Howdy (face recognition login) intergration


#1

One upcoming feature on modern computers is automatic face recognition login. Someone has made a system to do this (called howdy) for Linux (see: https://github.com/Boltgolt/howdy ). Basically its windows hello. From a technical perspective comparable librem’s would need IR camera’s (to do it in the dark) and an option at install to enable the system (plus and easy way to disable it.

P.S

Now I know this would be controversial but;

  1. the code is floss
  2. could be easily turned (either by kill switch or not clicking a box during install
  3. the face recognition is done locally without going out to a server

#2

I’m wary of any biometric features. For fingerprints, I always ask if there comes a bodyguard with them, that would protect my fingers from being cut off in case of mugging. If there is none, than thanks for any biometrics. Likewise with the face recognition. I don’t want to suffer acid DOS attack. I’d rather tell the mugger my password and part with the device only. The device can be replaced with a new one with significantly less money then a finger or a face would take.

On a more serious note, the authorities can easily force you to unlock your phone with biometrics. Not so easy for them to make you disclose your passwords.


#3

both good points what if access was restricted to when you where connected to certain networks (like work and home ones, although i get the feeling this might be technically difficult), this would mean that when you where out and about you would still be secure but at home you didn’t have to keep on entering your passwords. Also a password login would always be available. Fi


#4

and ofc the feature would be strictly optional so anyone who has really dangerous stuff could just not use it


#5

To do this correctly, we should have three options:

  • Password only login
  • Password OR face login (Less secure, more convenient)
  • Password AND face login (More secure, less convenient, vulnerable to acid DOS)
    If we don’t provide the option for 2FA (biometric AND password), I don’t see the point of providing the biometrics.

#6

@Dwaff i think we need a dislike button near the heart symbol

even if/when we’ll get to the point that everyone everywhere will use ONLY 100% Libre Computing i’ll still frown upon this tech.


#7

@REc Let’s not be mean :slight_smile:. I just think that biometric based auth is misguided. Biometrics are public data. Many people know how you look. You show up in public places, leave your fingerprints on almost everything you touch, get yourself recorded in various surveilance cameras (and some of those can zoom in incredibly - at one of my previous jobs I’ve been able to read computer screens from about 150 meters - the long side of a warehouse). So biometrics are not exactly secret.

Using face or fingerprint recognition is like using well-known number for pin code. The fact that said number consists of hundreds of digits does not make it any more secure.

So, this is why I could not care less for face recognition, and I only tolerate camera because once in a blue moon I’d like to take a nice picture of a sunset, or read that QR code to rent a city bike.

And I totally understand that under normal circumstances face recognition is more convenient then typing in password and also protects the passowrd from prying eyes - since it’s not typed at all.

And (one more and) I’ve had bad experience in the past with things that work OK only under normal circumstances.


#8

nah … wearing tin foil hats makes us impervious to surveilance cameras … ask any surveilance camera if you don’t believe me


#9

I beg to disagree.
If my phone collects biometric info for its own use, that is not surveillance.
If my phone uses biometrics in ADDITION to a password, that is MORE SECURE than a plain password.
This is not a privacy or freedom problem. Providing this tech harms nobody and helps the user. This tech should be provided to make our systems slightly more secure.


#10

@Dwaff the system in question has a 99.38% positive rate, and if you want it can always be turned off, also another option is only recquite password at login screen but not for apt-get etc.


#11

#12

Also what if there where multiple cameras (im thinking 3), to build up a 3d model (so you can’t hold up a photo 8t would have to be a full on model).


#13

Personally, I’m against all features requiring biometrics. :slight_smile:


#14

But it won’t ‘recquire’ it, it will be entirely optional


#15

Not impressed. It means there’s a 99% chance of triggering at least one failure in just 741 tries. If it’s not rate limited, then there’s a breach in no time.


#16

Does not necessarily mean that the 0.62% is false positives which will likely be lower, also a timeout could be coded in say 5 tries and you have to use a password.


#17

You are against including the option of biometrics? Are you so afraid of biometrics that you don’t want us getting to use them? Its not like the facial recognition library will harm you just being on your computer. You still have a HSK on your camera and network card. You know that your computer isn’t transmitting a picture of your face.

So why would you oppose our getting to use such privacy and freedom respecting software if we so choose?


#18

bah … sorry can’t help myself. my or our opposition doesn’t mean you will not get to use “such privacy and freedom respectig software if you so choose”.

the point is that as long as there are people who are able to hack it doesn’t matter if you go 100% Libre on your devices. personally I would like to make life harder for someone to get a hold of my mug shot not give it to them every time i look down at my phone. it is not about beeing afraid it is about beeing aware of danger. fear and the ability to sense possible attack vectors and block them before they get near me is not the same thing.

or do you think that Libre computing guarantees your privacy and security ? no it simply guarantees that YOU will be 100 % the one who owns your device but it doesn’t protect you from forcefull outside breaches it just makes them harder to sneak by you.


#19

By “this tech” do you mean cameras? Facial recognition software?
We already include a camera. The facial recognition software WILL exist. Providing gives the user a choice. You don’t have to use it.
What do you frown upon? Including facial recoginiton on the phone so that others can use it or using it yourself?

I am not suggesting that you need to be comfortable with biometrics or that you should use them.
I only think that we should include them so that users can make an informed choice as to what they use.


#20

in a perfect scenario i would say i ONLY frown upon facial recongition software but we live in an imperfect scenario in which the hardware itself can be used to do harm by remotely hacking into a device (libre or not ) installing said software and hijacking it. that’s why i like the hardware kill switches so much. i only have to frown upon the camera when it’s ON if that makes sense.