Where the fuck did that come from? It is neither baseless or FUD. That fingerprint will be sent over the wire at some point and the NSA will gladly pick it up. How you think otherwise is beyond me.
What operating system I prefer really has nothing to do with it, even if it is linux.
Posted from my iPhone, android, third mac mini, 2nd mac air, or first thinkpad who the fuck knows (or cares? oh you obviously)
> Touch ID does not store any images of your fingerprint. It stores only a mathematical representation of your fingerprint.
> The Secure Enclave is walled off from the rest of A7 and as well as the rest of iOS. Therefore, your fingerprint data is never accessed by iOS or other apps, never stored on Apple servers, and never backed up to iCloud or anywhere else. Only Touch ID uses it and it can't be used to match against other fingerprint databases.
Then you might as well say Apple already secretly have finger scanner since iPhone first generation and already sent that data over the wire. Or may be there are also finger scanner on your keyboard right now!!! Also that video-cam on most notebook, it's now always on and secretly send the data to NSA!!!!
It's fud until you or someone else posts evidence that the fingerprint is sent over the wire, or that Apple intends to do the same (for example, code that sends the fingerprint that awaits activation by a third party). You're not going to be able to do that. It's shameful that you can't even recognize the fudishness of what you posted, especially if Linux actually is your operating system of choice and you have been through the fud wars of the late nineties and early two thousands (that was only a guess on my part).
"It's fud until you or someone else posts evidence that the fingerprint is sent over the wire"
It absolutely isn't. Even if just the hash were sent over the wire (or if it were possible for the authorities to extract it over the wire), it would be perfectly possible for the authorities to run the same hash algorithm on their candidate print and see if the hashes match. Such evidence would likely not be admissible in court but 1) it would be enough to give the authorities a tipoff, 2) for matters deemed important enough, secret trials seem to be all the rage these days.
I would be _very_ surprised if there were no backdoor in iPhones for the authorities. Even their "secure" area. The U.S. authorities simply do not take no for an answer when having a "talk" with a vendor producing a widespread "security" related product.
> I would be _very_ surprised if there were no backdoor
I'm not sure if you understand what FUD means. Your surprise or lack thereof does not count as evidence, and is irrelevant to whether something is FUD or not.
> MS Exec: "I'd be very surprised if Linux had a lower TCO than Windows Server."
Canonical example of FUD. EXACT same thing as you're saying, just in a different context.
You've got to be careful when you say things like that, because they're trivial to refute.
The whole point of a backdoor is to be obfuscated and hard to find. So it would be very likely that you would not find one even if one were present. Your example is simply a Microsoft not bothering to do something that's perfectly researchable.
We don't have any _proof_ that Dual EC DRBG is defeatable to the NSA. By your logic we should still be using it happily until we have that proof and until then any caution is simply "FUD".
So if that's "FUD", then I've got news for you: the security world is very sensibly built upon FUD.
I would be very surprised if the fingerprint is sent over the wire. Instead, I would expect the "secure enclave" to validate the fingerprint, and then emit a time-limited certificate of some sort to authenticate with servers. The fingerprint information - or derived information such as hashes - never needs to leave the phone.
Sure is a significant improvement for some people at least. http://t.co/EK3sdeloUX