# Bio data and mobile phones, where is the info stored?



## stangalang (Nov 27, 2009)

As the title, I am looking at a number of phones that all have either fingerprint scanners, or finger print AND retina. I understand I can choose to not use those functions, but the button is still the same one and I have zero interest in a 3rd party holding my bio data


----------



## MagpieRH (May 27, 2014)

Apple I believe it's stored on the phone, others do ping it back to their servers (and potentially leave it open to unscrupulous people stealing/selling the data). Not sure if that's all of them. Samsung are one of the worst for privacy from what I've read.


----------



## tosh (Dec 30, 2005)

Apple store the data in the fingerprint sensor, it's not accessible to the operating system or Apple or anyone else. 

Android on the other hand is dependent on the manufacturer; I would only trust the latest Pixel phone to keep that safe. 


Sent from my iPhone using Tapatalk


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> As the title, I am looking at a number of phones that all have either fingerprint scanners, or finger print AND retina. I understand I can choose to not use those functions, but the button is still the same one and I have zero interest in a 3rd party holding my bio data


Your bio data is nothing compared to the info you've already given away. Internet history; where you are and when; e-mails; private messages on Facebook; what you look at and for how long... the creepy line has been well and truly crossed.

Apple does a much better job of protecting your privacy than android.

Sent from my iPhone using Tapatalk


----------



## stangalang (Nov 27, 2009)

Nanoman said:


> Your bio data is nothing compared to the info you've already given away. Internet history; where you are and when; e-mails; private messages on Facebook; what you look at and for how long... the creepy line has been well and truly crossed.
> 
> Apple does a much better job of protecting your privacy than android.
> 
> Sent from my iPhone using Tapatalk


It is though right? I mean, I'm not ashamed of what I've done, or do, or look at (although I do most of my browsing through ghostery), and I can change codes and passwords. But my fingerprint is my fingerprint, and I cant change it. If its stored somewhere then it can be stolen, and its forever out there then. That really frightens me!


----------



## tosh (Dec 30, 2005)

stangalang said:


> It is though right? I mean, I'm not ashamed of what I've done, or do, or look at (although I do most of my browsing through ghostery), and I can change codes and passwords. But my fingerprint is my fingerprint, and I cant change it. If its stored somewhere then it can be stolen, and its forever out there then. That really frightens me!


Absolutely; you can can your password but not your fingerprint or iris. Apple have taken the right approach to this.

Sent from my iPhone using Tapatalk


----------



## LeadFarmer (Feb 23, 2011)

Nanoman said:


> Your bio data is nothing compared to the info you've already given away. Internet history; where you are and when; e-mails; private messages on Facebook; what you look at and for how long... the creepy line has been well and truly crossed.
> 
> Apple does a much better job of protecting your privacy than android.
> 
> Sent from my iPhone using Tapatalk


I browse via a VPN that I subscribe to, to limit any snooping.


----------



## Caledoniandream (Oct 9, 2009)

I have given up on all this malarkey, as I have found out how much data there. Is stored about you.
How much information there is added everyday, and the fact that if it's designed by man, it will be able to be hacked by man.

I worked with a guy, who was specialised in this, and did a study on this subject. 
There are only very little people who we know hardly ( watch hardly) about, and in general the live in the most remote corners of the world.

Every walk outside where there are cctv, you are registered, every phone call is traceable, even if you don't make a call your phone is traceable.
Every payment not being cash is traceable.
Every payment, visiting the doctor, ordering on line, tells the system something about you.
The problem is making the combination between the different systems, but again is not impossible. 

So in order to make sure that there is at no circumstances access to your biometrics, don't store them. 
For the sake of typing a password in, don't store anything like that.
( And yes I know, your passport carry all that information, mine does anyway as the Dutch don't allow any passport without it) 
But imagine you loose your phone, got stolen, sell it, etc, your information is there ready to be used / misused.


----------



## stangalang (Nov 27, 2009)

Caledoniandream said:


> I have given up on all this malarkey, as I have found out how much data there. Is stored about you.
> How much information there is added everyday, and the fact that if it's designed by man, it will be able to be hacked by man.
> 
> I worked with a guy, who was specialised in this, and did a study on this subject.
> ...


