Mastodawn

🧵 So what can you do about it?

Discord isn't the only platform pushing biometric surveillance.

More platforms will follow. "Age verification" is just the beginning.

Here's what I'm doing about it:

I'm building @Snugg - social media that will NEVER require:
❌ Facial recognition
❌ Fingerprint scans
❌ Biometric data of any kind

Why? Because we chose a business model that doesn't need surveillance.

Subscription model = we serve users, not advertisers.

No ads = no need for behavioral tracking
No tracking = no biometric data to "verify" you
No biometric data = nothing permanent to breach

Simple.

We're launching March 2026.

Features:
✅ End-to-end encryption (messages + metadata)
✅ Chronological feed (no algorithm)
✅ Open source (auditable code)
✅ Fediverse compatible (ActivityPub)
✅ €5/month (founding members get lifetime discount)

If 700+ of you care enough to boost the problem,

Maybe some of you want to be part of the solution?

Founding member waitlist (first 500 get lifetime 40% discount):
👉 https://snugg.social

No biometric data. Not now. Not ever.

Snugg — A safe space for your people

A social platform without the chaos. No ads. No algorithms. No AI spam. Just you and your people.

Snugg

Emily "Huisvredebreuk" 🏳️‍⚧️ (she/her)Feb 21

@capitainesam looks like you tagged a random person.

jfml - Jonas Laugs Feb 20

@capitainesam Also maybe not use your fingerprint to unlock your phone if your not 100% sure it stays on the device (even if the device is stolen etc.)

Dan Feb 21

@jfml @capitainesam I would hope that your phone takes a "fingerprint" of your fingerprint, i.e. enough to verify but not reconstruct.

ℂ𝕖𝕝𝕖𝕤𝕥𝕖@world: /#

Feb 21

@ill_logic @jfml @capitainesam every proper implementation hashes the fingerprint, just like you don't store clear text passwords in the shadow file...

The question is, is this a proper implementation on phones...

jfml - Jonas Laugs Feb 22

@celeste_42bit @ill_logic @capitainesam But does this (hashing of the fingerprint) help with the problem that if it get leaked I can basically never use it again? Using your fingerprint is like having a password you can't change does the hashing change anything about this?

Dan Feb 22

@jfml @celeste_42bit @capitainesam If I somehow get your fingerprint, I can figure out the hash. But if I steal the hash I *can't figure out your fingerprint. Hashes are cool like that. So in principle you should still be able to use it.

* Now the caveat is that it has to be done right. And perhaps someone can find a way to break these systems over time. This has happened with password database systems. Also I don't know anything about biometrics in particular, just the principles at play here.

Dan Feb 22

@jfml @celeste_42bit @capitainesam (BTW I don't use biometric logins)

jfml - Jonas Laugs Feb 22

@ill_logic @celeste_42bit @capitainesam Ah, ok, thanks for the explanation, that makes sense.

DeepBlue V7.X Feb 20

@capitainesam That's why in quality land you have to pay via touch kiss, because a payment provider leaked the other biometrics already.

David W. Jones Feb 20

@capitainesam Don't use biometrics to unlock phones. Police and criminals can grab your hand or aim the phone at your face to unlock your phone regardless of your wishes. They have to ask you for password/PIN; they don't have to ask to simply stick your finger on the phone screen or point the phone at your face.

Dźwiedziu Feb 21

@dancingtreefrog
This might help, it's shake and lock feature to be exact:
https://f-droid.org/packages/com.paranoid.privacylock

Android advanced security also has this feature, but it adds blocking non-Play app installs and updates.

Paranoid's Pal - Privacy Lock | F-Droid - Free and Open Source Android App Repository

Unlock Privacy, Secure Your World

Dave Rahardja Feb 21

@dancingtreefrog Easier said than done for most people. Biometric unlock of phones is *so* much more convenient than passcodes that most people would not give it up.

For most, I think knowing the gesture to force passcode entry for the next unlock is probably a more practical skill to practice (on iPhones, you hold the Lock and Volume Up buttons together until you feel a haptic buzz).

David W. Jones Feb 20

@capitainesam So maybe you combine biometrics with password/passkey?

One of the foundational stories of cyberpunk illustrated a defense against biometrics fraud. The hackers targeted a victim that used fingerprint login. They managed to get a copy of the victim's fingerprint and used it.

Then the victim's security system kicked in - because the victim always deliberately *failed* the first finger login and used their *second* finger login...

vrek Feb 21

@dancingtreefrog @capitainesam I'm curious and a fan of cyberpunk... What book are you referring to?

David W. Jones Feb 21

@vrek @capitainesam I seem to recall that it was William Gibson's Neuromancer; the incident that lead to the main character's nervous system being crippled by the Russian mafia. But it's been awhile since I read it, I could be mistaken.

vrek Feb 21

@dancingtreefrog @capitainesam hmm... I read that too but same as you it's been over a decade, might be time for a re-read

dstu Feb 21

@dancingtreefrog @vrek @capitainesam I think you're describing Orson Scott Card's "Dogwalker," which involves intuiting a password but failing to realize that the target always miskeyed the first time until too late.

