Carlos E.R., 2024-05-06 10:23:

> On 2024-05-06 10:04, Arno Welzel wrote:
>> R.Wieser, 2024-05-05 22:20:
>>
>>> Mickey,
>>>
>>>> Be careful - they can lift a fingerprint off a digital photo.
>>>
>>> And thats just one of the more complex methods there are.
>>>
>>> You touch surfaces almost every day without even realizing it - hey, that is
>>> what hands and fingers are for, right ? - effectivily broadcasting that
>>> feature of yourself to everyone around you.
>>>
>>> Same goes for "faceprints". Even easier, as your faceprint can be "taken"
>>> from literally tens of meters away.
>>
>> Except that unlocking with your face in iOS is *not* only using an image
>> of your face but also the three dimensional shape of it. That's the
>> reason why the "notch" in the iPhone displays is bigger since there is
>> not only a camera but also a 3D sensor to capture the shape of your face.
>
> What is a "3D sensor" actually? :-)

A sensor which is able to scan the shape of the face in three dimensions.

--
Arno Welzel
https://arnowelzel.de

Mickey D <mickeydavis078XX@ptd.net> wrote:
> On Mon, 6 May 2024 15:06:54 +0100, Chris wrote:
>
>>> You misunderstood. It's all about identifying the EXACT camera.
>>
>> Like I said, it's been a while. Things might have improved.
>>
>>> There are many forensic techniques which take advantage of the unique
>>> errors inherent in any camera sensor, all of which improve over time.
>>> https://www.mdpi.com/2313-433X/10/2/31
>>
>> Thanks.
>>
>> Not sure I see what you're seeing. The review is not very precise in its
>> language. Looking at a couple of specific papers, they still are
>> comparing make/model not specific cameras.
>>
>> This one - not peer-reviewed - supposedly labelled as "individual
>> camera" with an accuracy of 99.15%, is actually only six different
>> devices (two phones and four cameras).
>> https://repository.derby.ac.uk/download/45e22f10d5dfc1d211a4392c591cd80d392237fa032ccc9f37f772a325fc91f5/922645/DIGITAL%20VIDEO%20SOURCE%20IDENTIFICATION%20BASED%20ON%20GREEN-CHANNEL%20PHOTO%20RESPONSE%20NON-UNIFORMITY%20%28G-PRNU%29.pdf
>>
>> And this one - peer-reviewed - has 11 smartphones from six difference
>> manufacturers is similarly labelled as "individual camera" with an
>> accuracy of 96.18%.
>> https://www.sciencedirect.com/science/article/abs/pii/S1742287616300998
>>
>> I don't understand how either of those studies can be called
>> individual-level identification of cameras?
>>
>> The evidence (sorry!) just isn't there. A study needs to be done with
>> 15-20 examples of each camera across multiple models and brands and see
>> if they can be individualised.
>>
>>> There are even companies that sell this software already.
>>> https://www.mobiledit.com/camera-ballistics
>>>
>>> Don't ask me how they do it though as it uses sophisticated math.
>>
>> Sorry, but the forensic market is not very healthy with plenty of
>> products which sell a dream. If a product cannot back itself with
>> published scientific research - rather than hide behind math - then it's
>> snake oil. It's notable that the software has not been updated since 2017!
>>
>>> There are articles out there on how to defeat it if you care to look.
>>> https://duckduckgo.com/&q=how+to+defeat+camera+photo+forensics
>>
>> Which is probably why things haven't moved on: it's simply of academic
>> interest with little applicability in practice.
>
> I think you're doomed if you think fingerprinting

This isn't fingerprinting.

> is only of academic
> interest since there isn't a well funded TLA out there who isn't doing it
> (IMHO).

You'd be surprised how restricted funding is for stuff like this. They use
a lot academic research as a baseline.

> As I said, don't ask me how it works except from the basic fundamentals,
> (which everyone already knows) which is that every camera sensor has
> millions of pixel bits, where some have inevitable color encoding errors.
>
> Those hardware errors are permanent, and unique to the camera.

That's an assumption. That's no evidence to show that it's unique beyond
the camera model.

> They simply find the same hardware errors in multiple photos and bingo.
> It's a match for that specific camera. Just like fingerprints & DNA are.

You're misunderstanding how fingerprints and DNA profiles work. They're not
as unique as you think and there's no "match". All identification is
probabilistic of whether it is consistent with the source being the accused
over some random individual.

>
> Given the prevalence of phone photos on the net, I can't imagine that the
> well-funded TLAs aren't pouring billions of dollars into this research.