Yes exactly, so as to my second question then, I choose to not use the option, but I am still clicking the button (lets say its the home button), is it taking it anyway? This is really important stuff IMO as everything is coming with it installed now and no one is really going back to flip phones lol


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> It is though right? I mean, I'm not ashamed of what I've done, or do, or look at (although I do most of my browsing through ghostery), and I can change codes and passwords. But my fingerprint is my fingerprint, and I cant change it. If its stored somewhere then it can be stolen, and its forever out there then. That really frightens me!


Ha! Are you trolling? Ghostery works FOR the ad industry! It's BS for privacy. It's fundamental reason for being: it IS a tracker!

Also, what's the difference between your fingerprint and your face? Your face (biometric) is already stored in loads of places by loads of people.

Sent from my iPhone using Tapatalk


----------



## NickTB (Feb 4, 2007)

All the above is true. Have you ever Googled your user name? It's surprising how much info you leave out there


----------



## DrEskimo (Jan 7, 2016)

NickTB said:


> All the above is true. Have you ever Googled your user name? It's surprising how much info you leave out there







Lol....think I'm alright....!


----------



## NickTB (Feb 4, 2007)

DrEskimo said:


> Lol....think I'm alright....!


:lol::lol::lol:


----------



## stangalang (Nov 27, 2009)

Nanoman said:


> Ha! Are you trolling? Ghostery works FOR the ad industry! It's BS for privacy. It's fundamental reason for being: it IS a tracker!
> 
> Also, what's the difference between your fingerprint and your face? Your face (biometric) is already stored in loads of places by loads of people.
> 
> Sent from my iPhone using Tapatalk


Are you sure? Everything I read said the opposite on ghostery!

And no I'm not trolling in anyway shape or form, I am concerned about my fingerprint and retina being stored by an outside source, I'm not talking about my name and stuff, I'm talking what will potentially be a legitimate firm of security, being stored by lazy phone companies. Whatever you say, they DONT have any of that from me and I want it to stay that way


----------



## GleemSpray (Jan 26, 2014)

The fingerprint images are stored on the device itself, either using software encryption or using the secure storage section within ARM processors.

If you choose not to use fingerprint unlocking / security, then no fingerprint image is recorded or stored - this is because the device needs to amalgamate several slow scans of each finger as a reference print, before you can use fingerprint unlock or purchase authentication. So you would need to go through fingerprint set-up, in order to use them.

A quick tap on the fingerprint scanner, to use it as a simple button, doesn't record anything other than the presence of a digit.


----------



## stangalang (Nov 27, 2009)

GleemSpray said:


> The fingerprint images are stored on the device itself, either using software encryption or using the secure storage section within ARM processors.
> 
> If you choose not to use fingerprint unlocking / security, then no fingerprint image is recorded or stored - this is because the device needs to amalgamate several slow scans of each finger as a reference print, before you can use fingerprint unlock or purchase authentication. So you would need to go through fingerprint set-up, in order to use them.
> 
> A quick tap on the fingerprint scanner, to use it as a simple button, doesn't record anything other than the presence of a digit.


Thank you that's what i needed to know.


----------



## Pittsy (Jun 14, 2014)

Silly question..... What is Ghostery ?


----------



## stangalang (Nov 27, 2009)

Pittsy said:


> Silly question..... What is Ghostery ?


A browser you can download, that tracks all the trackers sites you visit have, and allows you to block them and or allow certain ones. Its alarming just how many "people" are watching and tracking you, quite interesting to see what is and isn't placed on them


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> A browser you can download, that tracks all the trackers sites you visit have, and allows you to block them and or allow certain ones. Its alarming just how many "people" are watching and tracking you, quite interesting to see what is and isn't placed on them


Ghostery is a supertracker anti privacy tool that sells your data to ad companies to make it easier to track and target you. It's pitched as a privacy tool when it's the opposite. I'm pretty sure it's owned by Evidon who make money by helping companies and governments track and target users for ad purposes.

