Personally, I think I'd rather stay with my passcode.
Did you btw know that you can turn off "simple passcode" and then use a purely numeric longer passcode? In that case the iPhone will still show the big easy-to-hit numeric keyboard allowing you to type in the arbitrary length numeric code.
Yes. It's not as safe as a long alphanumeric password, but this gets annoying SO quickly, I'd rather type in my 8 digits.
For those who want to believe it, I doubt there is any amount of information that could ever be released to convince them that the NSA isn't spying on people anymore.
The comments will go away when the issue goes away. The issue isn't going to go away. Therefore, don't expect the comments to, either. Welcome to the world we now live in.
You might as we'll be discussing religion or politics here. This is not the place. I heard your warning the first ten times.
Change starts by making enough people aware of and angry about the issue that the politicians can't afford to support these programs any more. If we're just distracted the next time $TECH_TOY or $NATURAL_DISASTER comes along, then nothing at all will change.
I don't particularly care if people find my anger at the NSA's systemic intrusion of our privacy annoying. I care more about that particular issue than I do what a random person on the internet whom I've never met might think of me. I care more about keeping you talking about the issue than I do about you liking me.
There is no new information about the NSA there. Just more speculation.
For those of us in the other 200 odd countries it really is boring as hell to have to wade through your pointless, unsubstantiated paranoia.
For instance, something in the safe-harbor blabla says citizen data handled by public angencies in Europe is not allowed to go through US nor, obviously, to be stored in the US. This rule is not new: in my previous job we had to ditch gmail and gapps in order to comply, and it was f*ing painful.
So the GP is right.
African governements in general do not have the means to spy on your electronic life.
Speak for yourself, not for the rest of us, please.
The adolescent libertarian smell combined with semi-hysterical, semi-supported outrage on this issue is rapidly beginning to stink.
We know that the NSA has their hooks into US hardware and software vendors. At this point, it's difficult to trust the promises that US-based companies make about security and privacy because we know that they're being compelled to lie. That's an extremely important variable in the discussion of a new piece of internet-connected hardware that collects biometrics. Dismissing discussion of it as "annoying" is juvenile and myopic.
I am a fan of hyperbole, but at least keep it coherent... At the very least, cheald is on topic while they are notoriously not.
Wow - that has to be hands down the absolute most ignorant, ridiculous and bullshit comment I have ever read on HN.
This is The Best place to be talking about the National Security Agency Technologically spying on everyone, building in parallel infra and forcing the biggest tech companies in the world via court gags and threats to providing them with access to encrypted user data.
Your comment is mind-boggling, to me, how you could even think this is not the place!
Edit: Toned it down a notch.
Fingerprint scanners are not yet prevalent in modern smartphones, and fingerprints are one of the primary ways that law enforcement can trace / track individuals. If the NSA, which has already been shown to have backdoors into Apple's systems, was able to access fingerprint data on a massive scale, this would be a massive affront to privacy for millions of users around the world.
pilif's comment was absolutely relevant to discussion of the iPhone 5S launch, as one of the phone's primary new features has the potential to be a massive security and privacy breach given information we've recently learned regarding Apple's close relationship with the NSA.
To quote him. Please explain how he "did no such thing"
To put it another way: the problem is not the topic. It's the tactic of derailing every other topic that people want to talk about just because you think something else is too important to be ignored. That tactic, as well-intended as it might be, has a history of driving good users away from once-good fora precisely because it's so annoying to not be able to talk about anything else.
Thank you for your succinct statement, I have very little faith we will get through this any time soon given the reaction I see on HN, Reddit and other sites where the most seemingly qualified among us to do anything cannot even comprehend how pernicious this problem is.
Your comment makes a good point, but it's too hysterical.
I'd say HN is one of the most important grass roots forums for this today.
Technology - aka OUR industry - is going to rapidly change in response. I think it's critical that there is discussion.
I'm actually really interested in your view. Do you think everyone questioning NSA surveillance of iPhones is wearing tinfoil hats?
