I wrote an MSNP (Windows/MSN Messenger) client and used it for many years, all the way until Microsoft turned the protocol into a horrible XML-ised mess and then dropped support completely (as in, turned off the servers.) One standalone Win32 binary less than 32KB, usable from Win95 up to Win10; and over all the years I used it and noticed its memory usage, it was never more than 2-3MB. Yes, it had emoji support (though not very large ones, obviously.)
The amounts of memory that users are reporting for Slack are all several times higher than the entire RAM of the first computer I started using my MSNP client on.
The strong implication of the original comment was that Apple was centrally collecting biometrics and would eventually sell it off or leak it.
The biometrics are stored on each iPhone, in a secure enclave with severely limited access, and they're only useful for identifying (slowly) someone at close range.
So, yes, theoretically in the future someone could hack all iPhones everywhere using one of the most sophisticated attacks ever, and collect data that might conceivably be useful for high resolution cameras to identify faces at close range. Maybe. Although Face ID uses infrared, so would the high resolution cameras need to have that, too?
Anyway, that's why I felt it was a stupid comment.
The bio-metrics shouldn't be collected in the first place. A simple patch on this closed system would allow who knows whom to collect the data. Just considering the current political situation in this companies home country it's a unreasonable risk. Considering their willingness to cooperate with dictatorships and similar ads to this. Fear not stupid at all.
Considering the fact that this exists because a) Apple was unable to come up with any real innovation to sell the new product and b) people seem to be really to lazy to type a number and rather give up that information.
Data Minimization, Data Avoidance are a thing.
> "using one of the most sophisticated attacks ever"
Users worried about their privacy can always choose not to use it.
The more likely attack vector is simply capturing scenes through the front camera. That would give you, most of the time, an image of the face of the user, not just depth mapping information of questionable value.
But really, nearly everyone shares images of themselves online, so even that's of dubious value.
I'd challenge you to find any security expert who agrees that Face ID as Apple implements it can realistically result in useful biometric data being leaked to a hostile party. Apple supplies whitepapers documenting the secure enclave, I imagine there's one for Face ID.
Now, the question of whether Face ID is secure enough for any given user's needs as a local authentication is a perfectly valid question, and clearly for some users the answer is no. But, again, it's optional, and that's not at all the threat under discussion.
> Users worried about their privacy can always choose not to use it.
You make it look like it's easy for the normal Apple user to switch to Android. In fact it's quite the opposite and the whole situation is even worse because most of them won't even be aware of the dangers. The major reasons for people I know to chose an IPhone over an Android is the "ease of use" (resulting from the fact that their first smart phone was an IPhone already and they never tried anything different) and because they are "so confused with all the options/apps/general possibilities on Android". Those are the people who need to be especially protected. They are caged within a locked environment of a single US company. This alone should make you think.
> But really, nearly everyone shares images of themselves online, so even that's of dubious value.
This sentence together with this high tech approach you demonstrate on the rest of the comment is mind-boggling. As it's the most common approach of companies/individuals to abolish digital privacy all together. The old version of it was "I'm not afraid of X because I have nothing to hide". Horrifying, but now I understand where your attitude comes from.
Being born in a oppressive state, this is where I would actually use the word "stupid".
> I'd challenge you to find any security expert who agrees that Face ID as Apple implements it can realistically...
As I've wrote above. It may be that FaceID is not a big deal right now. We don't know it for sure since it's all locked down but we assume it. There is however still the ARKit and all those APIs using those depth/facial mapping capabilities. Those becoming the new standard for popular apps is just a matter of time and since you've already given rights to use the camera, those features will be (or are already?) a nice extra. So you see...we don't even need to reach out to possible changes from the paranoid government governing Apple and their data under and awaiting some patch to allow the access to FaceID data. It's far more accessible.
I wonder, would you allow your phone to take a drop of blood for authentication or where does your privacy actually start?
> You make it look like it's easy for the normal Apple user to switch to Android.
No, I'm saying Face ID is not mandatory on an iPhone X. You can use a passcode.
Nor am I saying privacy should be sacrificed on the altar of technology. I do my best to stay away from Google, and I try not to let Facebook know any more about me than necessary (and every day I contemplate ditching it, but there are a few important reasons to stick around).
There are plenty of ways to do biometric security wrong from a privacy standpoint. I trust Apple to do an earnest job of doing it right, because they have positive incentives to work for their user base rather than being a data collection/ad selling company.
And if biometrics aren't where you wish to place your faith, you can simply not enable the feature.
Would opting out of FaceID also lock down the feature completely for the APIs?