Unless you wear a mask everywhere your biometric (face) data will be stored by lots of companies. If you have Facebook, twitter, credit/debit cards or mobile phone you'd be freaked out by how much companies know about you and can manipulate you.

Sent from my iPhone using Tapatalk


----------



## DrEskimo (Jan 7, 2016)

I always enjoy hearing people's view on data collection. 

As someone who works with large health databases (primarily data collected from GP practices known as CPRD), the data collected is massively informative for health research. Remember a few years ago a NHS scheme to update these systems and try and integrate them with hospital data and death data was slammed by so many papers, suggesting it was an invasion of privacy and what would happen if it was all hacked. I don't think people realise this data is already collected and being analysed daily by companies and universities all over the country, it really was to make it more comprehensive and easier to work with....! I wonder if people would be more open to the idea if they knew how crucial it has been in improving health care and how much good it has done...?

Obviously some of the concerns are very legitimate, but there is increasing interest from companies to use data collected from social media and smart devices to supplement practice data and get more insight into things like adverse drug reactions and socioeconomic outcomes, along with more detailed data on health outcomes.


----------



## GleemSpray (Jan 26, 2014)

DrEskimo said:


> I always enjoy hearing people's view on data collection.
> 
> As someone who works with large health databases (primarily data collected from GP practices known as CPRD), the data collected is massively informative for health research. Remember a few years ago a NHS scheme to update these systems and try and integrate them with hospital data and death data was slammed by so many papers, suggesting it was an invasion of privacy and what would happen if it was all hacked. I don't think people realise this data is already collected and being analysed daily by companies and universities all over the country, it really was to make it more comprehensive and easier to work with....! I wonder if people would be more open to the idea if they knew how crucial it has been in improving health care and how much good it has done...?
> 
> Obviously some of the concerns are very legitimate, but there is increasing interest from companies to use data collected from social media and smart devices to supplement practice data and get more insight into things like adverse drug reactions and socioeconomic outcomes, along with more detailed data on health outcomes.


At a bit of a tangent to the OP, but you mentioned NHS...

I personally have seen mistakes made in the NHS - not because of bad data storage, but simply because people are rushing and not reading records properly or entering data into the system properly.

... and i have personally seen the unthinkable at an NHS hospital, with an elderly relative - a doctor was quoting and referring to a print out of patient records which were clearly wrong and after much argument - he backed down and grudgingly double-checked, to discover it was another patient with the same name, but different DOB and, crucially, different NHS patient number.


----------



## stangalang (Nov 27, 2009)

But, Samsung or google having my fingerprint poorly stored, or retina scan stored the same way, has no benefits to my health right? 
Im not underestimating what these companies have, I know if I type it, someone has it, if I send it, someone has it, and all that is being sold, so I'm careful what I put out there. What I'm trying to achieve is to stop this happening to things like my fingerprints which I have until the day I die and can be used to put my in a cage for the rest of my life, should someone choose to use it in a sinister way. I don't feel my google searches can do that, if I don't search for sinister stuff


----------



## stangalang (Nov 27, 2009)

Nanoman said:


> Ghostery is a supertracker anti privacy tool that sells your data to ad companies to make it easier to track and target you. It's pitched as a privacy tool when it's the opposite. I'm pretty sure it's owned by Evidon who make money by helping companies and governments track and target users for ad purposes.
> 
> Unless you wear a mask everywhere your biometric (face) data will be stored by lots of companies. If you have Facebook, twitter, credit/debit cards or mobile phone you'd be freaked out by how much companies know about you and can manipulate you.
> 
> Sent from my iPhone using Tapatalk


I need to look into this as I was assured it was the opposite, so I'm hitting google now (ironically) while I have some time. Thanks for alerting me to it


----------



## Pittsy (Jun 14, 2014)

Silly question 2......

Does it really matter all that much, I am a complete neophyte when it comes to all this but who really cares if I am spending my google time looking at 'Ships of the Russain Navy' for instance?


