Social Question

LuckyGuy's avatar

Do you trust Microsoft, Apple, Google, et al., with your biometric data?

Asked by LuckyGuy (43866points) March 23rd, 2015

Windows 10 will be released with fingerprint and/or facial recognition to unlock the device. That is very convenient. Supposedly the information will be stored locally on your device. Yet we already know there will be backups in the cloud to cover situations where the device fails and has to be replaced.
Who else will be able to hack and copy your fingerprints? Do you care? How long will it take before devices are hacked by nefarious individuals with fingerprint stealer software like keylogger software in use today?
My old IBM Thinkpad has a fingerprint reader and I have never put my finger near it. Never! (Actually, it’s covered with electrical tape.)
Will you use such a system?

Observing members: 0 Composing members: 0

30 Answers

marinelife's avatar

No, I don’t trust them with any of my private data, but that ship seems to have sailed.

Espiritus_Corvus's avatar

No. It’s time for Ubuntu.

LuckyGuy's avatar

@marinelife They already have so much private info. Would you willingly give them your fingerprint data? Would anyone?

Mariah's avatar

Call me naive but I really don’t see what nefarious things such a company could do with that data.

dappled_leaves's avatar

No. One of my laptops, bought about 6 years ago, has the option to use a fingerprint as a password, and I’ve never activated it. I don’t think they need my prints on file, thanks.

Presumably, Win10 will not require prints, so we can just ignore the request.

Plus, if someone wants to steal my laptop, they can just do that. I don’t want them to also need to steal my hand! ;)

Espiritus_Corvus's avatar

@Mariah I’m sure you nor I do anything we would personally be ashamed of on the net. It’s the principle of the thing, it’s a form of duress used as incentive for you to give up just a little more privacy. And, you have no idea what the future could bring. What seems to us innocuous today may be considered taboo tomorrow, even some of the conversations concerning god and government here on Fluther could be construed as dangerous under a stricter Patriot Act, in a country under just a little more stress. Ask any European Jew, Gypsy or homosexual, if you can find one, who lived under the Weimar period, then the following two decades. Things change over night. Trust this: so far, America’s stability has been more of an exception on this globe.

Mariah's avatar

Yikes. No offense but this all seems really paranoid and unlikely to me. I think I’d rather save myself a bit of mental duress and not worry about such things.

jaytkay's avatar

Who says there will be fingerprint “backups in the cloud”?

Also, wherever it is, I presume the data would be saved like passwords, as a hash, which can’t be used to re-create the password.

gorillapaws's avatar

I trust Apple. Microsoft, Google, Facebook, etc. all have too much to gain from selling my info. Apple makes it’s money from hardware, and has a huge financial incentive to keep the trust of their users. They’re not perfect, but I’ve never seen them behave in a way that made me worry about my privacy.

jerv's avatar

Not just no, but hell no! To say IU have trust issues is a bit of an understatement.

@Mariah There is more to it than @Espiritus_Corvus lets on. Yes, those are some valid points, but not the whole story.
Many claim they have nothing to hide, but if that is true, then would you please tell me your SSN, banking account number, and all PINs and passwords? If you are truthful in having nothing to hide, then you should have no problem posting that info here, in a public place. I will wager that you do, in fact, have things to hide. Things that could be accessed by anyone who has your biometric data.
Of course, companies may be to scrupulous to do anything nasty if you give them that info, but that leads me to….

@gorillapaws You may be right, but you seem to assume that Apple is in full control of the information it has. Ask Jennifer Lawrence how true that is! And it’s not like that iCLoud celebrity nudes affair the first time they’ve been hacked either.
Apple’s intent is irrelevant as I don’t trust my private information to those with a history of disseminating that information even if they do so unwillingly and/or unwittingly.

@jaytkay One would hope that they would do it that way, but since that is how Linux would do it, I would almost bet that Apple would try to reinvent the wheel and so something different. Probably the sort of “something different” that would make Bruce Schneier wince.

@Espiritus_Corvus As an aside, America is stable? If the last few years are any sort of omen, that won’t last much longer.

longgone's avatar

Considering that my activities on the internet are linked to my IP address – which is linked to all my devices and their (my) exact geographic location – I’m convinced my “privacy” does not exist. I think governments are much more of a force to reckon with, and they already have my biometric data.

LuckyGuy's avatar

I figure the data will be saved as a hash too. BUT I also figure it will not take long before there will be people selling scan data stealers – like they do now with keyloggers. Those steal your passwords by intercepting what you type right at the keyboard. The programs will also show up like viruses, trojans, spyware, etc. do today.

