Categories
Apple Digital Culture Technology

About FaceID

I’ve seen the hottest of terrible hot-takes over the last couple of days about Apple’s announcement this past Tuesday (although leaked a few days before) that their new flagship iPhone, the iPhone X, will use a biometric system involving facial identification as the secure authentication mechanism for the phone. No more TouchID, which uses your fingerprint as your “key” to unlock the phone, we are now in the world of FaceID.

Let’s get this out of the way early in this essay: biometrics are for convenience, passcodes are for security. This doesn’t mean that biometrics aren’t secure, but they are secure in a different way, against different threats, for different reasons. The swap of FaceID for TouchID does nothing to lessen the security of your device, nor does it somehow given law enforcement or government actors increased magical access to the information on your phone.

You’d have thought, from the crazed reactions I’ve seen on Twitter and in the media, that Apple had somehow neglected to think of all of the most obvious ways this can be cheated.

 

and my personal favorite

The Wired article above, by Jake Laperuque, includes the breathless passage:

And this could in theory make Apple an irresistible target for a new type of mass surveillance order. The government could issue an order to Apple with a set of targets and instructions to scan iPhones, iPads, and Macs to search for specific targets based on FaceID, and then provide the government with those targets’ location based on the GPS data of devices’ that receive a match.

If we’re throwing out possibilities…any smartphone could do that right now based on photo libraries. If there was a legal order to do so. And IF the technology company in question (either Google or Apple, if we’re sticking to mobile phones as the vector) did indeed build that functionality (which would take a long, long time) and then did employ it on their millions and millions of phones (also: long time), it would involve an enormous amount of engineering resources. Coordination of the “real” target vs family members who just happened to have photos on their phones of Target X should be fairly easy to do via behavioral profiling and secondary image analysis.

But that, like the FaceID supposition above, is bonkers to believe. If anything, FaceID is more secure in every way than the equivalent attack via standard photo libraries. If a nation-state with the power to compel Apple or Google into doing something this complicated and strange really wanted to know where you were…they wouldn’t need Apple or Google’s help to do so.

The truth of the matter is that FaceID is no less secure than the systems we have now on Apple devices (here I am not including Android devices as there are simply too many hardware makers to be certain of the security). TouchID, the fingerprint authentication process that is available for use on every current iPhone (and the new iPhone 8 and 8 plus), every current iPad, and multiple models of MacBook, uses your fingerprint as the “key” to a hash that is stored on a hardware chip known as the Secure Enclave on the phone. When you place your finger on the TouchID sensor, it isn’t taking a picture of your print, or storing your print in any way. The information that is stored in the Secure Enclave isn’t retrievable by anything except your phone. Your fingerprints aren’t being stored at Apple Headquarters on some server. There is no “master database” of the fingerprints of all iPhone users. The authentication is entirely local, as witnessed by the fact that you have to enroll your print on every iOs device separately.

FaceID appears to be exactly the same setup, with exactly the same security oversight as TouchID. It’s entirely local to the phone, and all of the information (a “hash” of information about your face…it’s really not fair to call it a “picture”) is stored on the Secure Enclave within the iPhone. We haven’t seen the full security report on FaceID and iOS 11 yet, but I am certain it will be available soon (iOS 10 and TouchID is available here). Given the other well-considered aspects of security on iOS 11 that we have seen, such as requiring a passcode before trusting an untrusted computer, I am confident that iOS 11 and FaceID will be at least as secure as their previous iterations.

Is it possible that Apple, the most valuable technology company in the world in large part due to their ability to develop hardware and software in concert with each other, completely missed something in making FaceID? Of course it’s possible. But all of the ways that technology of this sort has failed from other companies (racial bias, poor security models, data leakage) have not yet been true for TouchID. I do not believe they will be true for FaceID either.

Even setting aside the purely technical aspects, legally there is no difference in the risks of using FaceID over using TouchID. In the tweet above about police holding your phone up to your face to unlock it, it would be important to note that they can compel a fingerprint now. It is entirely legal (with a lot of “if”s and “but”s) for a police officer to force your finger onto your phone to unlock it. No warrant is necessary for that to happen. FaceID is exactly the same, as far as legal allowances and burden of proof and such, as TouchID is now. In the case of preventing law enforcement access to your phone, the only answer is a strong password and your refusal to give it to someone.