They aren't. They don't have billions.

> Since photo fingerprint can only get better over time, what the warning is
> for is just to let people know that now, since they will scrape all the
> photos on the net if that's what they want to do.
>
> There are almost certainly techniques you can use to foil them but you have
> to know what they're using first.
>
> https://duckduckgo.com/&q=photo+forensic+fingerprinting
>
> There are many news articles on sensor imperfection fingerprinting.
> https://www.bbc.com/future/article/20210324-the-hidden-fingerprint-inside-your-photos
>
> And there's even a book on Multimedia Forensics you can download for free.
> https://link.springer.com/chapter/10.1007/978-981-16-7621-5_4
>
> Here's the PDF for the sensor identification chapter.
> https://link.springer.com/content/pdf/10.1007/978-981-16-7621-5.pdf
>
> And the EPUB.
> https://link.springer.com/download/epub/10.1007/978-981-16-7621-5.epub

I'm not saying this is categorically not possible, but currently there's no
published research to showing anything other model identification is
possible. This in itself is helpful information for investigating cases,
but doesn't prove anything.

Things may improve further in the future, but currently reliably
identifying individual cameras from their photos isn't a thing.

Andrew, 2024-05-06 20:24:

> On Mon, 6 May 2024 10:59:27 -0400, Alan Browne wrote:
>
>>> What is a "3D sensor" actually?� :-)
>>
>> In the case of iPhone the 'shape' of the face is determined as described
>> here:
>>
>> https://support.apple.com/en-ca/102381
>>
>> The term Apple uses is "depth map of your face"
>>
>> Further: "and also captures an infrared image of your face."
>
> Phone biometrics are nothing more or less than a marketing gimmick.

Scanning the *shape* of a face and not just the *image* is still a
different approach than just using the image and that's one of the main
reasons why Google does not include "face unlock" in their Pixel phones,
since just using an image of someones face is way to simple.

Besides that you can call most "real" biometrics a "marketing gimmick"
since you can *always* make a copy of the images which are used for
fingerprint scanners, eye scanners and so on. The question is not, if
something is absolutly secure and can never be broken at all but how
much effort is needed to break something.

When I got my last passport I also had to provide biometric scans of my
fingers. The way how that fingerprint scanner worked was just taking an
*image* of my fingerprints:

<https://www.dermalog.com/products/hardware/fingerprint-scanners/f1>

"DERMALOG F1 – One of the World’s Smallest Optical Fingerprint Scanners

Its compliance to international standards make the F1 suitable for a
wide range of biometric documents and application possibilities -
capturing fingerprints for ePassports, ID Cards and
verification-processes within the blink of an eye. The self-explanatory
DERMALOG solution meets international standards defined for biometric
workflows."

They even advertise the use of their fingerprint scanners for biometric
ID cards:

<https://www.dermalog.com/turnkey-solutions/government/biometric-id-cards>

And yes, it is just optical, nothing else. So anyone can fake the
fingerprints, even those which are included scanned with an "official"
device used by authorities.

--
Arno Welzel
https://arnowelzel.de

Alan Browne, 2024-05-06 23:02:

> On 2024-05-06 16:28, Paul wrote:
>> On 5/6/2024 4:23 AM, Carlos E.R. wrote:
>
>>> What is a "3D sensor" actually?  :-)
>>>
>>
>> Stereoscopic imaging is a start.
>
> Which, alas is not what the iPhone does in FaceID. To be clear, stereo
> requires at least two points of view (say two cameras a little bit
> apart, or images taken from a slightly different position. This is a
> passive process as well (in most cases).

I did not state, that Apple uses steroscopic imaging, just an additional
sensor beside the camera so the three dimensional shape of the face is
also taken into account for the unlock process and not just the visual
image of it.

> What FaceID does is project a pattern onto the face and then measure the
> positions to generate a depth map from a single POV sensor (therefore
> not stereoscopic).

Exactly. And this is more than just comparing an image, so you can not
fool the system by just using an image of the owner in a flat medium in
front of the camera.

--
Arno Welzel
https://arnowelzel.de

R.Wieser, 2024-05-06 11:51:

[...]>> Yes, in Android using *images* of a face to unlock a phone is indeed
>> not a good idea.
>
> Its a *very good* idea. It should *not ever* happen though. :-)

If something should not ever happen, it is not a good idea.

