Why? If you do not want to use the fingerprint scanner, you do not use it.
Your fingerprint itself is a privacy nightmare. That’s why it is a weak part in the chain (something you have/are/own). However, having to use your PIN in public could also be regarded as a privacy weakness. An adversary could record it, or glance over your shoulder.
I also find it ironic that the people who are opponents of a fingerprint scanner are not at all complaining about the privacy replications of the cameras. You can’t “just remove” the camera modules either.
The solution is not to NOT use that “thing” but that the hardware is IN the phone, that a fair smartphone supports such a nonsense and “the market” thinks there is a demand for such censored technology.
I don’t like cheese, therefore I don’t buy it (except for other people in the family). If I go to an Italian restaurant and I get some free bread and cheese as appetizer I leave the cheese.
The lesson here is that you are the one who has a different opinion than the vast majority of the people. It is you who stands out. So it is going to be you who is going to have to adapt to the situation.
If you trust Google not to scan your fingerprint anyway you’re very naive.
Google is in the business of collecting your data and nothing else and they don’t let you opt out. If you turn off Wifi and GPS Google still regularly tracks your GPS location and nearby Wifi networks for their location anti-services database. Why would it be any different with other data they can collect?
You can change your PIN, but not your fingerprint.
You know that you can say “please don’t bring me any cheese” when you order, right? The planet will thank you for it.
AFAIK you can put that scanning off now, but they use dark patterns and other nefarious techniques to get you to enable it.
Either way, if you do not trust Google, why would you use their proprietary software and services? And, arguably, why would you use their FOSS?
If there’s a port of say /e/ or LOS+microG then it is irrelevant because you either trust the FOSS running not to “steal” a hash of your fingerprint, or not.
Which is why I don’t find it a good way of authentication. I don’t get why there is no 2FA/MFA for something as unlocking your phone. But you could regard the phone as the front door, and the bank app as the safe. Then, you could require stronger authentication on the bank app. Personally, I like NFC for authentication. It has its weaknesses though, I suppose given it is radio it can be MITMed with a directional antenna.
Regardless of my opinion, a lot of casual phone users prefer it. And I’ll have to live with that.
The comparison is that it comes with the package; ie. not modular.
As for the situation I often seen such appetizers being freely given without question. I’d give it to someone who really likes it, they’re usually around me in restaurants.
If you know how fingerprint sensors work their weaknesses and the legal situation you are among the elite of the elite, most people don’t know these things. You can make an informed choice but the vast majority i think not, also i am holding the FP-Project to very high standarts.
The FP having a fingerprint sensor could lead to people using this method without knowing the consequences, camera unlocking is not that common yet, also cameras are not solely marketed/pictured as “security” feature.
True, we should do our best to educate and warn them. However the same is true with the pros and cons of PIN. PIN is not a holy grail! Also, you can put the fingerprint reader off. On an iPhone if you tap the power button 3 times, FaceID is off. I don’t know about Android.
I was talking about the privacy aspect of having a camera (without a hardware killswitch). You can add “others having a camera” on top of it (even if they have a hardware killswitch you are not the operator/owner). Same with microphone (without a hardware killswitch), as well as “others having one” (even if they have a hardware killswitch you are not the operator/owner). Far more severe than a fingerprint scanner you decide not to use.
If your concern is Google, then your main concern right now should be the lack of a FOSS for the FP3 (thereby keeping the proprietary software from Google out of your OS [as them having access to your camera could mean they might make secret photographs of your fingers ]). If you have a FOSS OS, then you can disable the fingerprint (and, arguably, camera) via a driver.
If you assume that someone can still read your fingerprint via the fingerprint reader on your FOSS OS then we’re done. You’re being unrealistically paranoid. Why would you not assume the same for your camera and microphone?
You could add this on top of the fingerprint reader:
That would render it useless. If you never touched it before either, then it should be good. Its akin to the selfie cam covers.
This nonsense feud about a device having a method of authentication you dislike is just that… I don’t like it that everyone carries a camera and microphone on them either. So what? What am I going to do about that? It is up to the individual, and up to them if/how to use them.
Yes, Im aware of that, but that doesn’t mean it is PIN non grata.
Each of these methods have their pros and cons. Having one of the methods available does not harm you in any way whatsoever.
Right now, fingerprint reader keeps out your children, your family, petty criminals, your co-workers, etc. It does not keep out a determined state actor. However, for such purpose, neither does FaceID, and it can be disabled with 3 taps (I assume it works similar on Android). If your concern is a state actor, you take different precautions:
You disable FaceID (and/or fingerprint reader).
You enable 2FA/MFA.
You don’t bring your device along (a good advice if you cross the border).
You put your device off (FDE requires PIN on boot).
(BTW I’ll be very interested in attempts trying to pentest the FP3 fingerprint reader.)
I agree we should do our best to inform users about pros and cons, and we should also test the security of the fingerprint reader. (Some in the market, esp on budget and mid range phones, are very easy to circumvent.) If you feel like helping out with that, that’d be appreciated.
I think that fingerprint have a really lack of security: you leave your password everywhere you go, also on your smartphone is plenty of post-it with yours. But it nevermind because with a device rooted I can decide what kind of smartphone I want and which data I will share.
First step will be deactivate this module and block access to my data.
Yes, but then you’ll have an ugly hole on the back of your phone and your IP54 certification is gone.
I just saw that the fingerprint sensor is connected to the motherboard by spring contacts. So just tape the contacts on the PCB and you are fine and have an untouched looking FP3.