LuckyGuy's avatar

@Mariah Occasionally, for work, I make replicas of surfaces to measure microscopic wear on metal surfaces on parts like gears. With someone’s fingerprint info I can make a replica and put it on acetate so it can act like a rubber stamp. I’ll bet those could be sold (on the XYZ replacement for Silk Road via TOR) to nefarious individuals wishing to throw the police off track – or make a victims life miserable.
It sounds like a CSI Cyber episode but I don’t think it is so far fetched. You just know someone is out there working on the software.

Silence04's avatar

I singed off my fingerprints years ago after 1984, didn’t everyone else do the same?

LuckyGuy's avatar

@Silence04 It will be easy to get into your computer. Like making your 8 character password: “password”.

hominid's avatar

I don’t know. I am probably the complete opposite of everyone here. I make all of my purchases via credit card (and a ton through Amazon.com), I am deeply-invested in Google services, I opt in to all location-based Google services on my phone so I can enjoy the location-based services, I regularly use my fingerprint scanner on my T530, and I do not use any services like Tor.

Am I being insanely-naive? Maybe. But I fully embrace technology and are willing to accept the risks for the convenience, as disgusting as that may seem to some of you. The privacy-destroying services I opt into are the ones that I was hoping would be implemented some day. I lead a busy life and have 3 kids. I don’t have the time or interest to execute my life via pen, paper, and cash. I will admit that there are clear privacy-related advantages to doing this, but I am not motivated by these concerns.

Also, as a software engineer, I write GPS and monitoring software. Tens of thousands of kids are riding around in school buses right now and the school districts are collecting very specific live GPS data for those buses using software that I wrote. When districts implement student tracking, the kids scan on the buses and that data is collected real-time using software that I wrote and is available to parents. They get notifications when (and where) their kids have scanned on or off the bus. They can watch their kids’ school buses on their phones on the map and sign up for late bus notifications. The software calculates sudden stops, speeding, etc and is available to district transportation systems. For me, data is useful. Other people see it as a threat, and I guess I can see that. I just can’t feel that.

gorillapaws's avatar

@jerv “You may be right, but you seem to assume that Apple is in full control of the information it has. Ask Jennifer Lawrence how true that is! And it’s not like that iCLoud celebrity nudes affair the first time they’ve been hacked either.
Apple’s intent is irrelevant as I don’t trust my private information to those with a history of disseminating that information even if they do so unwillingly and/or unwittingly.”

I’m not assuming they have full control (I admitted they’re not perfect). My point is that they are heavily incentivized to protect their users’ privacy. It’s a big part of their business model. I don’t think their intent is irrelevant at all. Apple has consistently demonstrated that they will fight for privacy of their users.

They’re not going to be perfect 100% of the time (I accept that risk), but neither is anything else. So if I am going to put my faith in a company with my private info, I’ll do it with the one that is financially incentivized to not sell my data out to the highest bidder, and whose stock would take a major hit when there are privacy issues.

LuckyGuy's avatar

So @hominid, will you use fingerprint scanning?

hominid's avatar

^ Sure, I’ll continue to use fingerprint scanning if it’s available on my device (I currently do this on my Lenovo T530).

Espiritus_Corvus's avatar

Speak of the Devil…

02/14/2015: Researchers revealed Thursday that some laptops sold by China’s Lenovo, the world’s biggest PC maker, had a security flaw that could let hackers impersonate shopping, banking and other websites and steal users’ credit card numbers and other personal data.

The software Superfish has been discovered on certain Lenovo computers which is a security flaw that could let hackers impersonate shopping, banking and other websites and steal users credit card numbers and other personal data.

Lenovo has apologised for pre-loading the computers with Superfish’s visual search software, which captures images that users view online, such as a sofa or pair of shoes, and then shows them ads for similar products.

Lenovo declined to say how many people own laptops infected with the software, but CNET reports the company sold 16 million Windows computers in the fourth quarter of 2014, according to industry analyst IDC. Superfish was installed on more than 11 types of Lenovo laptops sold to the public between September 2014 and January 2015, including the popular Yoga and Flex models, but not ThinkPads, Lenovo said. Lenovo has published a full list of affected computers.

The Department of Homeland Security issued an alert Friday saying Lenovo customers should remove Superfish software because of the hacking dangers. A spokesman for Microsoft told CNET that Windows security software has been updated to detect and remove the Superfish software.

