Apple Offers Additional Details on Touch ID, iPhone 5s Won't Store Fingerprint Images

[Sedulous]

Can someone please enlighten me on why people are so fussy about the NSA getting fingerprint data? What can they do with that information? It's not like they can even sell it to marketers.

I don't get the paranoia either. Anyone that has a modern passport has a chip that stores their biometric data. Etc.

 

[Parise]

I don't get the paranoia either. Anyone that has a modern passport has a chip that stores their biometric data. Etc.

Because I don't feel like typing it up again, see below.

To me, this is like saying it doesn't matter for 'the government' (or whomever) to put up cameras on every street and in every room. You had your picture taken when you got your driver's license, passport, or whatever, so they already have your picture on file.

It's not the data itself, it's the ability to link it to behaviors. The fingerprint thing doesn't just say this phone was at this place, it says this person unlocked this phone at this place.
(For the record, I'm generally happy with what these security measures seem to be about, this is just my explanation of why the "they already have your fingerprints" argument doesn't carry water)

 

[smoking monkey]

I'm not saying that something remotely comparable to the Third Reich is happening in America, hell, no,


but I'm saying that history should have taught us by now that some critical thoughts about the NSA are very appropriate.

Then we agree. It's all good!

And yes, you're right, there should be some critical thinking as long as it doesn't devolve into panicked paranoia.

Anyway, I love the idea of the fingerprint scanner. Just my opinion.

 

[Crzyrio]

- So how does this work, are you going to use that time saved to bill another customer, or what... I assume you're not on salary, or good luck convincing your employer you should get a $5k raise for the time saved
- Your calculation also assume that all those times unlocking your phones, is time you could have worked. So I am guessing you never unlock your phone when relaxing in bed, driving your card, walking outside, etc... Saving time there doesn't really give you extra time to work
- Also, congrats on making half a million dollars a year, and yet still finding time to come entertain us in these forums
- Finally, I am afraid to tell you but... the iPhone 5S comes with iOS7. As you may or may not know, iOS7 has a lot of new cool animations, but unfortunately, they slow down the use of the phone for power users. After unlocking the phone, you lose at least a second waiting for the zooming transition to end before you can open an app. Also, there are some substantial performance problems at this time, keyboard lags, etc.. Overall, I would say the 4-5 seconds you gain when unlocking the phone, you lose them and then some when going through different screens.

You may want to do a full cost/benefit analysis before jumping on iOS7, looks like this thing could cost you millions.

Time is money...simple as that.

So yes even when I am in bed relaxing, that 4 secs of more time I spend on my phones each time I go to unlock it. That means I finish what I wanted to do on my phone 4 secs earlier each time, it means I get to play 4secs more of each game every time, it means Ill be able to find directions 4 secs quicker, it means Ill be able to get to that important message 4 secs faster.

I spend time on here because I enjoy it,

----------

It's a guarantee that they are kept somewhere. It's a possibility that we'll know about it in any detail.

----------



To me, this is like saying it doesn't matter for 'the government' (or whomever) to put up cameras on every street and in every room. You had your picture taken when you got your driver's license, passport, or whatever, so they already have your picture on file.

It's not the data itself, it's the ability to link it to behaviors. The fingerprint thing doesn't just say this phone was at this place, it says this person unlocked this phone at this place.
(For the record, I'm generally happy with what these security measures seem to be about, this is just my explanation of why the "they already have your fingerprints" argument doesn't carry water)

That is true, but if the information they can get out of these behaviours are put in the right hands it can make our lives a lot easier.

One example is the way Google Now works or the frequent locations on the iPhone. Because it tracks my behaviour, the phone does the work for me and I do not have to look up traffic times and such.

Now imagine if there were huge buildings of people analyzing all our actions and provide us helpful tips during our day? Lol this is taking it to far but you ge the point.

If in the right hands, it can be useful. At the same time there are those negatives.

 

[MadDog31]

All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.

I work in sports so it would take me five years to lose that kind of productivity.