Do you that the NSA loves us all and is just, y'know, kinda watching out for us?
We all need a big brother to save us, right?
I think what's happening here is that you are being asked to go away. Your comments aren't adding anything to this discussion about a new iPhone.
"We should expect comments about the NSA and spying to become a part of the common dialog regarding technology and personal information. Asking them to go away is just asking people to stick their head in the sand and ignore it."
That is a useful comment that would further the discussion. So I will now respond to that, since I don't want to debate what snark means.
I don't mind useful or constructive comments about technology and the NSA, but most of the comments I see are very reactionary and misinformed and painfully naiive. They are similar to all the old comments on stories about Microsoft where people would say things like "Micro$oft is obviously evil" and such.
So if a comment is interesting and useful, and happens to be about the NSA, then great. I haven't seen many of those.
> I don't mind useful or constructive comments about technology and the NSA, but most of the comments I see are very reactionary and misinformed and painfully naiive.
Perhaps our energy would be better spent pointing out why these comments are naiive and misinformed, rather than discussing whether they're worth saying at all, then?
(Meta-meta-point: I wish I could collapse comment threads on HN.)
The answer to all of the above, if we assume that talking about a product is 'helpful' to begin with, is "Yes." Privacy is simply something that people are going to consider and discuss from now on. There is no reason we should treat it differently from the other things we consider.
At this point, the overwhelming evidence is that we are being spied upon at a scale never seen before in history. Legal checks and balances such as search warrants are consider inconveniences to be routed around with border confiscations.
I would begin to believe things are changing when I see officials on both sides of the Canada-US border going to jail--yes, jail--for things like spying on their ex-spouses or for routing around search warrants.
So yes, by all means, keep talking about it.
If the NSA wants to target you specifically, you're fucked no matter what unless you move to a cave. No point in being needlessly worried. I'm more worried about this causing someone to cut off my finger while stealing my phone than I am the NSA coming after me.
You know what? Neither are derisive comments that imply the NSA is not, in fact, violating our privacy. You'd have to be out of your goddamned mind to actually think they've stopped.
The NSA is a spy agency, of course they are spying on people. Unless the NSA ceases to exist it will spy on people. They are not actively trying to claim otherwise (only that they try really hard to only spy on people who are in someway connected to someone who is not an American or has been designated dangerous).
It is a perfectly cromulent word.
Scheier's special prosecutor plus truth and reconciliation commission seems reasonable. But we're getting way off topic.
> In one case, after the government learned that a foreign intelligence target had ordered new computer hardware, the American manufacturer agreed to insert a back door into the product before it was shipped, someone familiar with the request told The Times.
> At Microsoft, as The Guardian has reported, the N.S.A. worked with company officials to get pre-encryption access to Microsoft’s most popular services, including Outlook e-mail, Skype Internet phone calls and chats, and SkyDrive, the company’s cloud storage service.
Please do your duty as a human being and read more.
They obviously have broad powers to spy on individuals through a variety of channels, which isn't, or shouldn't be, news.
Clapper's testimony to congress?
(Sorry for the BI link, but the relevant slides are shown immediately)
We are dealing with the realm of speculation, but it is not speculation fueled by some sort of tinfoil hatted lunacy. With the role that smartphones fill in peoples' lives today, you are just going to have to come to grips with the fact that, going forward, some people are going to consider the privacy of new devices to be very relevant, and well worth discussing. Don't be surprised when people error on the side of caution.
You want to talk about battery life and color? Well I want to talk about display DPI and privacy. Learn to cope.
So from that you extrapolate all devices made by US companies are secretly under the control of the NSA? Pretty big logical leap there.
That leads me to believe that you're either part of an organization that's subverting the internet and assisting the NSA or you're willfully ignorant.
Fact is, your other comments point that you have not well-researched the situation.
