• tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    8 months ago

    privacy

    Ultimately, there are too many databases with people’s fingerprints out there, and my expectation is that they’re gonna leak at some point.

    So that means two things:

    • First, don’t use biometrics to check identity unless you’re in a position where a person forging them can actually be checked for forged biometrics and get in trouble if caught. Like, customs at an airport, where you could see if someone has fake caps on their fingers or something. Biometrics cannot normally be invalidated. If it leaks and you’re using the fingerprints to authenticate yourself to, say, your laptop or your bank or something, you can never invalidate those credentials, and people will always be able to get into your bank account. Specifically in the case of fingerprints, it’s often not even that hard to get ahold of a specific individual’s biometrics – you leave a record of them on any smooth surface that you touch.

    • Second, if you’re in a position where you don’t want to leave behind a signature, you might want to wear something that masks biometrics. If you have widely-leaked biometrics databases floating around that anyone can get access to, and you, say, put your hand on something, you’ve just left a signature that anyone can map to identity. Maybe bring back gloves, say. I don’t think that we’re at a point where there are systems that can do iris scans at a distance without someone knowing. Facial recognition is definitely doable at a distance, and that happens today. People at political protests who are worried about being identified, some military people, stuff like that, will mask their face. Maybe it makes sense to roll back anti-mask laws if facial databases are gonna be floating around. I dunno about gait recognition, whether that’s sufficiently-unique to distinguish among a large number of people at a distance.

    • MudMan@fedia.io
      link
      fedilink
      arrow-up
      0
      ·
      8 months ago

      Last time I used my mandatory ID for a public transaction I actually had to use a webcam and held the card up to it and then my face so a human could check them.

      Turns out, in a country where these have been in use for decades some people have put some thought into it. Go figure.

      Of course now we have real time deepfakes and that is again obsolete, so we’ll see where we go from here. I hope I don’t have to bring my meatsuit to an actual office for routine tax transactions again, because that sucked and this is better.

      • DarkThoughts@fedia.io
        link
        fedilink
        arrow-up
        0
        ·
        8 months ago

        Last time I used my mandatory ID for a public transaction I actually had to use a webcam and held the card up to it and then my face so a human could check them.

        Are you seriously unironically saying this is an example of “putting some thought into it”? That’s literally this ludicrous idea that politicians had to verify the age of users visiting porn sites. It’s nothing but invasive.

        • MudMan@fedia.io
          link
          fedilink
          arrow-up
          0
          ·
          8 months ago

          Yeah, I’m saying that unironically. Depending on the transaction you’re trying to make it can require a digital certificate you acquired previously in person, but it can also be human-verified in real time by checking your ID and matching it over videoconferencing.

          The person checking my ID would have had to check my ID if I went to the office in person, too. Because, you kmow, they were gating my accessing my own private data. So remote human verification isn’t “invasive”, it’s literally the same thing we would have done in person without the hassle of going to the office, which helps people who can’t move around easily and during the pandemic it also kept everybody else safe.

          It’s fascinating how consistently the anglosphere assumes identifying yourself is an attack rather than a service. My ID has just as many protection features as my money, and that’s how I want it, because my ID gates people being able to act in my name and access my records in a number of ways. Reliable, universal ID is a feature, not a bug.

          • DarkThoughts@fedia.io
            link
            fedilink
            arrow-up
            0
            ·
            8 months ago

            Because my biometric data is none of 99% of peoples business and should not be saved by anyone at all, neither state nor private company. And it is also none of people’s business if I want to visit adult sites or services. There’s literally non invasive methods to verify someone’s identity & age too, but you think that somehow it is completely fine to expose yourself in front of a camera to someone. Might as well open up a profile on Chaturbate and expose some more. The only fascinating thing here is how little people give a shit about privacy nowadays. Honestly, just move to China with that kind of thinking. There you can see what those biometric databases are used for.

            • KiraKo@feddit.de
              link
              fedilink
              English
              arrow-up
              0
              ·
              8 months ago

              Could you explain what non invasive methods exist? Really would like to hear them.

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      8 months ago

      A “database of fingerprints” would only contain checksums. They can be used to verify the result of a reading but not to get the whole print.

      Most of the time they don’t even contain that. The primary checksum is stored only on the ID, which outputs a secondary one, which is matched against a verification checksum produced independently by a reader.

      The national database doesn’t need any of those, it holds the person ID numbers and their civil status and stuff like that not how they are verified.

      • MilderRichter@feddit.de
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        A “database of fingerprints” would only contain checksums

        that’s the case for fingerprint readers in phones/laptops

        But does that also apply to prints collected for government ID cards?