Hacker News new | comments | show | ask | jobs | submit login
iPhone X (apple.com)
995 points by interconnector 11 months ago | hide | past | web | favorite | 1743 comments

They make is so easy to login to the phone -- I'm still waiting for the ability to add multiple users. When I hand my phone to my daughter she should see her apps, my son, his. And when I hand my phone to my wife, she should unlock it and see.... her phone. If 256GB local storage and 11ac WiFi isn't enough storage and bandwidth to make this easy, I would be OK if it only kept the last GB of the camera roll.

Of course this sync should happen directly between our devices when they are on the same network. No need to go through the cloud.

By default if her phone rings it should only alert on her primary device. Unless she authenticates to my device at which point everything is there waiting. If her phone was ringing and she picks up my device and authenticates it should answer the call.

Ideally this is all smooth enough that we have matching devices and don't care which one either of us walks out of the house with.

The end game is that when networks are fast enough, the cloud mature enough, and homomorphic encryption performant, we get to the point where the phone basically lives in the cloud and anyone can pick up any iDevice, authenticate, and be looking at effectively their own device.

I strongly doubt that Apple will make it easier to share devices.

Every Apple device, from Macbooks to iPads to iPhones to Airpods is built to be a personal device. Even Macs, theoretically capable of multi-user, are a pain to share (eg try updating a Mac App Store app purchased with a different user account than the one you are logged in as)

Apple doesn’t want to sell one shared device to a family. They want to sell multiple devices to every family member.

Even changing the email address of the Apple account is a world of pain. It confuses all of the ecosystem. But I think it is just poor software design, not necessarily malice.

Who needs malice if one can have poor software design for free.

that's a good quote. Not sure if it means much, but it sounds good and intelligent :)

I targeted "funny", but "intelligent" sounds good too.

I've had the pain of trying to do this once before when my parents got a new email address. The Apple account was never consistent thereafter, with different devices showing either the new or old email address.

We solved it once and for all by creating a new Apple ID under the new email address.

The problem with doing that is the music and the apps purchased.

I think it might be OK if you turn on family sharing and add the new Apple ID?

Being allowed to have my own email address that I bought that relates to my domain would make iCloud a lot better. But it's not all that difficult to stumble across brittle edges unfortunately, so adding more isn't going to be helpful.

The number of hours I spend per week in front of an iOS device will not decrease by adding this feature. The number of hours my kids spend in front of iOS could conceivably increase though, speeding up the inevitable point where they get their own...

That's just it, though. It's not about number of hours for Apple. It's about units sold.

More hours would lead to more sold units.

Not if people share their phones.

It still could. Many people buy their kids cheap tablets now because buying them an ipad is too expensive, and later in life those kids will be familiar enough with the Android ecosystem that they may never switch to Apple devices.

If those same parents could instead just hand off their ipad to their children and have it only load their apps this could lead to them being more familiar with ios and buying apple devices later in life.

Not a guarantee obviously, but it could theoretically have an impact in future sales and market share.

Given that a lot of Apple users seem buy a new phone/tablet whenever it's available, I think children end up with the older models.

Still no decrease of sold units

I'm not sure what you mean by that, since what I'm implying is that there is no real economic incentive for Apple to support multiple users.

And on the other hand, there are also benefits (for Apple) of encouraging one-user-per-phone. For example, it makes it more likely it becomes an extension of your identity. Having multiple users per phone undermines that type of personal attachment.

This isn't something that started with Apple - mobile numbers have always been tied to individuals - but it's very convenient for their "lifestyle" approach to selling their units.

Mobile phones will never be shared by people who don't already share them. This is a convenience functionality, not something that would change how you use the device - from the exact reason you said: mobile phones are extensions of identities. This feature is something you would use when your own phone is out of reach (e.g. on a shelf in the living room) and your wife's phone is with you in the kitchen.

True, it will not exactly boost sales, but it will not decrease them. It will make some people more likely to recommend Apple. Everyone will still have their own phone.

You can overcome the risk of decreasing the likelihood of creating personal attachment by letting the foreign user log in to a de-personalized (no custom wallpaper and so on) space and use a limited subset of functionality, e.g. a browser, contact list, the Apple messenger app and a phone app (that would call from your own number/phone over VoIP); this functionality would be available only when both phones are connected to the same wifi.

I don't see it as being that cut and dry. These new features would have to be focus tested, designed, tested, rolled out, and tested some more. There are maintenance costs for it, as well as additional configuration to present to the user. Done poorly, this sharing option might be simply ignored by the user making the above a waste of time and resources that could be spent elsewhere.

It still seems like good investment considering Apple's abundance of those resources.

Adults will never actually have one phone for more people (maybe except for old people, but they don't need this feature to share the phone), it's always just a convenient feature when your phone is on the desk and your wife's one is om the sofa you're sitting on.

But the number of devices sold by Apple would multiply, which is the whole point.

considering all the hype of a sharing economy would not the opposite be more true?

Only if hype and reality are the same thing.

Then, at least around iPhone, they're idiots. I'm not going to have one cellphone for the whole family. Even in the best case scenario of my wife being a stay-at-home mom, I'm going to work. I'm not leaving my phone with her all day at home. And she's not going without a cellphone all day. So... where's the "one device per family" coming in? Even if we assume kids "share" - that works until they're what? 5? 6? 10? At some point the kid is going to want a phone at the same time you do, and eventually "No because I said so" is going to fall on deaf ears.

My 3 yo borrows my iPhone when we ride home from kindergarden and I don't want that he fells asleep. So he watches an episode of Fireman Sam on Amazon Prime or plays a game. He unlocks the phone with his "magic finger" and after 20 min I get my phone back.

It would be so fantastic if he could just start HIS apps and would access a restricted Prime account. My 6 yo is the same and since he was 2 1/2 I switched by iPhone twice. So I don't see the case that it's not important as they will get their own ones when they are 8 or so - that's 5 generations of iPhones.

I assumed iOS had multiple users, no? Android has native multi-user functionality, primary, secondary, and guest users. It allows to do exactly what you are asking. Samsung has an additional feature where a folder keeps a unique set apps (sandbox) that can be completely different than the rest of the phone. Samsung calls it a secure folder. That allows each set of users to have two set of apps if needed.


my $200 Xiaomi phone has exactly this functionality - 'second space', unlockable by second fingerprint

$40 Amazon Fire tablet.

I think you read the exact opposite of what GP wrote.

No, I really didn't.

>By default if her phone rings it should only alert on her primary device. Unless she authenticates to my device at which point everything is there waiting. If her phone was ringing and she picks up my device and authenticates it should answer the call.

He's talking about each person having their OWN DEVICE, but being able to seamlessly switch between devices among their family group.

Why are you arguing completely different points then?

I believe he's arguing against the idea that Apple won't implement this device sharing because they don't want to sell only one device per family.

Because he is not replying to GP, he is replying to the parent:

> Every Apple device, from Macbooks to iPads to iPhones to Airpods is built to be a personal device. (...) Apple doesn’t want to sell one shared device to a family. They want to sell multiple devices to every family member.

Not sure why people are having problem understanding that.

Oh, you just replied to the wrong comment.