[...]
> If you want to see examples of how locks, even expensive ones, can be
> bypassed with the proverbial paperclip I would like to refer you to the
> "Lockpicking Lawyer" clips on YouTube. Those are enlighting.

I know the Lockpicking Lawyer quite well.

--
Arno Welzel
https://arnowelzel.de

Alan,

>>> You fail again. I suggest you take leave of the field, declare victory
>>> for yourself (another white ribbon as when you were a child) and find
>>> something more in line with your meagre talents.
>>
>> All I see is someone who claims stuff, but brings nothing forward to
>> support
>> it. A hot-air balloon.
>
> Well, it seems that your mirror is polished to perfection, at least.
> You've got that.

:-) You can't "win" your argument (because yo have no clue how to underbuild
your posirtion) so you decide that switching to a more personal attack is in
order ? Yeah, that always works well.

>> No, I don't. Thats the lock. The face would be the key. You would only
>> have to make an acceptable faximile of the key.
>
> Completely wrong and proving you don't understand the issue. At all - not
> an iota.

Claims made without underbuilding or at least explaining them aren't worth
worth the ink with which they are written.

.... oh, wait. :-)

>> Feel free to disagree - but I do expect a bit more than "I don't believe
>> you" responses.
>
> My responses are not based on my not believing you - they are based on you
> not understanding the basic problem at all.

I think the problem is reversed : you are supporting a technology which you
have little-to-no knowledge about, and can't even come up with obvious
solutions to things you think are a problem.

Just take your "you can't use picture" problem and how I had to tell you
that 3D imagery has existed for the longest time, and nowerdays even in
multiple forms.

.... and how you tried to derail that by complaining how wax figures are, in
your opinion, not at all alike the origional. As if that was what I was
talking about or even needed.

You also have otherwise resorted to try to disqualify examples I brought
forward - YT, the lockpicking lawyer - on the torturous grounds that those
"look too easy".

Bottom line :
I see someone who knows he has nothing to bring forward to the subject at
hand, and than just tries to derail the whole thing - No doubt in an "if he
doesn't win than I'm not losing" kind of idea.

Alas, I would not have minded to learn more about the technology, but you
sure aren't the one to do so.

Goodbye kid.

Regards,
Rudy Wieser

Jolly,

>>> These trolls are just replying the same lines they used back when
>>> Face ID was first announced. They were wrong then, and they're just
>>> as wrong now.
>>
>> And according to you, which of the pro/con parties is trolling ?
>
> The ones who are beating a dead horse about things we discussed when
> Face ID first hit the market and umpteen times after, always trying
> to claim it's "insecure" and so on, and never knowing or acknowledging
> how it differs from other smartphone facial identification designs.

Ah, now I see where you are coming from. One of Alans compadres, no ?

Feel free to explain/underbuild why that that face-ID was secure than, and
than how its still secure now - even with technology going forward.

And if you want to claim that what was once secure(?) still must be so, let
me point out to you how cracking several kinds of, now discarded, SSL
encryptions has changed from not in your lifetime to less than a day (and
even shorter than that) is now a thing.

No Jolly, the only thing I see here is someone who tries to kill a
discussion even before has the chance to start. And those people often
have something to hide. What is it that you are trying to hide ?

> They know who they are. Either you don't, or you are one of them and
> are now offended that anyone should dare to call them out. Which is it?

You post something that could easily have been about either/all of the
parties involved in that "back when Face ID was first announced" talk, and
you are offended by me asking for something less ambigue ? Why ?

And seeing how your current response could still be about any of those
parties I start to wonder if that is not intentionally ...

Regards,
Rudy Wieser

Arno,

>> Not many people wil break into houses. Yet, you have a lock on
>> your outside doors. Your point ?
>
> That's the reason why banks have safes and do not only rely on
> the security of simple door locks.

Not the point I tried to make.

But if you want to talk about that, besides the problem that most banks had
their front doors wide open - how else could they let customers in - you're
now looking about how complex a lock must be* before it stop someone from
(easily!) entering.

* assuming they will actually try to open (fool/break) the lock, and not
just find an easier point of entry.

Did I already mention "the lockpicking lawyer" on YouTube ? Its
sometimes laughable to see how easy a, on first sight sturdy, lock can be
defeated.

>> Yes, in Android using *images* of a face to unlock a phone is
>> indeed not a good idea.
>
> Its a *very good* idea. It should *not ever* happen though. :-)

If something should not ever happen, it is not a good idea.