It isn’t clear to me if FaceID is going to be a good user experience…without devices in user’s hands, we have no idea. But the knee-jerk response that somehow Apple is building a massive catalog of faces is neither true, nor possible given the architectures of their hardware and software.

This isn’t to say that there isn’t some real danger somewhere:

I think Zeynep has this (as most things) exactly right. This technical implementation is really quite good. The normalization of the technology in our culture may well not be…but this is why I am so vehement about defending this positive implementation as positive. Let Apple’s method of doing this be the baseline, the absolute minimum amount of care and thought that we will accept for a system that watches us. They are doing it well and thoughtfully, so let’s understand that and not let anyone else do it poorly. And for goodness sake don’t cry wolf when technologies understand their risks and are built securely. Because just like the story, when the real wolves show up, it will be that much harder for those of us paying attention to raise the alarm.

EDIT: After writing this entire thing, I found Troy Hunt’s excellent analysis, which says many of these same things in a much better way than I. Go read that if you want further explication of my take on this, as I agree with his essay entirely.

Categories
Personal

Monoprice Mini Delta 3D Printer

The world of low-price 3D printing has been upended by Monoprice over the last several months. They’ve launched a handful of very inexpensive but well-reviewed printers at price points that basically no other manufacturer can touch.

Their latest printer, the Monoprice Mini Delta was launched earlier this year on Indiegogo, and I just received one of them. It’s a very small delta style 3D printer that’s rated to handle ABS and PLA. It has a heated bed, and more importantly, an auto-leveling feature, even if the build volume is only 120mm x 120mm (Delta printers have circular beds, which makes the bed size a diameter rather than an X/Y plane measurement). It even has wifi built in, so that prints can be sent wirelessly.

Did I mention that the printer is rumored to cost only $149? Fully assembled, ready to go out of the box.  They haven’t publicly announced retail pricing yet, but it looks like they are aiming at a $149 as the price, which will make this an amazing deal.

Even $149 is still a fair amount of money for many people, but relative to other 3D printers it is an amazing entry-level price.  For that price, you don’t get the long-term reliability of something like a Lulzbot Mini…the Monoprice Mini Delta is all metal, but is clearly not as well-built as more expensive printers. The tech support alone is going to be far, far less competent that companies that specialize in 3D printing. It’s louder, it rattles a bit, the fit and finish isn’t perfect. But in my testing, the quality of the prints it is putting out for me is much higher than one might expect given the price point.

I’ve printed a couple of Benchys at different orientations, and they have all been well within my expectations for accuracy.

All in all, this is a heck of a printer for the price. The reports online are that Monoprice is having a few issues with first-round production errors…bad control boards mostly. Those are being fixed with new machines immediately, though, so it looks like they are handling the launch and initial support problems fairly well.

I’m not yet certain if I’d recommend the Monoprice Delta Mini to libraries, as I haven’t had time to put hours and hour of printing on the thing to test its reliability. Given the overall build quality, I’m betting that this printer will need a bit of attention to keep running smoothly, which is something that libraries often can’t take the time to do. For libraries, I still recommend going with proven workhorses like the Lulzbot Mini as an entry level printer, or the Taz 6 as a high-end production machine. Even though the Delta Mini is almost 1/10th of the price of the Lulzbot Mini, I’m not convinced it’ll last 10 times as long, or print reliably 10 times as often.

What I would do is recommend the Delta Mini to librarians who are interested in playing around with the technology without a huge investment. For $150, you can have your own 3D printer to play with sitting on your desk at home….one that takes up about as much space as a large houseplant. This is the perfect sort of printer for individuals that just want to play around with printing things for the house, or their kids.

It has definitely made me set up and take notice of what Monoprice is doing in this space. I expect we’ll keep hearing from them over the next year or so with bargain-basement prices on interesting hardware. I’ll keep my eyes out.

Categories
3D Printing

3D Printers for Libraries, 2017 Edition

Back in 2014, I wrote a Library Technology Report for ALA entitled 3D Printers for Libraries (Creative Commons licensed version found can be found here). In the past 3 years, much has changed in the world of 3D printing: they exploded across libraryland, became cheaper and more useful, and the number of printer makers has grown like mad. So when ALA asked if I’d update the LTR for 2017, I said yes.

