One problem with fingerprints and security is: you only have 10 fingers. So if they are burned they are burned.
And jep, it’s possible to reproduce working fingerprints from tele photos of your hands.
2 Likes
At first I thought you mean literally burned…lol. Which could also be a problem if fingerprint is the only verfication method…and then you would be happy to be able to use a photo for recreating the fingerprint 
1 Like
And? I have yet to hear of an authentication mechanism that can’t be defeated through surveillance. There is always a tradeoff between security and convenience.
It is way more convenient to not have a front door on your home, but not very secure; there was a while where most homes just locked the knob, more convenient than having a deadbolt but less secure. Now most homes use a deadbolt still more secure than before but also still able to be defeated with a picture of a key (generally speaking). You can also add a security door, similar to a screen door but to keep out humans, that uses the same key as your deadbolt, or a different key.
This security door is how I see the fingerprint reader as being analogous to. Not more secure than the primary method of security, actually less secure, and generally used in conjunction; but if someone wants to only lock the weaker of the two they should have that option. This is especially true to me on the phone since they have the option to put other Linux OS’s that may not be as secure to begin with; the argument about protecting people from themselves I think is less important than the argument of freedom to do what they want.
No one has said fingerprints are the most secure, and I don’t even think anyone has recommended using them as the only authentication method.
And yes, you can defeat biometrics with surveillance, you can also defeat, passwords, physical keys, keycards, etc with surveillance. Each person has their own threat model, let them decide what is appropriate; trying to decide for them is trying to take away their freedom.
1 Like
the only way i would agree to have my fingerprints scanned by a digital device is if it is 100% Libre software (yes both hardware and software for obvious reasons) and if the said device is not connected to the internet in any way while it does the scan and if it stores the said fingerprint scan only localy and uses it to generate an on the fly password or code to unlock the internet connected device. basically if it acts like an external key rather than something embeded that can be remotely hacked or it’s fingerprint storage scanned and copied remotely. i’m not against any particular thing but the way the technology works has to 100% respect Libre principles.
1 Like
If a future Purism phone includes biometric sensors, it would need a emergency kill switch or equivalent to ensure you can’t be compelled to use the biometric authentication mechanism against your will, and I personally would have the sensors disabled until either the next full authentication (with a password) or reboot and authentication (with a password)
Similar to what Apple does with SOS mode
Biometry is not suitable for authentication.
I understand your point. Frankly fingerprint readers sound iffy to me (see previous research on spoofing fingerprints) and Face ID et al give me more concern because in theory someone can just take your phone and point it at your face to unlock it. I’m also not a fan of using biometrics for “locking” Android apps (see recent versions of Signal), and it should NEVER be used to retrieve a decryption key from a “escrow” chip for a full disk encrypted device (just a hypothetical scenario I’m sure someone’s thought up)
I think the whole reason Apple invested in implementing biometric (Touch ID, Face ID) based unlock on the iPhone is because they assume their userbase isn’t intelligent enough to handle a separate FDE/preboot and lockscreen password and the biometric unlock is to mitigate having to put in your password many times per day. It goes without saying you should have a long enough FDE password, but if file based encryption to protect data from a decrypted but lockde device is going to be a feature the security of it depends on the complexity of said password as well. I don’t know how Apple handles this with Touch ID, although I suspect its “have the key in a “escrow” chip to “release” the decryption key upon biometric unlock and hope for the best”, so that’s a concern as well.
Android recently found the sweet spot: just have a security mode where you have to enter the full code. Useful when going through airports - or you can just always have the fingerprint function disabled… But don’t make the phone purposefully slow to unlock for most of us… Just unnecessary. Very useful to have a backside fingerprint scanner!
2 Likes
How?
Given the legal powers available, when going through airports what you need is “no particular unlock needed” but entire unlocked environment is a cloak for the real environment i.e. just a few cute photos of “fluffy kittens” in the unlocked environment.
1 Like
Just giving a scenario when someone might want to force passcode only. Which is does during boot anyway, so you could just power down. At least you would have plausible deniability. “I’m bringing my phone back to my friend who left it at my house during his trip…”
Did Librem really choose not to have the fingerprint reader for security or privacy’s sake?
That kind of deniability could lead to the device’s being confiscated. That’s the legal reality. Don’t take the device through an airport if possible.
A fingerprint reader is fairly poor security in many scenarios (as the FAQ says).
I’m happy for it to be left off. Use the space / power / whatever for something that I would value. 
Don’t bring your phone to the airport? Really… Do you want this phone used in real world situations or not? If it has backup & file system crypto, then it is not so bad to get confiscated or stolen (same thing in some ways).
People should understand the consequences of real world situations and make informed decisions. However it is entirely up to you what you do with your phone. (That is after all part of the point of this phone - to give you the control over your phone, and take the control away from the Surveillance Capitalists. That includes throwing it in the lake , or getting it confiscated.)
As I said, if you are going through an airport (or really anywhere else) then you don’t want a fingerprint reader, if you care about security. Convenient it may be.
“As I said, if you are going through an airport (or really anywhere else) then you don’t want a fingerprint reader, if you care about security. Convenient it may be.” – I feel like you just ignored all of my points.
1 Like
“However it is entirely up to you what you do with your phone.”
“then you don’t want a fingerprint reader”
Which is it, everyone has the choice and in turn should be allowed to decide whether or not they want a fingerprint reader, or people should not have the choice because someone else knows what they want better than they do themselves?
Now I don’t think we can reasonably have a fingerprint reader in the first release since Librem has said no; but I don’t think it is unreasonable for people who have assessed the security risk and decided that the security risk doesn’t outweigh the convenience for their own situation shouldn’t be allowed to ask for this as a feature because someone else doesn’t think they should want it.
Edit: to clarify, yes the fingerprint reader is less secure, in that you can legally be compelled to unlock biometrics but not a password. There is no guarantee that the laws won’t change so not using biometrics should really be more of a configuration and usage guideline than a restricted item.
1 Like
I understand your point. Maybe there is no contradiction between the two though. What you do with your phone is different from what your phone is.
Possibly a way round this would be an “add-on fingerprint reader”. (I don’t know how practical that is.) Then we can all be happy.
Or because the fingerprint can simply be faked.
Or because you can’t change your “password” if it is your fingerprint i.e. once disclosed it is disclosed ‘forever’.
Or because it may be more difficult to have the distinction between a duress fingerprint and the real fingerprint.
(Legal compulsion varies from country to country. In mine there is no difference between a password and a fingerprint, I believe.)
1 Like
* in some countries
** if the authorities can prove that you remember the password
2 Likes
Alas, just like anything else in the same sentence with “legally”.
*** in some countries. In the link I provided, I can see no such provision for Finland and France, for example.
Vive la
Liberté, Égalité, Insanité 