Interesting video on how Apple's Face ID works


#1

Originally published at: https://boingboing.net/2017/11/06/interesting-video-on-how-apple.html


#2

I have “face recognition” already installed in my brain.


#3

The face recognition on mine is buggy. Can I get an upgrade or is that only available with the latest model brains?


#4

I seem to recognize faces all right, it’s just that I have a problem with the name-tags getting mixed up all the time…


#5

How different is it from other face rec, like Samsung’s?


#6

it turns your face into a passcode.

A passcode, that is, that you can never change, and that any passer-by can copy, through the miracle of photography.


#7

I wasn’t able to watch the video, so I don’t know if they say, doesn’t the phone use the infrared sensor to check that it is looking at a face rather than a photo?


#8

If the video is to be believed, then even a 3D-printed mask of your own face will not be read as your face by FaceID.


#9

Hey, if Apple promises, then nothing could possibly go wrong,


#10

Yes. In the apple keynote Apple indicated they had movie effects artists create masks of people that most would call true to life in full color and 3D, and that these masks also don’t trigger it.

I suspect, but don’t know, that the system measures some level of internal skin reflectance from the IR dot projector. IR goes through skin more easily than visible light, so a face captured in IR will look different than one captured in visible light. Notice, for instance, that skin blemishes and wrinkles disappear in that video under IR lighting.

So most painting or 3D printing techniques won’t work because they’re developed for the visible specturm.

Eventually someone will fool it after they figure out exactly what it’s looking for. Security through obscurity isn’t ideal, and many companies and agencies are doubtless looking into how to fool the system, but for the common phone thief, this is pretty adequate protection.


#11

From all reports, unlike Samsung’s it cannot be easily fooled.


#12

From what i read recently apparently siblings might have enough similarity to the phone’s owner to unlock it (not talking about twins, though that works too).

Also biometrics is not a good way to secure your data and privacy. On the off chance that someone is forced to unlock their devices by the police or another agency biometrics are not protected. You can be legally compelled to unlock it, unlike a password where if you refuse they cannot force you to surrender it or unlock it.


#13

Correct, which is why Apple has also provided means to disable faceID quickly, requiring the passcode to be used.


#14

Seems like there’s enough of a window there for failure though. Best practice is to not use biometrics to begin with, or double it up with a password. But then why even have biometrics? The average user is not going to bother with both.


#15

For some people, your line of reasoning is probably, well, reasonable.

But for most people it provides more protection than they will ever need, in exchange for a great deal of convenience and speed.

The average homeowner is going to install a lock that can be picked in moments with the right tool and almost no skill - but to suggest that it’s not 100% secure so we shouldn’t have it at all is shortsighted. For those that need the additional security, they can disable it.

Having it, though, means that it will be tested, used, and improved, and in a matter of years perhaps the technology will mature enough that even you would be happy with it. Right now it doesn’t unlock if your eyes are closed. So if they shove it in your face, close your eyes.

Perhaps the next iteration will require you to smile - something harder to do when under duress - or maybe a “bad” facial gesture will disable it. If you attempt to unlock it with a scowl or frown, it disables faceid.

But we won’t fully understand the implications until it’s out there.


#16

I would not trust biometrics period until there’s legislation in place protecting citizens from being forced to unlock their devices. Fine-tuning the technology to be more robust is obviously great, but i still would not trust it until i’m guaranteed that i won’t be compelled to unlock my devices.


#17

I don’t. I quite often have people on the street greet me and I have no idea who they are. Even if they are my math teacher, father of my kid’s friend whom I spend a day with just a week ago and various other people. With TV/movies it’s worse, unless it’s a very popular actor whose often in the news.


#18

TouchID showed that it is not so: Users want a method that protects against casual and common attacks. Like people stealing or robbing. Worrying about police not so much.

Also FaceID will require the passcode after 8 hours of non-usage. And after booting up.


#19

I am more concerned with biometrics being stolen (fingerprints, face features, iris). I can rotate my password regularly and reset it if stolen…


#20

I am aware, your particular quote is in reference to doubling up on both Biometrics and passcodes though. Most people are only going to bother with one or the other, and typically it’ll be the biometrics that most will prefer because of the convenience.