whats with the sudden urge of "all phones need a fingerprint

>>60547899
They're obviously copying Apple.

new version of android requires it afaik
and nobody online seems to mind

>>60547899
They're obviosuly copying think pads

File: 1491390620876.jpg (433KB, 1322x1762px) Image search: [Google]

433KB, 1322x1762px

It's convenient.

Serious question:
My government (Italy) ready has my fingerprints. What reasons should I have for not wanting a fingerprint reader on my devices?
What would happen if Google and Apple give my fingerprints to the US government?

Because I'm assuming that's the main issue (and not hackers stealing it or something like that).

>>60548315
Already*
Gave*

Damn it

>>60547899
What better way to get everyone's finger prints on file without needing to lift a finger oneself?

>>60547899
Fingerprint scanners are botnet devices and should be avoided.

>>60547923
Thinkpad cucks don't mind Intel ME with full AMT firmware since as early as 2007, and shit like CompuTrace, Atmel TPM and all kinds of other botnet coprocessors (Lelnovo was basically pioneer in implementin all that shit in their "business" laptops), so you think they'd mind fingerprint readers?

>>60548315
Well the thing is now you've turned your fingerprints into something that's actively used to authenticate you against something. In other words, you've made them worth stealing. The more stuff your fingerprint unlocks, the more worthwhile it is to try and compromise it.

(I'm implicitly assuming that the Italian government fingerprints people and then just keeps them on file for things like murder investigations. As opposed to having you put your finger on a reader to access government services)

>>60548589
>I'm implicitly assuming that the Italian government fingerprints people and then just keeps them on file for things like murder investigations. As opposed to having you put your finger on a reader to access government services
Correct.

>Well the thing is now you've turned your fingerprints into something that's actively used to authenticate you against something. In other words, you've made them worth stealing. The more stuff your fingerprint unlocks, the more worthwhile it is to try and compromise it.
So the danger is hackers stealing it (from wherever) because they want to unlock my devices and accounts (which they wouldn't do if I hadn't used it anywhere)?

Now that you make me think of it this way, the fingerprint is basically a master password that's embedded in your body, and the more things you use it for, the higher the chances of it being compromised, and once it's compromised it's gonna stay that way forever because you can't change it.

>>60547899
Honestly out of all the botnet things to be angry at I don't know if I would consider this one of them.

I personally hate having to unlock my phone all the time because it's just such a pain in the ass and wastes time. I'd love to get a phone with a finger print scanner because it secures my phone to me in a lot better way, and so if it gets swiped I don't have to worry about it. I can instantly unlock my phone and that's that.

So what if google has your fingerprint? They probably have more important information if you're using a lagdroid anyways. I still see the arguments against, I just don't know if this is the one botnet feature that needs to be put undert the microscope when your phone is always listening to you and sending your other more sensitive personal info to google

>>60548315
>My government (Italy) ready has my fingerprints. What reasons should I have for not wanting a fingerprint reader on my devices?
Well that seems to be enough of a reason. So they can access your device if you only use fingerprint as authentication.

>>60548820
>Now that you make me think of it this way, the fingerprint is basically a master password that's embedded in your body, and the more things you use it for, the higher the chances of it being compromised, and once it's compromised it's gonna stay that way forever because you can't change it.
This is exactly right. You can always generate a new password, but you get at most 10 fingers per lifetime.

Also this isn't relevant to you but in the US (where you're generally only fingerprinted when arrested or for certain government security checks) there's a dispute in appellate courts over whether the government can compel you to reveal passwords, but there's little doubt they can force you to give a fingerprint. (this arising because of the Fifth Amendment's prohibition on the government demanding that you testify against yourself. Putting your finger on a reader isn't testifying, but revealing a memorized password arguably is. This isn't settled since it hasn't been to the Supreme Court yet.)

>>60547899
apple did it

It's convenient and secure as fuck, opposed to face recognition. What's not to like? Also, it doesn't scan your whole finger, it just searches for patterns.

>>60548889
It could be, I don't really know desu.
I'll look into it.

>>60548995
Yeah, heard about that.
It's funny that I spend so much time on the Internet that I know much more about the American justice system than I do of my country's.

>>60549245
>and secure as fuck
Except that fingerprint sensors from phones are not secure at all. That's why they are so fast. They trade security for convenience. They don't look at the whoile fingerprint, they unlock the phone only if a portion of the registered fingerprint is given to them, which makes them less secure. That's one reason why they ask multiple inputs upon setting them up. While our fingerprints are considered to be unique as a whole, the same can not be said about just a portion of it. The portion that is enough to unlock one of those phones.

