Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
I can picture the Super Bowl commercial this year: “On March 1 Intel will release RealSense ID. And you’ll see why 2021 will be like 1984.”
 
  • Like
Reactions: TheSkywalker77
Same with passwords, they store a hash of it instead of the actual data. The typical issue with passwords is there's always some trash website that stores the actual password then leaks it, but if everyone were using standardized face ID tech, that'd be a lot less likely to happen. And most likely the face ID wouldn't be the only step to get into something like an ATM, just an additional layer.

I'm still not interested in this, at least not until it's much more mature, I mean like 10 years.
It doesn't matter if its a hash or not. In order for the device (eg. atm) to "process" it, the required data needs to be stored or transmitted from somewhere to do the comparison. Like passwords, eventually its found that a programmer made a mistake or added a backdoor where your data gets leaked. Unlike passwords, where I can use a different one and change it when it does actually get comprised, I only have one face.

Hey... If you are okay leaving your biometric data on other peoples devices because they say trust me its secure, then go for it. Its a hell no for me no matter which company does it.
 
"with all facial data processed locally and encrypted"... and let me guess... then stored in the cloud. Because to what should the ATM compare your face to without having that preregistered data.

Of course the decryption key can be entered by the user or stored on a device the user brings. But anyone knowning how ATMs work there's a lot of questions marks on the security of that process.
 
1 in a million means about 8,000 people out there that can look like you.
There is also a statistic (which I have not seen proven or disproven) that about one in a million people look so similar to you that your friends can't decide which is which. When I read it, it was accompanied by photos of a young woman convicted for shoplifting, who was identified by two security guards without any doubt, and a photo of the real shoplifter who saw her picture in the paper and fortunately decided she didn't want an innocent person to be in jail. And the two photos looked identical.

That said, if a friend gives you their passcode, then you try to unlock their phone with FaceID, and when it doesn't work you enter the passcode, the iPhone will start believing that it made a mistake with FaceID, because by using the passcode you proved you are the right person. So you can _train_ FaceID that you have the right face, IF you have the passcode.
 
It doesn't matter if its a hash or not. In order for the device (eg. atm) to "process" it, the required data needs to be stored or transmitted from somewhere to do the comparison.
It doesn't. When you set your face, it immediately hashes it. The central authority only stores the hash. The scanner sees your real face but immediately hashes it. It compares the hashes. If the hash is leaked, no big deal, you can re-set your face with a different salt. Not saying that's their exact method, but it has to be something along those lines.

The jank part is this: There's nothing but hardware security (fancy term for obscurity) preventing a hacked device from grabbing your original face data when you scan it, then that likeness somehow being force fed into an ATM. But it'll be very strong hardware security. I mean, ATMs already contain large amounts of physical money that they have to prevent people from stealing.
 
Last edited:
Intel already was implementing Realsense into windows devices for Windows Hello before Apple was.
I think that's the wrong take.
A better take is that this appears to be targeted beyond Windows and PCs. And that's a good thing.

Intel is clearly floundering right now. Their two core skills were fabs (hah!) and x86 (an ever less interesting capability as ARM rises). But the world needs a moderately competent tech company that can provide commodity versions of features for IoT (just like Intel did a good job of showing what performance and competence looked like for SSDs).
Intel has been boasting for years about their IoT footprint, and in usual Intel fashion it has mostly been BS, a combination of number-fudging and calling servers that support IoT part of that footprint. But that space actually does need some of Intel's skills, and Intel needs to start moving sideways from their current markets.
If Intel, for example, could sell a Thread chip or IP that did a really good job of power management, performance, and RAS, they'd be doing the world a huge favor.

Real question is whether the perpetual Intel disease (an insistence that this must use the rest of the Intel ecosystem, must be paired with an x86 core in some way) will doom the product to irrelevance...
 
I can unlock my buddy’s iPhone with Face ID. We’re both Caucasian, in our 30s, with beards, but other than that, we don’t look anything alike. If you’re interested in stealing other people’s money if this becomes a thing, I think this will make it easier as long as you select targets who don’t look entirely different from you.
I would not be surprised if FaceID is inherently significantly less secure for people with beards. A full beard hides the geometry of face below it. Plus a good deal of people will somewhat vary their beard regularly, if only because of irregular grooming, and FaceID might automatically allow a greater margin of error when it detects a beard.
 
  • Like
Reactions: Howyalikdemapls
It doesn't. When you set your face, it immediately hashes it. The central authority only stores the hash. The scanner sees your real face but immediately hashes it. It compares the hashes. If the hash is leaked, no big deal, you can re-set your face with a different salt. Not saying that's their exact method, but it has to be something along those lines.
I wonder how well hashing works when the verified data is noisy (as all biometrics are to some degree).
 
  • Like
Reactions: hot-gril
It doesn't. When you set your face, it immediately hashes it. The central authority only stores the hash. The scanner sees your real face but immediately hashes it. It compares the hashes. If the hash is leaked, no big deal, you can re-set your face with a different salt. Not saying that's their exact method, but it has to be something along those lines.

The jank part is this: There's nothing but hardware security (fancy term for obscurity) preventing a hacked device from grabbing your original face data when you scan it, then that likeness somehow being force fed into an ATM. But it'll be very strong hardware security. I mean, ATMs already contain large amounts of physical money that they have to prevent people from stealing.
I get that there are ways of doing it with out "storing" your actual face data. However, each company (bank, airline, pizza joint, etc) that implements such a system needs to scan your face at least once to set up and then subsequently scan it every time you use one of their devices. In a perfect world, what you mentioned can be done but unfortunately this world is full of nefarious people. If this becomes main stream and you go in for your initial face scan, how do you know what software they are using for scanning and if they are storing your face data or not? Because they tell you they're not... HA. How do you know what else they are going to use it for? Sell it to facebook so as you are walking through the mall, targeted ads magically appear on in-store screens. Like I said, You only have one face. All I am saying is be careful what you do with it. This is not for me.
 
I get that there are ways of doing it with out "storing" your actual face data. However, each company (bank, airline, pizza joint, etc) that implements such a system needs to scan your face at least once to set up and then subsequently scan it every time you use one of their devices. In a perfect world, what you mentioned can be done but unfortunately this world is full of nefarious people. If this becomes main stream and you go in for your initial face scan, how do you know what software they are using for scanning and if they are storing your face data or not? Because they tell you they're not... HA. How do you know what else they are going to use it for? Sell it to facebook so as you are walking through the mall, targeted ads magically appear on in-store screens. Like I said, You only have one face. All I am saying is be careful what you do with it. This is not for me.
The system described in the article would probably do the hashing on the hardware, not at all providing the original face data to the software using it. Otherwise, it'd be pretty irresponsible.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.