GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I heard an item on the BBC News this morning which startled me. Apparently smartphone and tablet cameras are now so powerful that pictures of people holding up their hands (for example waving) can yield usable fingerprints for identification.
A growing number of mobile devices use a fingerprint scan to log on or authenticate financial transactions. What is going to happen to this infrastructure if fingerprints can be harvested from Facebook or Instagram?
I don't know the answer to your question but will say in general I do NOT use fingerprint security on my devices.
Here in the U.S. our Constitution prohibits forcing people to testify against themselves. The courts here have ruled that because of this you can not be compelled to give your password for a device. However, they've also ruled you can be compelled to swipe your finger to unlock a device. Total BS in my view but given that is the case I'll never use fingerprint on a personal device ever again.
Interestingly years ago my brother in law who works at a nuclear power plant told me about when they put in hand scanners. The question was asked "What if someone cuts off the hand and uses it?". They answered it wouldn't work and indicated they'd done tests to prove it wouldn't. That begs the question exactly how did they test THAT scenario?
However, they've also ruled you can be compelled to swipe your finger to unlock a device. Total BS in my view but given that is the case I'll never use fingerprint on a personal device ever again.
That's based on the precedence that law enforcement agencies are allowed to take fingerprints.
Quote:
Originally Posted by MensaWater
That begs the question exactly how did they test THAT scenario?
More complex scanners (i.e. NOT the cheapo ones in phones) make use of other biometric detection (blood flow, heartbeat, temperature) to ensure a "living" subject.
I heard an item on the BBC News this morning which startled me. Apparently smartphone and tablet cameras are now so powerful that pictures of people holding up their hands (for example waving) can yield usable fingerprints for identification.
A growing number of mobile devices use a fingerprint scan to log on or authenticate financial transactions. What is going to happen to this infrastructure if fingerprints can be harvested from Facebook or Instagram?
It's been known for a long time that you leave fingerprints on everything you touch so it's never been secure (of course grabbing it from photos on the internet makes attacks more efficient and stealthy). It's quite convenient though, so I expect there will have to be some high profile hack using this before people actually shift away from fingerprints.
Quote:
Originally Posted by TenTenths
More complex scanners (i.e. NOT the cheapo ones in phones) make use of other biometric detection (blood flow, heartbeat, temperature) to ensure a "living" subject.
If you're in a position to cut off the victim's hand, surely you can just force them to put it in the scanner instead. I've always thought the cutting off the hand/eye to bypass biometric scans was purely to increase drama in works of fiction.
If you're in a position to cut off the victim's hand, surely you can just force them to put it in the scanner instead. I've always thought the cutting off the hand/eye to bypass biometric scans was purely to increase drama in works of fiction.
I'm sure it is done for dramatic purposes but I could also imagine it is a lot simpler to dismember a person in the privacy of some remote location and carry parts with you than it would be to drag a full person along. This becomes especially problematical if you're going through locations such as lobbies that have other people milling about. They're more likely notice someone being "escorted" even if you hadn't beat them into submission and changed their appearance to make them walk along with you docilely. On the other hand you could carry a hand in a lunch pail or an eyeball in a medicine bottle and the only risk would be when you actually removed the part to use it as opposed to when you were carrying it past other people.
On the other point regarding legality: It is one thing to say the government is allowed to store fingerprints for identification and quite another to say they're allowed to force you to take an action that works with your fingerprints. The law is interesting because of the bizarre inconsistencies it creates. You can't be compelled to give your password but there was a case where a person gave his login password for a computer to border authorities but then refused to give them the password to unencrypt a secret file on that computer. The judge ruled that because he had given the first password he had waived his right and had to provide the other password as well. This was BS in my opinion. It implies that ANY co-operation you do with authorities surrenders all your rights so your only course of action should be to refuse co-operation with even the simplest of requests. (Of course in that case they suspected him of carrying child porn - only an idiot would comply with the order in such a case - it is much better to be jailed for contempt of court than to be convicted of a sex crime.)
The solution to Hazel's original question is we all wear gloves and sunglasses all the time so that pictures can't reveal either our fingerprints or our retinal details.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Another reason, if one were needed, not to appear ion photographs!