I think GP was just saying that in the case of phones, it's silly to try to make the devices single-user since people are going to want to have their own phone anyway, even if they could log in to their partner's phone and see "their own".

"No because $1000" is a valid answer in my house.

I don't think that anyone was suggesting that they will pay $1000 for a child to have a phone. The iPhone SE sells for $150 - $199 brand new from bestbuy: https://www.bestbuy.com/site/at-t-prepaid-apple-iphone-se-4g...

Good price - is that SIM-locked to the prepaid carrier?

Yes. I think it needs to be in service with them for 6(?) months before they unlock?

> I strongly doubt that Apple will make it easier to share devices.

So Apple devices are actually closer to being a PC than what we commonly call a Personal Computer.

I don't think Macs are at all a pain to share, and your example isn't very compelling.

Steve Jobs talked about this when he returned to Apple. He basically discussed how he would work at his home Mac and then come to the office and login and suddenly with the internet and networking the work Mac would be exactly the same.

I think the ideal should basically be that. You can pick up a phone, any phone (limited to iPhones for Aplle), login to your iCloud account and suddenly it's your phone, indistinguishable from the other phone thst was yours, outside maybe unavailable hardware features.

That's one of the great things about web apps. I can log into Gmail anywhere and it's the same thing. I haven't used it, but I believe this is the promise ChromeOS delivers.

>> how he would work at his home Mac and then come to the office and login and suddenly with the internet and networking the work Mac would be exactly the same

I don't think this is the right end game. Now that almost every adult in the 1st world has a mobile phone in their pocket that is more than capable of being a desktop PC, the solution we should be heading for is universal docking stations (preferably) wireless. So that wherever you are, there's a large screen+keyboard+mouse (or the phone screen can be a trackpad) and your phone just connects to those, be it at work, or home, or in a hotel.

Your main machine is in your pocket; a lot of non-techie people don't even have any other personal computing device (laptop/desktop etc.).

Personally tho, I like having a division between my work machine(s), and my home machine(s).

I would like to have a docking station that could turn my phone into a desktop-like device, with a proper mouse, keyboard and monitor(s). I don't need much, a full-featured web browser, Spotify and a handful of other straight-forward apps are all I really need, but I wouldn't mind a fully-fledged Linux environment.

If I could also get a laptop-like dock, my phone would take care of ~95% of all my computing needs.

Strictly personal, though. I envision simply having a different phone for for work, for privacy reasons. But plugging it into the same docks.

You've more or less described Microsoft's Continuum [1]. Even down to the "handful of apps." Continuum as it exists today runs UWP applications only.

Rumors have been circulating for years about some future Microsoft mobile device. The latest rumors suggest a Windows 10 ARM device with x86 emulation and their new CShell "responsive" UI. If that rumor pans out, it's possible Windows 10 ARM may also include the Windows Linux subsystem, getting you closer to your ideal.

[1] http://www.microsoft.com/en-us/windows/Continuum

Sure, but that would tie me to Windows 10, and I'm not exactly interested in that.

well the manufacturers would tie into their system. If apple implemented this, you would be tied to their ecosystem, no? Don't see a way around that :)

I definitely see a way around it. An open standard, based on USB-C 3.x would be ideal.

The docking station for my Thinkpad doesn't lock me into a specific software ecosystem. I see no reason why a hypothetical phone dock should be any different.

That's close to the day phone/night phone thing so causes instant revulsion for me.

I have a work phone provided to me for free, which I am allowed to use privately, as much as I want, no usage caps whatsoever. I am eligible to upgrade it every 2-3 years to theoretically any brand new Android or iPhone.

And yet, I insist on having a completely separate phone of my own, on my own subscription, completely separate from work.

The work phone is business-only, I have my company email, all of the apps we offer, and the ones we use internally, and that's it.

The personal phone has all the Facebook and messaging and other funtime apps that I use personally, and nothing work-related whatsoever.

The reason for all of this is that I used to have a boss who would call or email at 23:00 and ask me to do something, expecting it to be ready at 09:00 next morning, at the very latest. Because I'm on a "no maximum work hours" contract, he expected me to put in hours basically whenever he wanted (he was later fired, big surprise).

This is why I have two phones, and why my work phone now gets turned off when I leave work, and turned back on when I arrive in the morning. My personal life is not to be mixed with my work.

I fully understand the revulsion towards the day phone/night phone thing. My setup is not a case of handing over, it's a matter of keeping my personal life private.

Parent and grandparent posters: how about a sandboxed part of storage under employer's admin with employer's data? Your phone, they get to manage a small protected portion. VOIP for corporate voice calls?

That's what BlackBerry did with BB10 to support BYOD users.

And the new BlackBerry KeyONE does it too, even though it runs Android.

We have two of them in this household, they are VERY nice phones.

I was a backer for the never-got-off-the-ground Ubuntu Edge apparently back in 2013.


I also like a division between home and work devices, but I largely accomplish that by simply having a Personal and Work account with Google.

More appealing to me is the idea of being able to have my Work computer with me all the time if needed, without carrying a special bag, etc. I like the vision of Universal Docking Stations, where you go the coffee shop and just sit down and start typing on your own device, with a full sized screen and keyboard, which you carry in your pocket.

This is exactly what the hand off feature in iOS is about, granted it does not work across all apps but they have done some great improvements with iOS 11 and hopefully will keep improving upon it in the future

Isn't this the decades-old idea of Plan9?

It is certainly something Rob Pike wants. Read the "What would be your dream setup?" paragraph here: https://usesthis.com/interviews/rob.pike/

A lot of people have had that idea over the years (remember John Gage's "the network is the computer"?) You could even argue The Shockwave Rider, a 1975 Science Fiction novel, described it pretty well.

I don't know about the Steve Jobs quote though, do you have a link?

The first time I saw this implemented was in 1996 at Olivetti Research Lab in Cambridge UK. Everyone had an IR badge, and when you walked up to a machine it recognized you and popped up your desktop (no login, and it was exactly how you left it).

Technology-wise it was a bit of a dead end. However the underlying protocol was VNC which they invented for this purpose.

It's the decades-old idea of thin clients.

No, it's not, because the CPU is still local, so you're not just using your device as a terminal to a remote server.

We don't have the infrastructure for this yet.

The absolutely open version - even if it was just storing apps centrally and downloading them on demand, and not downloading everything - would still require something like 100 times more bandwidth than we have now to be usably fast.

A workable version, with local storage providing device accounts for a small number of users, would still need more local storage than we have now, and storage isn't cheap enough yet to make this fully affordable.

256/512GB devices could possibly handle family needs, just about, but would struggle at work.

IMO network bandwidth and latency is a bigger problem than storage. Right now, I can stream [1] HD movies from my homeserver to wherever my notebook is right now, because the upstream at home is wide enough (6 megabits per sec). But that application only works because it has quite predictable bandwidth requirements and can cope with latency quite well. Many other applications would be horribly slow if every file access had a second-long roundtrip.

[1] via sshfs

IIRC, it's what he had at NeXT (in the office and on the machine(s) in his home). Plan 9 may have existed at AT&T, but first shipped in 1992 (https://en.wikipedia.org/wiki/Plan_9_from_Bell_Labs#History)

I see distributed computing as a slightly lower-level concept in the more generalised field of ubiquitous computing.