You misunderstood : Its a very good idea to *try*. If it works you know
that it failed its primary duty. :-)

Too many people build stuff that does {this} when you do {that} - but forget
to check if {this} cannot also be gotten by doing {something else}.

I remember a gate which needed a key to open it - but you could also reach
thru the gate to get to the handle on the other side, and open it that way.

> I know the Lockpicking Lawyer quite well.

In that case I withdraw my above suggestion in that direction. :-)

Regards,
Rudy Wieser

On 2024-05-07 03:08, Arno Welzel wrote:
> Alan Browne, 2024-05-06 23:02:
>
>> On 2024-05-06 16:28, Paul wrote:
>>> On 5/6/2024 4:23 AM, Carlos E.R. wrote:
>>
>>>> What is a "3D sensor" actually?  :-)
>>>>
>>>
>>> Stereoscopic imaging is a start. [AAA] <-------
>>
>> Which, alas is not what the iPhone does in FaceID. To be clear, stereo
>> requires at least two points of view (say two cameras a little bit
>> apart, or images taken from a slightly different position. This is a
>> passive process as well (in most cases).
>
> I did not state, that Apple uses steroscopic imaging,

<snipped>

You left a TL;DR sort of reply. By bringing up (to get going) an item
irrelevant to the subject [AAA] above doesn't get you much traction, alas.

--
“Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first.”
- Charles de Gaulle.

On 2024-05-07 03:17, R.Wieser wrote:
> Alan,
>
>>>> You fail again. I suggest you take leave of the field, declare victory
>>>> for yourself (another white ribbon as when you were a child) and find
>>>> something more in line with your meagre talents.
>>>
>>> All I see is someone who claims stuff, but brings nothing forward to
>>> support
>>> it. A hot-air balloon.
>>
>> Well, it seems that your mirror is polished to perfection, at least.
>> You've got that.
>
> :-) You can't "win" your argument

You brought up several examples of your utter lack of understanding of
how Face ID works.

So, true to troll form you counter with more nonsense.

--
“Patriotism is when love of your own people comes first;
nationalism, when hate for people other than your own comes first.”
- Charles de Gaulle.

On 2024-05-07, R.Wieser <address@is.invalid> wrote:
> Jolly,
>
>>>> These trolls are just replying the same lines they used back when
>>>> Face ID was first announced. They were wrong then, and they're just
>>>> as wrong now.
>>>
>>> And according to you, which of the pro/con parties is trolling ?
>>
>> The ones who are beating a dead horse about things we discussed when
>> Face ID first hit the market and umpteen times after, always trying
>> to claim it's "insecure" and so on, and never knowing or
>> acknowledging how it differs from other smartphone facial
>> identification designs.
>
> Ah, now I see where you are coming from. One of Alans compadres, no ?

Hardly. Arlen and his little band of trolls is more like it. They've
been at this for literal years here.

> Feel free to explain/underbuild why that that face-ID was secure than,
> and than how its still secure now - even with technology going
> forward.

Is that supposed to be English?

> And if you want to claim that what was once secure(?) still must be
> so, let me point out to you how cracking several kinds of, now
> discarded, SSL encryptions has changed from not in your lifetime to
> less than a day (and even shorter than that) is now a thing.

"SSL can be cracked, therefore Face ID is insecure" is a new sentence I
hadn't anticipated reading this morning. Thanks for the giggle.

You're clearly not a sincere person. I see no need to continue wasting
my time with you.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

R.Wieser, 2024-05-07 10:12:

[...]
>>> Yes, in Android using *images* of a face to unlock a phone is
>>> indeed not a good idea.
[...]
> You misunderstood : Its a very good idea to *try*. If it works you know
> that it failed its primary duty. :-)

Ok, that makes more sense.

> Too many people build stuff that does {this} when you do {that} - but forget
> to check if {this} cannot also be gotten by doing {something else}.

Of course. And this is the reason why unlocking a phone just providing a
picture of the owner is not possible with a Google Pixel 6a. Getting a
picture of a persons face is much easier than getting the fingerprints
and replicating them in a way that the fingerprint sensor will accept them.

--
Arno Welzel
https://arnowelzel.de

Arno Welzel, 2024-05-07 09:05:

> Andrew, 2024-05-06 20:24:
>
>> On Mon, 6 May 2024 10:59:27 -0400, Alan Browne wrote:
>>
>>>> What is a "3D sensor" actually?� :-)
>>>
>>> In the case of iPhone the 'shape' of the face is determined as described
>>> here:
>>>
>>> https://support.apple.com/en-ca/102381
>>>
>>> The term Apple uses is "depth map of your face"
>>>
>>> Further: "and also captures an infrared image of your face."
>>
>> Phone biometrics are nothing more or less than a marketing gimmick.
>
> Scanning the *shape* of a face and not just the *image* is still a
> different approach than just using the image and that's one of the main
> reasons why Google does not include "face unlock" in their Pixel phones,
> since just using an image of someones face is way to simple.
>
> Besides that you can call most "real" biometrics a "marketing gimmick"
> since you can *always* make a copy of the images which are used for
> fingerprint scanners, eye scanners and so on. The question is not, if
> something is absolutly secure and can never be broken at all but how
> much effort is needed to break something.
>
> When I got my last passport I also had to provide biometric scans of my
> fingers. The way how that fingerprint scanner worked was just taking an
> *image* of my fingerprints:
>
> <https://www.dermalog.com/products/hardware/fingerprint-scanners/f1>
>
> "DERMALOG F1 – One of the World’s Smallest Optical Fingerprint Scanners
>
> Its compliance to international standards make the F1 suitable for a
> wide range of biometric documents and application possibilities -
> capturing fingerprints for ePassports, ID Cards and
> verification-processes within the blink of an eye. The self-explanatory
> DERMALOG solution meets international standards defined for biometric
> workflows."
>
> They even advertise the use of their fingerprint scanners for biometric
> ID cards:
>
> <https://www.dermalog.com/turnkey-solutions/government/biometric-id-cards>
>
> And yes, it is just optical, nothing else. So anyone can fake the
> fingerprints, even those which are included scanned with an "official"
> device used by authorities.

Addition: yes, the device also checks, if the scanned finger is alive
and won't accept just an image. But the result is still just an *image*
which is used for the biometric data in the passport. And creating fake
fingers including the properties required for "alive" detection or fake
fingerprints you can stick to your fingertips is not impossible either.

--
Arno Welzel
https://arnowelzel.de

Jolly,

>> Feel free to explain/underbuild why that that face-ID was secure
>> than, and than how its still secure now - even with technology
>> going forward.
>
> Is that supposed to be English?

What ? Thats too hard for you to understand ? Not "English" enough for
your taste ?

> "SSL can be cracked, therefore Face ID is insecure" is a new sentence
> I hadn't anticipated reading this morning. Thanks for the giggle.

Oh well, someone "doesn't understand" a simple example. How delightfully
new.

> You're clearly not a sincere person.

Goodness! After having read that "I can't understand a word of what you're
saying" drivel that was exactly what I was thinking about you.

> I see no need to continue wasting my time with you.

I see someone who refuses to answer a simple question, and than trying to
make a run for it, while making it sound as if its all the other persons
fault.

Yeah, thats not at all obvious. Not at all, no sirree. :-)

Regards,
Rudy Wieser

Arno,

>> You misunderstood : Its a very good idea to *try*. If it works you
>> know that it failed its primary duty. :-)
>
> Ok, that makes more sense.

Phew .... :-)

> Of course. And this is the reason why unlocking a phone just providing
> a picture of the owner is not possible with a Google Pixel 6a.

Thats what I've ben told too.

> Getting a picture of a persons face is much easier than getting the
> fingerprints and replicating them in a way that the fingerprint sensor
> will accept them.

I wasn't trying to compare the two, I was just trying to convey that its
quite likely that a face-ID can be fooled in the same way a fingerprint can
: by duplicating the key - or just a well-enough faximile of it.

And as the OP couldn't look further than a photograph - I mean - further
than his nose is long I tried to tell him that making 3D likenesses of a
head is well possibly older than our christian calendar.

And as the intended victim is showing off his key every moment of the day I
cannot escape the feeling that a few pictures (from diferent angles) would
be enough for a 'puter (or a person) to construct a 3D model from it. Take
few more pictures with an heat (IR?) camera and you likely have the
mentioned heatmap for that face too.

Did I forget anything ?

No, I didn't say it would be easy. But I don't think its impossible either.
Just, for the first few times(!), a lengthy and costly job.

Regards,
Rudy Wieser

> Jolly,
>
> >> Feel free to explain/underbuild why that that face-ID was secure
> >> than, and than how its still secure now - even with technology
> >> going forward.
> >
> > Is that supposed to be English?
>
> What ? Thats too hard for you to understand ? Not "English" enough for
> your taste ?

Not to support Jolly Roger, but there are many, probaby too many,
errors in your sentence.