In it, I cover many of the changes in the 3D printing landscape, including the huge variety of new filaments and their properties. Tons of new printers, new types of control software that’s emerged since the last Report, and lots more that can help inform libraries and librarians about the possibilities for 3D printers in 2017.

I hope people find it useful and informative!

Categories
3D Printing Release_Candidate

3D Scanning with Water

The research is documented in a paper entitled “Dip Transform for 3D Shape Reconstruction,” which you can access here. In the paper, the researchers describe how they created what’s called a dip scanner, which literally dips an object into a bath of water. The object is repeatedly dipped in different orientations, and the water’s volume displacement is measured, which provides an accurate representation of the object’s entire shape.

Source: 3D Scanning with Water: Researchers Introduce New “Dip Transform” Method | 3DPrint.com | The Voice of 3D Printing / Additive Manufacturing

Categories
Berkman

Berkman Klein Center Affiliate 2017-2018

I am honored to be included in the list of 2017-2018 Berkman Klein community members. This group of scholars, researchers, legal experts, technologists, information specialists, and more inspire me every year, and I can’t wait to meet the newest class. Here’s hoping I can continue to be worthy of inclusion in this fantastic community…the things I’ve learned over the last two years makes me incredibly excited for what’s to come in year three.

Categories
Release_Candidate Uncategorized

ARKit Inter-dimensional Portal

This is crazy. Apple is killing it with ARKit.

ARKit Inter-dimensional Portal by @nedd. Music by The SAME.

Source: Made With ARKit – ARKit Inter-dimensional Portal by @nedd. Music…

Categories
Personal

Measure the Future project goes Public Beta

Over on the Measure the Future project blog, I posted about going formally into public beta. I’m very proud of the work that’s been done to get the project to this point. I couldn’t have gotten this far without help from so many people, including especially the Alpha testers and the development team (Clinton Freeman, you’re a miracle worker). Here’s an excerpt from the longer post over on the MtF blog:

Measure the Future is also adding additional locations for installs with a new round of 4 Beta partner libraries. These additional locations (announcement soon on who those are) will give us even more feedback and will work with us to determine the best way to present this new type of library usage data. We will be answering the questions that our Beta partners want answered, so if you have questions you want our help with, please let us know. We have room for a couple more libraries in our Beta testing, and would love to work with you.

The big development goal for our Beta period is the move from local visualization of activity and attention in library spaces to a cloud-based portal that will allow for much richer visualizations. We are dedicated to making this move from local-to-cloud as privacy-focused and security-aware as possible, and so we will be taking great care in how we move forward.

Head over to read the full announcement, and visit Measure the Future to see all the code, instructions, and more that we released this weekend. There’s more to come, including a walk-though of a setup as soon as I can get some video and screen recordings together.

Categories
3D Printing Release_Candidate

 BlackBelt 3D Printer

This is the first truly novel FDM 3d printer that I’ve seen in years…not only do they look like they’ve solved a few issues (printing at an angle allows for overhangs to be dealt with differently) but the never-ending printed is genius. The printer isn’t cheap, but this is extremely clever engineering.

I look forward to seeing this come to fruition.

Categories
Machine Learning/AI Release_Candidate User Interface

Elon Musk Thinks We’re Four or Five Years Away From Neural Lace

Elon Musk’s neural lace project could turn us all into cyborgs, and he says that it’s only four or five years away. The billionaire CEO of SpaceX and Tesla has long been an outspoken critic of unrestricted artificial intelligence, and has been quietly researching the concept of “neural lace,” a merger of machine learning and human intelligence that could revolutionize our species. In a profile published Monday in Vanity Fair, Musk said he thinks a “meaningful partial brain interface” could be here in less t

Source: Elon Musk Thinks We’re Four or Five Years Away From Neural Lace | Inverse

Categories
Drones FutureTech Release_Candidate

DJI MG-1S – Agricultural Wonder Drone

Farmers are required to manage acres of farmland at a time, and have recently begun to tap into aerial technology to do so efficiently and sustainably. DJI MG-1S revolutionizes the way in which farmers can utilize drones to manage and take care of their crops. In this video, three individuals in the agricultural drone industry speak of their experiences with DJI’s MG-1S and tell us why it stands out amongst the UAV choices when considering factors of precision, effectiveness, intuitiveness, ease of use, s