 

[juanmanas]

Who gives a flying **** if apple/government agencies get your finger print and name??

in all honestly whats actually going to happen??

the government going to create a silicone mould of your finger and use it to press the button that launches nukes at Syria so they can frame you?

News flash you're not that special!!




im more concernced of getting mugged for my phone then having a pair of secateurs taken to my thumb!! hahahaa

I could not agree more. Some people seem very excited about the NSA. They think that a) They are as important as the NSA to care about them. b) They don't realise they already have our fingerprints. c) Not sure what the NSA would do with our fingerprint.

Im Spanish myself. Our government has our fingerprints since the day we got our passport and ID card. As far as im concerned, its the same situation in most countries in the EU and possibly also America. So i don't get all this fuzz.

 

[mcdspncr]

I don't get why people get so uptight about NSA. It's there to protect you. If you aren't doing anything wrong then they have no reason to snoop on your data. Simple.

Precisely, except that it's been proven that they are snooping on our data already. The leaks have shown that they are only 57% successful at filtering domestic communications which they theoretically shouldn't be snooping on, and when it comes to online activities we don't even know the full extent yet. But we know without a doubt that they are watching insane amounts of data that they have no right to, regardless of wrong doing, and from there they are narrowing it down. If you've got nothing to hide, then you've done nothing to warrant being searched. But that's not stopping them right now.

 

[diegogaja]

Odd...

So, in the absence of any actual facts you are just going to...I don't know...make something up in your mind and believe that?

Dear Apple, I'm sorry because I realise it's not really your fault, but I don't trust that the NSA haven't nobbled you, and nothing you have said so far leads me to… um think different, as it were.

 

[gauspad216]

It's cut off in that image. The home button is on the bottom of the device, dead center. In fact, you can't even see all of the screen.

I'm aware. Just meant that this pic is probably of the forthcoming Retina iPad mini because they cut the home button out of the picture. Leaving the home button in the image would give away that it's a new product.

 

[diegogaja]

Same thing?

Subtly shape opinion with words like you just did? "Obama NSA"? The NSA has been doing this much longer than Obama has been in office...

"a decision that could ease concerns from privacy hawks."

I love how the WSJ inserts in pejorative language into what is - especially with the Obama NSA revelations - a quite valid concern.

This is an important way in that the media tries (and usually succeeds) to shape opinion, to create "correct" thought. Lovely.

 

[haruhiko]

You see, Nazi Germany didn't only happen because of a handful of crazy people. There were many people in Germany that legally voted for those guys. Many of the people who voted for them were naive and ignorant. I'm not sure what they were exactly thinking, but I see a similar kind of blind trust when I'm reading comments along the lines of "If you've got nothing to hide, why do you care?". They are the government, they can't just do that! And who knows, maybe it's good for all of us. Do you see the similarities? I'm not saying that something remotely comparable to the Third Reich is happening in America, hell, no, but I'm saying that history should have taught us by now that some critical thoughts about the NSA are very appropriate.

When Google accidentally stored Wifi data:
"WTF!!! Google stop messing around with my privacy! I'm opting out of all Google services! Do no evil! F you Google!!!!!"

When NSA deliberately break into systems stealing personal information:
"If you have nothing to hide why do you care? I'm very happy with the NSA having all of my information, please NSA what are you waiting for?"


That being said, any expectation for privacy over the internet or your phone/tablet is pure fantasy by now.

 

[MattInOz]

For those that don't know, the 4-digit password on the iPhone can be broken in several seconds using hacker tools. There was a Macrumors article on this a year or more ago. Therefore, this fingerprint sensor is WAY better. Much less considering that someone can watch over your shoulder to get your puny 4-digit code.

When I get the phone I'm going to make a very secure alphanumeric password and hopefully never have to use it because I'll block with my finger.

It is too bad that developers won't be able to utilize the fingerprint yet. Seems like a missed opportunity. Maybe there will be an API in iOS 8?...

