iPhone 5S, 5C Announced

[David Munch]

Quote:

Originally Posted by doctorow

Unless something is installed on your device (malware, ...) that can access the internal database. Then the possibilities are endless.

Which is almost impossible due to the walled garden Apple has. (Yes I did write almost)

Quote:

Originally Posted by Sil_liS

According to this, the iPhone's fingerprint scanner scans fingerprints in more detail than the traditional method, not less.

Indeed, but it still doesnt give you a fingerprint (Think finger in ink and then pushed onto a paper),as i wrote above.

Quote:

Originally Posted by Prestidigitweeze

As someone mentioned earlier, our comments about the fingerprint scanner have not been entirely serious.

What, unserious comments on MR? Surely not!

[Yolina]

Quote:

Originally Posted by elemenoP

I just wonder if the fingerprint scanner will make the new iPhone any less attractive to thieves. I live in NYC where iPhone grabbing is a problem.

They'll just cut off your fingers as well when they grab the phone now

[Sil_liS]

Quote:

Originally Posted by David Munch

Indeed, but it still doesnt give you a fingerprint (Think finger in ink and then pushed onto a paper),as i wrote above.

Finger in ink and then pushed onto a paper is not a scan, and in your previous post you said:

Quote:

Originally Posted by David Munch

The fingerprint scanner in the new iPhone, does not scan your fingerprint as such, only specific markers in your print.

Maybe authentication looks only for specific markers, but what is stored on the iPhone is an encoded scan of the fingerprint.

[Dulin's Books]

Quote:

Originally Posted by Dopedangel

and discontinuing 5

this is just marketing. they did the same thing they always do. continue to sell last years model as the cheaper alternative to the new one. they added a twist this time and put the old one in a new cheaper to manufacture body to increase their margin it.the 5c is the 5 in new colors

[WillAdams]

Quote:

Originally Posted by Yolina

They'll just cut off your fingers as well when they grab the phone now

Sadly, something w/ precedent in fiction (Timothy Zahn's _The Blackcollar_ is the earliest mentioning I'm aware of), as well as in real life:

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

There's also no way to prove that the fingerprint isn't being provided under duress, or while the user is unconscious / unaware --- it's cute in Sil_liS's photo, but potentially quite troubling.

[Andrew H.]

Quote:

Originally Posted by Sil_liS

Finger in ink and then pushed onto a paper is not a scan, and in your previous post you said:

Maybe authentication looks only for specific markers, but what is stored on the iPhone is an encoded scan of the fingerprint.

No, that's pretty clearly not the case:

Quote:

new iPhone 5S, which comes with a fingerprint scanner, won’t store actual images of users’ fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple’s new Touch ID system only stores “fingerprint data,” which remains encrypted within the iPhone’s processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple’s iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone’s encrypted chip, they likely wouldn’t be able to reverse engineer someone’s fingerprint.

http://blogs.wsj.com/digits/2013/09/...nt-like-sweat/

[Andrew H.]

Quote:

Originally Posted by WillAdams

Sadly, something w/ precedent in fiction (Timothy Zahn's _The Blackcollar_ is the earliest mentioning I'm aware of), as well as in real life:

http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm

There's also no way to prove that the fingerprint isn't being provided under duress, or while the user is unconscious / unaware --- it's cute in Sil_liS's photo, but potentially quite troubling.

This is where these comments kind of go off the rails. Apple developed this - as they said at their keynote - because more than 50% of their users weren't using the passcode. For those users, the fingerprint sensor is clearly better than nothing.

Using the fingerprint sensor is also completely optional, and if you do choose to use it, you don't have to use it as a password for iTunes or the App Store.

And, again, everyone is free to continue using the passcode.

[Prestidigitweeze]

Post deleted to avoid bringing political issues into the non-political side of the fourm.

[pl001]

Quote:

Originally Posted by Andrew H.

This is where these comments kind of go off the rails. Apple developed this - as they said at their keynote - because more than 50% of their users weren't using the passcode. For those users, the fingerprint sensor is clearly better than nothing.

Using the fingerprint sensor is also completely optional, and if you do choose to use it, you don't have to use it as a password for iTunes or the App Store.

And, again, everyone is free to continue using the passcode.

Yeah, people get too hung up on speculation. I'm sure the backup will be a passcode, just like Google's face unlock. And there's no requirement to use the scanner in the first place. So if you don't like it for ANY reason (and there are some ridiculous ones being thrown out by the tinfoil hats) it shouldn't degrade your iPhone experience at all.

