Linked by Thom Holwerda on Wed 11th Sep 2013 22:16 UTC
Apple

Apple's new iPhone 5S, which comes with a fingerprint scanner, won't store actual images of users' fingerprints on the device, a company spokesman confirmed Wednesday, a decision that could ease concerns from privacy hawks.

Rather, Apple's new Touch ID system only stores "fingerprint data", which remains encrypted within the iPhone's processor, a company representative said Wednesday. The phone then uses the digital signature to unlock itself or make purchases in Apple's iTunes, iBooks or App stores.

In practice, this means that even if someone cracked an iPhone's encrypted chip, they likely wouldn't be able to reverse engineer someone's fingerprint.

This seems relatively safe - but then again, only if you trust that government agencies don't have some sort of backdoor access anyway. This used to be tinfoil hat stuff, but those days are long gone.

I dislike the characterisation of privacy "hawks", though. It reminds me of how warmongering politicians in Washington are referred to as 'hawks", and at least in my view, it has a very negative connotation.

Thread beginning with comment 571977
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: wait
by leos on Fri 13th Sep 2013 02:40 UTC in reply to "RE[6]: wait"
leos
Member since:
2005-09-21

That's a good point. As I said trust is earned, so it's Apple's job to earn that trust if its very difficult for Apple to do that, then that's their problem. The burden is on them, not the consumer.


They have earned it. Clearly not from you, but from millions of their customers. Trying to earn it from you is pointless, since you would never be satisfied until you saw the code, and then you'd invent a different reason not to trust them.

In reality, you have to think about motivations. Let's put aside the NSA for a moment and think about what is in Apple's best interest. Do you think it is in their interest to upload fingerprints to their server, or not adequately protect the information? You think it is in their interest to create something that will end in a massive security scandal? No of course not. They are just as interested in making this system secure as you are. That doesn't mean there aren't vulnerabilities present, but the idea that they are somehow misleading people and not doing their best to make this thing secure just doesn't pass the common sense test.

Reply Parent Score: 3

RE[8]: wait
by Alfman on Fri 13th Sep 2013 07:10 in reply to "RE[7]: wait"
Alfman Member since:
2011-01-28

leos,

"They have earned it [trust]. Clearly not from you, but from millions of their customers."

That's a good point, however just because one buys an android or windows device doesn't automatically imply trust in google or microsoft.


"In reality, you have to think about motivations. Let's put aside the NSA for a moment and think about what is in Apple's best interest. Do you think it is in their interest to upload fingerprints to their server, or not adequately protect the information? You think it is in their interest to create something that will end in a massive security scandal? No of course not."

What you are saying makes logical sense. However I think there's a very real conflict that the public is often oblivious to. As a developer I'm sometimes privy to this conflict and in some cases it's scary how causally companies managers are willing to brush off known issues until it is being exploited in the open. The marketing staff and clients are simply out of the loop. I'm speaking from general experience only, not related to apple.


Cost pressures sometimes justify the unjustifiable.

Reply Parent Score: 2

RE[8]: wait
by tylerdurden on Fri 13th Sep 2013 20:14 in reply to "RE[7]: wait"
tylerdurden Member since:
2009-03-17

I don't care what millions of customers do or do not. Specially when it comes to a company like Apple, whose customer base at large is neither technically educated nor savvy (that's the whole point of apple's products: to serve the segment of the market that can't cope with a mouse with more than one button). So sure as hell very few of them, if any, are going to conduct any sort of due diligence on the products many of them view as a fashion statements more than actual computing devices.

Following your logic; we should eat shit because if it was bad for you there is no way billions and billions of flies would eat it on a daily basis. I, however, prefer to know what's on my diet based on the precept that I am what I eat. And make my decision based on my own context, and not rely on what's popular. Especially in a country like the US, where the popular foodstuffs are just shit (to tie in with the fly metaphor).


The point I'm trying to make is not that Apple is using their sensors to do "naughty" things. They probably are not. But rather, since I have a sense of self respect, it's Apple's burden to prove me they are not doing anything bad with the info they gather from me, so they have to earn my trust any time they want to earn my business. You obviously may have a different concept for your persona, so you perhaps simply grant trust automatically to any company on the basis you like their shinny products. Live and let die, if that's how your roll then good for you.

Reply Parent Score: 4