Every week there's a new revelation of just how deep the surveillance really is-- not just "metadata" but ALL data is being collected. The NSA hacks into companies, pays off others for cooperation. Backdoors. Broken encryption. It's all there out in the open thanks to the documents that have been leaked.
You do harm to the liberty of others by dismissing these facts.
> It's all there out in the open thanks to the documents that have been leaked.
You dismiss his point that unsubstantiated documents is largely the source of all this speculation and then you remake a bunch of unsubstantiated claims, saying they are all proved by the aforementioned documents.
Even Obama and the NSA itself has backed this up.
They'd been trying to extradite Snowden ffs, get your head out of the sand.
That is to say: there are some things that we know and are verified (e.g. that there is a program, called PRISM, etc.) but other things where there's a lot of speculation, but less or no verification (e.g. that the iPhone is backdoored.)
Some of us like to distinguish between these things. Some of us don't. It doesn't help to call people names over it, though.
I assume you mean digitally record, unless you're wearing gloves. ;)
Who said what they're doing is illegal? The whole problem is that the entire surveillance regime is completely secret and completely legal.
If you can comprehend what is going on here, you should be loud and obnoxious about it. Get people talking. Make it the focus and refuse to give up that focus. The only way this is going to change is to get so many people angry about it that it becomes more politically advantageous to oppose than support it. If you get angry about hearing about it, then I'll take that - you now have an incentive to help get it changed so people will shut up about it.
I'm not trying to stop you from having the discussion. Can you just label the thread "NSA can get your fingerprints off that iPhone 5S" and have at it. There is a time and a place for everything. Everyone here has heard about the NSA situation by now. The word is out.
Nope. I'm just asking you to not ask others to not discuss their politics. You're more than welcome to not participate in the conversation if it's not useful to you.
We really can't discuss the finer points here because no matter how polite I am, I will simply get voted down for not agreeing with the HN politics. By the way, recently I heard a few tech heavy-weights come out in favor of the NSA (e.g. Larry Ellison, Max Levchin).
If you are comfortable with the current NSA behaviour, you are part of the problem.
HN, similarly, is just going to be the place where a bunch of libertarian-leaning programmers became, from my perspective, conspiracy theorists. But more charitably, maybe, we can say they are now radically opposed to government invasion of privacy.
The Snowden revelation, whatever you think of it, has been one of those events which divides time into before and after for this crowd.
It's foolish not to speculate on reasons why giving your thumbprint to a vendor may not be in your best interest. I'd much rather see the OP comment on the top of this discussion rather than some inane debate about whether the new phone is an incremental upgrade or an exciting evolution.
Nope. This is called critical thinking especially given our current global surveillance state.
It's like any new product/app created will now get some NSA snark unless its a link to a github repo. And even then I'm sure there are ways...
It's mentioned in the video as well: http://www.apple.com/iphone-5s/videos/#video-touch
That's what I means by "we have to consider the iPhones backdoored". Once you can't trust the device any more, all bets are off and thus we can't be sure that what Apple says they do with that fingerprint is what they actually are doing.
(edit: regarding jailbreaking, I seriously doubt that a sufficiently well-hidden backdoor would be found by a jailbreaker. Or have we found the backdoors in OSX or Windows yet? Since the latest leak, we know they are there)
edit: Also, there is a difference between a subtle crypto vulnerability and sending data to a server that, according to the announcement, is designed to be protected in its own enclave and never sent anywhere. The latter would be far more obvious in the code and easier to spot.
But we can't see the code. And it's far from certain you'd be able to pick it up through watching data packages.
They might want to do approximate matching, though. That could make it hard or impossible to do without the decryption key.
good spy novel stuff... steal the prints of some foreign bigwig, or say Julian Assange, plant a copy in some compromising crime scene...
If you're going to do anything, including working on the computer you're typing your comments on, you have to trust a lot of parties. Some of that trust involves knowing who made the code, and some of it may involve the knowledge that the NSA will not be using their best, most secret backdoors against a whole lot of people.