How often do you change phones? I get it more with the model of desktop computers, maybe even laptops. But phones? Why? Is this a vision of a world where phones are treated like umbrellas?

In any case, my desires are for the opposite. If you don't own the storage substrate, you don't own the data on it, and I prefer to own my data. I have an iPhone, but don't use iCloud, except for syncing a couple specific things.

I remember the first release, and remember the NeXT model of "home directories on an optical drive". I was really, really hoping at the time that the iPhone would be that home directory, portable between machines. Now, I join the chorus of folks who think I should just be able to plug a monitor and keyboard into my phone. But that also needs to come with a viable computing environment, which for me means a unix shell and hardware control. Which is why I'm bolting for an open phone, as soon one actually gets off the ground.

It seems obvious to me that Apple is developing the technology that will enable this. Handoff, continuity, iCloud, Apple Watch authentication/unlock... step by step, we're getting to a point where your user identity and your current work all travel with you.

This was looong ago and in the context of desktops which weren't as numerous and obiquitous as phones. Now Apple probably wants you to have 3, 4 of their devices and not 1 per room that can easily be shared.

I think a laptop is what he was really after, 1 computer that’s the same everywhere you are.

I mean, just to expand on this.... there's no explicit sync, and no explicit backup. It's always synced. It's always backed up.

Imagine you walk into an Apple Store and pick up the latest iPhone XV. And there you are looking at your phone, your contacts, your apps, everything.

Underneath, it's a virtual shim. In the first instant it's merely grabbing thumbnails of all your apps and notification metadata so it can "look right". As you click in, scroll around, you polyfill data as you need it. Obviously in some cases a more substantial download would be needed, so you may not be able to pop into an AR game with 1GB of assets within the first 10 seconds of picking up the device, but if your primary is on the LAN you could bring the necessary data locally in ~5 seconds from tapping the icon. Underneath it's doing something analogous to "docker run" on that apps image. In some cases this would lock the image from running concurrently on another device, in other cases multi-master could be fully supported with live sync of the backing stream, e.g. for Apple Mail.

> Imagine you walk into an Apple Store and pick up the latest iPhone XV. And there you are looking at your phone, your contacts, your apps, everything.

Imagine anyone points their phone at you in the street, and there they are looking at your phone, your contacts, your apps, everything.

Thanks for saying this. Personally I view a future where the entirety of my data is sloshing around in the cloud, ready to clone to an arbitrary device at the tap of a few keys to be a nightmare scenario.

ready to clone a new you - Weiyoun X! How may I serve the Founder?

I keep having to point out that assuming this is built on existing infra, FaceID is just the username. Everything is end-to-end encrypted. You can't get the data onto a new device the first time without the encryption key which Apple doesn't have.

You need your iCloud login/password and also (I think) an existing device which has the key to approve the request.

This is literally no different than how it works exactly today when restoring an iCloud backup onto a new phone, except imagine it can happen as a polyfill so it looks instantaneous instead of the 2-4 hours it seems to take today.

Or the cops.

> As you click in, scroll around, you polyfill data as you need it

polyfill definitely doesn't mean what you think it does.

Likewise. We use it for filling cracks in walls here in the UK.

Haha - how embarrassing! What's the term d'art for a virtual/shim file system which dynamically reconstitutes the data onto local storage as you request it, while presenting a false image to user-space that all the data actually is local already?

Bu you would have 1:1000000 chances to get into someone elses phone. With 7 billion people in the world it's not so crazy.

First time auth on new hardware would certainly ask for at least a PIN but more likely your iCloud password. For the encryption keys to transfer I think you would also have to allow the request from some other device which currently held them.

The Secure Element would need to be upgraded to support "multi-tenancy".

That's all assuming the feature works by building on the existing infrastructure.

Ideally between your face and your iCloud password you could bring your "profile" to new hardware without having to touch an existing device. After the first time, just your face is enough.

Meanwhile the front door lock on my house built a couple of years ago only has 10,000 different keys. They probably sold more locks than that in the last few months.

A four-digits pin code has 1:10000 chances to get into someone else's phone (on first try).

Read the GP comment. This is talking about walking up to any random phone and having your own environment synced to it seamlessly. For that to work, the phone would have to know it’s you with basically perfect precision. So 1 in a million is not nearly good enough for that use case.

But you can only enter a pin on a phone you have physically with you. With this proposed auto-sync, every new phone is potentially a gateway to anyone else's phone.

Not that it's much better, but I thought iOS now required 6 digits going forward?

You might check this out: https://www.hypori.com/platform

Sharing phones seems like an absolutely terrible idea. It goes against the simplicity and good design that Apple pursue. I can think of tons of problems with this: being out of signal; having biometric data in cloud; running face matching across huge databases where false positives are extremely likely; interrupted signal where things are corrupt; designing efficient caching algorithms; sharing onboard storage with multiple users; security properties protecting that data...

Personal devices are personal for a reason. Simple, elegant, effective. Expensive, yes... but a better solution is to buy your kids cheaper phones.

> seems like an absolutely terrible idea

Literally every single person in the world with an iPhone and young children wants this feature.

I'm guessing based on your proposed solution, you probably don't have kids? They don't want their cheaper phone; they want your phone.

> Literally

I literally think you don't know what that word means.

Edit: David Cross explains this point better than I ever could: https://www.youtube.com/watch?v=6ly1UTgiBXM

From the OED:

  Literally (informal): Used for emphasis while not being literally true.

It means figuratively ;-)

It literally doesn't :)

It's literally been used that way for centuries [0].


1. It's been used like this for centuries

2. By well-known writers including Dickens, Twain, Fitzgerald, Joyce, Brontë

3. The definition of such usage is included in all major dictionaries

4. It's incredibly common in real-life use of the language

To somehow insist that it doesn't mean that, despite overwhelming evidence to the contrary, requires extraordinary feats of denial.

0: https://www.merriam-webster.com/words-at-play/misuse-of-lite...

If Android has it, do you want it enough to switch platforms? Or is Apple betting that, in general, people will just buy more devices?

I'd guess most people hand down their old phone to their kids and then carry that for occasions where they might need them (distraction while waiting somewhere, etc). I don't give my phone to my kids otherwise because I don't want them to drop it and break the screen.

(I'm an iPhone user and have kids.)

I do indeed 'solve' this issue by buying more devices, which is what Apple wants and is a disincentive to them fixing the core issue, so yeah, I'm contributing to the problem.

I used to have the big iPad Pro while my kids had the old busted iPad whatever-it-was. But they were like (to paraphrase), "Fuck you dad, that busted shit loads YouTube hella slow, we want yours!"

So I ended up with a busted old iPad in a drawer, my kids having the big iPad Pro, and I got myself the new smaller 10.5 one. They know they can't use that one, but they accept it because theirs is bigger and not noticeably slower or worse for the things they do.

Also, just to ward off more "bro, do you even parent?" comments from people with no kids: No, I don't let my kids use the iPad whenever they want. No, they don't get to watch TV and eat trash whenever they feel like it. They do chores and read books. Woo hoo.

