i want to make readers of this thread aware that the title “face recognition login integration” allready made the asumption that this technology is recognised and validated officially by the Purism staff and will and should be integrated into upcoming Librem devices. This is not the case - YET. untill such an official statement is made this thread DOES concern everyone including me.
now. what i do oppose is cassually pretending to uphold moral and ethical Libre computing standards without actually doing that.
keep in mind that the Respect your Freedom (RYF) certification by the FSF has not been YET given and depending on the choices made by Purism it will probably NEVER be given as long as ALL strict Freedom criteria are NOT met.
@KristijanZic
Purism as a company has to uphold first and foremost FREEDOM priciples that have been formulated here >> gnu.org by sir Richard Stallman.
Anyone who is aware and understands those Freedom principles has a duty to encourage Purism to keep the Libre part in Lirem devices.
Safety, security and privacy without freedom are not what they seem at all. car or no car.
I’ll just add that one of the true powers of libre software is that the user can install any software they choose and do whatever they want, even if they want to install non-free software or otherwise reduce their own privacy/security.
Purism won’t allocate resources towards reducing privacy or security or adding non-free things, but the users are welcome to.
If Howdy already exists and works, users can choose whether to install or use it. Purism doesn’t have to do that. If it doesn’t work, then another advantage of libre systems is that all the tools needed to make it work are publicly available, so anyone who wants to see it work can contribute to making it work.
Now, in this case you also need the hardware to make it work. I wouldn’t count on seeing an IR camera on the Librem5 any time soon. But if the regular camera works in the light, then you just need community members to help make sure that feature is there for those who want it, and Purism doesn’t have to do a thing.
in order for the Librem 5 device to be certified by The Free Software Foundation and obtain RYF both software and hardware MUST work together in unison and strictly abide by those core principles otherwise the RYF certification will never be given.
if your are ONLY looking for open source software then yes what you just said will work for you.
Libre computing is not the same as Open Source. this is a CORE DISTINCTION.
Purism doesn’t have to (and won’t) provide non-libre software in their repositories and will use hardware that works with libre software/firmware/drivers/whatever. As I understand it, that is what is needed for RYF certification.
The user, as the complete and total master of their device, can do whatever they want. If they want to install software that is NOT provided by Purism and not found in their repos, but can be installed by enabling extra repos or whatever else, then they are free to do that.
Does this kinda ruin the point of using a device like a Librem? Yes, though the hardware killswitches and otherwise open design still makes it a better alternative than most devices.
But you cannot advocate for libre systems and then simultaneously advocate for restrictions on what the user can do. They user can do whatever they want. They just can’t expect to get any support from Purism when doing it. They are on their own.
let’s imagine:
far right side - Libre Compute Devices (100 % Libre hardware and software )
middle right side - OPEN SOURCE software on liberated HARDWARE
middle left side - OPEN SOURCE software on proprietary HARDWARE
far left side - proprietaray compute devices (100 % walled off hardware and software)
so what is the middle ? libre software on proprietary HARDWARE ? it’s difficult to decide because Libre doesn’t make any sense to be associated with proprietary ?
or how would we determine ? 100 % libre software on 100 % proprietary hardware ? it’s like oil and water. they don’t mix at all.
this is why i’m inclined to believe there can be no middle here. just like good and evil they don’t mix.
I thought this discussion was about Purism providing a privacy respecting, free software biometric system on the phone they were already making.
And while we agree that 100% Libre hardware and software is the best thing to do, we also will not prevent people from running proprietrary software on their devices. While it is unwise to run proprietary software and unethical to restrict what others can do with software, it is impossible and unethical to tell somebody else they can’t run some specific software on their device. The only way to pull this off would be DRM which we all agree is unethical.
However, the preceding paragraph is irrelevant to the issue at hand. The issue is whether to include Howdy on a librem device. As this would require an IR camera to work in the dark, it probably won’t be included. Howdy is free software and I can’t figure how it goes against RMS’s principles unless it relies on some nonfree software that I don’t know about. (Full disclosure: I have never used Howdy and don’t know much about it.)
Howdy is floss, as in it is released under the MIT license so offering it at install would not disqualify Librems from getting FSF approval
Whilst Purism primarily focusses on providing freedom-respecting computers/software (FRC/S), this does not mean it should not (or rather does not) act as a marketing engine for the GNU/Linux movement as a whole. The best way to do this is to prove to people that FLOSS software is Better not just ethically but literally as well. As such making set-up of advanced features such as face recognition, voice assistant (check out https://mycroft.ai), encrypted chats, faster and easier software installs/updates and more secure computers (both by design of the system and through additional features) as easy as it is to do so on a proprietary system if not easier with better systems… In my perfect future vision of the world, everyone uses FRC/S, the best way of achieving this is not to lecture people on ethics but to make our technology literally better and provably so.
