but realistically it’s not in my personal threat model to be ready to get tied down and forced to unlock my phone. everyone with windows on their house should know that security is mostly about how far an adversary is willing to go to try to steal from you.
personally, i like the natural daylight, and i’m not paranoid enough to brick up my windows just because it’s a potential ingress.
It’s not a great analogy. Your house and its windows are exposed to your neighborhood/community. Your internet device is adjacent to every hacker on the web.
it’s an analogy that applies to me. tldr worrying about having my identity stolen via physical access to my phone isn’t part of my threat model. i live in a safe city, and i don’t have anything the police could find to incriminate me. everyone is going to have a different threat model. some people need to brick up their windows
Assuming the phone’s security works as intended, what you’re saying is true. However, it’s a legit concern that the security is not airtight, and physical access is not actually required to harvest your biometric data.
I know the phone manufacturers make all sorts of claims about how secure biometric data is, but they have a profit motive to do so. I’m not being brick-up-my-windows paranoid by pointing out all the security failures and breaches we’ve seen over the years. Companies that have billions on the line are still frequently falling short at securing their own assets, much less their customer’s data.
I understand biometrics are convenient, and many folks love the ease / coolness factor of using them. Just don’t kid yourself that it’s secure by requiring your physical phone. Once the dark web has a digital copy of your biometric data, it’s compromised forever.
I really think this depends largely on who you are and what you do with your phone. I have face recognition and fingerprint recognition both enabled on my phone. It’s good enough to prevent a thief from gaining access to my device, and if law enforcement asked, there’s nothing on my phone that could possibly be incriminating. Realistically, I’d have no issue just unlocking my phone and giving it to a police officer, although I do know well enough to always get a lawyer first. Biometrics add an extra layer of convenience; it’s nice to just look at my phone and it unlocks. My concern personally is more about someone stealing my phone and accessing my accounts than self-incrimination.
If I ever was going to put myself in a situation where I’d run afoul of the authorities, I’d leave my phone at home anyway.
A stipulation of Payne’s parole agreement was that he be willing to provide a passcode to his devices, though that agreement didn’t explicitly refer to biometric data. However, the panel said the evidence from his phone was lawfully acquired “because it required no cognitive exertion, placing it in the same category as a blood draw or a fingerprint taken at booking, and merely provided [police] with access to a source of potential information.”
These both seem like bad calls. You have a right to privacy, right? And for police to access your files/home/phone tap requires obtaining a warrant.
Fingerprints at booking gives access to public records. Not your own personal private data. Pretty sure drawing blood is justified suspicion of DUI.
While I buy you’re general cynicism, it’s wrongly applied here …
It seems like we have both more and less protections than other places, for this instance.
while it’s not entirely settled case law, you can NOT be compelled to give up your passwords. Different states differ and they’re constantly trying
however biometrics are counted as public knowledge, so you have no protections
This is more of a scenario where legal contortions turn into huge inconsistencies, plus our legislature has refused to clarify so it’s all on the court system
I’ve already planned to spam the lock button for a few seconds if something like that came up (iPhone) it triggers the emergency settings and disabled unlock without a passcode.
You can also just hold a volume button + power. That will bring up the power / emergency screen and will require a non biometric password for the next unlock.
Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint.
You can turn that and Face ID off on iOS by mashing the power button 5 times- it locks everything down.
In a getting pulled over situation, this works. But do it before you go protest anything. Or better yet, leave your phone at home. You don’t want to be reaching for something while a cop is pointing a gun at you and saying “Hands up!”
Probably. Wouldn’t it be good to have the truth during investigations?
However I think that we really need refine when warrantless searches can occur. Right now many searches seem to be done with very little evidence to justify them. I think this protection should apply to your mind and phone just like it applies to your house. This probably also needs to be considered at border crossings. Right now they have basically unlimited rights for searching what you have on you with little to no evidence.
We should probably also rethink about how the information is shared when there is a warrant. Right now during a trial a huge amount of personal information can be made available. Maybe if it was easier to get precise information less would be needed.
