As much as it makes folks reel, this is working as intended. If you don't want them to crack your phones, consider setting a 10+ digit alphanumeric passcode instead of a numeric PIN.
Also, do not enable the biometrics such as FaceID. I'm very much of this opinion[1] that biometrics are usernames, not passwords.
In addition to the problems you mentioned, biometric systems are basically designed to cause hash collisions. And probably to a higher degree than most people realize.
After all, it would be annoying if FaceID failed just because I haven’t shaved today. So the algorithm has to account for that. As such, the entropy of the input is reduced.
> Also, do not enable the biometrics such as FaceID
I'd really like to see the ability to set a specific fingerprint to lock down the phone, requiring a different, more secure credential from the regular lockscreen to unlock. A long passphrase would probably be the right credential for most people.
I'd like to have different fingers do different things, including one that prevents fingers from working
And have a short extra custom gesture to face to unlock
Or a dozen of other simple things we could get with a little more competition in a more open space
Numeric pin? Seems like fingerprints on the glass alone would make a shorter numeric pin trivial to crack.
I'm just thinking of all the other weak security systems like garage door keypads where the code is derived from the more worn buttons. Or cleaning/dusting an ATM keypad before someone enters their code and then carefully examining the buttons afterwards.
But who knows — perhaps people have completely munged up their displays making fingerprinting useless.
Man that would suck. I rely on muscle memory to recall passwords in everyday usage. Of course I could open a PWD manager elsewhere but it becomes cumbersome.
You would be surprised. After a couple days only, my brain adapted to the random layout well enough that it's the regular layout (on my iPhone, which doesn't seem to have the randomization ability) that throws me for a loop.
Would the ATM thing actually work though? Afaik most European ATM banks issue 4 digit pin codes and will block and eat the card at 3 invalid tries. Not sure how many tries you have total, but I figure it's not that easy to guess it right.
Update: ChatGPT says 12 tries total to get it right, so that makes it ~10% success ratio?
Yeah it could be very well possible that it wasn't limited to just 3 tries back then, or at the very least the ATM would not block and eat the card then, allowing you to try again or at a different machine.
> As much as it makes folks reel, this is working as intended. If you don't want them to crack your phones, consider setting a 10+ digit alphanumeric passcode instead of a numeric PIN.
Can't emphasize this enough. If you're going to use a phone, set a long strong password. Nothing else will do. Yes, it's a bit more inconvenient. There is no workaround.
Here's a list of people that have strong disagree[0]. What about those that have been falsely identified by facial recognition software? Just because you think you've committed no crime doesn't mean the authorities have the same thought.
that's also been updated as not being the greatest advice as they can use the lack of activity for that time period as being abnormal for you device which show suspicion as well.
just like not having any social media accounts looks suspicious. having a laptop with no data on it what so ever looks suspicious. if they want to find you as a suspect, they will find ways of doing it.
>that's also been updated as not being the greatest advice as they can use the lack of activity for that time period as being abnormal for you device which show suspicion as well.
If you're a NEET or wfh is it really suspicious that your phone hasn't moved the entire day?
That video probably isn't making the point your trying to make, given that it repeatedly shows people getting beaten by police for things that definitely don't warrant it, and towards the end advises "getting a white friend" as a means of avoiding police brutality.
“One has not only a legal, but a moral responsibility to obey just laws. Conversely, one has a moral responsibility to disobey unjust laws.” – Martin Luther King, Jr.
Is your argument that we must obey all laws at all times, because a definition of "justice" cannot be given with the rigor of a mathematical proof? How then can law itself exist, without a means of objective interpretation? And why obey laws at all if no test exists by which any law can be determined to be either just or unjust?
You can find thousands of years of scholarship, philosophy, religion and legal doctrine on the matter, and most people seem capable of coming to at least a subjective conclusion on what is and isn't just, apart from what is and isn't legal.
For people protesting desegregation, the laws promoting desegregation were unjust.
For me, personally, punishments like death penalty (and adjacent, maximum security prisons, like ADX Florence) are abhorrent. If I had superpowers, I would violently oppose them. I would literally dismantle ADX Florence brick by brick, if I could. I imagine some people reading this would be equally horrified, and, would also violently oppose me.
The problem with protesting unjust laws is that these laws are just for other people. Coming to a personal conclusion on what laws are unjust is easy. Achieving consensus is impossible. Sometimes, even achieving majority is impossible (see, for reference, the Just Stop Oil guys who got 5 years in prison).
I'm not saying not to resist unjust laws; far from it. I am saying that determining what is moral and what is not is one of the hardest philosophical problems there is. And that opposing can, in some cases, lead to violence and civil war.
