this post was submitted on 18 Apr 2024
93 points (97.9% liked)

Technology

1340 readers
436 users here now

Which posts fit here?

Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.


Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.


Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip


Icon attribution | Banner attribution

founded 11 months ago
MODERATORS
 

cross-posted from: https://lemmy.zip/post/13875589

Ruling: Thumbprint scan is like a "blood draw or fingerprint taken at booking."

top 50 comments
sorted by: hot top controversial new old
[–] MapleEngineer@lemmy.world 15 points 6 months ago (2 children)

Do not use biometrics.

Period.

Full stop.

[–] huginn@feddit.it 10 points 6 months ago (2 children)

Use biometrics - just know the tools at your disposal to lockdown your phone.

[–] ElderWendigo@sh.itjust.works 3 points 6 months ago (1 children)

I use tasker to put my phone in lockdown mode whenever it senses a sharp tap (acceleration change) or Bluetooth disconnects. I figure that if I get pulled from my car or slammed to the ground, I'm going to want to require a PIN, password, or pattern to unlock. A quick tap on my pocket or just setting it down too aggressively does the same.

[–] huginn@feddit.it 2 points 6 months ago (1 children)

Tasker is great for that. I also love the "send a keyword and tasker will text back with current GPS location" feature.

[–] Seasoned_Greetings@lemm.ee 2 points 6 months ago (1 children)

Mine is send a key word and tasker sets an alarm one minute from now. Although I have a whole list of keywords I can use, including for GPS location, that one is far and away the one I use the most.

Mostly because if my phone is on silent the alarm will still ring

[–] huginn@feddit.it 1 points 6 months ago (1 children)

Genius. That's such a good idea to find your phone.

[–] Seasoned_Greetings@lemm.ee 2 points 6 months ago

Bails me out so hard

[–] MapleEngineer@lemmy.world 1 points 6 months ago (3 children)

Biometrics are ease of access, not security.  They make it easy for you (and low skilled strong arm attackers, skilled hackers, nation state actors, and neo-Nazi police state border and police thugs) to unlock your phone.  As long as you're good with making it easy for them to unlock your phone by all means, use biometrics.

Using biometrics to provide access to personal data is asinine.

Using biometrics to provide access to any amount of sensitive data is criminally negligent.

Biometrics cannot be changed.  Once you've given your palm biometrics, or facial biometrics, or fingerprints, or iris or retinal scans, or facial biometrics to any company or government they are no longer useful.

Just as the 5.6 million people whose fingerprints were lost in the OPM hack in 2015.

But whatever...you do you.  If you want to make it easy for people to access your device, go ahead and use biometrics.

load more comments (3 replies)
[–] 8Bitz0@discuss.tchncs.de 2 points 6 months ago (3 children)

So… show your PIN to everybody around you? Or should everybody type in a full blown password to just unlock their phone?

[–] MrPoopbutt@lemmy.world 4 points 6 months ago (1 children)

GrapheneOS has PIN scrambling where the number layout is different each time.

load more comments (1 replies)
[–] MapleEngineer@lemmy.world 2 points 6 months ago

Biometrics are ease of access, not security.  They make it easy for you (and low skilled strong arm attackers, skilled hackers, nation state actors, and neo-Nazi police state border and police thugs) to unlock your phone.  As long as you're good with making it easy for them to unlock your phone by all means, use biometrics.

Using biometrics to provide access to personal data is asinine.

Using biometrics to provide access to any amount of sensitive data is criminally negligent.

Biometrics cannot be changed.  Once you've given your palm biometrics, or facial biometrics, or fingerprints, or iris or retinal scans, or facial biometrics to any company or government they are no longer useful.

Just as the 5.6 million people whose fingerprints were lost in the OPM hack in 2015.

But whatever...you do you.  If you want to make it easy for people to access your device, go ahead and use biometrics.

