That is bad. Kids will always try to get into phones/iPads to play with them, delete a few apps apps, check your notification etc. But you can't setup your spouse as second user on it?
i’d like to know how long it was from the time it was initially configured to her face.
Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment.
All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
Yep, already read the article. But the video only presents one small segment of the larger experiment - the test case failure. I'd like to see the entire experimental sequence from initial "training" to unintended unlocking documented in a video. I'm not disputing whether Face ID was reliably spoofed, I'm only asking to see everything in the experiment recorded so the conditions and scenario can be evaluated and hopefully repeated by Apple engineers in an instrumented test environment.
The first thing every engineer wants to know when there is any functional anomaly is whether the scenario is repeatable so they can repeat the test case and hopefully identify the root cause of the failure. Without seeing the whole sequence recorded the repeatability is questionable. The creators of the video went to the trouble to record and post the test case failure online. This indicates that they are willing put in some level of effort to bring light to this condition. That's all fine and good. But they can do so much more by helping Apple correct the underlying problem by recording the entire test case in a video so Apple can try to repeat it in their lab. This is not too much to ask for and I'm sure Apple will find a way to express their gratitude.
i’d like to know how long it was from the time it was initially configured to her face.
Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment.
All you had to do was read the source article.
What source article? This AI story doesn’t have a Wired reference link unless I’m missing it.
Ah, you've missed my link to the source article, which I went and searched for myself before commenting. There's often "more stuff to learn" from a source article than a summation from a 3rd party which is why I look beyond one site. https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
Your link didn't exist in the story published by AI. Since I'm on AI, I'm reading and commenting on the content published by AI. There's no reason for me to realize there was a third-party source article if AI didn't refer or link to it in their story (which they should IMO). Your nuts if you think I'm going to scan the comments for "GatorGuy" links to read prior to commenting on the AI story as published. Get real.
Um... You quoted my post that included it. You just failed to quote the link, so apparently missed it. Don't let it upset you. I'm not nuts, I just recognised there was probably an original source for the AI article.
That is bad. Kids will always try to get into phones/iPads to play with them, delete a few apps apps, check your notification etc. But you can't setup your spouse as second user on it?
Through the passcode.
We are so used to 2 users on Touch ID. Why give up on something great? Who remembers passcodes with 10 devices in the house? So please Apple, bring back that feature! I bet the second generation of Face ID will have it again!
setup Face ID make sure it works for you now pass to sibling/child, it will fail to unlock. have them hold the phone and put in passcode now, they can unlock with Face ID.
The only caveat is that they have to at least somewhat resemble you so that the iPhone temporarily adds their face scan as additional data to the initial scan.
Here is an idea of an interesting experiment. Gather a group of people that looks alike. Give each one an iPhone X. Let them switch phones and see how many of them can unlock other iPhone X. I guess at least one or them can succeed.
That is bad. Kids will always try to get into phones/iPads to play with them, delete a few apps apps, check your notification etc. But you can't setup your spouse as second user on it?
Through the passcode.
We are so used to 2 users on Touch ID. Why give up on something great? Who remembers passcodes with 10 devices in the house? So please Apple, bring back that feature! I bet the second generation of Face ID will have it again!
Maybe, maybe not. While you could register up to 5 fingers with Touch ID, the entire system works differently than Face ID. If adding 1 to 4 more faces caused a long delay in authentication it's probably not going to happen. Even if it miraculously happens to be just as fast it may never happen because these are designed as single-user devices and you have two hands with 5 phalanges on each hand, while you only have one face.
The original situation of the son being able to unlock with Face ID likely arose because Face ID had been only minimally trained on the mother.
In later retrains by the mother, the kid knows his mother's passcode and his face is similar enough, so every time Face ID fails and he enters the passcode, it's telling Face ID to add his face to the Face ID model.
If you give someone else your passcode, does Face ID matter any more? It seems Face ID accuracy is compromised at least a little when someone other than the trainer enters the passcode, too. If you later want to exclude people who have your passcode and who may have used it to gain entry, you should change your passcode and re-set Face ID.
Whatever happened to the scientific method?
Face ID training involves 2 passes. Sometime I plan to train one pass on my face and the other on my wife's. Then see what happens!
Is that how Face ID works? Every time you enter the passcode Apple programmed the system to accept that it's the owner and takes another face scan for training and improvement? I'd not seen that mentioned before. If so that's potentially a bit problematic since Face ID only allows one face to unlock it, and Dad/Mom/The Kid has to use the owner's passcode if he/she is allowed/asked to access the phone.
My understanding is that, if a face--whether it's the original trainer's face or someone else's--is similar enough to the current Face ID model, then a failure to unlock by Face ID followed by entering the correct passcode will add that person's visage to the model. As the original trainer unlocks with their face over time, the model becomes increasingly specific for their face, making it less and less likely that the face of someone else (who must also know the passcode!) will get mixed into the model. When Face ID is initially trained, it would be far more likely to accept and add to the model someone else's visage. I'm pretty sure Federighi said enough during his demo to conclude all this. Hypothetically, similar-looking family members will rarely be a problem if they aren't allowed to unlock the X after the primary user has trained Face ID for some period of time (a few days?). Who's going to test this?
