this post was submitted on 19 Jun 2024
456 points (98.9% liked)
Privacy
4201 readers
32 users here now
A community for Lemmy users interested in privacy
Rules:
- Be civil
- No spam posting
- Keep posts on-topic
- No trolling
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I wish there was a way to require both biometrics and PIN. They're both insecure on their own, but together they're better. Like instant MFA for your unlock. I would enable that immediately, if it was available.
Edit: then a password / passphrase in case one of the other two stops working (as an emergency unlock).
It’s sort of there, but maybe more to protect from criminals than abuses of authorities. All of my bank apps require a second authentication to launch or even to switch back to them.
Granted I could turn it that off or set it to biometrics, but I leave it on PINs. A criminal wanting to steal from my bank account will need both my biometrics to unlock my phone and a different PIN per bank.
This even provides some protection from the $5 wrench they’d use. Sure, I’ll unlock my phone at the threat of real violence. But you won’t know ahead of time what banking app I have or even how many, so you may not get them all. Pay by phone may use the same biometric but I can likely dispute those charges after the fact
In the abuse of authority scenario, that may keep them out of my bank records but there are established paths to get that from the bank so they’re less likely to be interested. I’m sure they’re more interested in violating the privacy of my friends and family
linux fun fact, im pretty sure you can just do this out of the box using PAM auth.
Gotta love android and IOS being utter dogshit.
Wow, a generic "Linux good, anything else dogshit" comment.
This is in no way relevant to the topic.
This is like if someone posted that they couldn't get their car with the color they wanted and you saying "fuck you and your car, I can paint my living room in any color I want, right now it is striped burgundy and mint, aren't living rooms way better than cars?"
and the original comment is entirely irrelevant to the original thread? You can't be serious.
Am i not allowed to enjoy the flexibility of linux, ever? I agree with the original poster, i think android and IOS should objectively support these features, they have no reason not to. I've never said otherwise, i just think they're dogshit OS's because they don't support basic security features you would otherwise expect to any level of consistency.
No, it's more like ford only producing cars in black, and people complaining about the fact that they don't come in any other color, and then me mentioning that actually, you can just paint your own car a different color, it's not really that hard. But regardless of that ford only selling cars in black is a rather shitty business practice to do especially when customers want cars in other colors, because black is, rather boring.
So this is your alt, how cute!
i have an alt? Since when?
I don't have any other accounts on lemmy lmao, you could doxx me and you would find nothing.
It is rather "you have proprietary car where you can't even change volume on radio, while I have car that can be repaired with standard parts".
With PAM you can do literal math captcha.
Show me a mobile phone running Linux with that config working. It doesn't exist.
i wasn't talking about phones, but the pinephone, and the pinephone64, and a handful of other phones that are supposedly running linux, that are either not out yet, or really expensive.
Is this your alt?
lol.
nope, unfortunately this is my main, and by main i mean the one sole singular lemmy account that i have.
PinePhone64.
That is just a Phone model, you have yet to show me that phone being configured as you specified
go show me that it's impossible then, once you show me that it's impossible i will go and do it myself just to spite you.
lol.
lol.
It's literally linux phone. It runs regular linux. Regular linux uses PAM modules. There is no difference between configuring it on desktop and on phone. If comprehending ability to use same OS on desktop and phone is beyond your intellectual ability, I will guide you with this logical chain: linux on desktop -> linux on ARM computer like raspberry pi -> linux on ARM computer based on Allwinner A64 -> PinePhone is based on Allwinner A64.
If you still don't grasp it, I'll try once more. This can be installed on regular linux. Single Board Computers can run regular linux. This includes Pine64, which uses A64 chip. A64 devices can run it from sd card. And if you can't imagine how Pine64 that works on A64 and PinePhone that works on A64 are connected, here's neat trick: insert bootable sd card into Pine64, load linux, configure math captcha module, shut it down, insert same sd card into powered off PinePhone, power it on, it will load exact same OS your Pine64 have been using and where math captcha is configured.
You still have not shown me a Phone configured as you bragged it could.
You don't grasp that I am not interested in theory, I am interested in practical demonstrations.
My point is that it doesn't matter if Linux xan do this, the discussion was about a mobile phone that could do both biometrics and pin at the same time.
So linuxphones you don't consider as phones? Fine.