Sources: “1”:http://www.cbsnews.com/news/microsoft-lenovo-superfish-security-flaw/ & “2”:http://www.adelaidetechguy.com.au/home/the-superfish-problem

That’s just the latest concerning only one computer company. Lenovo has a long history of building tenacious adware, “super cookies” and other breaches into their computers without their customers knowledge. Apple is advertised as the least notorious for purposely built-in security breaches, but in actuality, “they frequently have them as well”:https://www.google.com/search?client=ubuntu&channel=fs&q=apple+privacy+violations&ie=utf-8&oe=utf-8. Some have been intentional, like Lenovo, but most are unintentional.

It should be remembered that none of this adware is necessary to operate your computer. It does not enhance the computer’s ability to compute. It is strictly for the benefit of the computer producer and not only without the knowledge of the end user, but can put their customer base at risk.

dappled_leaves's avatar

@Espiritus_Corvus Wow, thanks for the warning. Are all computer manufacturers building this kind of thing in? And are their activities visible, by browsing through Program Files or keeping a casual eye on the Task Manager – or are third-party programs necessary to spot their activity?

ucme's avatar

I’m just going to agree with @Mariah & to hell with it.

Espiritus_Corvus's avatar

@dappled_leaves I don’t know, but they all can, they have the same capabilities and incentives to do so, and some, as you see above, have a history of doing it. We never know about these things until after the fact. This wasn’t Lenovo’s first turn around this particular block, either. They were fined for doing the exact same thing a few years ago, which tells me that they know that it can injure their customer base, but other monetary considerations take precedent. There is an ugly mantra that has come up in the corporate world since the eighties, and that is, “It is much easier to ask for forgiveness after the fact than it is to ask for permission before.” They do their homework. They calculate the fines versus the potential profits before hand. They chalk it up to the cost of doing business. The penalties are just overhead.

dappled_leaves's avatar

Leaving us with yet another level of research to do while shopping. Sigh.

sahID's avatar

Biometric data? Absolutely not! Unfortunately, in time, either fingerprints or iris scans will be as mandatory as passwords are now.

Espiritus_Corvus's avatar

@dappled_leaves I know. It’s a strange boat we find ourselves in. Thank god we have computers to check out computer manufacturers who may harm us through our computers.

jerv's avatar

@gorillapaws Sorry, not convinced. Oddly enough, I trust open source solutions far more as they actually have more incentive than mere dollars. I think that having millions of eyes looking for bugs (including untold thousands of white hats and tiger teams trying to break it in the name of QA) is beyond the realm of feasibility for commercial entities, thus meaning that those driven by finances are also limited by them.
Put simply, I would trust the integrity of a large team of programmers motivated by the desire for security for security’s sake more than I would a smaller team with more limited resources that has secondary concerns like deadlines or paychecks. People who have a vested interest in keeping everyone else’s stuff safe because they use the same tools to keep their own stuff safe; if you’re going to eat your own dog food, you make sure it’s really good dog food.

@Espiritus_Corvus Like Apple, Lenovo is generally respected for their hardware. (Moreso if you add in their subsidiary, Motorola Mobility.) Unlike Apple, they have a profit margin closer to 4% than 40%. With profit margins that thin, it’s not hard to see why they may pre-install third-party software like Superfish; they don’t install bloatware for free.

@dappled_leaves It may be another level of research for some, but it’s SOP for most geeks. Of course, those that have a habit doing a clean install of the OS (often Linux) on new systems are not terribly concerned with OEM malware since that sort of stuff generally dies in a fire when you format/repartition the hard drive.

@sahID Entirely true. Unfortunately, that may lead to stuff like this Demolition Man iris scanner hack; NOT for the squeamish!

dappled_leaves's avatar

@jerv Yes, obviously not a concern for Linux users. That’s not most of us, though.

jerv's avatar

@dappled_leaves It’s not just Linux users. While most who do that do prefer penguin power over Redmond’s biggest export, even cautious Windows users, the type that don’t trust the “uninstall” portion of he Control Panel to decontaminate their OS, prefer clean installs, uninfected with OEM bloatware.
But yes, those who wipe the drive instead of using the OEM install are a small portion of the market.

Answer this question

Login

or

Join

to answer.
Your answer will be saved while you login or join.

Have a question? Ask Fluther!

What do you know more about?
or
Knowledge Networking @ Fluther