My dislike of being photographed aside -- I think this is just another step from the keys people were making using photographs about 5 years or so ago. It will happen even if it's "not quite there yet". Like Van-Eck Phreaking it proves that security is difficult.
I spoke to a gentleman once who told me he was a fingerprint expert and he seemed confident that "fingerprint collisions" (as it were) wouldn't occur naturally and I got the impression that there was more to his job than just matching whorls. If he really was what he said he was I think printed fingerprints may not pass muster as crime scene prints once they're known about. Hopefully...
Last edited by 273; 01-13-2017 at 11:38 AM.
Reason: Multiple typo's
A"fingerprint collisions" (as it were) wouldn't occur naturally
Actually it does happen. I recall a case where someone here in the U.S. was picked up by the feds because "his" fingerprints were found in connection with a terrorism case overseas. He had never been there and they later found the real culprit was from the country where the terrorism occurred and they had strikingly similar fingerprints. Looking for that led me to this link: http://www.telegraph.co.uk/science/2...not-be-unique/
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by MensaWater
Actually it does happen. I recall a case where someone here in the U.S. was picked up by the feds because "his" fingerprints were found in connection with a terrorism case overseas. He had never been there and they later found the real culprit was from the country where the terrorism occurred and they had strikingly similar fingerprints. Looking for that led me to this link: http://www.telegraph.co.uk/science/2...not-be-unique/
Sadly this was one of those conversations where one's preoccupation prevented asking decent questions. We did chat about uniqueness and the idea was that while an automated system concentrating on only certain features could give false positives a trained human would notice they were not the same. He was a lot more convinced than I that a fingerprint is likely to be unique though, which did worry me.
A I typed, a missed opportunity due to my personal mindset.
I'm in the process of re-reading Dan Brown's 'Angels and Demons', which includes someone being murdered to have an eyeball removed for use in a retina scanner. For the purposes of the story the idea worked, but I doubt that a 'dead' eye would give the same reading as a 'live'eye, would it?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by Celtic Yokel
I'm in the process of re-reading Dan Brown's 'Angels and Demons', which includes someone being murdered to have an eyeball removed for use in a retina scanner. For the purposes of the story the idea worked, but I doubt that a 'dead' eye would give the same reading as a 'live'eye, would it?
Perhaps and perhaps not. Dan Brown isn't known for his attention to detail or research. At a guess if the scan was looking at blood vessels then there may be some issues with trying to scan a dead eye.
This kind of thing, though, is why RSA tokens and the like were invented.
Some years ago, some German cars were made with fingerprint-activated locks. There was a spate of violent crimes against the owners. Usually the criminals lurked by the car until the owner came back and then forced him to unlock it, but one car owner did have a fingertip cut off. As a result of the publicity, no one wanted to buy the cars.
one aspect that (i think) hasn't been mentioned yet:
i bet these mopile phone fingerprint scanners have some sort of tolerance/precision setting and accept a fingerprint if it is above a certain (probably not very high) threshold - so my guess is that depending on this threshold the trick with the hires online picture would or wouldn't work.
clearly a fingerprint scanner that only works after cleaning both the screen and your finger with alcohol wouldn't be very useful in everyday application.
clearly a fingerprint scanner that only works after cleaning both the screen and your finger with alcohol wouldn't be very useful in everyday application.
But, if that were for your car's ignition it would be a quite reasonable explanation for the smell of alcohol in the air.
"Yes, ossifer, I had to clean with alcohol to get my star cardid."
Well, "entirely O.T. here, but," if you need to clean electrical contacts, the very best stuff I've ever found to do it is pure grain alcohol (PGA), sold in liquor stores under names like "Everclear." A miniature is more than enough if you can find it, but it's not expensive anyway.
The advantage of the stuff is that it contains essentially no water. The alcohol evaporates quickly, leaving the surface completely clean and dry. I dip a Q-Tip® cotton swab into a tiny amount in (appropriately enough) a jigger. For more difficult jobs, any pharmacy will sell you a box of about 100 lint-free cotton disks.
It goes without saying that alcohol at this concentration is poisonous (as well as tasteless), and flammable. Resist all temptation to drink it. If you have kids, lock it up.
Last edited by sundialsvcs; 01-15-2017 at 10:55 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.