If they send out 8 bytes of your fingerprint data hidden in every picture you take (so your fingerprint can be regenerated by looking at your first 500 pictures) I doubt anyone will ever find it.
Makes perfect sense.
How many webapps have encypted and stored their users password "only on their own servers", to later have them leaked via combination of exploit in 3rd party software that allowed the download of their DB and a little brute force?
Only difference on an iPhone is that there are literally 100s of thousand of apps that can possibly be exploited
Additionally -- if things are like they used to be when I was in the biometrics world in the mid-90s -- the fingerprint template will be small and work like a one way hash; if you have the template you cannot reconstruct the fingerprint from it. It wouldn't really be very useful to the NSA or anyone else.
I think the fingerprint scanner is positioned not to be some indestructible lock like RSA or a safe-deposit box, but a reasonably decent deterrent like door locks and The Club. It seems to be at the same level of security as your iPhone passcode -- a well-equipped intruder can certainly get into your stuff, but your mom or a pickpocket won't be able to.
When a third-party loses your password, you change it and life goes on (you are not reusing passwords, are you?). When a third-party loses your fingerprint, what do you do? Cut off your fingers? Grow a new hand?
Yes. The fingerprint information is supposed to be irreversibly hashed. But so are passwords. And yet we still see them being stored unencrypted. No. I'm very careful with my fingerprints.
Also, the data on my phone must be some of the most valuable data I have. When I lose my phone and you gain access, you immediately own all my online identities. My phone has SSH keys, it has the password to my Email account stored in its keychain (very handy for all these "I have forgotten my password" features on all the sites), it has my 2 factor authentication tokens - I can't even begin to imagine how bad it would be if somebody had access to my phone.
Yours is probably as valuable to you.
What does that even mean? You wear gloves in public all the time? You wipe down everything you touch?
Which makes me wonder, aren't one's finger prints all over your iPhone exterior anyway. If someone steals one's phone wouldn't it be easier to dust it for prints than crack the security on the digital copy?
Ding ding ding! We have a winner.
Almost as silly as not using a biometric logic because "what if they use a backdoor to get a photo of my face?"
I think there is too much of an emphasis on using uniqueness for security. The idea is that if "It could only be you!" you are secure.
The sci-fi vision is a world where a fingerprint or retina scan is taken and that's it. There's no username needed, just the fingerprint itself is enough to confirm your identity. In reality, the idea of uniqueness for security actually would create security problems, because it removes the other factors involves, and biometric codes like fingerprint cannot be changed as needed (technically a fingerprint can be changed 9 times. A voice on the other hand cannot.)
An NFC tag/card/ring, seems much better to me, since these can be changed as needed and would be more difficult to hack than taking a fingerprint off the phone.
An armed thief could steal your ring or fob along with the phone, but they could also make you use your finger to unlock your phone for them. So I don't think that's really any added protection in that situation.
The thief that just grabs your phone off the counter or out of your pocket will have a much tougher time with the NFC tag than with the fingerprint.
That said, I can see how this could potentially dramatically increase the availability of public fingerprints if it were hacked. More importantly the fact you can't reset your fingerprint is something I overlooked. I do think that in general though anyone building a system that relies exclusively on a fingerprint as a highly hack-resistent security measure is foolhardy regardless of how prevalent fingerprint data is. In other words, your iPhone passcode isn't protecting your data anymore than your fingerprint if someone gets their hands on your phone, so I don't really see how this point is material to if it's a good idea to use fingerprints to unlock phones.
It's not quite the same with private keys because you can always generate some new keys and publicly revoke your key if it could have been compromised. Since you cannot regenerate your fingerprints and could have already lost them, simply revoke them up front.
Edit: expanded on this in my blog: http://blog.oleganza.com/post/60865284958/key-revocation-and...
My passport also is one of the last ones you could get without it containing any biometric data.