You're free to interpret your relationship with your government as a suicide pact if it pleases you. Others are not obligated to drink the poison of obsequious virtue.
The guy that was upset younger people were reading books instead of memorizing things, and believed that would make people dumb, and literally ruin the next generation of the world?
Yeah maybe he wasn't infinitely wise on all things.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre. [1]
Richelieu may have said this or he may not have but the fact stands that there are enough laws on the books to convict anyone of a crime no matter how virtuous that person thinks he is.
Maybe a morbid question but could they theoretically unlock the phone with the fingerprint of his corpse or do those sensors require current (like a touchscreen does)? I'm asking because I heard in the US law enforcement can force you to unlock your device with biometrics but I wonder if that only works if the subject is alive.
Seems the answer is yes, but only if you do the unlock very quickly after death. The reason seems to be what you suspected, that the fingerprint sensors require capacitance which is only maintained while we're alive.
I can't find who's the source on this. The best I can find is "people familiar with the investigation", but both the FBI and Cellebrite refused to comment on the story. This article quotes Bloomberg, which seems to be a copy of the Washington Post's article without all of the fluff.
I'm not surprised, there was a recent report that showed that Cellebrite can unlock any phone except for recent iOS and GrapheneOS. I'm just confused who "the people" that are being quoted everywhere are supposed to be.
It's an anonymous source. Someone who knows something and isn't supposed to say it, so figure someone at the FBI or Cellebrite most likely. Anonymous sourcing is a fraught practice, but often a necessary one if a journalist doesn't want to be restricted by what an organization will officially allow. You have to evaluate the publication, the journalist, and whatever details are available to decide if you want to trust them.
Its a claim that won't be confirmed and even if verified might be a lie to hide some better tech or just inane CYA. As an example, there is still nonpublic Kennedy material. Why would this event be any different?
That's interesting. Back when I used Android a decade ago I thought you had to enter a passcode for LUKS or something, to decrypt all the user data. Maybe I am misremembering?
From a tour I got in a forensics lab a while back, injecting a bootloader to bruteforce PINs was one of the options available at least. Had rows of phones punching numbers just waiting for the screen to turn green
1. Set a sufficiently strong alphanumeric password for your lock screen.
2. Remember to reboot your phone weekly to reset any non-root malware.
3. Disable multimedia in the SMS messaging app as it's a vector for Pegasus style malware.
4. If using Signal, go to Settings, Privacy, Phone number, and set everything to Nobody. This again blocks messages from unknown users that could be a vector for Pegasus style malware.
I wish there was a system-wide permission to audit and/or disable screenshots, but there isn't.
It’s a bit of a futile strategy though, kind of like trying to build a wall thick enough that a state actor can’t bust through. That is impossible because the state has access to nuclear weapons, gigantic drills, thousands of intelligent people whose sole mission in life is to break down that wall, nearly infinite budget, etc.
The only strategy that might work is to make it expensive or unviable to crack every single device. But in the case of something like this, an assassination attempt, then it’s a given that all stops are going to be pulled to crack it.
> That is impossible because the state has access to nuclear weapons, gigantic drills, thousands of intelligent people whose sole mission in life is to break down that wall, nearly infinite budget, etc.
Those generic statements are great and all until you realise that every year, dozens (hundreds, thousands???) people disappear without a hint of a trace and the government is powerless to do anything about it and can't find them.
Or when a large, wealthy company commits crimes (or just government officials sometimes), all they have to say is "we lost the data" and suddenly, there is nothing that can be done about it, it's lost to the ether for ever without any possibility to find out anything about it.
But that is my point - you can make it unviable to go after _everybody_. But if the state is targeting one person in particular, and has a super strong motivation to break the wall, like specifically in this case of domestic terrorism/attempted political assassination, there is no technology that is gonna stop them.
In those cases that people get way with crimes, it is much more likely that there is no political motivation to go after them for whatever reason du jour. I don't think it's because the technology is so strong that they can't.
Well, here in the Land of the Free it might be illegal for me to tolerate discrimination against them based on shared ancestry. So my only option is to show my outspoken appreciation for such a talented group of nationally-localized individuals that specialize in exporting surveillance software. Great job!
https://x.com/SEJeff/status/1813079033430876433
As much as it makes folks reel, this is working as intended. If you don't want them to crack your phones, consider setting a 10+ digit alphanumeric passcode instead of a numeric PIN.
Also, do not enable the biometrics such as FaceID. I'm very much of this opinion[1] that biometrics are usernames, not passwords.
[1] https://blog.dustinkirkland.com/2013/10/fingerprints-are-use...