- cross-posted to:
- privacy@lemmy.ml
- cross-posted to:
- privacy@lemmy.ml
You must log in or register to comment.
Never use biometrics to lock anything. You can be forced to push a finger to a sensor, or your head forcibly held still for a facial scan.
Only use passwords/passcords. only they are secure against this totalitarian bullshit.
They’ll still put you in jail on fake charges if you refuse to give your passcode, but at least your datas safe and now your case is unlawful imprisonment instead of relying on octogenarian judges thinking its okay to force compliance with a biometric.
Only use passwords/passcords. only they are secure against this totalitarian bullshit.
Oh sweet summer child. Password is as easily beaten out of you as biometric.
Obligatory XKCD https://xkcd.com/538/
If we’re talking about a situation where they can just straight up beat you legally until you give them a passcode, then what’s on your phone likely doesn’t make a difference in the outcome.
Oh it does. It could be some information throwing shade on other people
This ⬆️
Or that?
Don’t use biometrics.
Period.
Full stop.
Biometrics are fine, just use lockdown of you get pulled over or are going throgh TSA.
You can still activate the camera/camcoder by double tapping power on a Pixel even in lockdown.
I love the confidence that a US cop or CBP agent are going to allow you to lock your phone while they’re asking you to hand it to them.
Biometrics is not security. Biometrics is ease of access. It’s literally designed to make your phone easier to access for you and by extension for a low skilled strong arm attacker or jack booted neo-fascist police state cop or border agent, a high skilled hacker, or a nation state actor. If your intention is to make your device easy to access, congratulations, biometrics is the right choice.
It’s not that hard. See the lights on behind you, pull over and lock your phone.
low skilled strong arm attacker or jack booted neo-fascist police state cop or border agent,
Bless your heart. Those bad people will just beat the password out of you without sweating.
Did you read the article? US police and CBP can point your phone at your face or force your finger onto the scanner to unlock your device against your will.
Did you read the quoted part of my comment?
I love the confidence that a US cop or CBP agent are going to allow you to lock your phone while they’re asking you to hand it to them.
They’re not ninjas dropping out of trees at random moments demanding your phone.
What is the scenario that you’re picturing here where the person with the phone had literally no warning and no time to activate the lockdown? Turning your phone off takes like 5 seconds.
Is it technically less secure? Yes.
Is there any reason for the vast majority of people to assume they will ever be in an arrest situation where they won’t have adequate time to turn off their phone? No.
I’m all for being paranoid and cautious but this idea that convenience must always bow to absolute security is an absolute pox on the tech industry. There is such a thing a reasonable risk. You’re engaging in that yourself for even owning a mobile device that some jack booted neofacist could pluck out of your hands.
“Hand me your phone, please.”
Just restarting also works
Fuck America
Pro-tip: get a folding phone and use biometrics happily. If the cops come for you. Snap it in half. /S
Pro tip: every phone is a folding phone if you try hard enough.
I was thinking about face ID the other day. What if you trained it while making a funny face? So then you would have to make that face to unlock the phone and how could someone compel you to do so? It’s sort of a 2-factor authentication in a way.
That’s a fair point. Not sure if that’s been litigated yet.
The only reason that a cop can’t compel you to give up a pin or a passcode is because that is information you have in your brain, and they can only compel actions, not information.
They could probably compel you to make a face, but they couldn’t compel you to unlock the phone with your face without knowing what that specific face is, and they can’t make you provide them with the information on that specific face either.
Right, so your choice of facial expression would, in effect, act like a passcode. Good luck breaking into Jim Carrey’s phone!
I got the idea initially when I noticed I couldn’t unlock the phone while laughing. Then I got annoyed and I guess angry face didn’t work either.
I wonder now what would be the minimum facial contortion you would need to make a distinct ID? It could be something as subtle as curling your lip or raising a cheek muscle slightly? I might have to experiment with this a bit…
Buying phones with no thumbprint would be my next priority in life. No thumbprint, no camera.
You know you can just not use it, right?
People like to complicate things.
Sure but what about a dick print? Or even better, ball print?
On iOS hold power and volume up until SOS/power off options appear. TouchID/FaceID is now disabled until the next time you input the code.
Also you’re experiencing some amnesia due to the stress of interacting with a cop.
5 taps on the lock button works too
Is there a way to set up multiple user profiles for the same phone, activated by different prints/PINs?
Then you could have your main profile unlocked by like your ring finger print; but if you scan your thumb or index, it’ll unlock basically a dummy account with some bullshit apps and contacts and nothing else.
Like the phone equivalent of a throw wallet with a few bucks and an expired credit card or two so you have something to surrender in the event of getting mugged, without losing anything of actual value.
There is. ColorOS by Oppo have that feature
this is the way.
regardless of what the law says, at least where i live, cops will compel you to unlock it anyway if they decide to. this feature is a must.
I don’t know of how to do that without visibly switching accounts, but I believe the GrapheneOS folks are prepping a “duress PIN” for the next major release. I’m not 100% sure of what it entails but could have a similar end result to what you’re after
That would be cool enough to get me off my ass tbh
The problem there would be if they have told you to unlock the device and you do something to further lock it down, and they can prove that you did that (like there’s some big letters on the lock screen that say “lockdown initiated” or something), that can be considered obstruction.
To picture it another way, imagine you had the one key to your vault, they order you to unlock it, and you swallow the key.
It’s kind of in the same way that you can destroy evidence at any time until an investigation has started or you have a reasonable belief that one is about to start. At that point, destroying the evidence would get you in trouble.