[–] TargaryenTKE@lemmy.world 1 points 6 months ago

Draw a pattern with the dots? There's several ways to protect your privacy and thumbprints are by far one of the laziest and easiest to exploit options available

[–] Anticorp@lemmy.world 15 points 6 months ago

This is no different than them trying to say that any time you're arrested, you have to unlock the front door to your house and let them search the place without cause, reason, or warrant. We know this. They know this. But since both political parties want a surveillance police State, that's what we'll get. It's not like we ever get to vote on this stuff. We can only vote for a couple of people that share the exact same viewpoint on these matters, and then those people can do whatever tf they want.

[–] shortwavesurfer@monero.town 14 points 6 months ago

US court can go fuck a duck cuz I'm putting my phone in lockdown mode and will not be opening it. If the gangsters want the data on the device, they're going to have to crack it themselves.

[–] snooggums@midwest.social 12 points 6 months ago (1 children)

It's like that except fo the fact that ut us not at all like that.

It is forcing someone to grant access to information that requires a search warrant.

[–] Anticorp@lemmy.world 10 points 6 months ago

They know this. They don't care. They decided to treat digital life as its own separate thing 20 years ago, a thing that they can violate all laws on, despite clear analogous real life equivalents from which to form precedent.

[–] xia@lemmy.sdf.org 11 points 6 months ago (1 children)

The solution is so obvious that I suspect a conspiracy. Just allow OTHER actions to be performed based on the finger used. Maybe it's unlock, maybe it's power-off, maybe siren, maybe factory-reset.

[–] bitwolf@lemmy.one 4 points 6 months ago

I've been looking forever for an android ROM that does this. Base it on fingerprints and pins.

Surprised no one has used it to streamline multiple profiles for shared devices either.

[–] SkabySkalywag@lemmy.world 10 points 6 months ago* (last edited 6 months ago) (2 children)

Wish I could set one specific finger -like the ring finger - assigned to load a empty/fake partition for the OS. Kinda like a briefcase with a secret compartment when you open it a certain way.

Edit: looks like some one in the comments already had the same idea:)

[–] Hiro8811@lemmy.world 5 points 6 months ago* (last edited 6 months ago) (2 children)

There's an option on Oneplus. If you put one fingerprint it'll open owner and you can set another fingerprint to open another user

[–] extant@lemmy.world 1 points 6 months ago (1 children)

Which version/model? I don't see that option on my 9 pro.

[–] Hiro8811@lemmy.world 1 points 6 months ago

8T, I don't have the official software anymore but I remember it clearly. You probably gotta dig up through settings more

load more comments (1 replies)
[–] Entropywins@lemmy.world 4 points 6 months ago (1 children)

Opens to a picture of their wife...

[–] The_Mastermind@mander.xyz 1 points 6 months ago* (last edited 6 months ago)

And parents

[–] gregorum@lemm.ee 8 points 6 months ago* (last edited 6 months ago) (4 children)

On iPhones, if you have Face ID enabled, pressing the power button 5 times puts in lockdown mode. This disables the usb port, Face ID, contactless payments, and requires the 6-digit pin to unlock everything. I don’t know if android phones have something similar.

It’s a neat trick for when you think you might get into a “situation”. Also, the cameras still work.

[–] NateNate60@lemmy.world 7 points 6 months ago

Restarting the device does this on Android. The PIN is required to enable any functionality.

[–] pancake@lemmygrad.ml 4 points 6 months ago

Disabling the USB port is neat, BUT... What if it got instead reconfigured to pretend to be a USB keyboard when connected and then... you know... For research purposes, of course.

[–] BrikoX@lemmy.zip 3 points 6 months ago (1 children)

It's only helpful where investigation is not worth the time/cost. Unless you use Lockdown mode, they can do full extraction of iPhones via Cellebrite.

[–] gregorum@lemm.ee 8 points 6 months ago (2 children)

That’s the thing about lockdown mode— it’s super-quick to enable of you get into a situation, and you can still use your device with it turned on to, for example, video record an incident that will live-stream or sync to the cloud for later remote retrieval.