>all phones need a fingerprint scanner
Wouldn't know. The only people I ever hear complaining about a lack of a fingerprint scanner are a few /g/ posters. But /g/ will complain about anything, like Newpipe not having comments or subscriptions. We don't need useless features.

>>60548315

Here in the US, the only reason for the government to have your fingerprint is if you get arrested or you work for them. The average citizen never runs into a situation where they would end up getting fingerprinted.

>>60549690
That's dumb as f...
>Femanon
This explains a lot.

law enforcement can compel you to unlock something with your fingerprint without a warrant

>>60549822
Look it up and see for yourself. That's how fingerprint sensors on phones work. They just need a portion of the fingerprint to match in order to unlock the phone.

File: _0.gif (3MB, 377x372px) Image search: [Google]

3MB, 377x372px

>>60549896
>she thinks that matters
Quit being dumb ffs
Science majors manage to be worse than engineers, ffs

>>60547899
Using any form of authentication that cannot be changed but can be stolen is idiotic.

>>60549927
Claiming that fingerprint sensors are secure is wrong. They aren't. They provide piss poor security by any means.

>>60549977
Well, go ahead and crack a fingerprint sensor without access to the finger itself.
I'll wait.

>his phone doesn't have two factor auth
shit, nigga, what are you doing?

>>60548315
Why does our government has your fingerprints?
Are you an ex con or something?

>>60547988
>you will never see her naked tits
why even

>>60549990
>without access to the finger itself.
you are leaving your fingerprints on hundreds of objects every day

>>60549927
>>60549990
Are you retarded? Matching partial fingerprints is not that hard. There was a study about it recently.

http://ieeexplore.ieee.org/document/7893784/?reload=true

>>60549990
I don't have any interest in doing that. But someone (or something) who has enough interest will do it.

>>60549995
>what are documents

Dick scanner should be next

>>60549995
I was born here but my parents are immigrants.
When I reached a certain age (IIRC 15) I had to register my fingerprints in order to renew my residence permit.

Not sure if regular citizens have to do it.

>>60549796
See above.

>>60547899
Apple sets standards, everyone else scrambles to copy them because they're worried about not being as good.

honestly fingerprint unlock is the easiest, fastest, and most secure way to unlock a phone.
yes, I know, the "no two fingerprints are alike" thing is bullshit but it's still nice security theater and it seems to work. no one has unlocked my phone with their fingerprint (yet).

I do NOT miss having to connect those fucking nine dots every time I want to unlock my phone. Don't miss it a single bit.

I just wish my phone had a hardware unlock slide button.
Like my old Nokia.

I don't give a shit about security because I look after my stuff.

>>60548446

In the case of iOS, at least, fingerprints are not sent to Apple. They're stored locally on the device's Secure Enclave, where nobody can get at them.

>>60548589

Except the Secure Element -- along with, I presume, its Android analogues -- carries a huge incentive to keep it secure as well. It's used not only for unlocking a phone, but also for financial transactions, which is a set of interests that always carries a boatload of laws, regulations, and lobbying muscle behind it.

>>60548820

>Now that you make me think of it this way, the fingerprint is basically a master password that's embedded in your body, and the more things you use it for, the higher the chances of it being compromised, and once it's compromised it's gonna stay that way forever because you can't change it.

Except periodic secondary checks exist -- on iOS, at least -- against other forms of verification, including device passcodes, account passwords, and 2FA measures. You act like they haven't thought this through.

>>60548995
>>60549855

Re: the 5A situation in the US, all you have to do is turn off your iPhone when the po-po knock on the door. TouchID cannot be used for the first unlock of an iPhone after a cold boot.

>>60550083
I punch in eight numbers every time I unlock my phone. I'm worried about the security of that, when I replace this phone I think I'll set the next one to a ten-digit PIN.

>>60550063
This

>>60551168
>Except periodic secondary checks exist -- on iOS, at least -- against other forms of verification, including device passcodes, account passwords, and 2FA measures. You act like they haven't thought this through.
Those don't really solve the problem.
I'm talking about someone having my fingerprint and being able to use it for something bad, and one it's compromised it's compromised forever.
While secondary checks can be temporarily compromised (until they get patched or the password is changed or something), your fingerprints only need to be compromised once, and can be used for many different purposes, which are not always foiled by secondary checks (if you're using your fingerprint for convenience purposes, they're not even going to be there most of the time).
Especially when we're talking about fingerprints used in the real world.

I imagine if all devices started having fingerprint scanners, someone could potentially write a malware that secretly scans your fingerprints and sends them to him. He could then place them on a crime scene to blame the crime on you.