I do feel like it's a great idea if it works well. As in fast and 99% reliable. If it doesn't work well it's just a gimmick. But even then it could be useful for some. Again, assuming it works ok, it's probably the best feature they've implemented in a while. Of course I'm somebody who is mired in security rules and regulations on a daily basis.

[Yolina]

Quote:

Originally Posted by Andrew H.

This is where these comments kind of go off the rails. [...]
And, again, everyone is free to continue using the passcode.

Quote:

Originally Posted by pl001

And there's no requirement to use the scanner in the first place. So if you don't like it for ANY reason (and there are some ridiculous ones being thrown out by the tinfoil hats) it shouldn't degrade your iPhone experience at all.

Jeeez... my comment was said in jest, there was a in my post.

I don't get on with iStuff anyway and therefore the fingerprint thingymajig is a moot point a far as I am concerned.
But for all those of who do buy the latest offering, enjoy

[tubemonkey]

[WillAdams]

Quote:

Originally Posted by Andrew H.

This is where these comments kind of go off the rails. Apple developed this - as they said at their keynote - because more than 50% of their users weren't using the passcode. For those users, the fingerprint sensor is clearly better than nothing.

Using the fingerprint sensor is also completely optional, and if you do choose to use it, you don't have to use it as a password for iTunes or the App Store.

And, again, everyone is free to continue using the passcode.

Is one free to be certain that the machine _never_ makes a scan of one's finger?
Is there a physical switch to disable the fingerprint scan?
Is there a hard-wired indication that the scan is being made?
What sort of guaranty does one have that the encrypted description of the recognized digit is inaccessible if the iPhone's security is compromised?

[Sil_liS]

Quote:

Originally Posted by Andrew H.

No, that's pretty clearly not the case:



http://blogs.wsj.com/digits/2013/09/...nt-like-sweat/

The article is saying "won’t store actual images" but this isn't an actual company spokesman quote.

So if 'not an actual [...]' makes all the difference to you then why would you even bother taking that into consideration?

You also might want to consider this:

Quote:

Digital Negative is a new iPhone app which promises to save photos in Adobe’s DNG format. That is, it promises RAW images from your iPhone’s sensor. Leaving aside the debate of whether or not this is a good idea (more on that in a second), can an App Store app really get access to the raw, unprocessed data from the sensor? The answer is no, but to the developer’s credit, it goes just about as far as is possible.

A RAW file is literally the raw data from the image sensor, before it is even turned into color and luminance values, or let alone an actual image.

'Not an actual image' can be as little as 'other file format'. And with an iPhone in hand a person has everything they need to figure out how the fingerprint data relates to an actual fingerprint.

Quote:

Originally Posted by Andrew H.

This is where these comments kind of go off the rails. Apple developed this - as they said at their keynote - because more than 50% of their users weren't using the passcode. For those users, the fingerprint sensor is clearly better than nothing.

Using the fingerprint sensor is also completely optional, and if you do choose to use it, you don't have to use it as a password for iTunes or the App Store.

And, again, everyone is free to continue using the passcode.

According to the WSJ that you linked to in the previous post:

Quote:

Apple customers who wish the use Touch ID also have to create a passcode as a backup. Only that passcode (not a finger) can unlock the phone if the phone is rebooted or hasn’t been unlocked for 48 hours. This feature is meant to block hackers from stalling for time as they try to find a way to circumvent the fingerprint scanner.

Users that are against using a passcode won't be able to use the fingerprint scanner without one so I don't see how this would help convincing them to get security.

And it shows that Apple knows that the fingerprint scanner can be circumvented.

[holymadness]

Quote:

Originally Posted by Sil_liS

You also might want to consider this:

'Not an actual image' can be as little as 'other file format'. And with an iPhone in hand a person has everything they need to figure out how the fingerprint data relates to an actual fingerprint.

In your haste to scaremonger, you have quoted an article about extracting RAW image data from the iPhone's camera sensor (not its fingerprint sensor). Quoted in bad faith, I might add, since the iPhone camera has APIs and SDKs that are specifically designed to share data with apps, which is not the case for the fingerprint sensor.

Let me explain something to you about your worry that someone "with an iPhone in hand... has everything they need" to gain access to your fingerprints. Stealing and then hacking someone's iPhone to get at their fingerprints is literally the stupidest, least efficient way of doing so. Newsflash: you leave your fingerprints everywhere you go, every single day. Thousands of them. On your computer mouse, your book covers, your cereal box, your coffee cup, your car steering wheel, your desk, your chair's arm rests, your doorknob, your kitchen faucet, your briefcase, your condiment jars. You even leave them all over the outside of your smartphone. It takes ten seconds to dust and tape a surface and walk away with a perfect print. Forensic technicians have been doing it for over a century.

