Apple claims that Touch ID has a false positive rate of 1 in 50,000, and Face ID has a rate of 1 in 1,000,000. So yes, there’s a lot of room for Face ID to become worse and still be better than Touch ID.
But it will be the false negatives that will by far be the most annoying and noticeable.
I mean how often will it be aimed at a wrong face compared to the right face?
I'm very curious about that. Generally measurements can be tuned in a way that exchanges false positives for false negatives (i.e. increasing sensitivity at the cost of specificity (or precision) meaning the phone can be made to be more sensitive to your face specifically (which is what they advertise with) at the cost of an increase in not detecting your face while it should.)
> But it will be the false negatives that will by far be the most annoying and noticeable.
How do you know that's what it means? You have literally no idea if this report is even true, or what the implications of it would be if it were true.
People are drawing a lot of conclusions from an unsubstantiated report on a brand new unreleased feature for a phone that nobody has yet and has never used in the wild.
I don't worry a lot about my phone having a miniscule probability of unlocking for someone else. I like security, but I don't actually think anyone is after my phone (YMMV).
On the other hand, if I can't unlock my phone quickly and reliably, that's a pain in the ass. I know that, because my kid dropped my iPhone 6s just the right way, and TouchID hasn't worked for months.
I'm just saying that 1 in 10000 (or whatever) false positives is a very poor metric for day to day usability. I agree a lot is unclear, including the data they do provide. Sure, it may still be a killer feature that, in practice is much better and safer than a fingerprint reader, I have no idea.
Touch ID for my right hand usually stops working in a few weeks, and I have to delete and add those fingers/thumb back in. (Probably related to diabetes)
My Google Pixel XL (it's a testing device) has the same issue it seems.
There's more to it than that. Touch ID was already secure enough for most people. With Face ID you lose the convenience of unlocking your phone as you take it out of your pocket and the ability to discreetly unlock your phone without entering a passcode.
But you gain the convenience of unlocking your phone while wearing gloves, having dirty/wet hands, for people with callouses/scarring/other finger issues that have prevented Touch ID from ever functioning reliably (or at all), using a heavier duty cases, etc. Certainly there are tradeoffs here, but arguments to the effect that Touch ID is already the be-all end-all of biometric authentication have a strong odor of argument-from-familiarity. I remember many debates when Touch ID was first introduced that were topologically similar to debates now happening around Face ID. It's not as if Touch ID doesn't have friction points, we've just gotten used to working around them and/or living with them. But that doesn't mean authentication tech is "done".
The ideal of course would simply be to have both (preferably with some user control about using one or the other or both). While some of the functional use space they cover overlaps (as would other methods like retina scanning), it's definitely true that they have use cases which are independent. There isn't any inherent need for it to be a zero-sum game.
However, Apple is already apparently having significant trouble getting the X produced, apparently getting both into it was an impossible reach for this year, and at the end of the day "real artists ship". Touch ID was not refined when it first shipped, it got more accurate and much, much faster over time, it was merely "good enough to get the ball rolling", but at some point that stage of things is needed. It's a tradeoff that's a challenge to get right and people can argue about where the balance is in any given instance, but I think Apple has been pretty consistent about being willing to bite the bullet and get the cycle of refinement going at a stage just before full refinement, and I'm not sure they're wrong, or that the level of refinement they've managed to reach with other products would be possible as quickly without getting it out there and in real world use.
> arguments to the effect that Touch ID is already the be-all end-all of biometric authentication have a strong odor of argument-from-familiarity
Perhaps, but it's entirely reasonable for users to take a wait-and-see approach to anything security related. TouchID, for better or worse, has run the gauntlet. Security researchers have had their hands on it and tried to exploit it. And the vulnerabilities have been minimal. FaceID hasn't undergone any of that scrutiny and we won't know how safe it is until after it's been through that process.
For that reason, I'm advising all the people I know (who ask) to skip the iPhoneX. If it's proven to work well, then I'll change my recommendation for the second generation. First-gen Apple products have a history of unforeseen problems (holding it wrong and such) anyways, so it's pretty sage advice to avoid the first incarnation of any new Apple design, regardless of the security considerations.
> TouchID, for better or worse, has run the gauntlet.
Yet if you had a 5S you knew how awesome it was from day one.