There could even be some large-scale hack that steals millions of them from Apple or Google devices, and all those people's fingerprints would forever be compromised.

I mean, your fingerprints are so uniquely identifying, that you don't really want to take a chance.

I was already fingerprinted by DCFS because of shit my family dragged me into due to living with them, so getting those prints anyway would probably be trivial for a state/federal organization.

It allows me to have a strong lock screen/encryption password without the inconvenience of typing it out every time I want to unlock my phone.

>>60548589
it's a valid concern but you can beat this with two-factor authentication then if it really bothers you

File: Download-1.jpg (37KB, 400x386px) Image search: [Google]

37KB, 400x386px

>>60547899
Convenience. If you don't like it, don't use it or buy a phone without one. Or just don't buy a phone at all. Did you ever think of that?

>>60548583
You can disable AMT and Intel ME and all of that other shit on most ThinkPads by using ME Cleaner and installing Coreboot. Also replace any Intel or Broadcomm networking cards with ones that have open source firmware.

>>60550083
Use the number pin to unlock it. The fingerprint scanners have been hacked using the prints from pictures of people's hands. Secure my ass.

>>60552247
>Use the number pin to unlock it.
That's still slower than the fingerprint. Plus, if someone watches you put in that number, they can not only memorize it but tell others as well. This is why I liked the pattern lock. It's slower but harder to memorize and describe to others.
>The fingerprint scanners have been hacked using the prints from pictures of people's hands.
Oh, please. Don't be so noided. Do you know how much effort that shit takes? How many clear pictures of your fingerprints exist right now outside of government records? Are you a celebrity?

>>60552247
>The fingerprint scanners have been hacked using the prints from pictures of people's hands.
By the time I found a good enough picture of your fingers and created a 1:1 inductive replica of your print (god forbid it's the wrong one), I could have """hacked""" into your phone by then. It would be faster and easier, anyway. Besides, if someone steals your phone, they're way more likely to just wipe it and sell it on eBay for money rather than try to unlock it to get to all ur precious mp3 files.

>>60552215
Most companies run 2FA through... your phone. Which is what your fingerprint grants access to.

>>60547899
Moron users think they are convenient, secure, and cool. Whereas the govt. likes them because having you put your finger on a specific spot on your phone isn't as legally precarious as the whole legally compelling you to give up your passwords thing.

>>60553389
The government already has your fingerprint. They don't need you to unlock your phone.

>>60553389
The government doesn't really even need to unlock your phone anymore due to how cloud-based everything is. All they need to do is subpoena the companies you used to discuss murdering a guy and boom - you're in prison.

itt: paranoia and over-inflated views of ya worth

Goy, just look at how inconvenient typing a several digit passcode is! Quick, give us your biometric data!

>>60555590
seriously who tf do you think is going to want your fingerprints?

File: unimpressed pepe.png (126KB, 402x398px) Image search: [Google]

126KB, 402x398px

>>60555590
why do /pol/iticians always have to make everything about Jews

>>60557083
One day you might make a few enemies, anon

Correct me if I'm wrong here, but Android stores your fingerprints locally on your phone in some separate, encrypted part of the phone, right?

So they never actually get sent to Google, and cracking that encrypted part of the phone is almost impossible (at least on the Iphone if I remember correctly, I assume Android is similar).

So there isn't really a downside to using it on your phone as such, right?

Using it for other purposes of course increases the risk of it being compromised and all that.

>>60558745
It might not be impossible forever.

>>60547899
It's a great way to collect biometric data.

>>60558824
Of course, but encryption and security technology progresses constantly, just like the tech that is meant to crack it does. So right now, there isn't exactly anything wrong with using a fingerprint scanner on your phone since the chances of someone lifting it off of your phone are very low.

>>60558852

What data? I'm sure they collect some sort of usage data, but it's not like they collect your fingerprint itself, or anything identifying

>>60558895
>but it's not like they collect your fingerprint itself, or anything identifying
There are two types of fingerprint readers. One is an optical sensor which relays an image of the fingerprint to the OS. This is the cheapest type. The other type, like you'll find on a Thinkpad, stores and manages the fingerprint data internally, and merely sends a hash of the fingerprint itself to the OS when fingerprint authorization is required. It's more secure because the OS (or an attacker) can never recover the actual fingerprint itself.

>>60547899
le CIA wants your fingerprint xDDDD

>>60558979
They also hate it when you tape your webcam.

>>60558895
They don't necessarily progress at the same rate.
Breakthroughs in encryption are pretty rare nowadays compared to those in hacking, considering all the zero-days and backdoors that are constantly leaking.

Because obviously it's more likely than not that American agencies already have access to them, as they're known to work directly woth the OS devs.