But, anybody with kids will tell you: trying to implement a you will never, ever, under any circumstances, use my phone policy is completely insane. It will make your kids life worse, and it will make your life as a parent a LOT worse.

Oh shit, this United flight is stuck on the tarmac for an extra 180 minutes, and all our new coloring books are already done!

Buddy, I know you're tired, but this is a funeral service for good old Uncle Jesse who suddenly and tragically died, we really need you to hold it together so we can deal with your little brother who is definitely not...

(Et cetera times 1000 pls use your imagination...)

So in these instances, you really want to be able to hand your phone to your child. And if you do so, every piece of data you've stored in the cloud is at risk. And you just can't have critical business data on your phone. Which limits how useful the phone can be to you.

It's like having your own real, biological Chaos Monkey.

And it can be humorous. I laughed when my wife bought a new MacBook and during the very first 10 minutes of setting it, somehow pressed 'th' and had it auto-expand into 20 paragraphs of Japanese text. She was like, wtf, and handed me the machine... boom! Another 20 paragraphs of Japanese text (seemed to be a cooking blog post).

What I guess happened is:

1. somehow, some kid managed to copy a blog post

2. then they managed to somehow get to the "Text Expansion" settings on one of her iOS devices

3. then, they somehow managed to create a new shortcut for "th" and paste all the blog content into the shortcut expansion text area (didn't even think that was possible?)

4. the cloud did its cloud thing and now my wife can't type "the" on any of her machines

That's just a guess as to how that happened. But shit like that happens pretty regularly. The Chaos Monkeys also managed to delete my favorite photo of my wife — I only noticed because it was my favorite, so who knows how many non-favorites they've deleted. The weirdest shit shows up in my photo stream. I have thousands of notes consisting of variants of 'afhdsf8aiyfoew9ry4t340822u9rtf20悪悪悪'. And I can't find this super-super-important receipt in Evernote... another heinous data-loss Evernote bug, or.... the Monkey???

So yeah. Just because you'd like to hand your phone to your child safely does not necessarily mean you're a shitty parent.

If Apple had multi-user on iPhone, or even just a limited Guest Mode, it would get close to completely solving this problem.

"But, anybody with kids will tell you: trying to implement a you will never, ever, under any circumstances, use my phone policy is completely insane. It will make your kids life worse, and it will make your life as a parent a LOT worse."

My kids (2yo and 5yo) never use my phone and I haven't noticed an issue with my insisting on that. It's likely that they're not old enough to know that the age of their devices is limiting their play so I'll grant that I avoid that issue. And my wife isn't as insistent, so will share her phone with them to keep the peace, but it doesn't seem to be that often.

Might be the ages of the kids? Maybe 5-10yo is tougher?

Guided Access?

I was so happy when I discovered guided access.... until I realized you can still get it other apps by sharing :/

I have young kids (3 of them ages 2-10) and our family uses iPhones and I don't want this. Guided Access does what I need it to do. Beyond that I don't want them on my device and my wife doesn't want them on hers. For an iPad however, it might be nice.

> Literally every single person in the world with an iPhone and young children wants this feature.

Neither of my sisters, with multiple kids, want this feature. In fact, of all the people I know with iPhones and kids, only one has ever mentioned this.

And he believes coloured TTYs are an abomination.

Well, sure, they don't know they want it.

But if you asked all parents on earth "Hey, would you like to be able to hand your kid your phone and have them be able to use some apps, but not necessarily be able to delete all your data?" I think that the positive response would get pretty close to the literal meaning of "literally all".

> They don't want their cheaper phone; they want your phone

What they want isn't relevant. Maybe try some parenting.


I was like "wow how did that person read this in this comment ? did I miss anything ?".

But no, you just went and dig some comments from that user just to try to make a point ? What is this childish and grudgeful behavior, seriously ? I know, you answered since but you're just digging deeper, and still can't answer properly in a productive way why what they want matters more anyways.

Way to elevate the debate.


Nope, didn't work from you either. Still a shitty comment.

How about "children wanting something doesn't mean it's the right choice as a parent to give it to them, indeed it's often the wrong choice."

But I'm old, and still don't accept that the only way to have a child behave is to give them endless snacks and electronic entertainment on demand.

Darn, I really want to reply! But Mom also taught me not to feed Internet trolls.

BTW, Mom, thanks for being such a great parent when I was little!


Ok, lets turn this around. Can you imagine any situation, no matter how unlikely, where humanity should stop increasing their numbers or do you think we should keep increasing the population no matter what ?

I'm beginning to fear that for the vast majority of humans the urge to procreate is ingrained at such a fundamental level that no amount of rational thought can overcome it. Like the 3 laws of robotics that cannot be overruled, humans seems to have a rule that 'thou shall increase thy numbers'. We could grow until the planet is covered in 100 story skyscrapers where everyone lives like in a Japanese capsule hotel and there would still be people insisting that we grow the population.

Frankly, I think we as a species are fucked.

Beautifully put.

I think we are headed in the right direction though. The rate of growth plateaus in very developed nations, so we might just survive the current craziness.

Sure, but our environment might not.

If anything, our environment is more likely to survive than our species.

People stop breeding when they're prosperous enough to be comfortable and educated enough to defer gratification.

The correlation is well-known and widely documented. Native - i.e. non-immigrant - populations in the US and Europe are both shrinking now, sometimes dramatically.

> People stop breeding when they're prosperous enough to be comfortable and educated enough to defer gratification.

And when is that going to be something that's true for the entire global population ? It would require us to get rid of some massive issues regarding inequality and that is never going to happen.

This does ring true, but I can't think of any reliable sources backing that up. I'd appreciate it if you mentioned some.

Is he wrong though? Our planet will not be able to sustain the current population's growth rate.

So the solution is to keep breeding like rats ? Don't you think it's sad that we as a species seem unable to keep ourselves under control ?

This isn't actually a problem. https://youtu.be/FACK2knC08E

Who said anything about biometric data in the cloud? This doesn't need to work the same way the first time you see a device as it will work the second time you see it, after having fully authenticated the first time.

So, it doesn't have to alter the security attack surface or really even a major change in the secure element.

Someone from Apple should just reach out, the design is not simple but it's absolutely workable.

Oh, forgot the biggest: battery life killer.

Microsoft had this on Windows Phone -- sort of. It was for the most likely scenario: parents who hand their phone to their kids. They called it Kids' Corner, IIRC... Yes, here it is: https://www.youtube.com/watch?v=475jxWQ955c

>If her phone was ringing and she picks up my device and authenticates it should answer the call.

Unfortunately Apple don't get to decide how SIM cards, phone numbers and the cellular networks work. So that's not going to happen. Note how the watch has to have a SIM mated to your phone to take calls on your number.

As for FaceID and TouchID, that data isn't supposed to be readable at all, it's never sent to iCloud so how would it get synced between phones?

Then there's storage, all the contents of all your family's devices would need to be syncd between them all the time, multiplying up the amount of storage each device would need. You'd completely lose control of managing storage on your own device. You'd also essentially lose control of wireless bandwidth utilisation.

