this post was submitted on 21 Feb 2026
443 points (100.0% liked)

People Mastodon

407 readers
6 users here now

People tooting stuff. We allow toots from anyone and are platform agnostic (Mastodon, BlueSky, Twitter, Tumblr, FaceBook, Whatever)

founded 6 months ago
MODERATORS
Deceptichum@quokk.au
443
get facial surgery (quokk.au)
submitted 2 months ago by Deceptichum@quokk.au to c/peoplemastodon@quokk.au
23 comments fedilink hide all child comments
 
top 23 comments
sorted by: hot top controversial new old
[–] Arghblarg@lemmy.ca 63 points 2 months ago (1 children)

.. And importantly, US legal rulings currently state that you can be coerced by law enforcement / border agents to unlock your devices using biometrics (being a part of your body), but NOT coerced to reveal a PIN or password, as that is something you remember -- no forced confessions or something like that.

And if you have a device-wipe 'duress' PIN code, make sure you use it BEFORE being asked to unlock the device, or they'll claim you erased evidence. Better to just not have ANY data you are concerned about on the device while crossing into any country -- carry a blank device, and download it securely after entry.

Never use fingerprint or face unlock on your phone if travelling to the US.

[–] sepiroth154@feddit.nl 55 points 2 months ago (2 children)

I have an even simpler rule. Dont travel to the US. (and Canada does this too)

[–] Crackhappy@lemmy.world 9 points 2 months ago (1 children)

Regrettably a lot of people have a requirement to travel to the US and other authoritarian countries.

[–] sepiroth154@feddit.nl 1 points 2 months ago

Yeah I feel for the people who don't have that choice...

[–] BarneyPiccolo@lemmy.today 5 points 2 months ago (1 children)

As an American who lives in a major tourist zone, don't visit right now. We'll weather the storm, and you can come back when we get our shit together again. We will.

[–] sepiroth154@feddit.nl 4 points 2 months ago

Yeah as they say, it is always darkest before dawn.

[–] hedge_lord@lemmy.world 17 points 2 months ago

Oh no, my face scan was leaked! I guess I have no choice other than to fill myself with estrogen in order to reshape its fatty tissues, something I would absolutely not have done otherwise. Oh no!

(sarcasm disclaimer: this is sarcastic)

[–] AnchoriteMagus@lemmy.world 16 points 2 months ago (2 children)

I have never set up biometric unlocks on any phone for exactly this reason. No one gets access to my fingerprints unless they cuff me and get them the old-fashioned way.

[–] Zorcron@lemmy.zip 12 points 2 months ago (1 children)

As far as I understand, fingerprint data for at least the flagship smartphones is not even stored on the device itself, just what amounts to a hash of it. I haven’t heard of any vulnerabilities of these systems that allow your fingerprint or facial information to be extracted from the device, only bypassed by some tools like the password.

I’d be interested if you have info that suggests otherwise.

[–] Maxxie@piefed.blahaj.zone 2 points 2 months ago* (last edited 2 months ago) (2 children)

That's correct, no sane implementation of biometrics stores your actual data. Its hashed when you log in to compare with the stored hash, then deleted.

It can leak if the server is compromised or misconfigured, so it is still worse than a password.

[–] Zorcron@lemmy.zip 1 points 2 months ago (2 children)

How is it worse than a password in that way?

[–] rapchee@lemmy.world 1 points 2 months ago (1 children)

you can't change your fingerprint, unlike a leaked password

[–] Zorcron@lemmy.zip 1 points 2 months ago

My understanding is that your fingerprint cannot be recreated from the data on the iPhone at least, and that it never leaves the touchID module. Is that wrong?

[–] anton@lemmy.blahaj.zone 1 points 2 months ago

You can't use a cryptographic hash, as small changes in a password means it's wrong, but in biometrics it needs to be allowed to account for different angles/lighting/mood. This means there must be more accessible information on the device.

[–] Nomad@infosec.pub 0 points 2 months ago (1 children)

So right and so wrong at the same time. A hash loses be by definition information. So you can compare it to a fingerprint and decide if it matches. It can't be used to reconstruct a fingerprint due to complexity of fingerprints and the complexity. So you can't reuse the hash to authenticate anywhere, so stealing it has only reduced benefit. Maybe a mass surveillance state might want that to find your finger prints where you have been but this is a lot more work than just confirming your phone identifier and forcing the cell company to reveal you whereabouts.

[–] Maxxie@piefed.blahaj.zone 2 points 2 months ago* (last edited 2 months ago) (1 children)

which part was wrong?

Because the hashing happens server-side, it still has access to the original data. Which is why I said

It can leak if the server is compromised or misconfigured

[–] Nomad@infosec.pub 1 points 2 months ago

The hash for a password is not that secret. For a strong password it can't be used for anything bad really.

[–] nexguy@lemmy.world 2 points 2 months ago

Or anything you've ever touched

[–] karashta@piefed.social 15 points 2 months ago (1 children)

I enjoy that grapheneOS let's me set up a secondary pin to nuke the phone.

[–] whotookkarl@lemmy.dbzer0.com 2 points 2 months ago

And multiple profiles to further sandbox different uses or types of software (social media, email, games, etc)

[–] Akasazh@lemmy.world 5 points 2 months ago* (last edited 2 months ago)

There's burn victim survivors that could get in an awkward spot due to that shit. Fingerprints and facial features seem relatively unchanging unless something very dramatic happens.

[–] wonderingwanderer@sopuli.xyz 4 points 2 months ago

Facial recognition scans are so detailed that that data can be used to make highly realistic deepfakes. Deepfakes with higher resolution than an ordinary video recording. And a couple layers of abstraction can obscure the origins of the "video"...

We're entering some truly dystopian times...

[–] apotheotic@beehaw.org 3 points 2 months ago

Damn, bet, time to get ffs