Quote:

Users that are against using a passcode won't be able to use the fingerprint scanner without one so I don't see how this would help convincing them to get security.

This is a rather obtuse interpretation of motives. If someone's reason for forgoing a passcode is the inconvenience of having to enter it every time they unlock the phone, then there is a great deal of motivation to use the fingerprint scanner.

Quote:

And it shows that Apple knows that the fingerprint scanner can be circumvented.

This is a hysterical "damned if you do, and damned if you don't" criticism. Apple has taken the precaution of adding an additional layer of security to a new feature and you see it as a bad thing. Time to get some perspective.

[Sil_liS]

Quote:

Originally Posted by holymadness

In your haste to scaremonger, you have quoted an article about extracting RAW image data from the iPhone's camera sensor (not its fingerprint sensor). Quoted in bad faith, I might add, since the iPhone camera has APIs and SDKs that are specifically designed to share data with apps, which is not the case for the fingerprint sensor.

I don't see why anybody would assume that the article talking about the data from the sensor being "turned into color and luminance values" would refer to the sensor of the fingerprint scanner.

The discussion went like this:

• David Munch said that the scanner "does not scan your fingerprint as such, only specific markers in your print."
• I replied by quoting an article that said that "The system then interprets the voltages generated by each cell to determine which one is under a ridge and which is under a valley. By combining this data the scanner can generate an overall image of the print, much as an EO scanner would, but with a much higher degree of fidelity."
• David Munch replied by saying that it still doesn't give you a fingerprint like "finger in ink and then pushed onto a paper".
• I replied by pointing out that he previously talked about fingerprint scans, which isn't the same thing as "finger in ink and then pushed onto a paper", adding that maybe the initial point about only scanning specific markers is valid during authentication while the data that is stored on the phone is "an encoded scan of the fingerprint".
• Andrew H. intervened by quoting an article that said that the phone "won’t store actual images".
• I replied by quoting an article that mentioned RAW data, that while it can be converted into an image, is not an actual image.

Quote:

Originally Posted by holymadness

Let me explain something to you about your worry that someone "with an iPhone in hand... has everything they need" to gain access to your fingerprints. Stealing and then hacking someone's iPhone to get at their fingerprints is literally the stupidest, least efficient way of doing so. Newsflash: you leave your fingerprints everywhere you go, every single day. Thousands of them. On your computer mouse, your book covers, your cereal box, your coffee cup, your car steering wheel, your desk, your chair's arm rests, your doorknob, your kitchen faucet, your briefcase, your condiment jars. You even leave them all over the outside of your smartphone. It takes ten seconds to dust and tape a surface and walk away with a perfect print. Forensic technicians have been doing it for over a century.

My initial intervention on this point has to do with the notion that the fingerprint data from the phone is less than the data from a normal fingerprint scan, when in fact it is more accurate and complete. And while we leave thousands of fingerprints around every day they aren't as reliable as some TV shows make it seem. You can look at the screen of your iPhone for that: how many smudges are complete clear fingerprints?

I mentioned the "with an iPhone in hand..." thing because David Munch also said in the post that I initially quoted that the data "is really useless, unless you use the same-ish software to decode it". I was simply pointing out that as it is clear that your iPhone needs to get stolen in order to retrieve the fingerprint, the "software to decode it" would be on the same device as the fingerprint itself so the 'not an actual image' that Andrew H. was complaining about can be turned into 'an actual image'.

Quote:

Originally Posted by holymadness

This is a rather obtuse interpretation of motives. If someone's reason for forgoing a passcode is the inconvenience of having to enter it every time they unlock the phone, then there is a great deal of motivation to use the fingerprint scanner.

You are assuming here that the reticence regarding the use of a passcode has to do with the inconvenience of having to enter it every time and not the inconvenience of having to remember another code. But let's take your example. If it's cold and you want to use gloves, or you use hand cream, or if your finger is wet for whatever reason, you can't use the fingerprint scanner and you have to enter a passcode.

Quote:

Originally Posted by holymadness

This is a hysterical "damned if you do, and damned if you don't" criticism. Apple has taken the precaution of adding an additional layer of security to a new feature and you see it as a bad thing. Time to get some perspective.

It's an additional layer of security that is mandatory to a new feature that is a layer of security.