The iPhone X is not quite as good, as someone else holding the iPhone to your face will authenticate unlocking the of the keys. Ability to force requiring a password by holding either volume button & the side button is insufficient as the phone may be coerced away from you.

Christopher Allen

@ChristopherA

Unfortunately facial recognition & biometrics are here to stay. As a culture we must resist associating it with data. Instead it should only be used as one of many factors for authentication of cryptographic identifiers, which people then can choose to consent to release data.

7/23/2018, 10:13:03 AM

Favs: 37

Retweets: 7

link

Christopher Allen

@ChristopherA

Apple comes closest to having this right with the fingerprint reader on the iPhone 6-8. The device never shares the biometric, only unlocks keys under the users control, after the implied consent of the use of the correct finger. Use wrong finger 3 times & password is required.

7/23/2018, 10:18:46 AM

Favs: 7

Retweets: 0

link

Christopher Allen

@ChristopherA

The iPhone X is not quite as good, as someone else holding the iPhone to your face will authenticate unlocking the of the keys. Ability to force requiring a password by holding either volume button & the side button is insufficient as the phone may be coerced away from you.

7/23/2018, 10:24:36 AM

Favs: 6

Retweets: 0

link

Christopher Allen

@ChristopherA

In both cases I would personally prefer Apple enable multifactor (both biometric AND password) if the iPhone has moved since the last time it was authenticated, or only in places marked as “safe” like your home. Other recent history can be used as additional factors.

7/23/2018, 10:32:54 AM

Favs: 6

Retweets: 1

link

Christopher Allen

@ChristopherA

A solution for services such as Facebook that have large number of stored images are much harder. They need to firewall the facial identifier from the data about individuals. This requires more than “can correlate photos of faces with data” consent by their users.

7/23/2018, 10:38:01 AM

Favs: 3

Retweets: 0

link

Christopher Allen

@ChristopherA

In a self-sovereign architecture a future competitor to Facebook would lock the face correlated data behind keys they don’t control, but are under control of their users, that must be consented to for each unique use, not a blanket permission.

7/23/2018, 10:40:42 AM

Favs: 9

Retweets: 1

link

Christopher Allen

@ChristopherA

I don’t know of any way to prevent misuse of facial, voice & other biometric information—other than as a culture we must demand it not be abused. China’s use of facial recognition to control against dissent is precisely the anti-pattern we need to avoid.

7/23/2018, 10:43:53 AM

Favs: 13

Retweets: 6

link