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> I need to look into this as I was assured it was the opposite, so I'm hitting google now (ironically) while I have some time. Thanks for alerting me to it


This is what you want... https://ind.ie/

It's not just google searches that give valuable data. Websites can track what parts of the page you're looking at and for how long. If you have Apps on your phone check what data they collect? You'll likely be very surprised. Any mobile phone OS, App, loyalty card, credit/debit card, etc is a goldmine of data.

Facebook is a classic example, they have a tab for privacy settings but that's a distraction because they don't want you to stop sharing your private data as that's how they make money. The stuff where you can control your real private data is hidden away several clicks behind the 'Apps' menu. That's where you control what companies have access to your photos, age, religion, sexual preference, political preference, messenger conversations, location, friends, phone number, etc.

I work in the big data and analytics space helping organisations do interesting things. I always present a slide on 'the creepy line' and have a discussion around the ethics of what we do. It's a very thin grey line that is very important.

If you want a quick read about how this kind of stuff can be used to manipulate us without us even knowing it then have a read of this...
https://motherboard.vice.com/en_us/article/how-our-likes-helped-trump-win



Pittsy said:


> Silly question 2......
> 
> Does it really matter all that much, I am a complete neophyte when it comes to all this but who really cares if I am spending my google time looking at 'Ships of the Russain Navy' for instance?


The world is changing rapidly. Did you know that every call you've ever made to a provider (gas, electric, broadband) could be analysed for how you reacted to a sales pitch or particular member of staff, so when you call you will be directed to someone with the particular attributes most likely to convince you to buy something. Another example... CCTV can be analysed to create a custom offer to get you to buy something e.g. you're in a high street shop and you look at a particular jacket but they don't have it in your size. At some point later, when the system has predicted you're most likely to buy based on historical tracking data and when it's in stock in your size it will send an offer with the jacket you looked at but didn't buy in the shop.

You're leaving digital footprints everywhere you go and that data is being analysed to form a picture of what and who you are, and how money can be had from you.

Two years ago a single tweet had over 65 data elements to it that could be used to build a picture of you. I don't know how many are in a tweet these days but I'd bet it's more than 65. One single tweet has 65 different data elements that can be used by a company to know stuff about you. Let that sink in for a second.

A google search has a lot of data. Where were you when you made the search, what other searches have you made, what time did you search, how does that compare to what you search for at other times, how are you connected,who is your ISP, what browser are you using, what screen size are you using, what OS are you using, how does that compare, how long do you spend looking at russian ship websites, can you read Russian text, what do people who look at russian ship websites normally buy, what do people online at that time in that area normally buy, whats the best ad to add to the page, did they click the ad, was the ad for male or female type stuff, was it for young or old people, what tracking data do we have on this person, etc, etc, etc

So you search for a Russian ship but they can know a huge amount about you from that single search. Add lots of searches and tracking data and they can work out a huge amount about you and how to help people get money out of you.


----------



## stangalang (Nov 27, 2009)

Nanoman said:


> This is what you want... https://ind.ie/
> 
> It's not just google searches that give valuable data. Websites can track what parts of the page you're looking at and for how long. If you have Apps on your phone check what data they collect? You'll likely be very surprised. Any mobile phone OS, App, loyalty card, credit/debit card, etc is a goldmine of data.
> 
> ...


gonna get stuck into this tonight thank you for the links.

I always air on the side of caution and only ever put out what I'm happy for people to have/use. Its not like I don't know its happening and so choose to try to live within it.

In your opinion, this next level of phone security, is it/will it be as bad as I know it could be?
And if I may, what browsers, or van's would you recommend?


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> gonna get stuck into this tonight thank you for the links.
> 
> I always air on the side of caution and only ever put out what I'm happy for people to have/use. Its not like I don't know its happening and so choose to try to live within it.
> 
> ...


Biometric data is way more secure than a password. I'd encourage you to use it.

The problem is that many people who 'err on the side of caution and only ever put out what you're happy for people to have/use' don't actually realise how much data they're putting out there.

Best to use better by ind.ie and check out Aral Balkan while you're at it. We need more people like him in the world.


