Hacker News new | comments | show | ask | jobs | submit login
Face ID is replacing Touch ID on the new iPhone X (techcrunch.com)
54 points by pearlsteinj 10 months ago | hide | past | web | favorite | 75 comments

Face recognition for authentification has been around for a quite a while, let's see how robust Apple could make it. It's still a weird future we're heading towards.

It makes me wonder what legal consequences it's gonna have once this kind of technology is widespread among all smartphones with high identification reliability? What's to stop anybody from combining different biometric identification systems into one device? A combination of Touch ID/Face ID, coupled with some voice recognition and whatever else is possible with biometrics, would probably be able to identify the user with a very high certainty.

Smartphones are also increasingly being turned into an "ID card replacement", even banks have been pushing to use them as a replacement for CC/Debit cards for years.

Which kinda makes sense considering how not every country has ID cards but a vast number of people on this planet have smartphones or at least mobile phones. If one wanted to index the whole human population of planet Earth, it would probably a good start to "just" collect the SIM/IMEI data from all mobile phones in circulation. [0]

It's still a quite dystopian idea of a future, where the identity of a person is solely defined and legitimized by their smartphone/mobile device. Scary thing being: We are closer to this kind of future than it might seem; the aptly named US program "Skynet" uses mobile metadata for targeting selection of drone strikes, has been doing so for quite a while [1]

[0] https://www.gsmaintelligence.com/

[1] https://en.wikipedia.org/wiki/SKYNET_(surveillance_program)

And I thought that removing the headphone jack for the 7 was the worst possible decision they could make.

Does every design meeting at Apple start with: "What beloved feature can we remove and replace with something no one fucking cares about?"

This has not been well thought out for part of the world.


the prevalence of surgical masks in China might also be a challenge

Sunglasses and hats too!

No, Apple has explicitly stated that hair style, glasses, hats, etc have no impact on the face detection.

so does it mean that to unlock the phone I just have to knock you out and put some sunglasses on you?

How would that be any different than knocking someone out and using their finger for the Touch ID?

Well for one thing it'd be a hell of a lot more work to cut off a guy's head vs. just his thumbs (if you want to unlock again later).

exactly the same, which means FaceID is not that much more secure unless as part of the authentication process you have to smile on cue or something

Apple has said it will work with glasses and hats

But not sunglasses.

What about twins? Does touch ID even work with twins?

No. They even brought up Spock and Evil Goatee Spock to mention that twins defeat it.

(I say "defeat". Schiller just said the chances of a false positive were higher with twins than the 1/1,000,000 base rate [compared with his claim of 1/50,000 for TouchID])

This was explicitly brought up by the presenter (though through the premise of an "evil twin" and a photo of Spock from Mirror, Mirror) and they said you should consider a password.

that sounds like a lot of inconvenience

I am a twin and me and my brother managed to fool windows hello. I plan on going to an Apple Store with my brother to see if FaceID can't be fooled.

Oh, this is very interesting! Please keep us posted!

Twins shouldn't be a problem. Even the ghetto facial recognition implementation in the AliPay app (a Chinese PayPal clone) can tell twins apart. Surely Apple can do an even better job.

Can still use a passcode

The passcode doesn't let you get rid of the hideous screen cut-out, which seems to be primarily for this lock.

You would still need it for the normal front facing camera (look at the Essential Phone).

The cut-out also has the speaker, front facing camera, and ambient light sensor, or would you go without those as well?

Infrared should pass through thin layers of clothing with ease.

it's all a plot to make women remove their scarves

Let's just make sure we're talking about how it will actually work, not what we're guessing based on some tech blogs and today's presentation.

They say that Face ID falsely recognizes 1 in 1,000,000 people (1 in 50,000 for Touch ID), but it's a lot easier to find the people who look like a given target to unlock their phone. Could be an issue if a mutual friend knows someone who looks enough like you to unlock your phone.

Just because someone "looks like" your target to you doesn't mean they're similar enough to fool whatever algorithms the iPhone is using.

Yes. So how much do look-alikes change that number?

It's 1/1M for strangers. Is it 1/10k for family members? 1/100 for close look-alikes?

The difference between FaceID and TouchID is that you don't have pictures of millions of people's fingerprints available publicly online...

Exactly. Someone mining Facebook could build a directory of doppelgängers near each person. A little social engineering could get a bystander to unlock the target's phone without them even realizing they are facilitating a crime.

Ah, HN-level paranoia.

That's what they used to say about Stallman.

Ironically people who look like you to humans tend to be a further away to biometrics.

I've worked on a few facial biometric systems in the past and the false positives were really shocking about 65% of them were cross sex and virtually none of them looked alike.

People tend to look at different flesh centric facial features and things like hair style, eye color and overall superficial appearance is what we see. Biometrics see distance between various points like eyes, nose bridge cheek bones etc we tend to actually overlook those fine features when it comes to doppelgängers.

From friends that still work in the field gate analysis seems to have the lowest rate of false positives yet so maybe IPhone X2 will require you to dance to unlock.

> From friends that still work in the field gate analysis seems to have the lowest rate of false positives yet so maybe IPhone X2 will require you to dance to unlock.

Please sneeze to unlock phone

Fast DNA analysis can be even worse like 1 in 10,000.

It's not clear whether the false positives would mainly be among "similar faces", or it probably could happen due to signature collisions on entirely different faces? Like, a weakness in the algorithm which causes two entirely different faces to hash to a very similar signature.

Genuine question: will identical twins be able to unlock each others' phones?

