In article <qcpho0$21g$
1...@dont-email.me>, Meanie <
M...@gmail.com> wrote:
> >>> one of the better ones is that touch id is more secure than face id,
> >>> something you *still* refuse to admit is wrong.
> >>
> >> Who confirms that Facial recognition is better than Fingerprint or vice
> >> versa? IMO, that's a matter of opinion along with a selling strategy by
> >> Apple or any other manufacturer.
> >
> > not true, at least for apple, which is *much* better than competing
> > systems.
> >
>
> And there you have it, your opinion accepts the Apple superiority and
> from what I have witnessed in this group, it appears you have a problem
> if someone refutes that claim or discusses a flaw in their product(s),
> service and company as a whole along with anyone who opposes what Apple
> says.
it's not an opinion and that's an ad hominem attack.
apple's face id is demonstrably the best face unlock out of all current
implementations based on *many* independent and objective tests
(sometimes even android biased) and the technical details on how the
various implementations work.
if you disagree, explain how competing face scanning is better than
apple's offering. that should be interesting, given just how incredibly
bad the competition actually is, which the competing manufacturers
readily admit about their own systems.
samsung even said apple's system is much better than theirs.
maybe one day that will change, but right now, that's how it is.
as i mentioned, samsung's face unlock can be spoofed with a photo,
something which was done in literally just minutes after it was
announced *at* the samsung event in the hands-on area, where the phone
was announced. since it's *not* secure, samsung disallows its use for
financial transactions since they know it's not secure.
oneplus face unlock can also be easily fooled and like samsung, they
admit it's not secure and have disabled it for financial transactions:
<
https://www.phonearena.com/news/oneplus-6-face-unlock-bypass-printed-ph
oto-selfie_id105312>
Twitter user @rikvduijn yesterday posted a video of the OnePlus 6
being unlocked with a paper cutout of his face. Worst of all? The
method apparently works with a black and white photo as well.
...
Update: OnePlus has provided us with the following statement:
"We designed Face Unlock around convenience, and while we took
corresponding measures to optimise its security we always recommended
you use a password/PIN/fingerprint for security. For this reason Face
Unlock is not enabled for any secure apps such as banking or
payments. Weąre constantly working to improve all of our technology,
including Face Unlock."
apple's face id can't be spoofed with a photo or a selfie, certainly
not a black&white copy (!).
that means a *newspaper* photo could work. yikes.
> > what matters is the implementation.
>
> Which also has it's flaws.
nothing is perfect. nobody said any of the implementations were perfect.
> The device must be facing the user in order to work but overall,
so does the phone.
or do you somehow manage to use your phone while looking at its back or
side?
one major advantage of face id is that it unlocks the moment you start
using the phone, as if it wasn't locked at all, except it is. if
someone else tries to use it, it will remain locked.
another advantage is that apps can authenticate your face in the
background to take action they otherwise would not, without
interrupting the workflow to wait for a finger or passcode. this is
optional and can be disabled if desired, but most people find it
extremely useful.
> Facial
> recognition performs poorly in dark areas such as a movie theater or
> bright outdoor lighting with sun glare.
not all of them.
apple's face id uses an infrared illuminator so that it will work in
any light condition.
that includes a dark movie theater (but don't do that, as it annoys the
other moviegoers, no matter how the phone is unlocked) or a pitch black
room (that's ok).
in other words, it's not an issue for face id.
humans can't see infrared light, but many digital cameras can:
<
https://www.youtube.com/watch?v=nmIKDpv73PQ>
> Fingerprint works poorly with wet fingers and colder climates when
> wearing a glove.
that is true, which means face id will work when touch id does not.
the biggest problem with face id is when the person's face is blocked,
such as when wearing a ski mask or surgical mask.
very few people need to unlock their phone while skiing or performing
surgery, so this is a minor issue, and one which is a *lot* less common
than wearing gloves in the winter or having wet fingers.
another issue for face id are sunglasses that block infrared light,
which will prevent the depth-sensing camera seeing the person's eyes.
most sunglasses are infrared transparent, so this is normally not an
issue, and since face id requires eye contact, it will not work if the
person is sleeping.
touch id, on the other hand, can be spoofed with a sleeping person. a
trick kids sometimes use is while mommy or daddy is sleeping, touch
their finger to the sensor. that will *not* work with face id.