As such, I'm reasonably sure that no third-party ever had access to my fingerprint. And I'd love for it to stay like this (see my parent comment for the reasons why)
And to someone who may ask me "why would you want the freedom to do something bad?" I'll answer that three of the biggest monotheistic religions are based on a guy a girl who were allowed to do bad things (Adam and Eve). I'm agnostic myself but I find it pretty self-explanatory nevertheless , you just can't impose the lack of free-will on people.
Is it just me, or is HN getting really frikkin' paranoid?
to someone who may ask me "why would you want the freedom to do something bad?"
I think you're over-reaching.
But pragmatically, the more data they have, the more likely you are to show up as a false positive. Worst case; you handle something in a hardware store and it's later made into a bomb by a third party. You're going to need a solid alibi for that one.
Or you get placed at the scene of a protest even though you weren't present for it. Now you're on the terrorist list.
Additionally they can catch you more easily for victimless crimes, like if your fingerprints are on a bong they collect. I figure it's easy enough for them to stick you with a felony even without actively helping them get more data. So I'm trying to minimize the felonies I can be stuck with.
Fingerprints are a horrible biometric.
They might be a bad biometric but it's not because they aren't universally available to everyone.
Plus, as others have mentioned below, most conceal carry firearm permits will require it, at least here in Illinois.
So, the govt. already knows that I'm a registered Republican, they have my fingerprints (twice), they know I have a FOID (Firearm ID in Illinois), they know my travel patterns (via airlines, gas stations, etc).
I think the last of my worries is some fingerprint scanner on a smartphone. At least I won't have to type in my PIN to unlock it while driving...
Now, instead of waiting around for lawyers, your finger will be physically forced onto the home button.
Firstly - the NSA has no need to be able to access the fingerprint. The fact that the fingerprint is your passcode barometrically ties you to the device, without a doubt, and makes the meta data all that much more accurate.
What we know is that the NSA has complete upstream dominance, direct and indirect access to company data and extremely powerful correlation tools.
With the features of the 5S' "always on motion sensors, tied to health apps - they basically can construct not only WHO, WHERE, HOW, WHEN, you do something, they'd be able to go as far to be able to develop a "health number" into that dossier.
The fact of the matter is that while the Apple product is a nice shiny thing - and sure - as a phone and a tech, I'd love to use it -- but the data it produces about its users is 100% transparent to the NSA, based on everything we have seen so far. And more egregious; the fact that the NSA unabashedly abuses this access and does construct elaborate pictures of your behaviour then SHARES this with other agencies.
The passcode and fingerprint only serve to prevent the data the NSA IS collecting from being wrongly attributed to another human body.
Do you believe disabling the reader in a software-setting is enough to be sure it's not working? I don't. With all these NSA concerns going about, having a hardware fingerprint-reader on your smartphone that you can't avoid touching is something to think about.
Even ignoring the specific issue of fingerprints, which I am not convinced is a major concern, the widespread use gives numerous other reasons for pause.
Welcome to the Total Information Awareness world.
10,000 of those would keep the NSA quite busy.
(I guess you'd need a live terrorist's finger to replicate though. Those NSA types are pretty smart.)
It's your hardware after all. If you're worried about it, take steps to protect yourself.
If I ever own one of these phones, I might have to make it a point in my muscle memory to use my knuckle to press the home button.
the same statement about "not providing direct access" will get them off easily like it already did for them and Google/FB/etc in case of the rest of personal information.
I'd say it would be negligent on the part of NSA to not use such a convenient source of fingerprints of "foreign" persons :)
>at least hope, that Apple has designed the hardware involved to be subpoena proof
why would a corporation intentionally do it? Conspiracy of obstruction of [future] justice comes to mind.
In criminal law, a conspiracy is an agreement between two or more persons to commit a crime at some time in the future.
I would prefer the NSA not have my prints but virtually every other piece of data they collect is more likely to be used against me.
If you're talking about ISP monitoring, that's not specific to the iPhone, and not relevant to this discussion.