Or do they actually have enough differences that the phone can pick up on, even if people can't tell them apart?

They have enough differences.

I've only known one set of identical twins, back in high school, and at first I thought they looked the same. After a while, however, you can recognize the differences. I suspect a phone has enough data points that it sees them as different people.

During the presentation, they mentioned that if you have an evil twin, you should probably use a passcode, so I'm assuming that the acceptable range for recognizing is larger than the ranges of difference between identical twins.

A non-conclusive list of places where this will be an issue:

China, Japan, S.E.A.: Surgical masks against smog, or to avoid spreading germs.

Northern Europe, Canada, Northern US: Winter clothing that covers the face to avoid the cold temperatures

Middle East: Religious clothing for women hiding their faces.

Anywhere with hot summers: Sunglasses covering the entire eyes, making it impossible to see if you’re looking at the screen (which is a requirement for FaceID unlock).

> China, Japan, S.E.A.: Surgical masks against smog, or to avoid spreading germs. Northern Europe, Canada, Northern US: Winter clothing that covers the face to avoid the cold temperatures

I am thinking that there will be the ability to program recognition with clothing that you own (color, texture) if you want to accept the risk. For most people I don't think they will be worried about something that has some of the same facial features stealing their phone. After all not everything will be blocked. And for that matter you can't do touch ID with gloves on, right?

> Middle East: Religious clothing for women hiding their faces.

Nothing to prevent a third party from offering a device which also allows touch id or simply using the alternate unlock. After all I don't think the amount of women hiding their faces in middle east countries means that the rest of us can't have this feature. How much business will they lose? In the end this is a business decision not a social one.

> Sunglasses covering the entire eyes, making it impossible to see if you’re looking at the screen (which is a requirement for FaceID unlock).

Once again will probably be able to allow use of sunglasses that you own with facial features that you have. Sure chance that someone could spoof you but for most of us not really a big threat. And someone needs the phone to do so and needs to know what you have programmed in as far as your clothing.

I don't think anyone is arguing that Face ID shouldn't have been created, just that it shouldn't be the only option.

> Anywhere with hot summers: Sunglasses covering the entire eyes, making it impossible to see if you’re looking at the screen (which is a requirement for FaceID unlock).

I wonder if the IR sensor can actually see through the sunglasses?

Might vary with the make of the sunglasses, but I took an IR photo of a colleague wearing sunglasses, and on the photo the glasses were completely transparent. So the FaceID has a good chance to work with sunglasses.

That’s a bad sign, usually good sunglasses also block IR and UV light, as the eye only closes the iris based on visible light, but can still be damaged by too much exposure in IR or UV bands.

What are some examples of sunglasses that block IR? When I looked around earlier (curious about the same question) it didn't seem to be a standard feature at all.

So, basically it works only in Northern California.

I know it is supposed to be "local" or "onboard" only with the new processor but...mildly spooky.

It's stored in the secure enclave.

You know what would be extremely useful at this point? An actual demo from a reporter, and not only for the FaceID, but in general for how the phone works without a home button.

Why'd Apple choose to make the iPhone X out of stainless steel? Titanium, for example, would be half the weight and much more interesting..

Which material is less resistant to scratching? When I saw that shiny edge, I couldn't help but wonder how long it would take to get scuffed up.

I think that titanium has a comparable hardness to stainless steel (6.0 vs 5.5-6.3 on the Mohs scale).

Titanium is pretty soft so it would probably be more prone to scratching.

Not to mention they could use diamond glass instead of this new reinforced with steel glass.


Steel and aluminum is still cheaper and easier to work with than titanium. Easier manufacturing higher margins. P.S. the iphone is made of aluminum not steel

The edge of the X is made of "surgical-grade stainless steel"


If that's the case I stand corrected.

Could have to do with the wireless charging and/or wireless communication properties.

I think steel is easier to manufacture and more abundant.

But it's supposed to be the no cost-cutting, ultra premium version of the iPhone. It costs a thousand dollars. They could've used titanium

They are supply constrained by many of the materials and parts that are used on this phone (OLED screens, for example). You can bet that they will bring the price down to earth when they can manufacture in mass quantity.

You've got to remember they sell nearly 50 million of these things every quarter. They don't just appear out of thin air.

Maybe saving it for the iPhone X2. It could also have pre drilled holes for setting gemstones.

Yet Apple is still probably going to be making higher margins on this phone that a $300 Android phone manufacturer

What about beards? And honestly why is this a big deal? sounds as easy to fool as a fingerprint, and is still less secure than a password

That's just one of the ways to unlock the phone. You can use a password when traveling for eg.

Great way to integrate the government backdoor without actually publicly saying it.

Catch the perp, get full access to the device. -Apple

Were you under a rock for the whole Apple vs FBI thing?

I guess that's why the added the 5 press power button which disables the Touch/Face ID features

Which is great if you're able to do that before someone snatches your phone and aims the camera at your face to unlock it.

so instead of stealing your finger print it's now enough to get a picture?

You really didn't read the article did you. Second paragraph says "Apple says the facial scan is so accurate there’s now only a 1 in 1,000,000 chance of another random person’s face being able to unlock your phone. This is much better than the 1 in 50,000 error rate for Touch ID. And no, holding a photo up of someone can’t unlock their phone – nor can a Hollywood-grade face mask, which (shown below) were used by Apple’s engineering teams to train the feature."

I'll wait till the CCC had their take on this...

No, it's projecting dots onto the face for 3D mapping, and has an IR camera (which I'd guess maps facial heat).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact