this post was submitted on 28 Apr 2024
389 points (83.6% liked)

Technology

59525 readers
3030 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 201 points 6 months ago (13 children)

Last week, the 9th Circuit Court of Appeals in California released a ruling that concluded state highway police were acting lawfully when they forcibly unlocked a suspect’s phone using their fingerprint.

You can turn that and Face ID off on iOS by mashing the power button 5 times- it locks everything down.

[–] [email protected] 94 points 6 months ago (4 children)

I've always wanted a setting to create a lockdown key and an unlock key. So something like middle-finger to unlock but index-finger to force it into PIN/password only mode. So you can have some convenience of a quick unlock but if an authority figure asks or forces you to unlock it you can one-tap lock it down.

load more comments (4 replies)
[–] [email protected] 79 points 6 months ago (16 children)

⚠️ WARNING: On android, mashing the power button 5 times calls emergency services.....

[–] [email protected] 43 points 6 months ago (2 children)

On android you can add a 'lockdown' mode to the power menu.

load more comments (2 replies)
load more comments (15 replies)
[–] [email protected] 57 points 6 months ago (1 children)

Android has a similar feature. It's called "Lockdown mode" on the shutdown menu. Locks the phone and turns off any biometric unlocks.

[–] [email protected] 33 points 6 months ago (14 children)

Except it doesn't activate by mashing the power button 5 times. On my Pixel 8, that activates the emergency dialer that will automatically call 911 if you don't cancel the prompt in 5 seconds. I did not know that before. Probably a better use for that feature. It also points out the different ideologies of Apple vs Android.

[–] [email protected] 17 points 6 months ago (1 children)

It does the same thing on iOS, but face/Touch ID is disabled after.

load more comments (1 replies)
[–] [email protected] 12 points 6 months ago (2 children)

My wife's pixel 3(?) with a flaky power button had us wake up to cops knocking on the door because of that feature.

load more comments (2 replies)
load more comments (12 replies)
[–] [email protected] 32 points 6 months ago (2 children)

In a getting pulled over situation, this works. But do it before you go protest anything. Or better yet, leave your phone at home. You don’t want to be reaching for something while a cop is pointing a gun at you and saying “Hands up!”

[–] [email protected] 30 points 6 months ago (1 children)

Not to mention it's pretty regular to track who is participating by checking the towers in the zone all the people are participating.

load more comments (1 replies)
[–] merde 11 points 6 months ago (1 children)
load more comments (1 replies)
[–] [email protected] 22 points 6 months ago* (last edited 6 months ago) (9 children)

That's terrifying. So once we have tech to forcibly see inside the brain, that will be legal too?

load more comments (9 replies)
[–] [email protected] 13 points 6 months ago (3 children)

Do you have to mash it? Or will pressing it normally work?

[–] [email protected] 25 points 6 months ago

The only thing I'll mash is that subscribe button

load more comments (2 replies)
load more comments (7 replies)
[–] [email protected] 145 points 6 months ago* (last edited 6 months ago) (8 children)

Further advice regarding civil disobedience:

LEAVE YOUR PHONES AT HOME. Write down some numbers in case you get arrested—or better yet, memorize them. There are journalists there for documenting. And there will be plenty of other people that don’t follow this advice. Leave anything they could use as leverage over you and your cohorts away. Don’t bring ID. Don’t bring anything except what you need for the action. It’s not worth the risk.

ETA: also, any of you with a new car? DONT DRIVE THAT SHIT TO ANY MEETING OR PROTEST. They’re spying on you. Don’t post about it. Don’t use any unencrypted messaging service to coordinate it—WhatsApp is not safe. Signal and probably some other less common ones are the only ones safe enough. Ride a bike there, stash it in a conveniently hidden spot. Bring a change of clothes, plan escape routes, plant the change of clothes either hidden on your escape route or wear them under your plain clothes. Cover tattoos. Leftist activists are not safe. And literally the rest of your life could depend upon how well protected you have made yourself.

https://www.theguardian.com/us-news/2022/feb/10/felony-charges-pipeline-protesters-line-3

So many states have pretty quietly passed laws to make you a felon for protesting. Even peacefully. And to make you a fuckin corpse. In the south especially, a few states were writing “go ahead, run over any protester in the road” laws.

Be smart. Be safe. Have a plan. Have a contingency plan. This isn’t “fuck around with the blunt end of the justice system and find out” territory, in 2024 US, it’s time to be as safe as you can while doing what’s right. Because doing what’s right is criminalized. Heavily.

[–] [email protected] 18 points 6 months ago (2 children)

If you’re going somewhere where you think you might be at risk, IMHO, it’s probably just easier to turn your phone off. Android and iOS both require a non-biometric passcode after boot.

Or, if you want to keep your phone on, enable lockdown mode on Android, or tap power 5 times on iOS to require a non-biometric password at the next unlock.