It's a lovely dream and maybe one day we'll get there. None of these problems are unsolvable in principle, but nobody can wave a magic wand and make them all go away. I think in the same way secure resource and feature sharing between apps required Apple to develop Secure XPC, this would require a lot of fiddly, complex technological and infrastructure groundwork before it could be possible.

Macs can answer incoming calls to an iPhone. Why not route the same way?

Maybe there are limitations like needing to be on the same WiFi network or some such.

The Mac isn't receiving the call, the phone is. The Phone is just handing off the UI to the Mac across Bluetooth and Wifi. If the phones worked this way, if his wife walked out of the house with his phone, and let's be clear at that point there might not even be a way for her to tell she's doing it, it would drop off the local network and incoming and outgoing calls would become impossible.

FaceTime audio, FaceTime video and iMessage don't suffer that problem and I preferentially use those. The cloud storage of biometric data is a problem though.

The scenario you describe sounds impractical, unlikely and unworkable, a very edge case "iOS fan family".

Walking out the door with just "any device" that is laying about? Nobody wants that. For one thing, an object like a phone is a personal device, not a sugar bowl passed around and left anywhere.

Your son and daughter will want their own devices, and it makes sense to give them their own devices such as your old phone or cheap phone. For one thing, when you hand your kid your phone you no longer have a phone. Someone might text or call, or the kid will burn through your battery with some game.

This only scratches the surface of what's wrong with your idea.

The wild thing is, apple kind of already did this with handoff, and the iOS/OSX syncing. If my phone is ringing in the kitchen, and i have my laptop with me on the couch i'll get an alert and i can answer the call on my laptop. Or iPad. It doesn't even need to be near the phone, as long as they both have wifi or LTE connected. And while ipads don't do multiple users, on OSX if my roommate or someone else signed in then their calls and messages would come through too. When configged right, even texting to/from real numbers works.

They obviously already have this tech most of the way there and just... haven't implemented it?

I have to believe it's where they are heading, I just really thought we would be there by now!

I think it still requires faster, more ubiquitous networking. But in general, I think you're correct. This is also probably the long-term solution to how to make iOS a full general-purpose computing device, which to date is somewhat at odds with the "app console" philosophy of iOS's restrictions and the App Store. If I can run anything I want in the cloud with minimal latency, the restrictions on the phone just don't matter as much.

Multiple users are not a common use-case. Everyone* over the age of 12 has their own phone. I doubt Apple will add that feature anytime soon.

*By everyone I mean the majority of people in first world countries, some second, and third.

The smartphone has become the modern day version of the pacifier. Pretty much every parent I know hands their phone to their child and it's unsettling how effective it is at pacifying children.

As for this feature request, I think it makes sense... I wouldn't want my kid tapping on my work email or social apps.

I wouldn't want my kid tapping on my smartphone at all. That description of "pacifying" is... both spot-on and deeply sad.

What do you find deeply sad about it?

iPhones have Guided Access which can restrict all usage to a single app:


Modern version of the television, maybe. And why not?

It is a common case for other iOS device(s) though. iPad in a family is usually shared across family members. I do wish apple add this feature in iOS, for iPads at least.

Yep. Two iPads for 3 family members here. It's enough, but you have to remember on which one you left your stuff. If it could seamlessly recognize who picked up the tablet and switch to their stuff, no matter what ipad it was originally on, that would be magic.

I wouldn't even mind having a sync server in the house (a desktop mac, maybe) to help with that.

Yes, I'd really appreciate being able to hand my iPad to my daughter knowing she can only access her apps, and ideally for a set period of time. They seem to have this working reasonably well within macOS users.

What does my twin brother see when I hand him my phone?

Apple said in presentation you can't use FacialID if you have a (evil) twin.

Even identical twins might not have facial features (due to body fat percentage differences or sun exposure) which are close enough to fool it.

It's an interesting question how exactly the device switches to the remote profile mode versus an "authentication failed" route. If the profile has never existed on the device you'll need permission from someone who is live on the device (in other words you need to get past the lock screen) to retrieve a new profile.

But if two profiles are live on a device owned by identical twins who can't be distinguished by FaceID -- perhaps detected by trying to authenticate the human to both profiles and seeing if both pass -- you're going to need a PIN (or something else) to distinguish them.

Honestly, I am waiting to see how FaceID works for various use cases.

Just me, without a twin, change beards all the time (shave it, grow it, shape it, etc).

I have also have friends who do contact sports (brazilian juijitsu) and trust me, their ears change shape all the time.

I dont have any personal friends that box, but man, I can also see that not working so well.

He doesn't. You turn the feature off.

Well since it doesn't have touchid, you're pretty much back to using a pin/password, so back 5+ years ago

That will never work since the facial tracking isn't allowed to be connected to a network. Remember all the data for facial tracking is stored locally.

I would prefer to only have 3 “users”. Personal, Work and Guest. The Guest account would have access to a list of apps that I have installed but would not share my history and data. For example I do not want my wife’s YouTube history mixed with mine.

I think that setting up multiple accounts would make the experience worse as I don’t want other people to get too comfy. On an iPad that is a different case though.

This would be less beneficial IMHO on a phone. My wife sometimes uses my phone, but she always has her own nearby. when she is using it, its for a quick, specific reason.

But I could really see this on an iPad. iPad's are often shared around a household, this would be amazing for that. Macs themselves would also apply here.

unfortunately our current global network doesn't allow for proper delegation of trust, so your vision is more like a dystopia where a few single corporations and ultimate governments have ultimate power. homomorphic encryption is way too limited to allow these things. traditional encryption is only about encoding channels, its not about solving runtime and delegation problems. it seems more like its going to be the other way around. giant institutions will be replaced with DAC's which perform the desired functions of users/citizens. I'd be happy enough if iPhone would be an open system where I can run my desired OS of choice, with open hardware components and profits going not to already rich investors, who pay close to 0 tax using Irish/Dutch shell companies, but also more to employees and customers.

The amount of development, testing, and customer support this would require likely outweighs any profit increase by a couple of orders of magnitude. It'll never happen.

This is my only gripe with Apple. It's an incredible PITA to share devices even temporarily. You have to log the primary user out of their phone, login with your credentials and we are in business. This whole process is so long and frustrating that it forbids any sharing experience. I do wish Apple or someone made sharing devices a lot easier.

Ironically, a lot of tech companies had this vision for the enterprise in the late 90s. Insert your id card and instantly see all your stuff. Interestingly, for the most part the market rejected the idea. I suspect this is an idea that sounds good on paper, but ends up being undesirable to the majority of folks.

I think there was a lot of very poor executions too to be honest, with loading time everywhere unbearably long.

With the family tablet yes, my phone hell no!

What exactly is "your phone"? Is it that physical mass of circuits and lithium ions in your hand? Or is it the bits making up the user-land data you've accumulated on it over time?

"Do you think that's air you're breathing?" ;-)

What I dislike most is handing someone "my phone" for them to use for a minute and they are actually using my phone. If they authenticated and were immediately interacting with their phone I have no problem sharing the hardware for a minute when the wife/kids want to do something briefly on it.

I don't ever hand anyone my phone and it wouldn't be helpful anyway due to the passcode needed.