You make *these* (two) errors very often - as in nearly always - so
let me explain, so you can try to prevent them in future.

You're mixing up 'then' [1] and 'than' [2]. In this case, the 'than's
should have been 'then's.

And (AFAIK), "underbuild" is not an English word/verb. You're probably
looking for the equivalent of Dutch 'onderbouwen'.

These are not the only errors in your sentence, but with these errors,
the sentence is indeed hard to parse for an English 'speaker'. (As a
Dutchman, I can quite easily parse this.)

[...]

[1] <https://translate.google.com/details?sl=en&tl=nl&text=then%0A&op=translate>

[2] <https://translate.google.com/details?sl=en&tl=nl&text=than%0A&op=translate>

Frank,

>>> Feel free to explain/underbuild why that that face-ID was secure
>>> than, and than how its still secure now - even with technology
>>> going forward.

> Not to support Jolly Roger, but there are many, probaby too
> many, errors in your sentence.

Enough *not* to convey the meaning of what I tried to say ?

> You're mixing up 'then' [1] and 'than' [2]. In this case, the
> 'than's should have been 'then's.

I realized only after posting that I made that error. But are you sure,
*both* of them ? I though only the first one.

The second is indicating a moment after having done something else. In that
case I though that a "than" was in order. (
https://www.grammarly.com/blog/than-then/ )

But ok, I made a mistake there.

> And (AFAIK), "underbuild" is not an English word/verb. You're
> probably looking for the equivalent of Dutch 'onderbouwen'.

You hit the nail on the head. A too-literal translation. Strange, I've
been using it for a while now (as in: years), but as far as I remember
you're to the first one to remark upon it.

And I see (a quick google) that the word I *should* (I think) have used is
"support". I'll have to remember that.

> These are not the only errors in your sentence,

Pray tell. You might not believe it, but I've got zero problems with being
told wrong as part of an attempt to help me better myself (upto a point
ofcourse :-) ).

> but with these errors, the sentence is indeed hard to parse for
> an English 'speaker'. (As a Dutchman, I can quite easily parse this.)

I can understand that. Ill try to keep the "steenkolen Engels" outof my
writings.

Thanks for the heads-up.

Regards,
Rudy Wieser

On 2024-05-07, R.Wieser <address@is.invalid> wrote:
> Jolly,
>
>>> Feel free to explain/underbuild why that that face-ID was secure
>>> than, and than how its still secure now - even with technology going
>>> forward.
>>
>> Is that supposed to be English?
>
> What ? Thats too hard for you to understand ? Not "English" enough
> for your taste ?

You also don't put a space between the end of a sentence and the last
punctuation mark. So it seems you don't have a very good grasp of
English overall. Whoever taught you English really did you dirty.

>> "SSL can be cracked, therefore Face ID is insecure" is a new sentence
>> I hadn't anticipated reading this morning. Thanks for the giggle.
>
> Oh well, someone "doesn't understand" a simple example. How
> delightfully new.

More like a bad allegory. Nobody here has claimed Face ID is the most
secure thing on the planet. What people are objecting to is the tired,
old, crusty trolls trying to claim its supposedly "insecure" just
because someone with tons of time, money, and will power might be able
to crack it. These trolls are weak and boring to anyone who has seen
them before.

>> You're clearly not a sincere person.
>
> Goodness! After having read that "I can't understand a word of what
> you're saying" drivel that was exactly what I was thinking about you.

"No, you"? Is that the best response you have, really?

> Regards,
> Rudy Wieser

Bye now.

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

R.Wieser, 2024-05-07 19:07:

[...]
> And as the intended victim is showing off his key every moment of the day I
> cannot escape the feeling that a few pictures (from diferent angles) would
> be enough for a 'puter (or a person) to construct a 3D model from it. Take
> few more pictures with an heat (IR?) camera and you likely have the
> mentioned heatmap for that face too.
>
> Did I forget anything ?
>
> No, I didn't say it would be easy. But I don't think its impossible either.
> Just, for the first few times(!), a lengthy and costly job.

*Nothing* is impossible to break. It is *always* a question of how much
effort is needed to break a thing. If anyone claims to have an
"unbreakable" solution he lies.

--
Arno Welzel
https://arnowelzel.de

Arno,

> *Nothing* is impossible to break. It is *always* a question of how much
> effort is needed to break a thing. If anyone claims to have an
> "unbreakable" solution he lies.

Absolutily.

But what I tried to convey is that the "first rule" of keys is to keep them
outof sight of other people - which you simply can't do with either finger
or faceprints. *Thats*, as far as I'm concerned, the bloody stupid thing
about it.