Depends a bit on your threat model I suppose. Journalist protecting a source? Probably helpful. Getting mugged? Helpful for preventing ID theft, but potentially increased risk of physical harm. Political dissident covering up regionally unprotected speech? Obstruction charge may be less harmful than the alternative. Wall Street trader shredding insider trading documents? Obstruction charge may be worse.
This is a gross oversimplification but shows how it could be helpful even if it isn’t ideal in every situation.
BlackBerry devices had this.
They had a “under duress but unlock” PIN and a “under duress and wipe device now” PIN. You needed their enterprise management server to configure it.
Power+volume up > lockdown
Didn’t work for me
You have to keep them pressed until the turn off screen appears, then just cancel the turning off
Is this an iPhone or Android thing?
Edit:
On my pixel 6 I see this. I have no idea what this is or what it does
Edit 2:
"When you put the phone into “Lockdown,” it disables all those less-secure unlock methods. The fingerprint scanner, face unlock, and Smart Lock are completely disabled. Only the PIN, pattern, and password can be used. "
So tempting just to reply ‘yes’ :)
But it’s iPhone at least.
Volume up and lock shows lockdown on my pixel 6 so it’s either android or both.
I assumed android because we’re on lemmy but I bet it’s an iPhone thing.
I’ll stick with power off or reset since that’ll force a pin.
Not for me. Turn off screen only appears after holding power down for a second (and gives lockdown option). Power+vol up does nothing.
What iPhone you have?
None at the moment, meant on Android. At the time it wasn’t clear what platform they meant.
This is extremely dependent on what phone you’re using
I think it’s pretty much every modern android, no?
This has been a feature on my last pixel phones as well as my latest Sony android phones
Doesn’t seem to do anything on my samsung phone, but maybe that’s because I don’t have biometrics on
It turns on vibrate mode for me, and power + volume down makes a screenshot
Turn your phone off before handover. They require pin at power on, which at least at this time cannot be compelled.
One second officer, let me just power down my phone real quick.
What percent of arrests do you suppose happen with SWAT storming your house with flashbangs?
No idea. But it’s worth considering that there are cases where you might not have the opportunity to power it down.
And what are the percentage of those cases?
Just make sure to shutdown lock your phone before dealing with the cops, but also make sure to record your interaction with the cops cause they can and will lie. 🤷♂️
Kind of tough to do both since the only way most people have of recording their interactions is with their phone.
That’s always been the craziest thing to me about the US police system. In Finland the police is not legally allowed to lie to you about facts. They can lie about themselves and whatever, but not wholesale invent out of the thin air and gaslight people into believing that they did something.
They can literally lie to you saying they found complete evidence that you committed a crime and that you’ll get jail time unless you confess in the interrogation room. And then when you confess, they’ll still give you jail time.
Cops in the US have very little oversight.
What happened to being secure in our documents and personal affects?
Is the constitution a joke to you?
US “constitution” sounds honestly like a joke to me
The constitution is only used to protect property rights of the owners and the power of managers. The working class is not often afforded it’s protections.
I’m this case, the defendant was on parole, so there was already a court order allowing the search of his devices.
Payne conceded that “the use of biometrics to open an electronic device is akin to providing a physical key to a safe” but argued it is still a testimonial act because it “simultaneously confirm[s] ownership and authentication of its contents,” the court said. “However, Payne was never compelled to acknowledge the existence of any incriminating information. He merely had to provide access to a source of potential information.”
If you can be compelled to hand over a key to a safe, I can see how that translates to putting your thumb on the scanner.
Luckily LineageOS and GrapheneOS have a lockdown mode (Graphene also supports disabling fingerprint for screen unlock), though rebooting your phone usually doesn’t cause you to loose any work since everything autosaves as phones kill background apps to save battery and memory. Separate user profiles for situations like protests or certain contexts (preferably with some dummy data to make it not look to sus) are also useful.
It’s very unlikely the OS actually kills apps in the background as that would legitimately break many apps and is a source of frustration from other OEMs.
There’s a difference between killing an app and putting it into a less active state.
When you swipe an app away from your recent lists, it’s not actually killing it, its just putting it in a different state.
When your force stop an app from its info under settings, you’re actually killing it. Nothing about it is alive.
When you actually kill an app, things like alarms stop functioning. The app needs to be alive for the alarm to function. Even so much that when you set an alarm on your phone, you need to set the alarm again after rebooting as they arent permanently stored and if the phone is rebooted the app needs to be woken up and the alarms re set. There’s a whole development workflow to do that.
There was a brief period many years ago when an OEM actually force killed an app when swiped away from recents without fully understanding the implications and they later reverted the change.
Push notifications of any type would also completely cease functioning.
to lose* any work
Passcode, baby, I’m coming back to you!
For iPhones, a reboot will require passcode even if you have biometrics configured.
You don’t even need to reboot. Just holding the shutdown combination to pull the menu up is enough to activate the passcode lock. You can just hit cancel after that.
OR you could carry a knife with you and chop off your thumb if they try to arrest you
Nah, then they get you for littering and open the phone.
You have to walk around with a hotplate so you can sear your fingerprints off.
I feel like a lighter would do
I prefer to just have my phone’s fingerprint reader loaded with a non-fingerprint. You can use any part of your body, really. Use your imagination. It’ll be functionally impossible to unlock your phone even using that same part of your anatomy later, even if anyone could guess what it was.
So then your phone will ask for a fingerprint but none of your fingers will ever in a million years actually unlock it. Jack booted thugs are welcome to try; they will fail. To actually use your phone, just enter your PIN or passcode.
Rub my dick on the phone or chop off my thumb? Decision, decisions
Obviously the decision here is an easy one…
Know where to get a good whetstone?