I’ve always wanted a setting to create a lockdown key and an unlock key. So something like middle-finger to unlock but index-finger to force it into PIN/password only mode. So you can have some convenience of a quick unlock but if an authority figure asks or forces you to unlock it you can one-tap lock it down.
On pixel, if you ever need to - press and hold the power button, select “lockdown”.
(It might apply to other androids too, I don’t know.)
You will now need a pin to unlock the phone. This disables the lock screen shortcut (camera, light, etc) as well.
Why disable your convence features for an scenerio that is not likely and can be quickly and easily be prevented.
Universal: You could also just the tap the sensor with a “wrong” finger a few time, and the pin will be required.
Maybe don’t do this one in front the cops…if you find your self in a postion where they are trying to unlock your phone, you probably don’t want to piss them off.
.
Edit: I’m surprised no one called me out on “if you’re ever need to”.
The sentence was going to be “if you’re even in a situation that needs…”, but that was getting too long. Forgot to change you’re to you.
It’s from AOSP, so any device close to the actual Android baseline should support that. This means that you can enter that mode from LineageOS as well.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@lemmy.world
This is a most excellent place for technology news and articles.
It’s frustrating to no end that fingerprints and face ID are treated like passwords when they should be treated like usernames.
They make sense as a 2FA. It would be really cool if I could require either PIN+fingerprint or a long recovery password.
I’ve avoided willingly using biometrics so far. Though I’m sure our faces, gaits, body shapes, etc, are all stored somewhere, willingly or not.
Say no to biometrics. It’s like having a password you can never change.
Not with that attitude! You can absolutely change your face. its rather inadvisable
it’s not a password; it’s closer to a username.
but realistically it’s not in my personal threat model to be ready to get tied down and forced to unlock my phone. everyone with windows on their house should know that security is mostly about how far an adversary is willing to go to try to steal from you.
personally, i like the natural daylight, and i’m not paranoid enough to brick up my windows just because it’s a potential ingress.
It’s not a great analogy. Your house and its windows are exposed to your neighborhood/community. Your internet device is adjacent to every hacker on the web.
it’s an analogy that applies to me. tldr worrying about having my identity stolen via physical access to my phone isn’t part of my threat model. i live in a safe city, and i don’t have anything the police could find to incriminate me. everyone is going to have a different threat model. some people need to brick up their windows
Assuming the phone’s security works as intended, what you’re saying is true. However, it’s a legit concern that the security is not airtight, and physical access is not actually required to harvest your biometric data.
I know the phone manufacturers make all sorts of claims about how secure biometric data is, but they have a profit motive to do so. I’m not being brick-up-my-windows paranoid by pointing out all the security failures and breaches we’ve seen over the years. Companies that have billions on the line are still frequently falling short at securing their own assets, much less their customer’s data.
I understand biometrics are convenient, and many folks love the ease / coolness factor of using them. Just don’t kid yourself that it’s secure by requiring your physical phone. Once the dark web has a digital copy of your biometric data, it’s compromised forever.
like i said, it’s more of a username than a password
No.
I really think this depends largely on who you are and what you do with your phone. I have face recognition and fingerprint recognition both enabled on my phone. It’s good enough to prevent a thief from gaining access to my device, and if law enforcement asked, there’s nothing on my phone that could possibly be incriminating. Realistically, I’d have no issue just unlocking my phone and giving it to a police officer, although I do know well enough to always get a lawyer first. Biometrics add an extra layer of convenience; it’s nice to just look at my phone and it unlocks. My concern personally is more about someone stealing my phone and accessing my accounts than self-incrimination.
If I ever was going to put myself in a situation where I’d run afoul of the authorities, I’d leave my phone at home anyway.