[–] [email protected] 46 points 6 months ago (21 children)

It’s never a good idea to bring your phone with you. It can be used, even while powered off, to track and surveil you. The BLM protests were just the tip of the iceberg. The apps you have on your phone track you. The government is buying that tracking data. Your phone is a massive privacy weak point. It’s basically a bug you carry on you willingly. It’s not safe. Period.

https://theconversation.com/police-surveillance-of-black-lives-matter-shows-the-danger-technology-poses-to-democracy-142194

https://www.vox.com/recode/22565926/police-law-enforcement-data-warrant

Leave your phone at home. It’s not worth it. It may not bite you in the ass the day of, but could very easily come back to haunt you after they investigate, in case anything goes “wrong” in their eyes. It’s just not worth it.

[–] [email protected] 33 points 6 months ago (6 children)

IMHO, as someone that works in security / privacy, I tend not to view it as a binary thing. It depends on where you live, what you’re protesting, what you look like, who you are, etc.

Are you in Russia or China and are protesting the government? Yeah, I might leave that thing at home. Are you a white lady in San Francisco marching with a pink knit cat hat during brunch hours, then you’re probably well on the other side of the risk spectrum. You might actually be introducing more risk by having less immediate access to communication or a camera.

IMHO, it’s nuanced.

load more comments (6 replies)
load more comments (20 replies)
load more comments (1 replies)
load more comments (7 replies)
[–] [email protected] 76 points 6 months ago (5 children)

The article pretty plainly says the guy was coerced into entering his password. So the headline feels a bit manipulative.

[–] [email protected] 22 points 6 months ago (5 children)

The headline is click-bait. I honestly don’t know why people still read this crap.

load more comments (5 replies)
[–] [email protected] 17 points 6 months ago* (last edited 6 months ago) (8 children)

It’s Gizmodo. Its all manipulative bullshit.

load more comments (8 replies)
load more comments (3 replies)
[–] [email protected] 74 points 6 months ago (2 children)

It's frustrating to no end that fingerprints and face ID are treated like passwords when they should be treated like usernames.

load more comments (2 replies)
[–] [email protected] 61 points 6 months ago* (last edited 6 months ago) (5 children)

## How to disable Face ID through the Power Off screen

  1. Hold down both the Side Button and either Volume Button at the same time for three seconds.
  2. The Power Off slider should appear. Tap Cancel.

You actually don't need to hit cancel, you can just hit lock, so you can do this whole thing with your phone in your pocket.

https://appleinsider.com/inside/iphone/tips/how-to-quickly-disable-face-id

This is easier and less intrusive than the lock-button-5-times method because it doesn't start making a phone call that you have to quickly cancel.

[–] [email protected] 14 points 6 months ago

This is the advice people (with iOS) should follow, not disabling biometrics altogether. Using FaceID or TouchID prevents shoulder surfing to find out what the password to your phone is. When local passwords have so much control over a device, using biometrics to prevent anyone from seeing what your passcode is is very useful.

load more comments (4 replies)
[–] [email protected] 51 points 6 months ago (14 children)

FYI Androids have a feature for this. If you are ever forced to interact with a cop you can press the side button and volume up(might be different on other phones) to select lockdown which will force your phone to only be opened with the password. Its gross that we need this feature, but now you know.

[–] [email protected] 12 points 6 months ago

iPhones do this too. Hold the lock and volume down button until your phone buzzes, to get to the SOS/reboot screen. Once that screen is activated, it’ll disable biometrics until the passcode is entered.

You can even take photos/videos with the locked phone, and the recordings won’t be able to be deleted from your iCloud until the passcode is entered. Handy for recording cops. Cuz even if they take your phone and delete the recording, it’ll still sit in your “Recently Deleted” for 30 days. And while the phone is locked, they can’t access that Recently Deleted folder to permanently wipe it. So you can just access your iCloud account from any computer and recover the “deleted” footage.

load more comments (13 replies)
[–] [email protected] 48 points 6 months ago (2 children)

Maybe don’t live in a fucking dystopia. The US is a police state and you have no freedom left.

load more comments (2 replies)
[–] [email protected] 46 points 6 months ago (16 children)

Terrible article. Even worse advice.

On iOS at least, if you’re concerned about police breaking into your phone, you should be using a high entropy password, not a numeric PIN, and biometric auth is the best way to keep your convenience (and sanity) intact without compromising your security. This is because there is software that can break into a locked phone (even one that has biometrics disabled) by brute forcing the PIN, bypassing the 10 attempts limit if set, as well as not triggering iOS’s brute force protections, like forcing delays between attempts. If your password is sufficiently complex, then you’re more likely to be safe against such an attack.

I suspect the same is true on Android.

Such a search is supposed to require a warrant, but the tool itself doesn’t check for it, so you have to trust the individual LEOs in question to follow the law. And given that any 6 digit PIN can be brute forced in under 11 hours (40 ms per entry), this means that if you were arrested (even for a spurious charge) and held overnight, they could search your phone without you knowing.