And with the usb port disabled, the cops won’t be extracting anything.

[–] BrikoX@lemmy.zip 11 points 6 months ago* (last edited 6 months ago) (1 children)

It's not fast, but I think we're talking about different things. You are probably talking about SOS mode. The Lockdown Mode requires navigating through a bunch of settings and entering your passcode to enable it.

And port is just one way Cellbrite works. It has many modes which exploit different weaknesses to gain access. Apple finally fixed the biggest one, by finally encrypting the iCloud backup. Before that, all the security measures were defeated by Apple itself, by making a copy of the whole device and leaving it unencrypted...

P.S. Apple only recently were forced to use Universal Serial Bus (USB). So most people are still using Lightning port (Proprietary Serial Bus).

[–] gregorum@lemm.ee 3 points 6 months ago* (last edited 6 months ago)

Oh, you’re right, I was confusing what it’s called with something else. But 5x clicking the power button locks the phone down in a basic way, enough to block Cellbrite from breaking in with a usb tool. And having iCloud advanced encryption enabled keeps them out of there, too.

[–] bitwolf@lemmy.one 1 points 6 months ago

Android also requires the pin after a few attempts and even when changing your location far enough.

[–] sverit@feddit.de 1 points 6 months ago (2 children)

Yes, you can enable a similar option on Android, which can be activated when holding down the power button.

[–] huginn@feddit.it 2 points 6 months ago (3 children)

Power + volume up is usually how you do it I believe. Holding power down usually just activates an assistant.

[–] mojofrododojo@lemmy.world 2 points 6 months ago (1 children)

nope. default android 12-13 is the screen above posted. Hold power for a few seconds and it'll pop up unless you've changed settings.

[–] huginn@feddit.it 1 points 6 months ago (2 children)

Default android is not what most people run. Samsung and Google defaults are assistant.

load more comments (2 replies)
[–] blindsight@beehaw.org 2 points 6 months ago (1 children)

On my Sony phone, holding power with the screen on brings up the power menu, which includes Lockdown mode.

[–] huginn@feddit.it 4 points 6 months ago (1 children)

Yeah I don't think that's the default on Samsung or Google phones. Could be wrong.

[–] blindsight@beehaw.org 1 points 6 months ago

I might have changed that setting. I don't like Google Assistant on my phone since it interferes with my Google Home devices.

[–] sverit@feddit.de 1 points 6 months ago (1 children)

How do you shut down your phone? :)

[–] huginn@feddit.it 1 points 6 months ago

Power + Volume Up?

[–] bitwolf@lemmy.one 2 points 6 months ago

They mean to press and hold the power button. Which reveals this menu

[–] ChallengeApathy@infosec.pub 8 points 6 months ago

Exactly why I refuse to use biometrics. I like exercising my constitutional rights, especially in this age when they're constantly trying to restrict our rights.

[–] PeriodicallyPedantic@lemmy.ca 7 points 6 months ago (1 children)

They've already captured you, which means they've captured your brain, which means they've captured your passwords and location of any keys. Therefore they can force you to unlock anything they want. /S

[–] BrikoX@lemmy.zip 8 points 6 months ago (1 children)

That's the thing. You don't have to give the password, but under this you will be forced to give the "fingerprint" or face consequences.

[–] PeriodicallyPedantic@lemmy.ca 5 points 6 months ago

I understood. I was using satire to apply the same justifications to passwords and keys, which currently are protected, afaict.

[–] Omega_Haxors@lemmy.ml 6 points 6 months ago (1 children)

Well guess who is disabling biometrics.

[–] frauddogg@lemmygrad.ml 2 points 6 months ago

Soon as I read this lmfao. Nope nope nope, suck-start a chainsaw pigs

[–] Xavienth@lemmygrad.ml 2 points 6 months ago

This is not new, this has been the case for years

load more comments
view more: next ›