphone X)

2\. makes 3d model of persons face from the FB pictures

3\. generates 2 animated videos of their face, 1 just a normal color video and
another with the dot pattern applied

4\. now you need to show the 2 videos to FaceID, using the mirror to show the
correct video the the corresponding camera

~~~
tspike
They tested it against lifelike face masks, I doubt that would work,
fortunately. They mentioned an IR camera, wouldn't be surprised if they're
checking temperature as well.

~~~
randyrand
People misunderstood what the static face masks were for. The static face
masks were not for testing against a face-mask attack. They were for testing
FaceID. As far as testing goes, the mask was assumed to be a stand-in for the
real person.

~~~
macintux
Citation?

~~~
wiremine
Yeah, that's doesn't seem to jive with how they described it on stage...

~~~
randyrand
I re watched the video, and you're right. They said they used the masks to
help prevent against mask attacks.

To the extent that it worked, we don't know. Since I am very familiar with the
tech, I know that IR light does not have any special properties in detecting a
mask vs human skin. But I assume the nueral network they trained looks for
movement of some sort.

~~~
haikuginger
> Since I am very familiar with the tech, I know that IR light does not have
> any special properties in detecting a mask vs human skin.

Since you're familiar with the tech, you'll be aware that humans, who are
alive, emit IR light which can be picked up by an IR camera, and a mask, which
is not, does not.

~~~
detaro
"IR" as in the heat coming of a human body is very different from "IR light"
that is used in setups like this. Just like a cheap phone camera might be able
to see the IR from a TV remote, but can't see body heat.

And even if it could, heating a mask to body temperature isn't all that
difficult.

------
StanislavPetrov
Its simply astounding that so many people are drinking the Apple kool-aid. The
avalanche of complaints that will be unleashed after the release of this phone
will be massive and sudden. If you think that this tech will work as
flawlessly and without trouble as Apple claims, I have some bridges to sell
you in Houston.

~~~
valuearb
Yep, just like TouchID! Wait, TouchID worked great! You're a loon!

