Fingerprint reader

derptacious · May 2, 2019, 1:30am

Don’t bring your phone to the airport? Really… Do you want this phone used in real world situations or not? If it has backup & file system crypto, then it is not so bad to get confiscated or stolen (same thing in some ways).

kieran · May 2, 2019, 1:40am

People should understand the consequences of real world situations and make informed decisions. However it is entirely up to you what you do with your phone. (That is after all part of the point of this phone - to give you the control over your phone, and take the control away from the Surveillance Capitalists. That includes throwing it in the lake , or getting it confiscated.)

As I said, if you are going through an airport (or really anywhere else) then you don’t want a fingerprint reader, if you care about security. Convenient it may be.

derptacious · May 2, 2019, 1:55am

“As I said, if you are going through an airport (or really anywhere else) then you don’t want a fingerprint reader, if you care about security. Convenient it may be.” – I feel like you just ignored all of my points.

OpojOJirYAlG · May 2, 2019, 2:48am

“However it is entirely up to you what you do with your phone.”

“then you don’t want a fingerprint reader”

Which is it, everyone has the choice and in turn should be allowed to decide whether or not they want a fingerprint reader, or people should not have the choice because someone else knows what they want better than they do themselves?

Now I don’t think we can reasonably have a fingerprint reader in the first release since Librem has said no; but I don’t think it is unreasonable for people who have assessed the security risk and decided that the security risk doesn’t outweigh the convenience for their own situation shouldn’t be allowed to ask for this as a feature because someone else doesn’t think they should want it.

Edit: to clarify, yes the fingerprint reader is less secure, in that you can legally be compelled to unlock biometrics but not a password. There is no guarantee that the laws won’t change so not using biometrics should really be more of a configuration and usage guideline than a restricted item.

kieran · May 2, 2019, 4:00am

I understand your point. Maybe there is no contradiction between the two though. What you do with your phone is different from what your phone is.

Possibly a way round this would be an “add-on fingerprint reader”. (I don’t know how practical that is.) Then we can all be happy.

Or because the fingerprint can simply be faked.

Or because you can’t change your “password” if it is your fingerprint i.e. once disclosed it is disclosed ‘forever’.

Or because it may be more difficult to have the distinction between a duress fingerprint and the real fingerprint.

(Legal compulsion varies from country to country. In mine there is no difference between a password and a fingerprint, I believe.)

dcz · May 6, 2019, 7:23am

You can totally be legally compelled to provide a password.

johan-bjareholt · May 6, 2019, 9:21am

* in some countries

** if the authorities can prove that you remember the password

dcz · May 6, 2019, 9:36am

Alas, just like anything else in the same sentence with “legally”.

*** in some countries. In the link I provided, I can see no such provision for Finland and France, for example.

Caliga · May 6, 2019, 10:53am

Vive la

Liberté, Égalité, Insanité