Besides, hackers don't have to hack the already stored fingerprints if they can simply make the scanner record new ones for them.

Remember that your security has to protect you constantly and never ever slip up, because an attacker only has to succeed once for your fingerprints to be compromised for good.

I got one on the back of my Xiaomeme and it's just so comfy. My finger rests around that spot anyway so all I need to do to unlock my phone is to pick it up.

>>60558964
Yes, and I somehow doubt that Google allows the type that you mentioned first.

As far as I know, Apple uses the second type, and I assume that Android phones also use secure scanners. Feel free to prove me wrong though, because I'm actually curious about this and would like to know if my phone (Z5) uses a proper module.

>>60558999

Yeah, but I struggle to see how a hacker would get into my phone when I'm not doing anything special daily.
It's always a worry of course, but that's the risk you take I suppose.

>>60558999
Biometrics fails at at least one of the fundamental requirements for secure passwords- The ability to change your passwrod.

>>60549796
False. Ameribro here gave it to both US and Canadian government for Nexus.

>>60547899
It's convenient. I get there are ways for getting around it but it's good enough for my personal use phone. I used to not use a passcode since i locked amd unlocked it so often. Unfortunately most phones have retarded placement unlike my Z5 that has it on the power button.

>>60559048
It's difficult and unlikely, but it's still possible (especially if you're targeted specifically), so maybe today it may not be a realistic concern for you personally, but things will definitely change as fingerprint scanners start to get implemented everywhere.

It's up to you to decide if their convenience is worth it.

>>60559084
Yes.
I was talking about exactly that with the last paragraph.

>>60559084
Not entirely true. You can change the way it hashes the fingerprint or anything of that nature. The finger itself, is unique amd not bruteforcable, so I don't see why that rule would apply here. There are ways around that though so i recommend retinal scans.

>>60552247
As long as it prevents others from unlocking my phone if I leave it on my desk at work, it's secure enough. If it gets stolen, all data is going to be remotely wiped anyway.

Not to mention it can't be figured out by someone watching me or looking at screen smudges afterwards like patterns/PINs.

>>60547899
botnet

facebook wil have everyone fingerprints

>>60559048
>Google allows
Google doesn't control the stuff phone companies put on their phones anon. Also Google is all about sucking up all your data.

File: 8852a9ca87[1].png (102KB, 697x909px) Image search: [Google]

102KB, 697x909px

>>60559515
Except they do.

In the guidelines they clearly state what has to be present, and what is "strongly advised", and so on. Google doesn't allow you to have Android on your phone if you don't follow the guidelines.

pic related are from the guidelines where they mention fingerprint sensors.

>>60559563
Those guidelines are only for if the scanner connects to third party software.

They don't appear to apply if it's just Google's botnet OS which is accessing the data.

Isn't there a US law or something that says if you use a fingerprint to unlock your phone they have the right to force you to unlock it, but if it's a pin or pattern password they can't do jack shit to you?

>>60550083
>and most secure way to unlock a phone
No, it's less secure than a 4 digit code. Fingerprint anything can be bypassed with a few readily available tools.

File: 1c498781a4[1].png (60KB, 653x740px) Image search: [Google]

60KB, 653x740px

>>60559591
>Those guidelines are only for if the scanner connects to third party software.

Where does it say that? Seems to me like it applies to everything regarding the implementation of a fingerprint sensor on an Android phone running Android 7.0

>MUST have a hardware-backed keystore implementation, and perform the fingerprint
matching in a Trusted Execution Environment (TEE) or on a chip with a secure channel to
the TEE.

>MUST have all identifiable fingerprint data encrypted and cryptographically authenticated
such that they cannot be acquired, read or altered outside of the Trusted Execution
Environment (TEE) as documented in the implementation guidelines on the Android Open
Source Project site

This doesn't mention 3rd party apps at all, and is referring to the operation of the sensor itself. Now it COULD be argued that it doesn't control the hardware in this instance, just the software though.
However, the OS itself is not, at any time, accessing the biometric data, that data is stored separately on a separate part of the processor that doesn't interact with the rest of the OS. The way the phone handles it is that it gives an auth token to the phone that says a fingerprint has been identified and gives the auth token with no actual fingerprint data itself. Pic related once again.

However, in the other parts of the document there are definite hardware requirements, IF the manufacturer wants to implement that particular hardware feature.

File: Screen Shot 2017-05-24 at 3.07.14 AM.png (59KB, 689x133px) Image search: [Google]

59KB, 689x133px

>>60559672
>Where does it say that?
Right in the preamble to section 7.3.10, in your image.