If iPhones phoned home information on stored on phones, I'd expect there to be a huge shitstorm and ample evidence of suspicious traffic. Do we have any evidence _at all_ that this has happened?
We know that the info can be sucked out of Apple (or Google, or Faceboob, etc) if the NSA wants to (for now).
So if they have your fingerprint data ... or even the ability to suck stuff off your phone ... then ... well qed
look obviously I'm in the minority, in caring about my biometrics being "built in" at such a "ground level" to a device that has so much connectivity to "the cloud" ... if you're not disturbed by this, then fine. I'm ok, you're ok. It is ok to hold different views.
For me, it's very relevant whether we have any evidence that the government is collecting data residing _on_ iPhones on any scale, or whether the iPhone has any such capabilities built in. As far as I know, this hasn't been reported.
I know that Apple technically can push out a software update that would enable data collection or even covert audio recording, but in the end I have to make a decision on the likeliness of this vs. the convenience of having a smartphone handy.
Regarding fingerprint data, the US already has that and will continue to do so for 50 years, due to the fact that I had to travel to the US for work related reasons. Not happy about that, but, well, that's life.
It may be optional, but that doesn't mean the device cannot acquire it without your knowledge. It is built into the home button after all.
Brilliant! I did not know that. I haven't been using Long Passcode Mode because I didn't want to type on the tiny keyboard to unlock 100 times a day.
The saddest part to me is that people are attempting to put an end to this worry by saying "well, Apple said they don't give apps access to it." And no other tech company has ever told us about any of their involvement and cooperation with the NSA in the collection of private user data.
People shouldn't wooed by this new feature and be blinded to its security implications. Start taking this stuff seriously, instead of what these companies are telling you.
In any case, we're talking about devices that can already spy on you to an enormous extent (conversations, photos, e-mail, passwords, plenty more). Fingerprints seem way down the list of important things they could be stealing.
For the NSA? A hell of a lot harder than backdooring iPhones.
Since fingerprints can't be changed, he more widely they are used for authentication, the more likely that they will be compromised and the less useful they are for authentication.
However, it's not at all an argument against using fingerprint scanners as an optional choice for authentication, just because the scanner could be used to steal your fingerprint.
Fingerprint theft is a problem regardless. You can't really target systems that enable that theft, because it's an ever-present risk. Instead, worry about systems which fail due to such theft.
Fingerprints are fine for a gym, because who cares if somebody fakes yours. They're fine for a smartphone for many people, because it's intended to stop casual theft, not be an impenetrable barrier. Fingerprints should definitely not be used (at least on their own) for, say, nuclear launch authorizations or other things of similar import, because they can be stolen and faked.
However, if you're using a fingerprint to unlock, it's much harder to say "I've forgotten my password" - or stop them from using your finger while you're unconscious.
Deniability becomes much lower.
I wouldn't assume that a device is incapable of accumulating GPS tracking information in "airplane mode" and forwarding it when the radio is turned back on, however, or that intelligence and law enforcement agencies would never quietly disable "airplane mode" in the course of specific investigations.
However, while the NSA has surely overstepped its bounds I don't believe it is omnipotent. At some point its influence ends. I'm still willing to believe in airplane mode. Perhaps next week's scoop will change that, but for now I'm somewhat confident it works.
Does the signature output of the sensor even resemble something that would be useful to a third-party? It seems doubtful that it dumps out a little JPEG... and it might not even be possible to reconstruct.
There's either absolutely nothing you can do about it, or it's not as bad as you think and you are being wildly over fearful.
But since we don't know if they compromised apple(an american company), and the benefits of fingerprint ID is not that big, maybe we need to think about not using it?
How to fake fingerprints from ChaosComputerClub: http://dasalte.ccc.de/biometrie/fingerabdruck_kopieren?langu...
Did you honestly not suspect they were doing this all along? Why the concern just because some details have been leaked?
Plus, who can resist a good "I told you so!" ;-)
This means that GCHQ (and by implication probably the NSA), already have my fingerprints.