The article pretty plainly says the guy was coerced into entering his password. So the headline feels a bit manipulative.
deleted by creator
Ya know… I hadn’t see anything by them in so long I forgot.
deleted by creator
The headline is click-bait. I honestly don’t know why people still read this crap.
https://www.csoonline.com/article/566713/6-reasons-biometrics-are-bad-authenticators-and-1-acceptable-use.html
This isn’t new information. Might be a higher circuit reaffirming it though.
These both seem like bad calls. You have a right to privacy, right? And for police to access your files/home/phone tap requires obtaining a warrant.
Fingerprints at booking gives access to public records. Not your own personal private data. Pretty sure drawing blood is justified suspicion of DUI.
You actually don’t need to hit cancel, you can just hit lock, so you can do this whole thing with your phone in your pocket.
https://appleinsider.com/inside/iphone/tips/how-to-quickly-disable-face-id
This is easier and less intrusive than the lock-button-5-times method because it doesn’t start making a phone call that you have to quickly cancel.
Real MVP right here. Good to know!
Those settings can also be altered under Settings > Emergency SOS
This also encrypts your data.
Maybe don’t live in a fucking dystopia. The US is a police state and you have no freedom left.
While I buy you’re general cynicism, it’s wrongly applied here …
It seems like we have both more and less protections than other places, for this instance.
This is more of a scenario where legal contortions turn into huge inconsistencies, plus our legislature has refused to clarify so it’s all on the court system
I’ve already planned to spam the lock button for a few seconds if something like that came up (iPhone) it triggers the emergency settings and disabled unlock without a passcode.
You can also just hold a volume button + power. That will bring up the power / emergency screen and will require a non biometric password for the next unlock.
Thank you.
You can turn that and Face ID off on iOS by mashing the power button 5 times- it locks everything down.
In a getting pulled over situation, this works. But do it before you go protest anything. Or better yet, leave your phone at home. You don’t want to be reaching for something while a cop is pointing a gun at you and saying “Hands up!”
Not to mention it’s pretty regular to track who is participating by checking the towers in the zone all the people are participating.
You can also just long press a volume button with the lock button (with a FaceID phone). I find this harder to mess up under stress.
That’s terrifying. So once we have tech to forcibly see inside the brain, that will be legal too?
You think it wouldn’t xD?
“You shouldn’t be worried if you have nothing to hide” 🤷♂️
Tap for spoiler
/s
Probably. Wouldn’t it be good to have the truth during investigations?
However I think that we really need refine when warrantless searches can occur. Right now many searches seem to be done with very little evidence to justify them. I think this protection should apply to your mind and phone just like it applies to your house. This probably also needs to be considered at border crossings. Right now they have basically unlimited rights for searching what you have on you with little to no evidence.
We should probably also rethink about how the information is shared when there is a warrant. Right now during a trial a huge amount of personal information can be made available. Maybe if it was easier to get precise information less would be needed.
Do you have to mash it? Or will pressing it normally work?
NO
I’ve always wanted a setting to create a lockdown key and an unlock key. So something like middle-finger to unlock but index-finger to force it into PIN/password only mode. So you can have some convenience of a quick unlock but if an authority figure asks or forces you to unlock it you can one-tap lock it down.
On pixel, if you ever need to - press and hold the power button, select “lockdown”.
(It might apply to other androids too, I don’t know.)
You will now need a pin to unlock the phone. This disables the lock screen shortcut (camera, light, etc) as well.
Why disable your convence features for an scenerio that is not likely and can be quickly and easily be prevented.
Universal: You could also just the tap the sensor with a “wrong” finger a few time, and the pin will be required.
Maybe don’t do this one in front the cops…if you find your self in a postion where they are trying to unlock your phone, you probably don’t want to piss them off. .
Edit: I’m surprised no one called me out on “if you’re ever need to”. The sentence was going to be “if you’re even in a situation that needs…”, but that was getting too long. Forgot to change you’re to you.
It’s from AOSP, so any device close to the actual Android baseline should support that. This means that you can enter that mode from LineageOS as well.
On my pixel 6 it is power + Volume Up to access the power menu with lockdown.