Why do they need to use it directly?
If the fingerprint secures keychain then they could just store a more disposable key in keychain use that how they like even replace it on a regular basis. Allow Keychain/iCloud to handle moving the device getting the key between devices. Yet each user device could have a different encryption key for this store even if you use the same finger as the public side of the key.

If you allow developers direct access then all of the users device need to produce the same key from the same finger. You means you lose the disposablity of any given passphase.

 

[diegogaja]

Incorrect.

And certainly not, if you live abroad.

----------

 

[thaifood]

It's cut off in that image. The home button is on the bottom of the device, dead center. In fact, you can't even see all of the screen.

I think he is alluding to the new iPads that may have TouchID included now that the 5S is confirmed with it...

 

[diegogaja]

Neverland?

Please cite every claim here. None of this has ever happened.

I don't know if this was meant to be sarcastic...

There's this well-reported case of a couple where the wife wanted to buy a pressure cooker, while at the same time her husband was interested in buying a backpack, and suddenly they had police in force on their doorstep...

Or let's say I'm just a curious person. I'm always interested in how things work and ask questions about all kinds of stuff. So when I hear that you can create a massive bomb using diesel oil and fertilizer, I google to find out how this actually works because I'm curious. There's nothing wrong with that, but with the NSA being paranoid I might be in trouble if I want to visit Disneyland, Florida, on my next holiday.

And you may know someone who knows someone who knows someone who is interested in terrorist activities. Actually, it is quite likely that you do. And that is apparently enough to make it legal to spy on you.

 

[JayCee842]

For those who don't understand cryptographic one-way hashes, they cannot be reversed to produce the original data without a dictionary attack. A dictionary attack in this case would require a collection of actual human fingers or replicas of them to run through Apple's Touch ID to see which cryptographic hashes match the one stored on the device.

Also note, that their is a really really really small chance that two fingerprints will generate the same cryptographic hash. Cryptographic hashes by their very nature have LESS data than the source data for which they are hash. This means that the if the source data has potentially quadrillions of combinations that there may be only billions of values that they hash to (a one to many mapping of hashes to source data). More likely scenario is that your fingerprint hashes to the same value as a fingerprint that does not currently exist on the planet today and may never exist.

Think of a large 500-page book as a just a collection of letters, numbers, spaces, and punctation. You could pound on the keyboard and produce a book of random text or you could carefully craft an actual readable book. The hash reduces the book to a hash of say 500 characters which is generated in such a way that even changing a single letter in the book or the capitalization of a single letter produces an entirely different hash (cryptographic hash algorithms magnify any change to cyclically change other parts). Obviously, there is no way you could take 500 characters of data and regenerate the 500-page book (that would be the most amazing lossless-compression algorithm in the world, but also mathematically impossible). Because of this you cannot reverse it. You could however, run a hash on all books known to man to find the one that matches the same value (a dictionary attack). Finally, there is a possibility that two carefully crafted books hash to the same value, but it is far more likely that a book's hash would match some of the billions of permutations of random letters , numbers, spaces, and symbols that have never been bound into a book.

It is the same for fingerprint data. Your actual fingerprint could only be determined if somebody already had a replica of your finger in a database and could make Apple's Touch ID sensor generate the same hash from it. The worst somebody could do is break into your phone or prove that a phone did indeed belong to you. What's more, the odds of somebody else's fingerprint matching yours is like two monkeys pounding out the exact same content on a keyboard after an hour of bashing away at it. Either way, there is no chance of your fingerprint being cloned and used in other places to impersonate your presence.

Really wish you would have kept it simple. I didn't even get past the second sentence.

 

[billystlyes]

I don't want anyone having my fingerprint. This is just a bad idea.

 

[JayCee842]

All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.

LOL your post is a complete joke.

 

[Iconoclysm]

All I know is that it takes 4-5 seconds to home button + slide to unlock + passcode and even longer if you are using alpha numeric password.

Personally I unlock my phone ~50 times per day.

