I’m a long-time FP2 owner and figured it’s time to switch to the FP4. At the moment, two things are holding me back from buying it: The selfie-camera and the fingerprint-reader.
I hope someone can answer the following questions for me:
I bought a cover for my FP2 selfie-camera (with a slider to easily open it when needed) and would like to do the same for my future FP4. Since the FP4 has way less space to place such a cover on it’s display I’d like to know which selfie-covers you guys can recommend (preferably with a slider)?
Is it possible to remove the fingerprint-reader? I don’t feel comfortable only activating it software wise
I think there is too little room for sliding cover of selfie camera. You could accidentally cover sensors, they are close. Unless this cover would be really tiny and glued at angle.
I just unplug this module
It is impossible, its on power button, it would render device unusable
I think you could install LineageOS for privacy. But it makes your phone not passing safetynet and root detecting measures in some apps.
These can be bypassed, but its needs some technical knowledge
Regarding the selfie-camera I was thinking about placing the cover vertically over the camera. By doing so, are any sensors covered this way?
Maybe someone can tell me how much space is available for a camera cover so that I can see if there is a supplier who offers suitably small covers.
I’m actually planning to switch to another operating system to increase privacy.
Sorry but I had to ask: What do you have against it? I mean, it is trivial to harvest your finger prints, you tend to leave them about anywhere, all the time… Unless you wear gloves all the time, in which case the fingerprint reader shouldn’t bother you either…
I can understand about the camera (and most importantly, the microphones!), since they can be used to spy on you, but the fingerprint reader???
Sorry but this is just not true. There is a very very big difference between touching an object, after which some sort of “spy”/detective or whatever needs to actually physically get hold of that item and do fancy police stuff to retreive the fingerprint vs you voluntarily providing it to your phone from which it might be sent to who knows where.
Like powder it with baby powder and take a picture?..
You didn’t address my question: Why is it so important The Bad Guys™ don’t get your fingerprints? Especially The Bad Guys™ from “who knows where” (i.e. far away)?
The only reasonable, logical reason I can think of would be to prevent them from using your fingerprints to break in your fingerprint-protected safe or some such, which would be nonsense, because 1. fingerprints are for obvious reasons not secure (at all), and 2. if it’s really worth their while they will invest in a bottle of baby powder… Short version: Don’t use fingerprint security for anything other people might really want to get at. Securing your phone with fingerprints is convenient, not secure.
Which leaves the question you failed to answer, why are your fingerprints so important to you (as opposed to your DNA you leave readily around, and all other “Biometrics”)?
I’m not being snarky, I’m genuinely curious.
Using a picture of a finger print, it’s may not be that easy. It may require making a conductive mould of the print, to put on the finger so the sensor thinks it’s a real finger, using capacitive, maybe resistive and heat tests
To my knowledge the fingerprints are only stored locally on the phone. According to this article, Google requires local secure storage for some time already. I have no knowledge of this having changed, do you?
Now, of course you’re free to not trust what the big G or anyone else says about what happens to your fingerprints. My question is this then: Why do you still use this - or any - “smart” phone that clearly has the capabilities to send tons of your data - apart from fingerprints - to “who knows where”? If we’re already arguing about your fingerprints being exfiltrated without your knowledge, is there any reasonable expectation of keeping any data on and around the phone safe by any means short of taking out the battery?
To be clear: There are definitely interested parties who try to get the data they can and that is of some concern to me as well. But my fingerprints getting “lost” in precisely this way is far from the top of my list. @KurtF already pointed out a few of the other ways people can get your fingerprints pretty much anytime they like.
I’m against using the fingerprint reader because of the reasons pointed out by Stanzi. If you’re fine with sharing your biometric data with companys like Google, Meta and others okay but I’m not.
You might want to take a look at the following article regarding biometric data and privacy issues related to that matter
I think there are a million more things to worry about and there’s this form
Google has made a noteworthy step in the right direction by moving all print data manipulation to the Trusted Execution Environment (TEE) and providing strict guidelines for fingerprint data storage that manufacturers must follow.
All fingerprint data manipulation is performed within TEE
All fingerprint data must be secured within sensor hardware or trusted memory so that images of your fingerprint are inaccessible
Fingerprint data can be stored on the file system only in encrypted form,
regardless of whether the file system itself is encrypted or not
Removal of the user must result in removal of the user's existing fingerprint data
Root access must not compromise fingerprint data
I only use fingerprint on the phone, and what is stored is not an image of my fingerprint but an encrypted algorithm of a part of the pattern which isn’t really any use to anyone else.
It’s like an encrypted password, no less secure just easier to use sometimes
does not really apply here. Data is stored within the device.
Although the linked article is concerning in general it still doesn’t mention anything showing that the locally stored biometric data is shared with big techs.
Sorry but I’m still waiting for Stanzi to explain their reasons, so I gather you too are against the fingerprint reader “for no reason in particular, just because biometrics sound frightening”?..
Sorry, for somebody to want to steal something, it has to have some (any) value. Not to disparage you, but your fingerprints have none… Just as much as your feces (which is full of DNA!).
As for the article you linked to, I’m sorry but it is vacuous and full of inaccuracies. Yes, biometric data aren’t controlled, which is indeed a legal issue, but they are useless as a secure means of identification, so there isn’t a huge incentive to steal them anyway. Just try finding somebody by fingerprint. By name, yes. By picture, yes. By fingerprint? Impossible.
Sorry, the guy who wrote this is probably an excellent lawyer, but in this case he is totally out of his depth: “Very difficult, if not impossible, to forge”??? BS! You must have heard when in 2008 the Chaos Computer Club took a picture of the German Minister of the Interior Wolfgang Schäuble during a press conference, extracted from that picture his fingerprints, and published them! The magazine also included those fingerprints on a special film so that readers could use them to fool fingerprint readers! All it took was a good DSLR camera with a good telephoto lens.
That’s how “very difficult” it is to steal somebody’s fingerprints!
Anybody who has the slightest clue about security knows biometrics are convenient for the user, but as secure as a chocolate padlock, which makes them pretty much worthless.
Well, it does depend to a certain extent on the context. My biometric passport is I think reliable when I’m going through frontier controls, since we can be pretty sure that the camera is looking at my face and not some facsimile.
To my mind theft of biometrics is more of a risk when they could be taken with other data to build up a copy of someone’s virtual identity.
Well, in this case it is just because it’s easier/faster to process a fingerprint than to have a guy squinting at your picture and at your face, to eventually decide if they are the same person…
Passports aren’t very secure anyway, since they only rely on “things you have”*).
*) Secure identification usually uses something you have (login, not secret) and something you know (password, secret). Now fingerprints are obviously of the “something I have” category, aren’t they.
You can add as many of those non-secret “Have” parts as you want without security increasing significantly. It’s like if they asked for your first name, then your family name, and also your email address. It’s indeed a little less likely a cheater will know all 3 pieces of information, but not very much so since all 3 are public and easy to find out.
My passport doesn’t use a fingerprint. It uses the topology of my face. My point is that, at the frontier control, we’re more or less sure that it’s my face and not some cleverly produced facsimile, that’s being used. That’s why no “password” is necessary, just “something I have and that I can’t change”. If I have facial surgery then my passport is useless.
So we agree. I said that, for me, theft of biometric data represents more of a risk when they are taken together.