People using such "broadcasted" biometrics just make it too easy for a
malversant.

Regards,
Rudy Wieser

On 2024-05-06 12:41, Chris wrote:
> On 06/05/2024 09:23, Carlos E.R. wrote:
>> On 2024-05-06 10:04, Arno Welzel wrote:
>>> R.Wieser, 2024-05-05 22:20:
>>>
>>>> Mickey,
>>>>
>>>>> Be careful - they can lift a fingerprint off a digital photo.
>>>>
>>>> And thats just one of the more complex methods there are.
>>>>
>>>> You touch surfaces almost every day without even realizing it - hey,
>>>> that is
>>>> what hands and fingers are for, right ? - effectivily broadcasting that
>>>> feature of yourself to everyone around you.
>>>>
>>>> Same goes for "faceprints".  Even easier, as your faceprint can be
>>>> "taken"
>>>> from literally tens of meters away.
>>>
>>> Except that unlocking with your face in iOS is *not* only using an image
>>> of your face but also the three dimensional shape of it. That's the
>>> reason why the "notch" in the iPhone displays is bigger since there is
>>> not only a camera but also a 3D sensor to capture the shape of your
>>> face.
>>
>> What is a "3D sensor" actually?  :-)
>
> It's an infrared projection of a known pattern onto your face which
> provides a 3D map of the shape of your face. By comparing the
> distortions of the pattern between known and unknown faces you can check
> whether a person is able unlock the phone.

Interesting.

--
Cheers, Carlos.

On 2024-05-06 22:28, Paul wrote:
> On 5/6/2024 4:23 AM, Carlos E.R. wrote:
>> On 2024-05-06 10:04, Arno Welzel wrote:
>>> R.Wieser, 2024-05-05 22:20:

....

>>> Except that unlocking with your face in iOS is *not* only using an image
>>> of your face but also the three dimensional shape of it. That's the
>>> reason why the "notch" in the iPhone displays is bigger since there is
>>> not only a camera but also a 3D sensor to capture the shape of your face.
>>
>> What is a "3D sensor" actually?  :-)
>>
>
> Stereoscopic imaging is a start.
>
> For an encyclopedic article, you have to do a lot of guessing here.
>
> https://en.wikipedia.org/wiki/Intel_RealSense

....

Thanks :-)

--
Cheers, Carlos.

R.Wieser <address@is.invalid> wrote:
> Frank,
>
> >>> Feel free to explain/underbuild why that that face-ID was secure
> >>> than, and than how its still secure now - even with technology
> >>> going forward.
>
> > Not to support Jolly Roger, but there are many, probaby too
> > many, errors in your sentence.
>
> Enough *not* to convey the meaning of what I tried to say ?

Yes, not enough for a native English speaker. Speakers of languages
similar to Dutch might be able to parse (more of) it.

> > You're mixing up 'then' [1] and 'than' [2]. In this case, the
> > 'than's should have been 'then's.
>
> I realized only after posting that I made that error. But are you sure,
> *both* of them ? I though only the first one.

Yes, both of them. Neither of them is a comparison, which would call
for 'than'.

> The second is indicating a moment after having done something else. In that
> case I though that a "than" was in order. (
> https://www.grammarly.com/blog/than-then/ )

That's a good reference, but I think my (snipped) references are
simpler, i.e. not so many words.

> But ok, I made a mistake there.

When I'm unsure about 'then' versus 'than', I ask myself if it's a
comparison, i.e. "greater than", "lighter than", etc.. If so, it's
'than', else it's then.

> > And (AFAIK), "underbuild" is not an English word/verb. You're
> > probably looking for the equivalent of Dutch 'onderbouwen'.
>
> You hit the nail on the head. A too-literal translation. Strange, I've
> been using it for a while now (as in: years), but as far as I remember
> you're to the first one to remark upon it.

Yes, you use it frequently and already for a long time. I think in
most cases it was not a problem, because what you meant could be
'guessed' from the context, or the word was somewhat redundant, i.e. the
text could still be understood without the word (as I think was the
case this time)

> And I see (a quick google) that the word I *should* (I think) have used is
> "support". I'll have to remember that.

Yes, 'support' suits here. I sometimes use 'substantiate'.

> > These are not the only errors in your sentence,
>
> Pray tell. You might not believe it, but I've got zero problems with being
> told wrong as part of an attempt to help me better myself (upto a point
> ofcourse :-) ).