Saving ~4 seconds between slide to unlock and passcode is roughly ~200 seconds per day saved unlocking my phone or ~3 minutes. 3 minutes per day equates to roughly ~18 hours per year or more than $5,000 worth of lost productivity unlocking my phone.

That alone makes this touch sensor worth while.

You make $600k a year?

 

[vastoholic]

I understand that people are rightly concerned about this. For various reasons I have been finger-printed several times in the past, so for me this is a non-issue.

Same for me. Former military with security clearances. The government has just about all the information on me that they need already. I'm not too worried about my fingerprint being hacked by the NSA.

 

[thefourthpope]

That is true, but if the information they can get out of these behaviours are put in the right hands it can make our lives a lot easier.

One example is the way Google Now works or the frequent locations on the iPhone. Because it tracks my behaviour, the phone does the work for me and I do not have to look up traffic times and such.

Now imagine if there were huge buildings of people analyzing all our actions and provide us helpful tips during our day? Lol this is taking it to far but you ge the point.

If in the right hands, it can be useful. At the same time there are those negatives.

Yes, all those things are awesome and I love them and embrace them. But I also firmly believe there is a substantive difference between having my activities monitored by a multinational corporation, and having my activities monitored by a semi-autonomous government agency that effectively has at its back the greatest military ever known.

And to everybody else who isn't as reasonable as Crzyrio or Parise and at least willing to entertain the idea that things aren't always super-fuzzy: I am IN NO WAY saying the NSA is going to straight drop a bomb on my house as soon as I finger my iPhone (that's the new term for unlocking now, right?).

 

[Iconoclysm]

No, it isn't a non-issue even for someone such as yourself who has been finger-printed. Many people will have been, as you say, for various reasons.

It isn't the sense of 'ooh, the government mustn't see my personal fingerprints, that's creepy' which is the problem.

It's that once you tie your biometric information to things like ID, payment and goodness-knows-what-else for the sake of convenience, then if the security involved is broken, you lose both that data and risk whatever you were securing with it.

Another way of looking at it is, if you have a key that opens nothing, what if the world knew what it looked like, down to the atom? It wouldn't matter.

Now imagine you made a lock to your house or your bank that only that key opened. Now the key is very valuable, though nothing has actually changed about the key. Now that key must remain secret, or else you will need to change both the key and the lock, right?

So if the way that Apple stores your fingerprint data cannot be absolutely trusted, and you use your fingerprints to secure important things, then it becomes a risky proposition. Most of us only have 10 finger(and thumb) prints. That's not many 'do-overs' for a lifetime.

It isn't in Apple's business interests to make it insecure on purpose. Sadly, we know for a fact (only because of leaks) that the NSA, GCHQ etc are actively working with companies to give them whatever access they can possibly get, and then gagging the companies from telling the consumer (for obvious reasons).

In that case, the government has your SS#, address, drivers license#, passport#, and most likely your fingerprints already. You think it would be harder for the NSA to "hack" another government organization?

 

[Shop]

This is dumb. Anyone who has ever been fingerprinted is in a database, so the gov has you. If someone else wants your fingerprints, they will walk up to you and take them. Get over it.

 

[juanmanas]

When Google accidentally stored Wifi data:
"WTF!!! Google stop messing around with my privacy! I'm opting out of all Google services! Do no evil! F you Google!!!!!"

When NSA deliberately break into systems stealing personal information:
"If you have nothing to hide why do you care? I'm very happy with the NSA having all of my information, please NSA what are you waiting for?"


That being said, any expectation for privacy over the internet or your phone/tablet is pure fantasy by now.

Its 2 very different things. Google sees you as a product. They might be passing your details to anybody.

The NSA is concerned with security threats. I don't see them selling your private info to a website in China for money...

 

[Sedulous]

Because I don't feel like typing it up again, see below.

I am not saying I like the steady trend of eroding constitutional rights. But fearing that the NSA is going to hack your phone to steal your finger print data is paranoia. Your finger print isn't even stored.