a thoughtful web.
Good ideas and conversation. No ads, no tracking.   Login or Take a Tour!
comment by bhrgunatha
bhrgunatha  ·  678 days ago  ·  link  ·    ·  parent  ·  post: Authenticating without a password is something we should talk about

The issue for me is that you can't invalidate or change it once your biometric data is out there, which it definitely will be.

I don't think imposters will need access to your blood, just the data about it. That will be enough to cause real damage I think.

You seem pretty chipper on the idea but I'm less optimistic. Firstly about even having those concerns but then also having to actually deal with the fallout once your biometric data is in the hands of some Belgian drug gang.

Like take a detached step back and re-read what you've written there. What you've described is a chilling prospect to me.





kleinbl00  ·  678 days ago  ·  link  ·  

At some point, we're going to need legislation that says "no, Facebook, fuck off, you are NOT entitled to know that much about me." I'm pessimistically certain it will be after some bullshit "move fast and break things" tech company with a fuckton of VC money behind it builds a security stack out of eggo waffles and karo syrup and gets plundered by Russian hackers to the tune of a million fingerprints.

goobster  ·  677 days ago  ·  link  ·  

Biometric data is just another identifier, like a SSN, driver's license, name, whatever. Because it is harder to gather right now does not make it any different than any other identification method. All the same security concerns apply.

Regardless of whether the imposter has my social security number or the digital hash of my blood's fingerprint, it's just data. And that data can be validated or invalidated through more stringent testing methods; like running another blood test and validating I am who I say I am. No scammer has access to my blood, so I'll always be able to prove I am me.

kleinbl00  ·  677 days ago  ·  link  ·  

I'ma go get a new driver's license. You go get new fingerprints. We'll circle back and compare our tasks, deal?

"Aha!" you're tempted to say. "But I can always prove who I am because I have the original fingerprints!" Sure. But you're going to verify your fingerprints by going "look this is my birth certificate I'm really me and THESE are my fingerprints" and so is the guy who is stealing your fingerprints and because he's aware he's doing it and you're still catching up, lo and behold, you are no longer you.

In a normal situation when you've been subjected to identity fraud, you erase the defrauded shit and start over. In a situation where the fraud involves biometrics, there will forever be an asterisk next to your data. You're going to take longer to get on a plane, you're going to be held up by medical insurance, your bank loans are going to be subject to additional scrutiny, all of it. It'll be the same as the credit bureaus do to you NOW except they'll say "we use biometrics we're perfect" and it'll be ten years of brown people bitching about how that is very much not the case before a single white person gives a shit.