> > apple's face id has been mathematically proven to be more secure, and
> > it's only on its 1st generation, while touch id is on its 2nd.
> >
> > apple has stated that a false positive for face id is statistically 1
> > out of 1 million, versus 1 out of 50,000 for touch id.
>
> Apple is in the business to make money, Of course they will say what's
> better.
except that as a public company, they are legally bound to *not* lie.
they aren't making up those numbers.
if you think that apple is lying about the numbers, get your facts in
order and file a lawsuit.
> > for the mathematically challenged, that's 20x *less* likely to be
> > spoofed, making face id a lot *more* secure than touch id.
> >
> > and that's current generation. expect that to be even better with 2nd
> > gen face id.
> >
> > there are edge cases, such as face id not being able to always discern
> > identical twins (although many times, it does), something which apple
> > has said can *potentially* be an issue, but in reality is not.
>
> Why not? Their facial features will be more alike than their fingerprint
> which is a guarantee to differ.
i explained why not in the very next paragraph:
> > most people don't even have a twin at all, let alone an identical twin,
> > and of those who do, their twin isn't interested in hacking their
> > sibling's phone or physically lives close enough to where they can even
> > get to the phone in time to consider trying, let alone actually doing
> > it.
and if that's not enough, read this:
<
https://www.forbes.com/sites/tonybradley/2017/11/05/enough-already-with-
the-stupid-face-id-twin-test/>
According to a University of Texas study, only about 32 out of 1,000
people are twins‹which translates to roughly three percent of the
population. However, the rate for identical twins is only 3.5 per
1,000 births. That means the novelty of breaking into an iPhone X
by tricking Face ID only applies to about one third of one percent of
the population.
...
Instead of worrying about the fact that an identical twin might be
able to access the device, letąs focus on the real story here. The
fact is, if it takes a truly identical twin to maybe be able to fool
Face ID, then for the 99.997 percent of the population of the world
who are not part of a set of identical twins, Face ID is pretty damn
secure.
but even with identical twins, most families aren't trying to hack each
others phones, and often even know each others passcodes in case of
emergency, or for parents to make sure their kids aren't up to no good
or putting themselves in danger.
not only that, but quite often, touch id is used to scan more than one
person's finger so that more than one person does have access to a
phone. this is common with husband/wife and parent/child, in addition
to passcodes.
and as mentioned elsewhere, apple has at least one patent on
differentiating between identical twins, so it's quite likely that the
next version of face id will make this even more of an edge case than
it already is.
tl;dr it's theoretically possible, but in the real world, the risk is
very close to zero.
> > youtube videos that show how 'easy' it is for a twin to unlock a phone
> > are very misleading because they neglect to mention how many tries it
> > took to make the video. you aren't seeing the outtakes.
>
> There are many misleading videos in all categories but you aren't
> certain if many have made several attempts or if it was the first time.
> You're assuming.
nope. i'm not assuming anything.
the concepts of how face id and touch id are documented and well
understood, although perhaps not by you and a couple of others in this
thread.
the video where a fake head was used had *many* tries and also required
a precise alignment of the phone and the fake head (the creators even
said as much). that might work in a lab, especially when everything is
controlled and someone can keep trying until it works. otherwise, not
so much.
again, a bad guy has 5 tries or 48 hours and game over. after that, a
passcode is required.
a researcher can easily bypass that by unlocking it with a passcode to
reset it, thereby obtaining as many attempts as needed to get it to
work. a bad guy cannot do that.
also, each time a face fails to authenticate (but is still close to be
considered possible) followed by a passcode unlock, face id updates
what it considers a valid face. however if the face is not close, a
passcode unlock will have no effect on recognition. it's not going to
train on someone that looks very different.
this is intentional, so that someone can grow a beard or shave it off,
put on or remove makeup, put on eyeglasses or remove them, cut, curl or
dye their hair, etc., and the system will continue to work.
it would really suck if someone got a hair cut and for the rest of the
day, the phone wouldn't unlock.
keep in mind that touch id isn't scanning your entire finger, which
means it has a lot less data than face id has for it to evaluate and
one reason why it's not as secure. even just the tip or side of a
finger will unlock it, but not a partly obscured face.
