In-display fingerprint sensors have become commonplace in virtually all Android smartphones, for better or for worse, and five years later…

  • GBU_28@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    15
    ·
    21 hours ago

    Never use biometrics on devices, security/privacy risk

    • skuzz@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      21 hours ago

      So is typing in your passphrase while out in public around cameras. Might as well just not use the phone.

      Just familiarize yourself with your phone’s lockdown mode so it’s muscle memory.

      • GBU_28@lemm.ee
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        4
        ·
        edit-2
        21 hours ago

        If you don’t succeed in lockdown before seizure, or aren’t conscious, your biometrics can be used without your consent.

        Taking reasonable steps to improve your security doesn’t mean all efforts are all or nothing

        • socsa@piefed.social
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          20 hours ago

          For my threat profile, state actors compelling biometrics from my EDC phone is pretty low on my list of concerns. That shit is intentionally sterile because I know they will just push me a compromised “security update” if they want in.

          And in any case, I’d still rather be able to fight the collection in public, vs being compromised by anyone who paid the janitor $20 to plug a USB drive into my phone.

          • GBU_28@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            ·
            20 hours ago

            Sure, as conversation, i’ve heard of thieves face unlocking phones they just stole.

            Indeed running as sterile an every day phone as possible is another great security approach by reducing risk.

            • socsa@piefed.social
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              18 hours ago

              Yeah I don’t really care what a thief does with my phone after they brain me. It’s the skull damage which concerns me. My google account is locked down with a hardware key so there’s only so much damage they can do before I wipe the device. Unless I’m dead, in which case I guess it doesn’t matter. Also my wife knows how to handle this situation. I would strongly suggest investing in posthumous spouse security as early as possible.

              • GBU_28@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                20 hours ago

                Your last sentence is great.

                Regarding the prior stuff, that’s very “you specific”. There’s of course tons of caveats or gotchas to my broad statement, but it doesn’t make it untrue.

                Biometrics present a less secure access path to a device…

                • socsa@piefed.social
                  link
                  fedilink
                  arrow-up
                  2
                  ·
                  20 hours ago

                  My point is that they are separable threat profiles. If you are more concerned about your sketchy tinder date grabbing your lock screen password, biometrics are great. What I would love is a quick settings toggle for biometrics.

        • RvTV95XBeo@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          19 hours ago

          Jokes on them, my phones stupid fingerprint reader only works about 3% of the time. They’ll get frustrated and give up before finding anything, I know I usually do.