Wow, you still don't get it.
Show me a Linux phone that is actually configured to unlock with both biometrics and pin, then you have proven that Linux is relevant.
I don't care about what is technically possible, I care about it actually being done.
I am not even asking if it is easy to setup or simple to use, I am just asking you to prove that it can be done on a Linux phone.
I am just asking for a proof of concept running on a Linux phone.
I am giving Linux the best possible chance here, the bare minimum.
The tasks I want to see done on a Linux phone is the following:
I love Linux, I have been a Linux sysadmin for almost a decade and used Linux on and off for almost twenty years. I daily drive Windows due to work and gaming, but am considering switching to Linux at home when Win10 goes EOL.
But unless you can show me a Linux phone configured as described above then Linux is not the answer.
For the time being I wish you a happy midsummer.
Linux is fucking dying on phones. UBport, etc all they can do is a cat and mouse game. Voip? Catch the mouse. And all the while it's running om proprietary cellular modem chips, something that will never change
if you lack basic cognitive reasoning to the point that someone can configure PAM in a specific way on desktop linux, and that presumably, a phone running the exact same software suite, with no differences aside from graphical environment, somehow couldn't do this is actually just kind of sad.
Wait until you find out how monitors display color. They have three different colors, red green and blue, and somehow, that manages to make all the funny colors on your screen. But since you can't see the individual pixels with your naked eye, i guess that must be untrue now huh?
What are you on about?
idk you tell me, i'm still trying to figure out what you were waffling on about.
With PAM you can do literal math captcha.
Linux on it's way to support things because "haha funny, why not"
You claim so and yet have no example article, video, blog post, or any form of proof of it ever being done. Everything is possible in theory, even on iOS (with a jailbreak).
bro i use linux, i have literally configured a fingerprint scanner to work before, do you think i'm just making up PAM?
There is quite literally a section on the arch wiki about this being a thing.
https://wiki.archlinux.org/title/Fingerprint_GUI#Password there are probably a handful of other methods of doing this notably any additional form of 2FA. (like this one is)
although realistically, there are better ways of doing this than using biometrics, physical security keys for example.
Also you say this like the OP actually verified that this was a thing that was impossible and couldn't be done. You're also acting like i claimed that this was explicitly the case, which i did not.
So did I, can confirm it's easy, and it doesn't matter because we are not talking about configuring a fingerprint scanner to work, we are talking about having a phone lock screen that asks for both a fingerprint and a password, something that would require, at the very least, UI that I don't think exists in any Linux phone project. That there is underlying functionality in PAM to make it happen is irrelevant, because that's only part of such a solution.
No, why? I'm saying that there is no Linux phone where "you can just do this out of the box" like you say.
i wasn't talking about phones, you are retconning my own thoughts lmao.
i did not say that, not once, please show me where on the doll it says "linux phone"
The topic is about phones, and you said:
If you are saying you started an offtopic conversation about Linux that had nothing to do with phones, and then, unrelated to your own comment, complained about Android and iOS even though your comment had nothing to do with phones, then... that sure is interesting.
no, we were talking about basic cybersecurity, or i suppose physical device security, which just happens to be relevant to phones because it turns out phones are dogshit at physical security. So i left a comment about how this is basically a solved problem on linux, because it's not actually that hard to just implement proper security.
I was complaining about android, because both me and the commenter i was responding to were talking about how awful security is on these devices, for no reason other than utter incompetence or forced inaction.
This isn't interesting, it's a basic conversational pattern, if you haven't spoken with enough people to realize that conversations just, shift sometimes, i feel bad for you.
Maybe. I don't biometrics on my computers. Only phone. I don't unlock my computer a thousand times a day using a crappy touch kb. Actually, if the phone had a physical kb, maybe it wouldn't have been so bad. Not sure.
i wouldnt really want to use biometrics on my computer either, i'd rather use a physical security key, but then i'd probably also want to use it with my phone also. So there's that i guess.
The only issues I have with a yubi on a phone, is the general fragility of USB-C ports (and that there is only one). On a PC or laptop, you've generally got several, so if one breaks and the yubi can't be used in that port, you're not locked out.
yeah, i would be doing something more like NFC smart card type shit tbh. Perhaps an embedded chip in your hand or something. There are options.