I understand the point you're making though. You want a phone that's a terminal to the cloud, with caching. That's a fine use case I suppose. Wouldn't stand in your way.

Many phones are cheap enough today (not to mention hand-me-downs) that there isn't a huge need however.

Well I have kids 5 and 8 that when they are using a screen (which is limited) it's always someone else's hardware, usually mine.

But it's also bigger than that. If everything you do user-land can be synced down fairly instantly to any piece of hardware - phone, tablet, desktop, TV, watch, etc. - it provides a level of mobility and usability which can enable some very powerful use cases.

Approaching a device and have it immediately be "yours" is important for the screens in the self-driving ride you hail, or the shared workspace you might rent by the minute, or even the TV you sit down in front of in your own living room.

But this could even extend to the POS terminal which you checkout with at a store, a screen you walk up to in a mall, a digital assistant you approach in a store, an ATM, etc.

FaceID is transparent walk-up/pick-up authentication, which is table stakes for some very cool possibilities.

If your kids are using your phone, and it becomes "their phone", what happens if someone tries to call, text or notify "your phone"? Do you expect some sort of hybrid profile with cross-notifications and contacts? That's messy.

Your kids want their own device. They will get it sooner or later. Mobile devices by nature are personal objects, complete with personal greasy screens and battery levels we have nobody else to blame for.

Approaching a device and having it become "yours" might be a fine idea for certain applications, but I'd argue the living room TV is better off having a default profile which everyone in the house uses. If one person's profile is lagging or missing content or apps or settings, they fall behind and we now have a frustrating scenario of some profiles better than others for watching TV. Obviously sub-usage areas such as Netflix makes sense to have different profiles, but not the whole TV.

Then allow any computer to be configured that way, but don't try to sell lack of this feature as a feature.

"I'm still waiting for the ability to add multiple users."

One shared device with multiple profiles for your family members VERSUS One device each for each family member

To understand how Apple chooses to prioritise, simply ask the question - "Which option makes more money?"

I don't want to share my device, ever. I like to know where it is at all times, even for benign uses like "i need a flashlight, where's my phone" or "what time is it." This feature would not improve my user experience.

Nobody forces you to setup multiple user accounts.

I'm not walking out of the house with my wife's phone -- it looks like a Russian tank ran it over several times.

Concur on all the other points. Devices should be as transparent as possible. They're empty shells by design.

> can pick up any iDevice, authenticate, and be looking at effectively their own device.

This is so obviously the opposite of what Apple has in mind. They want to sell as many phones as possible - not make them shareable.

Then it would be a "mePhone" and conflict with their branding. :)

On a more serious note, the most I think we'll ever see from them is limited web browsing as a guest user.

Even simple `Child Mode` will help drastically.

Heck, it would be nice if my desktops and laptops behaved that way. <plaintive sigh>

TouchID is not stored in the cloud. I hope FaceID isn't either.


What a totally useless comment. Please try harder to contribute to hacker news threads.

Why would you restrict this to iDevices?

I'm not sure what you mean? It's not going to work as a 3rd party service. So Apple can do it for its customers and I guess Google for its own, and Microsoft, and so on....

But how is Google going to ensure "full portability" across the lineup of all Android devices in the same way that Apple could do so for iOS?

Edit: Maybe this is what you meant? https://news.ycombinator.com/item?id=15234615

> Your face is now your password

no, it isnt. and neither are your fingerprints. none of this publicly available data is a password.

a password is something i can change if it gets compromised. a password is secure from others.

biometric data is a username/id.

why do companies insist on getting this shit backwards?

> biometric data is a username/id.

> why do companies insist on getting this shit backwards?

They don't have it backwards, but they're also simplifying when they say it's your password. In the presentation they actually say specifically that there's a chance that someone else can unlock your phone (1 in 50'000 for fingerprint, and supposedly 1 in 1'000'000 for Face ID, given that you don't have a twin).

Reality is that it's somewhere in between. A fingerprint sensor or face reader will keep casual snoopers - and most people who find your phone on the street - out. That's all that matters for most people. It's not a username. It's at least moderately hard for someone to duplicate, and it's not something you'd actively share with someone. It's not as safe as a password, but Apple isn't trying to claim that either.

I think it's a good idea to avoid false dichotomy here. Biometrics is biometrics. It should be treated as distinct from passwords or usernames.

Watching someone key in a PIN and recording it, then swiping the phone is easier than building a 3D printed color model of someone's face. Not to mention that having the biometric unlock sitting on top of a PIN means that there are many fewer chances for the PIN to be observed.

Whether biometric access is a password or username is trying to force the wrong paradigm. Going back to first concepts, we had keys and we tried to make them hard to copy but not too inconvenient. The face is the key. No, there's no practical way to re-key this lock, but it's still a lock and key. But the door also has a deadbolt (PIN code) which has to be disengaged for the "face key" to function.

The username concept applies when you have multiple people using the same resource (and don't want to know or reveal whether any 2 people use the same password) -- which again doesn't apply to a single-user device.

Finally, all this combined with the quick "hard lock" of the device (5 taps of power button) gives me the impression of a very thorough approach to security.

> Watching someone key in a PIN and recording it, then swiping the phone is easier than building a 3D printed color model of someone's face. Not to mention that having the biometric unlock sitting on top of a PIN means that there are many fewer chances for the PIN to be observed.

With how cheap video surveillance is these days, any PIN that you've regularly entered on your phone in public is probably recorded on video somewhere.

So is your face, of course, but like you said that's much harder to reproduce.

> Watching someone key in a PIN and recording it, then swiping the phone is easier than building a 3D printed color model of someone's face

Right, but couldn't somebody just use my actual face? Steal my phone, hold it up to my face for a second to unlock it and then run off?

A really interesting thing to think about is what happens if somebody is in custody and is refusing to unlock their phone, but uses face authentication? Can the police just hold their phone up to their face and unlock the device that way or is there any protection from that in the law?

I thought something was mentioned about "active gaze" in the keynote? The phone detects if you're paying attention; it doesn't unlock if you have your eyes closed, it doesn't unlock if you aren't looking directly at it.

Should make it more difficult (though not impossible) to force an unlock by waving the phone in an unwilling person's face?

Not necessarily.

"Excuse me. Is this your phone?"

Or some derivative of that.

You only need to look at the phone for a brief moment. It's designed to quickly unlock. If you had to stare at the phone for 10 seconds it would be a frustrating experience.

yea but you realise the implication when revealing your pin in public. By contrast your face is something you wear in public without a second thought.

It's more like walking around with your pin written on your forehead.

Except that a regular pin pad lets anyone enter the pin. Your pin code can only be keyed in by 1:1000000 people [citation needed]. So no, your pin is not on your forehead. Your pin is an organic material with color and depth and movement that for all intents and purposes is your actual forehead.

The average opportunist thief won't be able to duplicate that key. The best that they can do is use your actual face, within a few feet from you, while you're staring directly at the phone in their hands.

Funny you should say that, here's a video of a guy accidentally unlocking a phone and using his apple pay by pointing it at him https://youtu.be/WYYvHb03Eog?t=1m27s

> building a 3D printed color model of someone's face.

A 3d rendering on a screen is probably enough. The device seems to infer 3D from motion, but would probably be fooled by a rendering or even a recording.