> > each time it fails, they unlock it with the passcode and keep trying
> > until it works, which is actually training the phone to legitimately
> > recognize the person trying to spoof it. do that enough times and the
> > *original* owner will be seen as the intruder (which will never be in a
> > video).
> >
> > a bad guy doesn't have that luxury.
> >
> > a bad guy has 5 attempts within 48 hours to unlock via face or finger,
> > after which a passcode is required.
> >
> > the legitimate owner isn't going to reset it so the bad guy can keep
> > trying.
> >
> > another issue is that lifting prints to make a fake finger is
> > relatively easy since the prints are all over the phone, particularly
> > the touch id sensor itself.
>
> That is a valid point but have you seen evidence of that? More Videos
> proving it?
no videos needed.
a phone you might find in a bar is covered with the owner's prints, but
unless there was some identifying information about the owner, you have
no idea what that person looks like and can't even start to create a
fake head, let alone actually do it.
however, if there was identifying information (e.g., the phone was in a
bag with their wallet and photo id) then you know who the owner is and
can go search for photos online or elsewhere in their bag, but even if
you do find a bunch of photos, you still have a lot of work to fashion
a fake head that's good enough to spoof the system, because face id is
also actively checking for hack attempts.
it's not easy, must be done within 48 hours at the most, *and* unlock
in the first few tries. if it fails, the phone will require a passcode,
with further face/finger attempts not even accepted.
and that's assuming that the rolling 5 day window doesn't trigger a
passcode requirement, another possibility that can appear at seemingly
random times. in fact, just now my phone required a passcode, and i was
using it just a couple of hours ago.
> > on the other hand, knowing what face to use for an unknown phone is
> > basically impossible since you have to know what the owner looks like
> > to even start to make a fake head, and that's ignoring that face id is
> > designed to reject fake heads, so even if you did know who the owner
> > was and had enough photos of the person to make a 3d head, it still
> > isn't likely to work
> > this has been rehashed many, many times in the past two years.
>
> Nor can they enter with without having their fingerprint or know who a
> print belongs to, unless they chop off the finger.
touch id requires a finger that's alive, so if you do chop off a
finger, you won't have very long to use it. a few minutes is probably
fine, and a few hours is probably not.
and if you do have the opportunity to chop off the owner's finger, you
can just force that person to unlock it without any chopping and
avoiding a bloody mess.
> I doubt any phone is
> worth that much to enter.
that depends whose phone it is.
donald trump's phone would be *extremely* interesting to see what's in
it (and it's an iphone), along with many other public figures, fbi,
nsa, etc.
the san bernardino shooter's phone was important enough that the fbi
tried to sue apple to help unlock it (although that was entirely for
show, given that they knew there was nothing important on it).
however, in that particular case, the phone in question was an iphone
5c which did not have a touch id sensor and was secured with just a 4
digit pin code. ultimately, the fbi paid nearly $1 million to crack it,
using a technique that no longer works on iphones that have touch/face
id (i.e, ones that have a secure enclave).
but you're right, that for most people, it's not worth the trouble to
bother trying to hack a phone beyond trying common pin codes, such as
1111, 1234, 123456, and if it works, great, but if not, flip it for
parts, or do the correct thing and return it to apple, who may be able
to determine who bought it via its serial number and/or iccid.
> > that's how apple's face id works.
> >
> > other face unlock systems are different and do not work particularly
> > well, and in most cases, not at all, so for them, it's not better.
> >
> > samsung's face unlock is so bad that it was spoofed in the hands-on
> > demo room just minutes after it was announced simply by taking a selfie
> > with another phone. no need to even think about making a fake head, let
> > alone make one. all you need is a photo.