If the truth of it is that the FaceID was trained to the kids face somehow, then whatever rules are being set to adapt recognition over time must be adjusted. Apple claimed 1:1000000 false positives, there are enough videos out there to put that in question.
They said nothing about "1:1000000 false positives." Their statement is about a statistical average based on randomness due to the sophistication of the HW and SW. Think of it like having a 4-digit PIN. You have 10,000 possibilities, or a 1:10,000 chance, but if that PIN is '0000' or the 4-digit house number of your address, it's probably going to be cracked much sooner because someone will look for common patterns. With Face ID the common pattern is a close DNA match.
This is also partially true for fingerprints in that the various aspects of a fingerprint are inherited. However, the actually print pattern tends to be very unique, even amongst identical twins, which is why it can be 1:50,000 and potentially be more secure than Face ID with 1:1,000,000.
Ok, you focused on the 1:1000000 claim, but my real assertion is that the training rules are not right if this kind of thing can happen. I would understand totally the case of identical twins but this kind of abuse case seems like an obvious one to guard against. Kids are always trying to mess with parents stuff.
What's your solution? Children are often very close to one parent's skull structure and it's not suppose to be used for children under 13yo, so what is Apple to do that they haven't stated already?
I guess Apple could offer a Face ID+passcode option for the first week so that it will both keep her son out as well as let the device know not to record any Face ID training that doesn't accompany a passcode immediately after. And while that week of training may prevent her son from getting into iPhone X it's certainly not guaranteed.
While I'm glad that the limits of the technology and implementation are being explored, I also don't think it's a big deal.
If the truth of it is that the FaceID was trained to the kids face somehow, then whatever rules are being set to adapt recognition over time must be adjusted. Apple claimed 1:1000000 false positives, there are enough videos out there to put that in question.
They said nothing about "1:1000000 false positives." Their statement is about a statistical average based on randomness due to the sophistication of the HW and SW. Think of it like having a 4-digit PIN. You have 10,000 possibilities, or a 1:10,000 chance, but if that PIN is '0000' or the 4-digit house number of your address, it's probably going to be cracked much sooner because someone will look for common patterns. With Face ID the common pattern is a close DNA match.
This is also partially true for fingerprints in that the various aspects of a fingerprint are inherited. However, the actually print pattern tends to be very unique, even amongst identical twins, which is why it can be 1:50,000 and potentially be more secure than Face ID with 1:1,000,000.
Ok, you focused on the 1:1000000 claim, but my real assertion is that the training rules are not right if this kind of thing can happen. I would understand totally the case of identical twins but this kind of abuse case seems like an obvious one to guard against. Kids are always trying to mess with parents stuff.
What's your solution? Children are often very close to one parent's skull structure and it's not suppose to be used for children under 13yo, so what is Apple to do that they haven't stated already?
I guess Apple could offer a Face ID+passcode option for the first week so that it will both keep her son out as well as let the device know not to record any Face ID training that doesn't accompany a passcode immediately after. And while that week of training may prevent her son from getting into iPhone X it's certainly not guaranteed.
While I'm glad that the limits of the technology and implementation are being explored, I also don't think it's a big deal.
It becomes a slightly bigger deal once your kid authorises purchases through family sharing...
I just pointed out what should be a fairly obvious scenario. I don’t have the answers, if I did I wouldn’t be sitting here
Something like you suggest would improve things I guess, but surely the software parameters can adjusted to tighten the likeness threshold. Or maybe that was tried and that resulted in too many false negatives?
While the iHaters are certainly have a field day on this, I find the hater being so gullible in accepting any youtube video without any scientific proof to back it up.
As far as I'm concerned and unless Apple makes an official statement, this is a non-issue when FaceID as been configured and trained properly. I'll gladly trust Apple's testing and resources much more than some schmuck on youtube with an axe to grind.
I would also like to know the full setup. Has the phone been trained, even inadvertently, to recognise the son's face as well as the mother's? Or is it a matter that in the right lighting, the son looks enough like the mother to get past the model? And how long after configuring it was the testing done?
From some of the comments here, there's a suggestion that at least the subsequent tests in different lighting were done fairly soon after the config of FaceID. Not sure what the implications of that are, other than it will presumably get harder to fool it, the longer it's in use, due to the way it learns.
This and the BKAV story show there's a lot of experimentation to be done with FaceID, but the stories are largely just about getting around FaceID without detail on the testing setup. I'd say in each instance, there's something crucial missing from the description.
Doh! It's a hidden feature that Apple built but didn't promote. The feature is to scan a second user's face and let Face ID learn the new face, thus adding a second face to unlock the iPhone X.
i’d like to know how long it was from the time it was initially configured to her face.
Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment.