----------



## stangalang (Nov 27, 2009)

Nanoman said:


> Biometric data is way more secure than a password. I'd encourage you to use it.
> 
> The problem is that many people who 'err on the side of caution and only ever put out what you're happy for people to have/use' don't actually realise how much data they're putting out there.
> 
> Best to use better by ind.ie and check out Aral Balkan while you're at it. We need more people like him in the world.


But is it safer to use it to lock your phone, and let those companies hold it? Im not questioning weather its harder to break than a pin, but surely the weak link is who is holding it right? Or am I missing something, is it turned immediately into a binary code or something that secures it?

I am not talking about media companies using phone calls to sell me stuff. I literally don't buy from adverts its really that simple, and I am aware it happens. Im not asking about if my "selfies" can be seen by retailers, I want to know if my genuine biological data, that can never be changed, is secure if used to lock and unlock a phone. Who sees it, where is it stored, how is it stored, its that that scares me


----------



## DrEskimo (Jan 7, 2016)

GleemSpray said:


> At a bit of a tangent to the OP, but you mentioned NHS...
> 
> I personally have seen mistakes made in the NHS - not because of bad data storage, but simply because people are rushing and not reading records properly or entering data into the system properly.
> 
> ... and i have personally seen the unthinkable at an NHS hospital, with an elderly relative - a doctor was quoting and referring to a print out of patient records which were clearly wrong and after much argument - he backed down and grudgingly double-checked, to discover it was another patient with the same name, but different DOB and, crucially, different NHS patient number.


Sorry I wasn't clear, the data that I analyse isn't the patient data that is stored in hospitals and practices. It is owned by companies who clean the data for academic and pharmacy use.

Hopefully the data procedures between the NHS and the companies that compile the datasets are good, but I honestly don't know...!

I have heard some daft things, like doctors leaving patient notes in their open car and that....always a bit worrying...!


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> But is it safer to use it to lock your phone, and let those companies hold it? Im not questioning weather its harder to break than a pin, but surely the weak link is who is holding it right? Or am I missing something, is it turned immediately into a binary code or something that secures it?
> 
> I am not talking about media companies using phone calls to sell me stuff. I literally don't buy from adverts its really that simple, and I am aware it happens. Im not asking about if my "selfies" can be seen by retailers, I want to know if my genuine biological data, that can never be changed, is secure if used to lock and unlock a phone. Who sees it, where is it stored, how is it stored, its that that scares me


It's secure, and you're scared about the wrong thing. Read the motherboard vice article and you'll understand better. You can be, and probably have been manipulated into making a decision you thought was your own free thought. We all know if happens to us a groups of people, that's how advertising works. But what's different now is that you can be singled out and targeted and manipulated into making a decision without know it.

This is the article: https://motherboard.vice.com/en_us/article/how-our-likes-helped-trump-win


----------



## stangalang (Nov 27, 2009)

Nanoman said:


> It's secure, and you're scared about the wrong thing. Read the motherboard vice article and you'll understand better. You can be, and probably have been manipulated into making a decision you thought was your own free thought. We all know if happens to us a groups of people, that's how advertising works. But what's different now is that you can be singled out and targeted and manipulated into making a decision without know it.
> 
> This is the article: https://motherboard.vice.com/en_us/article/how-our-likes-helped-trump-win


Whilst that article is in some ways alarming, if nothing else at describing HOW what we all know is happening, is happening. But I'm not frightened by this. Im frightened by a phone manufacturer having my bio data on record, and poorly secured. And that data being sold to people who want to miss use it, or such as the ones in the article. Ok here is a scenario, and its not far fetched.

We move to having retina and fingerprint scans as passports and or driving licences. Everytime you have to renew your old one, you are forced to move to this style. Once this becomes common, all of a sudden a phone manufacturer who always promised you were safe, say they were "hacked". This is code for someone with a swipe card walked into an office and took a bunch of information, and sold it on the dark web. And now, the essence of "you" is up for sale to the highest bidder, you can never get it back, change it, refresh it. Forever more you are cloned and they can do anything they want, and you can do nothing but die and become useless to them. 
Its not marketing, not a tailored advert, not to do with voting. Its legitimately bad people wandering around legitimately doing bad things in your name, and you can do nothing to change it.