That makes all the interlocutors you had on video chat as potential ID thieves.

False. iPhone X has points(invisible) projected on your face from what depth is calculated. Same as xbox kinect i assume. So 3D rendering on flat display wont fool iphone.

I stand corrected. A depth sensor on the user-facing camer. That one of the weirdest design decision I have seen yet.

It's been done one some laptops via Intel RealSense depth cams or similar hardware. Not sure if any other phones have featured this, though. The ones I've seen typically add the depth cam on the back for niche stuff like 3D scanning.

1 in 1 000 000 is the same odds as a 6 digit PIN (though you can always change a PIN). That's acceptable to me.

Unless you have a twin... that's probably OK. Ease of use is probably most important. I didn't like that the first demo phone failed!

It wasn't that it failed to recognize, it was that it had restarted, and all iPhones require the passcode to unlock the very first time after restarting. (You can tell by the small text over the PIN pad in the video.)

My guess is that he didn't want to dwell on the issue, or didn't know the passcode.

Is it really true that adult identical twins will easily fool this or other modern face detection systems?

Facial recognition is something humans are known to be better at than computers, and identical twins throw off humans all the time.

Even when computers surpass humans at this task (probably not that far off) they will likely have difficulty with identical twins because of how they do facial recognition. At the moment computers do it by identifying points that correspond to the geometry of the face, like nose, eyes, and cheeks. These are all features that would be similar between twins. Usually humans can differentiate twins by fatness, scar tissue, hair style, etc. Not something that can't be overcome, but also not something common with current approaches.

Problem solved: We'll just add scars to twins' faces to distinguish them. /s

I don't know how they wouldn't. Hell, genetically they are probably similar enough that a DNA test can't tell the difference.

Actually DNA tests exist that can tell apart twins.

Is it a specific test, or all tests? If there is a story exploring this, I'd be somewhat interested in reading it.

The FAR rate is quite misleading especially for facial recognition. FAR counts on the data being "random" for that 1:50,000 or 1:1 million to be true. But you can bet whoever is targeting you will build a 3D profile of your face out of all the pictures it can find on you online. I at least assume it won't be "easy" from the get go to bypass Apple's face unlock tech, like it was for the Galaxy S8 with a god damn 2D picture that we've been known for a decade that's an effective attack, but I also don't think it's impossible. Machine learning techniques will become advanced enough in a few years to build someone's 3D profile like that.

Plus, as the parent said on the issue of not being able to replace your face as you can your password, they can still target your face data stored on the phone.

Yes, touchId/faceId sits in between, it's quick access token, which is enough for 95% of the time, but those other 5% are very important.

Those other 5% might be too important to have your phone involved with them.

Or, if one needs those 5% moments on phones, it's always a possibility (as stated on the keynote) to add password additionally.

Okay, but shouldn't developers make security easy? This makes introducing a sizable hole into existing security easy, which is the opposite of what you'd want.

Something that I think people underestimate is just how easy it is to observe you entering your password on a phone, and why that (in my opinion) makes thumbprints much more secure than passwords for casual usage - e.g. every-time you unlock your phone.

All you need is a camera over your shoulder and you don't even need to observe the key-presses as generally the current character is displayed on screen. You could likely observe 100s or 1000s of them a day with an overhead camera at transit stations and the like.

The same thing goes for "Tap And Go" contact less payments not requiring a PIN number under $100.

Everyone goes on about how people can run up a few hundred dollars at different stores with your card if they steal it. But consider exposing your pin to surveillance during most common transactions which then also lets you remove cash from an ATM with that card if stolen which is much harder to recover and is also much higher value than the generally $30-$100 limit for transactions without a PIN.

Next minute you'll freak out when I tell you I can clone your house key from a photo of it hanging off your belt...

The general point is that security trade-offs are generally deeper than you might realise on the surface, especially at "public outrage" levels of observation which so frequently haunt the public mind in recent times.

The other thing is that I kept my phone unlocked in the time after physical keyboards were dead but before fingerprints. There are way to many situations where I want to unlock my phone with one-hand.

A fingerprint lock is way more secure than no lock.

People will freak out... but I don't lock my phone. Never have.

It's either in my pocket or in my hand, and I never ever put it down in public. If get mugged (god forbid.. and do people still mug other people for phones these days?) there's nothing mega personal on it, and I can remote erase it pretty quickly.

Where do you live? Any urban center anywhere in the world phone theft is common.

I live in Dresden (Germany), and I've never even heard of anyone who has been mugged here. Sure, there will be cases in the statistics, but I can not name anyone who has been mugged, ever.

Theft is a superset of robbery; I know plenty of people who have had their phone stolen because they left it lying out in the open

I wasn't sure, hence asking. London, UK. btw.

This is a great point, and why I'd like to see more features being locked without a passcode. The move in iOS 11 to restrict device imaging without a passcode is a great step in this direction.

Perhaps we can see more customization as to what biometrics unlock and what they don't?

As long as biometrics don't unlock secrets (keys, passphrases, shared data etc) it is fine. In all other cases you are correct and it needs some form of replaceable, retractable secret i.e. a passphrase.

This would be a very welcome feature but considering how the secret stores work at this point it is not likely to see this any time soon.

Sidenote: The false positive rate on any biometrics is way higher than you think (it is highly disadvantageous to be black unfortunately, yes biometrics are racist). People usually consider the near bound (e.g. small sample size, high differentiation unless you have twin) of the people around them as proof it is impossible but this has been problem a fallacy in even mediocre sized studies.

It still works but I would really like to see your suggestion to make sure real secrets are properly stored/safe.

> As long as biometrics don't unlock secrets (keys, passphrases, shared data etc) it is fine.

That's a weird definition of "secrets". Mails may contain secrets. Pictures may contain secrets. Messenger posts may contain secrets (cf. all the leaks of chatlogs).

If I remove all apps from the homescreen that may contain secrets, that leaves me with the flashlight and Candy Crush.

On ATMs they use a keyboard with random multiple digits per key, e.g. "2 or 7", "8 or 0", etc. That's a defense to the "observing-attack", but it's slow and boring. Also, someone could unlock with other password.

Biometric data is authentication. One looks at their mother and says "hi mom" not "what's the passcode?". Your issue, I think, is that you don't trust the tools on the phone to read faces or fingerprints well enough to detect fraudulent login attempts.

Factors of authentication:

* What you know - things like passwords online that other people shouldn't know

* What you have - Two-factor tokens, certs (kind of "know" but used to supplement "have") that other people shouldn't have

* What you are - Biometrics like finger, face, or eye that are unique and difficult to duplicate or trick (ideally)

So the question becomes which and how many factors to require, and when, depending on the risk model.

> Your issue, I think, is that you don't trust the tools on the phone to read faces or fingerprints

And/or, you don't want to give Apple your facial or fingerprint information.

Unless you believe Apple is lying, that information is never sent to them. The hardware is designed such that, with TouchID at least, it's never even seen by the CPU on the phone.

If you do believe Apple is lying and is secretly phoning home with your personal information, then I think you'd have bigger problems than fingerprints; I would be more concerned about surveillance on everything you do with the phone.