All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
Thanks for the link to the original article which said;
"At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"
It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative. * What to do imo? - As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions. - If not successful, and worried about a relative, turn off Face ID and use a password. - If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+. - If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.
i’d like to know how long it was from the time it was initially configured to her face.
Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment.
All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
Thanks for the link to the original article which said;
"At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"
It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative. * What to do imo? - As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions. - If not successful, and worried about a relative, turn off Face ID and use a password. - If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+. - If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.
I'm surprised that is an issue since it projects IR and captures IR. Why are external visible light sources even needed?
I love seeing all the Apple fans rushing to blame the users... you know, the target audience for these devices.
Right.. Unlock nearly straight nearly after first training (after introducing bad training data), as usual. All the cases have been exactly the same up to now.
i’d like to know how long it was from the time it was initially configured to her face.
Yes, and I'd also like to see whether the phone was trained to accept the son's face ahead of time. Not trying to defend or refute the claim that the video implies, but I'd like to see the experiment repeated starting at the very first initialization/training steps and proceeding to the son attempting to unlock the phone with the phone never having seen his face before. It's insufficient to reach a conclusion in this case without having any semblance of it being a controlled experiment.
All you had to do was read the source article. The phone was reset multiple times to test Face ID initializing and use under different conditions, and where it was assured the phone could not have "seen" her son during the setup. https://www.wired.com/story/10-year-old-face-id-unlocks-mothers-iphone-x/
Thanks for the link to the original article which said;
"At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"
It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative. * What to do imo? - As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions. - If not successful, and worried about a relative, turn off Face ID and use a password. - If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+. - If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.
I'm surprised that is an issue since it projects IR and captures IR. Why are external visible light sources even needed?
Exactly. I assumed it was all about the IR dots (and nothing but the dots).
Comments
If so..... (nah, I don't want to get banned)...
The first thing every engineer wants to know when there is any functional anomaly is whether the scenario is repeatable so they can repeat the test case and hopefully identify the root cause of the failure. Without seeing the whole sequence recorded the repeatability is questionable. The creators of the video went to the trouble to record and post the test case failure online. This indicates that they are willing put in some level of effort to bring light to this condition. That's all fine and good. But they can do so much more by helping Apple correct the underlying problem by recording the entire test case in a video so Apple can try to repeat it in their lab. This is not too much to ask for and I'm sure Apple will find a way to express their gratitude.
You quoted my post that included it. You just failed to quote the link, so apparently missed it. Don't let it upset you. I'm not nuts, I just recognised there was probably an original source for the AI article.
setup Face ID
make sure it works for you
now pass to sibling/child, it will fail to unlock.
have them hold the phone and put in passcode
now, they can unlock with Face ID.
The only caveat is that they have to at least somewhat resemble you so that the iPhone temporarily adds their face scan as additional data to the initial scan.
Hypothetically, similar-looking family members will rarely be a problem if they aren't allowed to unlock the X after the primary user has trained Face ID for some period of time (a few days?). Who's going to test this?
It becomes a slightly bigger deal once your kid authorises purchases through family sharing...
I just pointed out what should be a fairly obvious scenario. I don’t have the answers, if I did I wouldn’t be sitting here
Something like you suggest would improve things I guess, but surely the software parameters can adjusted to tighten the likeness threshold. Or maybe that was tried and that resulted in too many false negatives?
While the iHaters are certainly have a field day on this, I find the hater being so gullible in accepting any youtube video without any scientific proof to back it up.
I would also like to know the full setup. Has the phone been trained, even inadvertently, to recognise the son's face as well as the mother's? Or is it a matter that in the right lighting, the son looks enough like the mother to get past the model? And how long after configuring it was the testing done?
From some of the comments here, there's a suggestion that at least the subsequent tests in different lighting were done fairly soon after the config of FaceID. Not sure what the implications of that are, other than it will presumably get harder to fool it, the longer it's in use, due to the way it learns.
This and the BKAV story show there's a lot of experimentation to be done with FaceID, but the stories are largely just about getting around FaceID without detail on the testing setup. I'd say in each instance, there's something crucial missing from the description.
"At WIRED's suggestion, Malik asked his wife to re-register her face to see what would happen. After Sherwani freshly programmed her face into the phone, it no longer allowed Ammar access. To further test it, Sherwani tried registering her face again a few hours later, to replicate the indoor, nighttime lighting conditions in which she first set up her iPhone X. The problem returned;"
It seems that with what would be considered "poor lighting" that Face ID will not have a clear image of the user's face so that it can be spoofed by a close relative.
* What to do imo?
- As mentioned by Wired; check out if close relatives can unlock the iPhone X. If they can, try re-registering the owner's face in clear lighting conditions.
- If not successful, and worried about a relative, turn off Face ID and use a password.
- If a password is too inconvenient, consider trading the iPhone X in during the return period for an iPhone 8/8+.
- If all of this is too much of a hassle or is too scary, skip the iPhone X and get the iPhone 8/8+.