I think the point is if you're preordering something with a new feature, you'd better have a lot of trust in the company you're preordering from to deliver on what they promise.
Many people have that trust with Apple, so they're fine with committing in advance. I don't see a big problem with that when they have a very solid track record.
> (holding it wrong and such)
I never met a single person who actually had this issue, and there were literally millions and millions of iPhone 4 devices in the wild. I owned one personally, never experienced it. Few things were as overblown as this.
Apple offered everyone the option of simply returning the device for a full refund, and nobody took them up on it. Why? Because the phone was great and the issue was pretty much non-existent.
> I don't see a big problem with that when they have a very solid track record.
Haha...you obviously don't have much of a memory about Apple first-generation products. There has been early adopter pain on many, many new Apple products, both with new software releases and hardware. Most of the time they've been able to fix problems with software releases, but there have been a few times where that hasn't been sufficient.
> I never met a single person who actually had this issue
Then I guess we've never met, because I experienced it personally. I could easily reproduce the issue--simply touching the wrong spot on the side to bridge the two antennae would make the call drop. Luckily for me, my natural way of holding the phone to my ear didn't involve touching that part of the phone, but it's easy to see how that wouldn't be the case for others. The iPhone 4 was my last straw that pushed me towards the wait-and-see strategy for Apple products. Since then, I've never bought their new hardware less than 3 months after release or installed their software less than 2 weeks after release. It's made life using Apple products so much more enjoyable.
BTW...I don't remember being offered a full refund, only a free case which deteriorated and became unusable long before my 2-year contract expired, so it really wasn't a fix. I eventually just learned to be wary of touching that part of the rim. Cue the joke about the guy who went to the doctor and said, "It hurts when I do this."
> Haha...you obviously don't have much of a memory about Apple first-generation products.
Actually, I do. I stand by my assertion. Most new features Apple introduces are actually fine. Outside of a couple token examples, the "1st generation Apple product" thing is BS.
> BTW...I don't remember being offered a full refund
They had a press conference where they admitted the issue, then made a page on their site demonstrating the issue on every leading phone of the day complete with short demo videos for each model.[0][1] This put other manufacturers like RIM and Nokia into a tizzy releasing their own death-grip press releases![2]
Free bumper cases and refunds.[3]
The rapid evolution of that antenna page via archive.org is really interesting.
If customers aren’t happy with the iPhone 4—“before or after you get a free case,” Jobs added—they can bring back the undamaged phone within 30 days for a full refund. Jobs said Apple won’t charge a restocking fee and that users would be able to get out of their contracts with AT&T.
“We want to make all of our customers happy,” Jobs said. “And if you don’t know that about Apple, you don’t know Apple.”
> Luckily for me, my natural way of holding the phone to my ear didn't involve touching that part of the phone
Then you weren’t affected by the issue. Just like most people.
Anyone could recreate it just by putting their finger in a certain spot. It was trivial to do. I could do it on my phone too.
But it never affected me for the same reason as you. There may be some people who had actual problems, but for most people it wasn’t actually a big deal. It was just a ‘ha ha Apple sucks too screw you king of the mountain’ story that got a ton of press. It was the first one, and right after the stolen prototype.
Subsequent ‘gates’, like bendgate, have gotten something much closer to the attention they actually deserved.
Besides. Is anyone going to preorder one without reading one of the reviews that will come out before preorders go live? If FaceID doesn’t work well we’ll know ahead of time.
Yes I was affected, just less than others. I still had to think about the issue whenever I changed hands or adjusted my grip. Having to keep something front-of-mind is being affected because it's consuming part of your focus.
With glasses, not SUN glasses.
I suspect, also not any large glasses that are IR blocking or ski goggles. Perhaps not outside in the sun with a baseball hat on (depending IR filters and dynamic range).
All of this including the 1:Mil number are up for grabs since nobody has really tried it, but the challenges of 3D structured light matching aren't rocket science.
>>But you gain the convenience of unlocking your phone while wearing gloves, having dirty/wet hands, for people with callouses/scarring/other finger issues that have prevented Touch ID from ever functioning reliably (or at all)
How does Face ID perform when you are wearing sunglasses?
Only if the IR filters in the glasses don't work on the IR structured light. You can buy dsark glasses without IR filters, but most nice ones are 99% blocking.
He said most... so 50% of glassess would be sufficient to meet Feserighi's claim.