Whilst integration can be simple as including a tickbox at install you could do other things such as having multiple cameras so as to get 3 separate pictures and comparing them all to a gallery of photo’s potentially (although not certainly this would have to be trialled) producing more accurate face-recognition (link to p2)
Meh … I don’t like it either.
For the moment, this technology doesn’t seem sound.
So either there is a way to not only disallow it, but to disinstall this feature, or it should not be present at all.
@Zack
i was thinking about what you said in the context of proprietary devices. when the manufacturer decides to implement a certain “feature” and markets it as usefull or convenient or “secure” or whatever - everybody goes along with it because they need the basic functionality that certain device offers and “protest” with their mouths and wallets wide open.
they say : “hey we don’t like what you did - it is not-freedom frespecting” but then shell out the cash and say “take my money and give me what i need”
if a freedom-respecting manufacturer does the same thing on a Libre device some people will say : “hey you are suppossed to respect our rights and give us a choice”
this is why Ubuntu is open source but is not recongised as a RYF linux distibution and Trisquel is.
There are multiple issue raised around the discussion, and we should not mix those issue into one.
Why do I want to use biometrics?
Are face recognition software and camera module free?
Are face recognition safe?
For second one, the answser is yes. Howdy is open source project, and camera module from Librem has open source firmware. The software itself does not harm your privacy.
For third one, it depends, since the software itself is not a mature product. I doubt how many benefit does it added into security.
Now the most important question here is the first one. Why do I even want to use face recognition?
It is supposed to be a method to easily unlock your phone securely. But does it fulfill its promise? The former part, yes. It can easily unlock the phone with face. But the latter part, securely? Not really, as stated above, it’s not a mature project, and there are some inherit risk using biometric.
Let’s sit back and rethink the question. We have to think about the use case. Why do we want to easily open our phone? As @KristijanZic said its because he wants to skip a youtube ads when he’s driving. Obviously, there are some use of the phone does not involved dealing with personal data, like having a quick google search, searching a map, watching a youtube video.
Then, basically, we don’t actually need to unlock the phone. We need a restricted access to the phone in order to use some app. That’s call guest session in Linux. If we can create a Guest account with limited access of app, and it can start from a lock screen without password, then it actually solve the issue.
You don’t actually need biometrics. You just need a guest session.
let’s see. nowadays people use usb secure usb thumb wallets for the crypto cash mined in e-coin whatever.
instead of face-recognition which is not 100 % accurate and reliable let’s use a connect to usb type authentication device that will unlock phone in less time and be wired and 100% reliable and more secure. instead of password or 2 factor authentication or whatever. this coupled with encryption should offer us what we want without any penalities.
unless you consider a dangling key-chain usb device a penalty.
This thread is about the possibility of offering facial recognition as an extra option. I don’t expect Purism to do it because we would apparently need a bunch of extra cameras. But if the cameras were up to par and a community member put in the coding effort to make it seamless, I don’t see any reason that Purism shouldn’t offer facial recognition as a less secure but easier option to unlock a device.
face recognition is only easier and faster to unclock if and when it works because it is not a 100% reliable technology.
for example:
1.take device out
2.carefully position device recommended distance from face
3.scanning occurs
4.if it works the first time then it takes up only a few seconds at most
5.if it doesn’t work repeat steps 2 and 3 untill it does. requires multiple cameras. expensive. probably much efficient and cheaper specialized artifical inteligence software implementation exists in the proprietary ecosystem allready.
for encripted usb thumb authenticator used in enterprises this will be like so:
1.take phone and usb authenticator out
2.align devices
3.connect devices through usb port.
4.optional-only on supported usb thumb authenticators - enter pin code physically
5.device unlocks 100% everytime. secure. private. less software headaches. possible 100% libre firmware and software. cheaper. modular. can use complex login passwords without actually requiring remembering or writing anything. slower to align and connect devices (can be reduced by using usb type c connector)
first of biometrics is about not having to have to remember stuff USB-auth is quite a different use case. secondly, the multiple cameras are optional that was just a suggestion on how to improve accuracy tbh I’m already shipping in 3 camera’s gonna see if I can set up a system for a strong box of a raspberry pi (https://www.youtube.com/watch?v=c2x7oIioUb4). Thirdly does anyone know where purism’s git is? Fourthly I think that this (as in biometrics in general) comes under a wider range of applications that will be contentious among the purism community (other examples are AI voice assistant integration, a system that automatically adjusts screen brightness depending on ambient light level, parental control tool panels (these could I reckon could be turned malicious by hacking as you would need a feature to log what sites where visited), google play store (I know I hate it but with the librem’s it may be necessary) among others). I think there needs to be a way to install these types of applications that do not pressure those who don’t want to install them, maybe we could have an option to allow access to an ‘expanded app store’ that contains such apps, you could toggle this on and off if you do/don’t want these apps.
Completely agree. But I think that you also could use, for instance, a QR code attached to the panel of your car (or in the back of your wallet) to unlock your phone. There are plenty of options to use or to avoid biometrics…