With a password that has the same entropy as 10 random digits, assuming no further vulnerabilities allowing them to speed up the process, it could take up to 12 and a half years to brute force it. Make it alphanumeric (and still random) and it’s millions of years - infeasible within our lifetime - it’s basically a question of whether another vulnerability is already known or is discovered that enables bypassing the password entirely / much faster rates of entry.

If you’re in a situation where you expect to interact with law enforcement, then disable biometrics. Practice ahead of time to make sure you know how to do it on your phone.

load more comments (16 replies)
[–] [email protected] 33 points 6 months ago* (last edited 6 months ago) (12 children)

On pixel, if you ever need to - press and hold the power button, select "lockdown".

(It might apply to other androids too, I don't know.)

You will now need a pin to unlock the phone. This disables the lock screen shortcut (camera, light, etc) as well.

Why disable your convence features for an scenerio that is not likely and can be quickly and easily be prevented.

Universal: You could also just the tap the sensor with a "wrong" finger a few time, and the pin will be required.

Maybe don't do this one in front the cops...if you find your self in a postion where they are trying to unlock your phone, you probably don't want to piss them off. .


Edit: I'm surprised no one called me out on "if you're ever need to". The sentence was going to be "if you're even in a situation that needs...", but that was getting too long. Forgot to change you're to you.

[–] [email protected] 12 points 6 months ago (3 children)

On my pixel 6 it is power + Volume Up to access the power menu with lockdown.

load more comments (3 replies)
load more comments (11 replies)
[–] [email protected] 31 points 6 months ago (15 children)

I've avoided willingly using biometrics so far. Though I'm sure our faces, gaits, body shapes, etc, are all stored somewhere, willingly or not.

Say no to biometrics. It's like having a password you can never change.

[–] ricecake 36 points 6 months ago (8 children)

So, it really depends on your personal threat model.

For background: the biometric data doesn't leave the device, it uses an on-device recognition system to either unlock the device, or to gain access to a hardware security module that uses very strong cryptography for authentication.

Most people aren't defending against an attacker who has access to them and their device at the same time, they're defending against someone who has either the device or neither.

The hardware security module effectively eliminates the remote attacker when used with either biometric or PIN.
For the stolen or lost phone attack, biometric is slightly more secure, but it's moot because of the pin existing for fallback.

The biggest security advantage the biometrics have to offer is that they're very hard to forget, and very easy to use.
Ease of use means more people are likely to adopt the security features using that hardware security module provides, and that's what's really dialing up the security.

Passwords are most people's biggest vulnerability.

load more comments (8 replies)
[–] [email protected] 27 points 6 months ago (1 children)

Password you can never change

Not with that attitude! You can absolutely change your face. its rather inadvisable

[–] [email protected] 18 points 6 months ago (1 children)
load more comments (1 replies)
load more comments (13 replies)
[–] [email protected] 29 points 6 months ago (1 children)
load more comments (1 replies)
[–] [email protected] 27 points 6 months ago* (last edited 6 months ago) (1 children)

A stipulation of Payne’s parole agreement was that he be willing to provide a passcode to his devices, though that agreement didn’t explicitly refer to biometric data. However, the panel said the evidence from his phone was lawfully acquired “because it required no cognitive exertion, placing it in the same category as a blood draw or a fingerprint taken at booking, and merely provided [police] with access to a source of potential information.”

These both seem like bad calls. You have a right to privacy, right? And for police to access your files/home/phone tap requires obtaining a warrant.

Fingerprints at booking gives access to public records. Not your own personal private data. Pretty sure drawing blood is justified suspicion of DUI.

[–] [email protected] 17 points 6 months ago (1 children)

Yes and no. When you take parole, you agree to give up some freedoms in exchange for getting out of prison early. For example, taking drug tests, checking in with your parole officer, or not leaving the state/country. If your crime was related to using a phone or something, like being a drug dealer, then it can make sense to have to allow your parole officer to check it.

[–] [email protected] 22 points 6 months ago

So after you have been convicted of a crime, you will have restrictions based on that crime. That's a world of difference from pulling over Bob and forcing him to unlock his phone.

[–] [email protected] 15 points 6 months ago
[–] [email protected] 14 points 6 months ago (1 children)

I’ve already planned to spam the lock button for a few seconds if something like that came up (iPhone) it triggers the emergency settings and disabled unlock without a passcode.

load more comments (1 replies)
[–] Grntrenchman 13 points 6 months ago* (last edited 6 months ago) (1 children)

For Android: learn the hard reset combo for your phone, especially if you encrypt it.

After rebooting, pattern/PIN will be required to decrypt the phone. Biometrics won't work for this step. This is what graphene does for security, tries to keep the phone in a "before first unlock" state by rebooting on a timer. You can't even read anything over USB/ADB, it's scrambled until you unlock the phone.

The only drawback to just keeping your phone in this state is none of your apps are loaded, so no notifications/updates/processing at all.

[–] [email protected] 11 points 6 months ago (1 children)

Just power down your phone. No phone allows initial unlock with bio data

load more comments (1 replies)
load more comments
view more: next ›