Do the IR filters in those nice glasses block the wavelengths that the iPhone’s sensors use? I imagine they’re aimed at blocking the sun which is probably not the same spectrum.
They are broad band IR filters because those are easier to design. Apple is likely using a very narrow band that doesn't have sun problems (see IR window from 8-14nm).
https://en.m.wikipedia.org/wiki/Infrared_window
However that nice band also gets filtered by polycarbonate which is common in sun and protective glasses. It also gets heavily cut by other typical IR absorbers, and creating a pass window will cost more money.
> But you gain the convenience of unlocking your phone while wearing gloves, having dirty/wet hands, for people with callouses/scarring/other finger issues...
What are those people going to do with their fingers once they unlock it? Use their voice to operate the phone? Sounds like a practice in frustration.
I’m pretty sure you can tune a parameter to trade off false negatives and false positives. If it has too many false negatives, you adjust it so that it doesn’t. Apple’s false positive rates surely come with an implied “at some acceptably small false negative rate.”
Here's the thing. Fingerprints are uniformly random [1]. Faces aren't. Your average Joe can't use a global online database of fingerprints to find ones that might be "close" to the owners to try to fool it, and that's only after you have the owners fingerprint, not a straightforward task. For faces that database is literally called FACEbook, and getting a picture of the owners face is trivial. And faces aren't random at all: sometimes even distant relatives look alike.
I'm not saying that the 1/1M faceid false positive rate is wrong for the general population, I'm saying that the attack vectors to reduce that number by large factors are much easier and readily available than for touchid.
[1]: Citation needed, I know.
Edit: Apparently I didn't make it clear that I don't think attack vector is to show it a 2D photo (if you had a photo of the owner why would facebook even come into this?), the attack vector is to find a lookalike using 2D photos and show the phone their face in person. Facebook's role is to find the lookalike. This should be trivial to socially engineer after you find the person.
If their number is correct, there are only about 7,000 lookalikes on the planet for any given user. Tracking one down and convincing them to participate in your nefarious scheme seems non-trivial. And remember that you must accomplish this within a fairly short time period (48 hours?) and two failures will lock you out for good.
If you’re the target of an attack by a sophisticated organization like an intelligence agency or a large industrial espionage operation, they might be able to pull this off. Common criminals will just break the phone up for parts. And either way, it’s better than fingerprints.
> convincing them to participate in your nefarious scheme seems non-trivial
Actually this would be the easiest part. E.g. A courier knocks a random persons door and says please sign here and shoves a clipboard in their face (that happens to have a faceid-sized hole in the metal frame) then hands them a random package. Done. No convincing needed, worst case they're confused for a day about why they signed for whatever you put in the box and who sent it and then they forget about it altogether.
You're right about the 7000, except it's likely that a large fraction of that 7000 lives geographically close to you as most family does. I agree that this will take more sophistication than what a common criminal could pull off, but this opens up a wide range between that and state intelligence agency that could try compared to TouchId.
I would like to see a security review with more details about how common false positives are given that you only try lookalikes.
That 1:1,000,000 is for random people. I am really interested in seeing how well it works for members of the same family (not twins). The statement I read seemed to indicate it was less reliable there.
Again, that number is very misleading. Apple is "lying with statistics" basically.
No attacker trying to break into your iPhone's authentication will use random images. They'll build a profile off your existing online photos, and then try to fool the FaceID system that it's actually you authenticating.
Suddenly that number drops by about three or four orders of magnitude.
This is harder to do with fingerprints because you don't keep your fingerprints online.
People probably don’t post a lot of 3D infrared scans of their face online, which is what FaceId uses.
(They also don’t leave them all over on the things they touch, like they do with finger prints.)
Also, I don’t know of your “lying with statistics” claim is fair. Of course, statistics are a great way to lie since you can have a mathematical certainly that what you are claiming is numerically accurate while at the same time give a false impression through selecting the numbers to present.
However, in this case, the implication is that FaceID is more precise and secure than Touch ID, which is probably true if it works the way they claim. (Well, we don’t really know that yet, but we don’t know the opposite yet, either.)
They’ll pull fingerprints off your phone to defeat Touch ID. Unless the photo attack is substantially better (and given the 3D scanning tech used by Face ID, I doubt it), Face ID is still a win.
