Not now, not ever! Stop asking!
from some_guy@lemmy.sdf.org to privacy@lemmy.ml on 20 May 19:53
https://lemmy.sdf.org/post/34952846
from some_guy@lemmy.sdf.org to privacy@lemmy.ml on 20 May 19:53
https://lemmy.sdf.org/post/34952846
cross-posted from: lemmy.today/post/29758710
Google is not entitled to my personal banking information or any other PII! WTF if I go to a store and want to buy I will.
threaded - newest
but…but… It’s sooooooo easy and convenient for you and it’s safe, we pinky-promise!
Temporary workaround — close Play store, turn off data & wifi, open Play store and then connect to network.
Don’t give anything to Google.
if you browse the play store on a web browser you can open app links directly to bypass this. for now.
.
We think someone has been using your fingerprint. Have you considered submitting your DNA so we know it’s you?
no need. just get arrested for (not convicted of) a felony and they will do that part for you
or have some idiot family member who thought 23 & me was a novel and fun idea
I’m sorry the latter is personal experience
I honestly don’t understand why any company is still trying to store my payment info with the number of leaks that happens
Oh yeh drunk purchases
I’m all for not giving more data points where it’s not needed, but is this as bad it seems? All biometric data remains stored on the device, it isn’t sent to Google, or any app for that matter, that’s how the API works
yeah, it’s stored locally. This is just FUD cause “big corpo bad”.
OP
Payment info is stored locally?
Exactly. Just like they never tracked and stored our movements when we turned iff location history.
The class action suit they lost on that was fake news /s
I mean it’s okay to start scared and ignorant, but it’s a choice to stay that way
That’s different, it’s technically possible not to comply with that statement because the location data is sent and stored, it takes just not deleting it to violate that, it just evaluates to a pinky promise that has to be verified by inspecting their systems.
This, on the other hand, is a technically verifiable claim, the code is open and it all runs locally on the same machine, the TEE will give the green light and that’s how apps will accept your biometric verification, the only thing that might be suspicious is with the implementation of the TEE, I don’t know if every manufacturer keeps the data it gets on the device or secretly communicates outside, this unknown is also a good reason to use a Google Pixel device if you care about that
From the Privacy Guides Mobile phones page
Yeah… People are like this… It’s All fake news until it isn’t anymore and than everyone is Pikachu Faced…
After all they have done and still doing… I can ASSURE and GUARANTEE you with 100% certitude that they would NEVER do that… They are not that kind of evil. /s
Sigh 😮💨😮💨
There’s a difference between saying “the secure enclave holds the biometric data securely and locally in a verifiable way with no mechanism to retrieve the actual data” and “trust them, don’t worry about it”
If your banking app has a biometrics lock, it doesn’t mean the bank has your biometric data. That’s not how this works.
Yeah, android doesn’t allow apps to collect biometrics data, at least not using the standard fingerprint sensors.
Unless the OS is heavily modified i don’t think AOSP is technically capable of doing that
I feel like the bigger security concern here, if one needs to worry about it for their threat level that is more likely, is just like if someone knows your password, who could force me to unlock my phone via biometrics?
the cops?
In America at least, “law enforcement” (Police, Ice, CBP) aren’t allowed to force you to enter your password, but they can just happen to hold your phone up to your finger/face to unlock it using biometrics.
.
It’s not about having faith in the rule of law, it’s about minimizing risk. Obviously if they’re just gonna kill you or mail you to CECOT there’s nothing you can do anyway.
If you don’t enter your password you are deemed suspicious. They’ll just put you in detention for a while to see if you’re a danger. Maybe the holding cells get full and they ship you off maybe you just sit there for a few weeks.
They don’t seem to give a fuck about what they’re allowed or not allowed to do this year.
Travel with a burner phone.
Well, travelling with a burner phone won’t stop a cop from just shooting you in the streets!
It was good talking to you, you have a good day
I don’t have it turned on and I’ve never seen this screen. How did you get there?
Smartphones are the biggest spyware. I prefer to lick my elbow before storing sensitive data in these devices or using it with banking or medical apps.
I prefer to carry my laptop with it. I mostly use my phone as a mobile router.
The less you do on your phone, the better.
Good ol’ Nokia 3350 times
That wasn’t a question.
There is hardware level security used to perform the authentication and holds your biometric data locally. If you get a new phone, you have to re-add your fingerprints. Assuming the hardware security is impenetrable by software, it’s safe.
But that’s not an assumption we can make any more; the security landscape is very dynamic right now. You cannot be too careful.
We all live with constant risk of whose good reputation will be squandered next for a price. Or that AI will revolutionize hacking. Or that quantum computing will break the security. Or that [insert exporting nation here] modified the chip before it shipped for assembly, circumventing the manufacturers entirely. Never mind all the political factors!
Admittedly, I don’t go about my life considering any of this, but I’m not a big privacy hawk either. I gave most of my personal data away as a kid and I go about my life assuming it’s already out there. Ignorance is bliss, I suppose, at least so far fingers crossed
.
Just ignore this.
The major downside of biometrics is that if you get caught, they can force your finger on the phone or force you to look at the front camera.
Yep. I don’t allow biometrics to unlock my devices for this reason. Purchase something? Sure thing! Unlock? Hell no.
If you know you’re about to be in a shady place, you can do a quick restart or lockdown mode on both Android and iPhone. So you still get to use biometrics, but turn it off when you know you might be in some shit soon.
What about when authorities are waiting for you and grab your hands to keep you from altering any devices? I prefer the extra confidence of having it off permanently.
Yeah, there’s that concern, especially with how students and professionals rn are being snatched away in America.
I still use fingerprint but I totally understand why people turn it off entirely. Just noting for those who might want it on.