FYI: you can have an Android phone complete without a single google app or the google app store. LineageOS is the most popular alternative OS. There also other stores you can put on your phone. Like F-Droid, which hosts open source apps.
(i) You may not attempt, facilitate, or encourage others to identify anonymous users or reconstruct user profiles based on data collected from depth and/or facial mapping tools (e.g. ARKit, Camera APIs, or Photo APIs)
-----
Let's wrap this up here.
- A user issues his fears based on a technology that is the topic here
- he gets downvoted into oblivion but no comment follows
- I trigger a comment by stating the obvious behavior prevalent on every single article posted here that may be or even is critical towards Apple
- you declare the users comment stupid based on your assumption that a single software use of the general feature may not be misused. Even though you can't know that because we are talking about a closed system and the APIs allow that without a possibility to opt-out (if you have already granted general camera permissions).
- you further state that users don't need privacy either way because they gave it all away. Which is actually the only really stupid statement in this discussion here
- after all that you even go so far damning another US company based on actually nothing. A company that allowed the world to develop their own open source operating system and app world after you've done everything to protect a company that provides you with a system you actually know only what they allow you to know about.
macintux, I couldn't have wished for more to demonstrate what is wrong here. There is a quasi cult behavior in the Apple fan base turning people into marketing machines ready to drop everything to protect the brand while condemning everybody else. You owe the guy an upvote. I don't care.
Remember Bushs Missile Defense Shield in East Europe?
Either the cold war never ended or it's not the cold war anymore.
I'd say it's the second. The superpower game never ended but even with the sanctions, trade, travel and politics are not that locked. On the other hand there are those 2.0 war technologies like drones, trolls, cyber warfare...
I think he wanted to use time when Russia was weak and disorganized to contain it. I was thinking that better would have been incorporating Russia to EU back then, but that's not something strong EU countries wanted (being outnumbered by Russians in EU governance) - historically Russia was always trying to become a part of Europe and Europe was always looking at those attempts nervously. I guess now that game is over, Russia seems to have decided it is no longer meaningful to aspire becoming a part of Europe and they will rather go with China, even if they really don't like each other that much. I don't think this is going to end well and we will see some major conflicts.
I never thought anyone wanted to have Russia seriously in the EU. I don't think the EU (or anyone) would be able to handle Russia. NATO however was another topic.
It's interesting that you feel the need to shift away the attention form socialist dictators with a switch to the US (where btw you can even elect a judge or Sheriff). I've seen you doing that on the hacks by Russia before. So what is the world you thing you are accomplishing by drawing this?
Would you prefer living in a quasi dictatorship that watches over what you write on the internet because you have nothing to fear since you are so "compatible" with their views?
How do a world in a tight ideological bondage, aiming for ideals from the last century prosper in your eyes? Or is this bound to this "I don't care what happens when I die" view that comes with climate change denial for example? Do you believe in climate change (the religious tone here is intentional)?
Do you feel that the world became "complicated" and you having a hard time to follow certain topics?
First: you speak for yourself. I for example share nothing on my fake name Facebook account. I use it to tell relatives to call me/send me a Signal message. Even with an Facebook account, they can only share what you give them. Nobody forces you to use McDonalds WiFi. Use your data plan. Your ISP must have some kind of stricter regulations even outside of Europe (where I am) then some ad sponsored access point.
There are huge differences and data minimization is a thing.
Your approach however is terrible. It makes it look like everything is lost and there is nothing to protect anymore. This is not only wrong, it sends out a horrible message to others.
He already commented recently under a repost of his former article. I've pointed out the good things about OSM.
He proceeded with answering to my comment but completely ignoring the content of it while advertising this piece to come. I'm still unable to find those good things in this article which supports my theory of overdrawn and almost(?) total negativity and ignorance of the good aspects of OSM.
Why don't they just deliver them to you?
I'm sorry but this is highly sensible data and the "where does the money come from" caution is the first line of defense a normal user has. Most of the time it is the only one.
Partnering with Bertelsmann here was a huge mistake. It questions not only data security it questions this first line of defense.
Think about it, how am I supposed to tell somebody to give their data to you when I already told them to look for the money first? I'd make myself and my methods unbelievable, incoherent and probably corrupted.
This is really terrible because this research is necessary and important but I hope you understand that I will neither support it nor recommend it...
we, the OKFDE, have no partnership with Bertelsmann
our partner, algorithmwatch, has - independently from this project - funding from Bertelsmann Stiftung
again the data is first delivered only to the user, afterwards he/she can decide what to do
