{"id":981,"date":"2008-05-01T10:22:50","date_gmt":"2008-05-01T18:22:50","guid":{"rendered":"\/?p=981"},"modified":"2008-05-04T22:07:11","modified_gmt":"2008-05-05T06:07:11","slug":"fingerprint-charade","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=981","title":{"rendered":"Fingerprint charade"},"content":{"rendered":"<p>I got a new Toshiba\u00a0Portege a few weeks ago, the first machine I&#39;ve owned that came with a fingerprint sensor.\u00a0\u00a0\u00a0At first the system\u00a0seemed to have been\u00a0designed\u00a0in a sensible way.\u00a0 The fingerprint template is encrypted and stays local.\u00a0 It is never released or\u00a0stored in a remote database.\u00a0\u00a0I decided to try it out &#8211; to experience what it\u00a0&#8220;felt like&#8221;.<\/p>\n<p>A couple of days later, I was at a conference and on stage under pretty bright lights.\u00a0 Glancing down at my shiny new computer, I saw what looked unmistakably like a fingerprint on my laptop&#39;s right mouse button.\u00a0 Then it occurred to me that the fingerprint sensor was only a quarter of an inch from what seemed to be a perfect image of my fingerprint.\u00a0 How secure is that?<br \/>\n<img loading=\"lazy\" border=\"0\" vspace=\"10\" width=\"450\" src=\"\/wp-content\/images\/2008\/04\/toshiba_finger.jpg\" hspace=\"10\" height=\"318\" \/><\/p>\n<p>A\u00a0while\u00a0later I ran into\u00a0 <a href=\"http:\/\/virtualsoul.org\/blog\/\">Dale Olds <\/a>from Novell.\u00a0 Since Dale&#39;s an amazing photographer, I asked if he would photograph the laptop to see if the fingerprint was actually usable.\u00a0 Within a few seconds he took the picture above.\u00a0<\/p>\n<p>When Dale actually sent me the photo, he said,<\/p>\n<blockquote><p>I have attached a slightly edited version of the photo that showed your fingerprint most clearly. In fact, it is so clear I am wondering whether you want to publish it. The original photos were in Olympus raw format. Please let me know if this version works for you.<\/p><\/blockquote>\n<p>Eee Gads.\u00a0 I opened up the photo in Paint and saw something along these lines:<\/p>\n<p><img loading=\"lazy\" border=\"0\" vspace=\"10\" width=\"450\" src=\"\/wp-content\/images\/2008\/04\/finger_close.jpg\" height=\"420\" \/><\/p>\n<p>The gold blotch wasn&#39;t actually there.\u00a0 I added it as a kind of fig-leaf before posting it here, since it covers the very clearest part of the fingerprint.\u00a0<\/p>\n<p>The net of all of this\u00a0was to\u00a0drive home, yet again, just\u00a0how silly it is to use a &#8220;public&#8221; secret as a proof of identity.\u00a0\u00a0The fact that I can\u00a0somehow &#8220;demonstrate knowledge&#8221;\u00a0of a given\u00a0fingerprint means nothing.\u00a0\u00a0Identification is only possible by\u00a0<em>physically verifying<\/em> that my finger\u00a0embodies the fingerprint.\u00a0 Without physical verifcation, what kind of a lock does the fingerprint reader provide?\u00a0\u00a0A lock which conveniently offers every thief the key.<\/p>\n<p>At first my mind boggled at the fact that Toshiba would supply mouse buttons that were such excellent fingerprint collection devices.\u00a0 But then I realized that even if the fingerprint weren&#39;t conveniently stored on the mouse button, it would be easy to find it somewhere on the laptop&#39;s surface.<\/p>\n<p>It hit me that in the age of digital photography, a properly motivated photographer could probably find fingerprints on all kinds of surfaces, and capture them as expertly as Dale did.\u00a0 I realized it was no longer necessary to use special powder or inks or tape or whatever.\u00a0 Fingerprints have become a thing of &#8220;sousveillance&#8221;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;In fact, it is so clear I am wondering whether you want to publish it&#8230;&#8221;<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[21,48,11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/981"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=981"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/981\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}