It's the syntaxis ('zinsbouw') of your sentence. It looks like you
more or less translated a Dutch sentence word-for-word to English.

Let me try to change it to how I think it would be 'good'/better:

[Repeat:]

> >>> Feel free to explain/underbuild why that that face-ID was secure
> >>> than, and than how its still secure now - even with technology
> >>> going forward.

Feel free to explain/substantiate why face-ID was secure
then, and how it's still secure now - even with technology
going forward.

[N.B. "it's" or "it is", not "its"]

I deleted "that that", which we Dutch would say ('dat dat', or just
'dat'), but English speakers won't.

I also deleted the second 'than'/'then'.

I think the first 'then' should be changed, because it refers to the
past, but not in a very clear way. So probably something like this is
better:

Feel free to explain/substantiate why face-ID was secure
in the past, and how it's still secure now - even with [cracking]
technology going forward.

> > but with these errors, the sentence is indeed hard to parse for
> > an English 'speaker'. (As a Dutchman, I can quite easily parse this.)
>
> I can understand that. Ill try to keep the "steenkolen Engels" outof my
> writings.

It's indeed a case of "steenkolen Engels" or Louis van Gaal English. :-)

> Thanks for the heads-up.

You're welcome.

Frank,

>>>>> Feel free to explain/underbuild why that that face-ID was secure
>>>>> than, and than how its still secure now - even with technology
>>>>> going forward.

>> I realized only after posting that I made that error. But are you sure,
>> *both* of them ? I though only the first one.
>
> Yes, both of them. Neither of them is a comparison, which would call
> for 'than'.

Not a comparision ? Makes sense.

>> > And (AFAIK), "underbuild" is not an English word/verb. You're
>> > probably looking for the equivalent of Dutch 'onderbouwen'.
>>
>> You hit the nail on the head. A too-literal translation. Strange, I've
>> been using it for a while now (as in: years), but as far as I remember
>> you're to the first one to remark upon it.
>
> Yes, you use it frequently and already for a long time.

I wish I didn't need to (use it that frequently) ... :-\

> I think in most cases it was not a problem, because what you meant
> could be 'guessed' from the context,

I thought that the same was true here. But as I wrote that line I'm not
really the one who should be judging it in that regard ("Wij van WC-Eend
....").

>> And I see (a quick google) that the word I *should* (I think) have used
>> is "support". I'll have to remember that.
>
> Yes, 'support' suits here. I sometimes use 'substantiate'.

Substanciate. That sounds more like what I'm normally after. "Give
substance".

> It's the syntaxis ('zinsbouw') of your sentence. It looks like you
> more or less translated a Dutch sentence word-for-word to English.

D*mn. I though that with all my book reading I would have absorbed the
syntax rules from them a bit better. :-|

>>> These are not the only errors in your sentence,
>>
>> Pray tell. [snip]
>
> Let me try to change it to how I think it would be 'good'/better:
>
> Feel free to explain/substantiate why face-ID was secure
> then, and how it's still secure now - even with technology
> going forward.

I'm trying to get myself to disagree with you, but I can't. :-)

> I deleted "that that", which we Dutch would say ('dat dat', or
> just 'dat'), but English speakers won't.

It was an attempt to make it clear I was talking about the Face-ID of that
time (and not the current version).

> I also deleted the second 'than'/'then'.

I noticed. There I tried to indicate a sequence : first do {this}, and only
/after/ thats done do {that}.

> I think the first 'then' should be changed, because it refers to the
> past, but not in a very clear way. So probably something like this is
> better:
>
> Feel free to explain/substantiate why face-ID was secure
> in the past, and how it's still secure now - even with [cracking]
> technology going forward.

Yes, the sentence certainly flows better.

But you changed the subject with that "[cracking]" part. I really tried to
refer to the Face-ID technology - as I assume it has, just as the "cracking"
methods, also progressed.

>>> but with these errors,

Truly errors ? As in syntax errors ? Man ... :-(

Thanks for the explanation. I appreciate it.

now the only thing I need to do is to remember to apply them ...

Regards,
Rudy Wieser

On 5/8/24 6:53 AM, Frank Slootweg wrote:

> I deleted "that that", which we Dutch would say ('dat dat', or just
> 'dat'), but English speakers won't.

Yes we do, or at least I do. "I believe that that is the truth." Carry on.

--
Cheers, Bev
"Yahoo has released its own search engine. For more info,
type 'yahoo search engine' into Google." -D.Miller