When your password leaks:→ Change your password→ Problem solved
-
I'm building @Snugg - social media that will NEVER require:
Facial recognition Fingerprint scans Biometric data of any kindWhy? Because we chose a business model that doesn't need surveillance.
Subscription model = we serve users, not advertisers.
No ads = no need for behavioral tracking
No tracking = no biometric data to "verify" you
No biometric data = nothing permanent to breachSimple.
-
Subscription model = we serve users, not advertisers.
No ads = no need for behavioral tracking
No tracking = no biometric data to "verify" you
No biometric data = nothing permanent to breachSimple.
We're launching March 2026.
Features:
End-to-end encryption (messages + metadata) Chronological feed (no algorithm) Open source (auditable code) Fediverse compatible (ActivityPub) €5/month (founding members get lifetime discount) -
We're launching March 2026.
Features:
End-to-end encryption (messages + metadata) Chronological feed (no algorithm) Open source (auditable code) Fediverse compatible (ActivityPub) €5/month (founding members get lifetime discount)If 700+ of you care enough to boost the problem,
Maybe some of you want to be part of the solution?
Founding member waitlist (first 500 get lifetime 40% discount):
https://snugg.socialNo biometric data. Not now. Not ever.
-
@capitainesam unless your profile photo is fake your face data leaked already. I am not sure I understand the concern about face biometrics in a world where we all expose this readily on social media.
-
@capitainesam Don't use biometrics to unlock phones. Police and criminals can grab your hand or aim the phone at your face to unlock your phone regardless of your wishes. They have to ask you for password/PIN; they don't have to ask to simply stick your finger on the phone screen or point the phone at your face.
@dancingtreefrog
This might help, it's shake and lock feature to be exact:
https://f-droid.org/packages/com.paranoid.privacylockAndroid advanced security also has this feature, but it adds blocking non-Play app installs and updates.
-
I'm building @Snugg - social media that will NEVER require:
Facial recognition Fingerprint scans Biometric data of any kindWhy? Because we chose a business model that doesn't need surveillance.
@capitainesam looks like you tagged a random person.
-
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
@capitainesam One of the 1.000.000.000 reasons.
Same with ID. It has a biometric photo on it. If scanned accurately, it can, AND WILL, be used to identify you.
-
@jfml @capitainesam I would hope that your phone takes a "fingerprint" of your fingerprint, i.e. enough to verify but not reconstruct.
@ill_logic @jfml @capitainesam every proper implementation hashes the fingerprint, just like you don't store clear text passwords in the shadow file...
The question is, is this a proper implementation on phones...
-
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
@capitainesam I don't think it's true.
If I compare to SSH keys. My face is the password of my private key.
Generating another private key with the same password is still possible and it's a different key. -
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
@capitainesam the ultimate argument against the stupidity of moving away from just using passwords. All this biometric stuff can go take a leap. I'll never use any of it.
-
Subscription model = we serve users, not advertisers.
No ads = no need for behavioral tracking
No tracking = no biometric data to "verify" you
No biometric data = nothing permanent to breachSimple.
Won't the law require you to to biometric ID?
-
@capitainesam So maybe you combine biometrics with password/passkey?
One of the foundational stories of cyberpunk illustrated a defense against biometrics fraud. The hackers targeted a victim that used fingerprint login. They managed to get a copy of the victim's fingerprint and used it.
Then the victim's security system kicked in - because the victim always deliberately *failed* the first finger login and used their *second* finger login...
@dancingtreefrog @capitainesam GrapheneOS supports a pin as second factor for biometrics
-
@vrek @capitainesam I seem to recall that it was William Gibson's Neuromancer; the incident that lead to the main character's nervous system being crippled by the Russian mafia. But it's been awhile since I read it, I could be mistaken.
@dancingtreefrog @vrek @capitainesam I think you're describing Orson Scott Card's "Dogwalker," which involves intuiting a password but failing to realize that the target always miskeyed the first time until too late.
"Neuromancer" does have a character who is neurologically crippled by their employer (with a "wartime Russian mycotoxin"). ("He'd made the classic mistake, the one he'd sworn he'd never make. He stole from his employers.")
-
@dancingtreefrog @vrek @capitainesam I think you're describing Orson Scott Card's "Dogwalker," which involves intuiting a password but failing to realize that the target always miskeyed the first time until too late.
"Neuromancer" does have a character who is neurologically crippled by their employer (with a "wartime Russian mycotoxin"). ("He'd made the classic mistake, the one he'd sworn he'd never make. He stole from his employers.")
@trurl @dancingtreefrog @capitainesam thanks for the clarification. I have been avoiding Orson Scott card because of his actions at conventions previously, although I have read enders game. That said I'm due for a re-read of nueromancer.
-
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
I would say you do the exact same thing:
If you used to use biometric for access control and your biometric is "leaked"…
You remove the biometric login and setup something else (password, certificate, passkey… just something else) -
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
The damage is already done for years. Wouldn’t it make more sense to discuss how to mitigate it an to heal it in the next decades?
-
@dancingtreefrog
Why copy? Just get the finger. With or without the human hanging on it.@Mercutio @dancingtreefrog @capitainesam That is something good fingerprint readers will detect. You get way better chances of success with a copy. Needs a print on a surface, a bit of superglue and a printer.
-
@capitainesam@mastodon.social @negative12dollarbill@techhub.social yeah, easy. just get plastic surgery, duhhhhh /j
@Starcross @negative12dollarbill @capitainesam Wasn't that a plot point in many early gangster movies?
What's old is new again! -
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
@capitainesam This is a IMPORTANT POINT!
My question is about biometric data on your phone. What can you do to protect it? Is it always local or is it shared?
Should you never use it because people can get into it -
When your password leaks:
→ Change your password
→ Problem solvedWhen your biometric data leaks:
→ You can't change your face
→ You can't change your fingerprints
→ The compromise is permanent
→ Your biometric data is in breach databases foreverThis is why facial recognition for age verification is dangerous.
@capitainesam biometrics for logins, not passwords!