It strikes me as one of those things that people say "can never happen", and then it happens and everyone just shrugs and blames someone else. 
I also know some people will think this is extreme, but they probably think dragons and unicorns are real lol. Bad people are gonna bad people when everyone is lazy

So, knowing that a fingerprint scanner can not read without being calibrated (of sorts) is a comfort as I truly don't want to use one, unless we are absolutely sure that it is stored locally or encrypted at the other end in a way that renders it useless


----------



## stangalang (Nov 27, 2009)

So I found this on ghostery, basically if you opt in to support them, they can monitor what you block, if you don't it seems to work as advised?

http://lifehacker.com/ad-blocking-extension-ghostery-actually-sells-data-to-a-514417864

It is certainly a great help to see this side of it


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> So I found this on ghostery, basically if you opt in to support them, they can monitor what you block, if you don't it seems to work as advised?
> 
> http://lifehacker.com/ad-blocking-extension-ghostery-actually-sells-data-to-a-514417864
> 
> It is certainly a great help to see this side of it


That article is nearly 4 years out of date. Ghostery is bad news. Change to ind.ie.

Sent from my iPhone using Tapatalk


----------



## Nanoman (Jan 17, 2009)

stangalang said:


> Whilst that article is in some ways alarming, if nothing else at describing HOW what we all know is happening, is happening. But I'm not frightened by this. Im frightened by a phone manufacturer having my bio data on record, and poorly secured. And that data being sold to people who want to miss use it, or such as the ones in the article. Ok here is a scenario, and its not far fetched.
> 
> We move to having retina and fingerprint scans as passports and or driving licences. Everytime you have to renew your old one, you are forced to move to this style. Once this becomes common, all of a sudden a phone manufacturer who always promised you were safe, say they were "hacked". This is code for someone with a swipe card walked into an office and took a bunch of information, and sold it on the dark web. And now, the essence of "you" is up for sale to the highest bidder, you can never get it back, change it, refresh it. Forever more you are cloned and they can do anything they want, and you can do nothing but die and become useless to them.
> 
> ...


Why are you only concerned about your fingerprint/retina and not your other biometric data e.g. Face, I.e. The biometric data that's stored by loads of companies already..?

Sent from my iPhone using Tapatalk


----------



## stangalang (Nov 27, 2009)

Nanoman said:


> Why are you only concerned about your fingerprint/retina and not your other biometric data e.g. Face, I.e. The biometric data that's stored by loads of companies already..?
> 
> Sent from my iPhone using Tapatalk


Because someone wearing a stangalang mask would look silly, and my face changes daily. Hair no hair, darker lighter, ages. My fingerprints do not and could be used to cage me for the rest of my life, or if we move to a system "secured" by such biometrics that that info is already out there

Ok let me put it a different way. If we should all be scared by marketing, and how they find out what they find out, should I NOT be scared by this and how its stored? Is this less invasive and something we should all be lazy about? Is giving them this AS WELL not more dangerous?


----------



## Jools (Nov 30, 2007)

Oh Matt, don't say there are no unicorns or dragons, next you will be telling me there is no Santa.....


----------



## orbital (Dec 28, 2010)

Come on jools there has to be a santa? &#55357;&#56873; &#55357;&#56841;


----------



## Jools (Nov 30, 2007)

Of course there has to be a Santa Lee, if there isn't a Santa who has been fetching me all those presents all this time?


----------



## GleemSpray (Jan 26, 2014)

THEY want you to believe in Santa.... 

Sent from my HTC 10 using Tapatalk


----------



## PugIain (Jun 28, 2006)

Why would you use finger print scanning anyway?
Just use a pin or unlock pattern.

Sent from my Vodafone Smart ultra 6 using Tapatalk


----------



## DrEskimo (Jan 7, 2016)

PugIain said:


> Why would you use finger print scanning anyway?
> Just use a pin or unlock pattern.
> 
> Sent from my Vodafone Smart ultra 6 using Tapatalk


It's very quick.


----------