> >
> > samsung knows it's not secure, which is why they disallow using it for
> > financial transactions.
> >
> > samsung has also said that apple's system is 2-3 years ahead of the
> > rest of the industry when it was first introduced, which means that
> > other companies should be catching up to apple's 1st gen face id this
> > year or next, about when apple introduces 2nd gen face id...
> >
>
> It appears to me you base much of your opinion from what Apple states
> along with some videos that oppose it. You consider Apple's statements
> as the gospel and nothing else matters. My point is not to degrade
> Apple, it's to dispute your belief they are the ultimate.
nonsense.
above, i'm quoting samsung, who readily admits their face unlock is not
as good as apple's face id.
i've also gone into detail about how it works and why it's more secure.
there are also numerous tests by third parties, some of whom have a
vested interest in making apple's face id look worse than it is (i.e.,
android sites).
in every case, apple's face id was clearly much better.
other manufacturers disable face unlock for financial transactions
because it's not secure, including samsung, oneplus and others. if the
manufacturer of the device doesn't think it's secure, why should anyone
else?
if you have facts showing otherwise, by all means provide them.
> I like Apple products. Obviously I'm in here for a reason. I own a
> Macbook, iPad, iPhone but I don't consider Apple to be the savior of all
> communication devices. I have a distrust in most companies in today's
> world because it's all about money. They say and do whatever it takes to
> obtain it. Considering Steve Jobs stole the idea and was known to be a
> total prick, I even distrust Apple a bit more, but IMO, Microsoft is
> worse with their annual "rental" of Office software instead of selling
> it as they once did, though I like Bill Gates, even though he stole the
> idea as well.
stole what idea? mac os was not stolen, nor was ios.
if you're referring to xerox parc, there was a mutual agreement for
apple to use xerox's work, with an exchange of apple stock. in other
words, it was bought, not stolen.
bill gates did copy mac os to create windows, and did a more effective
job (although illegal) in marketing it. in other words, it was stolen,
not bought.
> Regardless, real data would put to the test those who have had their
> phones broken into via fingerprint vs. facial. If Apple is the only
> supplier providing that mathematical proof, then I'll take it with a
> grain of salt. Then again, they don't care what I think as does anyone
> else.
apple's face id is the only system that *can't* be spoofed with a photo
and is considered to be secure enough for financial transactions, not
just by apple, but by major banks and other sellers.
samsung, oneplus and others don't have confidence in their own system
to allow for financial transactions via face unlock, so they disable
it.
what does that tell you?
> But I surely don't have a problem admitting my errors. I often
> make mistakes because I'm human.
if that's true, then you'll admit your error about apple's face id and
its security.
> Also consider, if Apple was truly that superior, why are there roughly
> 216 million iPhone users compared to 1.25 billion Android users?
it's actually 1.4 billion ios devices versus 2.5 billion android
devices (and some people have more than one device so that doesn't
equate to users), but regardless, the number of units sold means
absolutely nothing, certainly not about quality.
<
https://www.apple.com/newsroom/2019/04/apple-reports-second-quarter-res
ults/>
Our March quarter results show the continued strength of our
installed base of over 1.4 billion active devices...
<
https://techcrunch.com/2019/05/07/android-now-has-2-5b-users/>
At its I/O developer conference, Google today announced that Android
now runs more than 2.5 billion devices. Thatąs up from 2 billion the
company announced two years ago.
This means overall Android growth remains on pace, though itąs not
exactly accelerating.
most of those android phones are cheapos which don't have face *or*
fingerprint unlock, and are barely more than a feature phone. they're
too slow to encrypt anything, so gaining access is *really* easy.
many companies choose ios devices over android because it's more
secure. it's not that hard to hack an android phone, bypassing whatever
security is on it. it's *extremely* difficult to hack an ios device.
most popular does not indicate quality. mcdonald's sells the most
hamburgers, but they don't make the best burgers. they're cheap and
easily found just about anywhere, but that's about it.
<
https://www.cnbc.com/2018/07/19/tripadvisor-best-burgers-in-america.htm
l>