top | item 12057687

(no title)

joshavant | 9 years ago

I thought I once read that, since Touch ID relies on fingerprints, a US court order can compel you to provide those, thus forcing you to unlock an iPhone in question.

This, as opposed to a passcode-only configuration, which a court order cannot compel you to give (I believe since this would fall in the category of 'forcing you to testify against yourself').

If that is indeed the case, I imagine it would make better sense to leave Touch ID disabled, unlike what this article suggests.

discuss

mikeash|9 years ago

I leave it enabled, then power the phone off before interacting with The Man, like when going through customs. Touch ID is disabled on a fresh boot until you enter your passcode, so that basically turns it off temporarily. This is briefly mentioned in the article.

Another thing you could do is set it up with an unusual finger, like the middle-finger of your non-dominant hand. After five failed tries, Touch ID is disabled until you enter your passcode, so you can use the wrong finger five times when they ask you, and disable it that way. Say you're sweating too much or something (a common cause for real Touch ID failures for me).

It all depends on just how paranoid you are and what you want to defend against.

lostlogin|9 years ago

Having got sick of damp fingers blocking Touch ID I added my nose as one of the options. No more lockout during dish washing.

Jtsummers|9 years ago

http://blogs.wsj.com/digits/2014/10/31/judge-rules-suspect-c...

Court decision from 2014.

http://www.theatlantic.com/technology/archive/2016/05/iphone...

First known application since then.

ThatGeoGuy|9 years ago

Keep in mind this is strictly relevant to US jurisdiction. In Canada, I recall that you can be compelled by a court to give up a password, or be held in contempt. That being said, something like TouchID is irrelevant if the password is going to be forced out of you anyways.

elithrar|9 years ago

> If that is indeed the case, I imagine it would make better sense to leave Touch ID disabled, unlike what this article suggests.

It entirely depends on your threat model. If you are at hacker or tech conferences, TouchID is far better as it can't be shoulder surfed. If your threat model is nation-states, then you would take a different approach. As TFA says:

> Turn the phone off before entering any situation that might lead to you being coerced to use your fingerprint to unlock the phone.

ericabiz|9 years ago

If you never want Touch ID to work, you can just replace the home button in the phone. It's a security feature from Apple--a new home button will never work with Touch ID again.

It's not too difficult to swap a home button yourself with the right tools, or most stores will do it for ~$49 to $59 (depending on your iPhone model.)

If you have a store do it, definitely ask for your original home button back in case you change your mind later or sell your phone.

st3fan|9 years ago

Just don't setup Touch ID?

Esau|9 years ago

Yeah, fuck Touch ID. In my opinion, a computer security feature that works when you are unconscious is not a computer security feature.

rimantas|9 years ago

Talk about throwing out the baby with bathwater. Being unconscious ir a very rare use case for iPhone. In other cases having protection provided by Touch ID beats passcode which is to inconvenient so many would skip and left without ANY protection. Touch ID is basically transparent and provides adequate protection for common scenarios.