How does that work? You put a piece of tape over the front-facing camera?

What kind of analogy is that? I don't know what you were trying to say but you're way off on saying it. I think OP's point stands, biometrics: are not be relied upon for these matters.

What OP means is that at least theoretically faces contain enough information to uniquely and correctly identify someone, which is the reason why we identify someone by looking at their face. If iPhoneX was as good as a person in recognising faces then this discussion would be meaningless.

It's not a password, but it's not a username either. It's something in between: It's vastly easier for me to type your username in the login box than it is for me to create a sophisticated prosthetic or high resolution 3D scan (with correct infrared coloration) of your face.

I wish people would stop repeating the canard that biometrics are usernames, not passwords. Biometrics are biometrics. They are different from both usernames and passwords. They have their own advantages and limitations. Learn them, understand them, and use them or not based on what they are, not some other thing they sort of seem like.

Prosthetics were specifically covered in the keynote.

The neural networks have been trained to recognise them as fake faces.

The weird thing to me is that apparently we have so many people on HN that consider themselves worth the effort to make full 3D renderings of their faces just to unlock a phone. Unless you were Osama Bin Laden, it seems highly unlikely anyone would go to the trouble. If you are that kind of person, you’re probably going to be protecting your information with much more than Face ID.

There would be more than enough detailed photos and videos of politicians, celebrities and business leaders floating around for a skilled sculptor to recreate their faces, there'd be some high value targets there.

They're not magic. You can make a fake with enough effort. But it's a lot of effort.

"My v̶o̶i̶c̶e̶ face is my passport. Verify me."

'Sneakers' had it right. Consider it more of a "passport."

Just remember to change your face regularly, and use a face manager so that you don't ever use the same face twice.

> I'm sorry, but we can't hire you for security reasons. You look too similar to our head of IT.

It's easy, find a local biker bar and put your hand in a familiar manner on one of the biker's girlfriend's behind.

Your both right and both wrong. Biometric authentication is an identity scheme. The combination of username and password is also an identity scheme. A certificate chain is another identity scheme.

Identities both identify who you are and are, ideally, difficult to fake. Username password artificially handled those two concerns separately, but that doesn't mean that all identity schemes must do so. For them to say it's your password is wrong, but for you to say it's your username is also wrong. It can be thought of as both or neither but it isn't either one on its own.

Their job is to sell. They want everyone watching to understand exactly what they mean.

For what it's worth, I would say that Face ID isn't quite a username either. Once known, anyone can reproduce a username. I can't easily recreate your face even if I know you well. That would require an extra set of skills/equipment. The same argument goes for Touch ID.

It isn't a username or password, it's another factor, similar to how we identify people that we know.

It's not perfect, which is why we have policies for accessing things. It's almost certainly a better security mechanism than a password.

In a perfect world, we wouldn't actually need passwords. If a machine can reliably tell that you are really you, then what's the point of passwords?

That actually works very well between humans; we let friends in our house without asking for passwords. Machines still have a bit of catching up to do, but Face ID is a step in the right direction.

> biometric data is a username/id.

Which is why it's called "Touch ID" and "Face ID".

It's important to note that in the context of these Apple features, "ID" is for "Identification", not some kind of "User ID" used as a Username.

Username != ID.

> Your face is now your password.

That's a direct quote from the product page.

Yet they behave like a password.

No they don't. They behave like a username/password combination. A username is an individual identifier and a password is a confirmation that the identifier is valid for the person it's identifying. TouchID and FaceID confirm both - that it's the correct user that has access and that the user is who they say they are.

Because people are lazy to remember passwords and or setting pin numbers on their phones.

FaceID and TouchID are compromises for an actual password or pin. Also, setting these things up force you to set a 8 digit pin.

Definitely this. When I was using an iPhone, it was for all intents and purposes locked behind my thumbprint (even though you could theoretically make a model thumb with my fingerprint and unlock it, it protects from everything other than highly skilled criminals/governments who very specifically target me). Now that I have a Galaxy S5, there's no way I'm writing in a passcode every time I unlock it (and that horrible "fingerprint scanner" is not a replacement for Touch ID), so it's just unlocked.

I consider biometric data a keepalive, nothing more. Any biometric system that doesn't require a non biometric pass at some point after boot before the biometric becomes a means of device authentication is broken, to me.

In iOS you have to provide the passcode to change any settings related to payments and security (among other things.)

Anytime you go 24 hours without unlocking your phone you are also required to give the passcode.

Also have to give the passcode on boot to enable the biometric shortcuts.

Equifax has taught us that you'll be perfectly safe if you regularly change your address, date of birth and SSN.

Apple is just following suit with the trend.

I had face unlock maybe 2 Androids ago and it was disallowed by corporate IT policy. PINs only or you couldn't get company email.

Because you could unlock Androids with a photo — even a low resolution Facebook photo. A 3D scan of your face is a bit beyond the Android scheme.

If only we had high resolution 3d printers or people who can carve lifelike portrait replicas out of stone! Oh, wait, we do. A bit more complicated, but if you think this is not way to simple to fool, you're out of luck.

Blood vessel scanner, or get out, see http://nsmartphone.com/fujitsu-lifebook-u745-review/

If they can build a captcha that keeps out robots based on mouse movements, I'm pretty sure they can build a facial recognition system that can keep out prosthetics based on facial gestures.

Isn't it though? It's the "password" to the secure enclave which then provides a "password" to the OS.

Edit: I agree with your statement that "a password is something i can change if it gets compromised. a password is secure from others." Which is why I like that there is a method for disabling TouchID/FaceID with iOS 11.

I agree and I think most of the comments here cover why this should mostly be OK.

Another neat feature in iOS 11 is the ability to disable Touch ID quickly, but touching the lock button five times. I assume this works for Face ID as well – this would help those who have immediate concerns that they would be coerced into using biometric data to unlock their device.

edit: updated to five touches

Small nitpick, but it's 5 taps to disable Touch ID and Face ID.

A very reasonable nitpick! thanks :)

Because it is safe enough for most people to keep their friends out of their phones, and faster+easier to use than typing in a passphrase.

It is also safer than not using a password, which I'm sure some people still do.

Apple is speaking to a broad consumer audience, not just technical people. "Password" is a reasonable concept that will be easily understood by a lot of people. "Biometrics" is not.

I agree, what about identical twins or a doppleganger?

Agreed completely. I hope I'm never in a situation where I'm forced to use my face or fingers as a password.

>biometric data is a username/id.

It's authentication. When it unlocks, it's authorization.

Who you are (authentication) and what you can do (authorization). But for iPhone they are effectively one and the same since there's only one account on the phone. You can only authenticate as the phone's primary user, after which point you have full authority.

When, Oh When!, will my kids get their own home screen and separate sandbox, limits, etc. when I hand them my phone?!

Is your face scan really publicly available?

You've made an excellent point here.

Not entirely true. Your email is your password. If you own email and access to it, you can reset and request new password.

Wow you sound like a real joy to work with. I don't think you've learned to step out of the shoes of an engineer and put yourself in the shoes of an average consumer or the company selling a new phone. The average consumer does not give a shit about the technical definition of a password.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact