this post was submitted on 28 Apr 2024
388 points (83.4% liked)

Technology

59374 readers
3169 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 10 points 6 months ago (2 children)

it’s not a password; it’s closer to a username.

but realistically it’s not in my personal threat model to be ready to get tied down and forced to unlock my phone. everyone with windows on their house should know that security is mostly about how far an adversary is willing to go to try to steal from you.

personally, i like the natural daylight, and i’m not paranoid enough to brick up my windows just because it’s a potential ingress.

[–] [email protected] 3 points 6 months ago (1 children)

It's not a great analogy. Your house and its windows are exposed to your neighborhood/community. Your internet device is adjacent to every hacker on the web.

[–] [email protected] 6 points 6 months ago (1 children)

it’s an analogy that applies to me. tldr worrying about having my identity stolen via physical access to my phone isn’t part of my threat model. i live in a safe city, and i don’t have anything the police could find to incriminate me. everyone is going to have a different threat model. some people need to brick up their windows

[–] [email protected] 1 points 6 months ago (2 children)

Assuming the phone's security works as intended, what you're saying is true. However, it's a legit concern that the security is not airtight, and physical access is not actually required to harvest your biometric data.

I know the phone manufacturers make all sorts of claims about how secure biometric data is, but they have a profit motive to do so. I'm not being brick-up-my-windows paranoid by pointing out all the security failures and breaches we've seen over the years. Companies that have billions on the line are still frequently falling short at securing their own assets, much less their customer's data.

I understand biometrics are convenient, and many folks love the ease / coolness factor of using them. Just don't kid yourself that it's secure by requiring your physical phone. Once the dark web has a digital copy of your biometric data, it's compromised forever.

[–] [email protected] 1 points 6 months ago (1 children)

First provide proof that you can pull out biometric data out of a secure element in a phone.

[–] [email protected] 0 points 6 months ago* (last edited 4 weeks ago) (1 children)
[–] [email protected] 2 points 6 months ago (1 children)

That's not retrieving the biometric data from the device, that's retrieving the biometric data from surveillance or physical interaction.
It's quite specifically the type of threat that most people do not need to worry about.

[–] [email protected] 1 points 6 months ago (1 children)
[–] [email protected] 3 points 6 months ago

That's a much better example.

Physical access to the device by a sophisticated attacker is well outside the realm of most people's risk profile.

[–] [email protected] 1 points 6 months ago

like i said, it’s more of a username than a password

[–] [email protected] 2 points 6 months ago

That's why I put Linux on my house.