"Neuromancer" does have a character who is neurologically crippled by their employer (with a "wartime Russian mycotoxin"). ("He'd made the classic mistake, the one he'd sworn he'd never make. He stole from his employers.")

vrek Feb 21

@trurl @dancingtreefrog @capitainesam thanks for the clarification. I have been avoiding Orson Scott card because of his actions at conventions previously, although I have read enders game. That said I'm due for a re-read of nueromancer.

Erin, OSHA Denialist Feb 21

@dancingtreefrog @capitainesam ngl i wish of a registring a fingerprint which instead of unlock would just block it completely.

David W. Jones Feb 21

@erindesu @capitainesam I've heard of Android apps that could do that, something phone owners could activate when under duress. Sorry, I don't know the names of any of them!

ananas Feb 21

@dancingtreefrog @erindesu @capitainesam It's called lockdown mode and I think that's a standard android feature now (not OEM-dependent) available as an option after long press of a power button

David W. Jones Feb 21

@ananas @erindesu @capitainesam Ah, thanks! I knew Apple has that capability.

Mercutio Feb 21

@dancingtreefrog
Why copy? Just get the finger. With or without the human hanging on it.

marco_m_aus_f Feb 21

@Mercutio @dancingtreefrog @capitainesam That is something good fingerprint readers will detect. You get way better chances of success with a copy. Needs a print on a surface, a bit of superglue and a printer.

Meko #nowar Feb 22

@Mercutio @dancingtreefrog @capitainesam you can also get a good quality photo of person's hands

Chloé Raccoon Feb 23

@Mercutio @dancingtreefrog @capitainesam @patterfloof
In my head now:

KRYTEN: Logically, sir, there is only one way you could have possibly
have opened that door. I feel quite nauseous. Where is it?
LISTER: Where's what?
KRYTEN: Oh, sir!! You've got it in your jacket!!
LISTER: I got us out of the hold, didn't I?
KRYTEN: Sir, you are sick! You are a sick, sick person! How can you
possibly even conceive of such an idea?

skaphle Feb 21

@dancingtreefrog @capitainesam GrapheneOS supports a pin as second factor for biometrics

EndlessMason Feb 21

@capitainesam
There's some trans ladies on here that have done a pretty good job at some of this...

manchicken Feb 21

@capitainesam Thanks for the reminder; I'm overdue to rotate my retinas for this quarter.

Victoria🏳️‍⚧️Feb 21

@manchicken @capitainesam remember to change the colour too!

manchicken Feb 21

@tragivictoria @capitainesam good call!

26 Peachez Feb 21

@capitainesam or any other biometric…

Negative12DollarBill Feb 21

> You can't change your face

Not with that attitude

Princess Serena Star ✨Feb 21

@capitainesam @negative12dollarbill yeah, easy. just get plastic surgery, duhhhhh /j

Spicy but not too Flamey Feb 21

@Starcross @negative12dollarbill @capitainesam Wasn't that a plot point in many early gangster movies?
What's old is new again!

@negative12dollarbill @capitainesam

Richard Webb Feb 21

Depends on your climate - here in Scotland is is often just a matter of hours before the wind changes. #Folklaw

Simon Zerafa (Status:

😊)Feb 21

Just say No to Biometric Identity Verification 🙂🖖

HTPC NZ Feb 21

@capitainesam until you start abusing billionaires biometric data, nothing will ever happen... Even then only use of theirs will be quickly outlawed.

Jon Clausen Feb 21

@capitainesam also, those biometric data will inevitably be leaked. One glimmer of hope is that bit rot will render them useless over time

Toni M.Feb 21

People will find out...

StarkRG Feb 21

@capitainesam If it's actually biometric data, it's also tied to the algorithm used to calculate it. Too often, though, companies don't just store the biometric data, but the raw data such as an image of your face. They should not be doing that.

jacobgorm Feb 21

@capitainesam unless your profile photo is fake your face data leaked already. I am not sure I understand the concern about face biometrics in a world where we all expose this readily on social media.

lp0 on fire

Feb 21

@jacobgorm @capitainesam, quite some assumptions there…

“Profile photo”

“We all”

Christian Berger DECT 2763 Feb 21

@capitainesam Well yes, but you constantly leak your biometric data anyhow. That's why one should _never_ use it for authentication.

Michael Jenkins Feb 21

@capitainesam boosted, because of the importance of the message.

Paco Hope Feb 21

@capitainesam It’s not all bad: when my security questions got compromised, I got a puppy! (I didn’t want to change my dog’s name)

joat Feb 21

@capitainesam market opportunity: add face management to password managers. Generate different fake faces for each service. Automatically overlay fake faces and fake text details over passport scans.

René Feb 21

@capitainesam @EUCommission @HennaVirkkunen Stop biometric identification. It Will turn in a disaster for money (young) people. Caught for life.

Cédric Levasseur Feb 21

@capitainesam I don't think it's true.
If I compare to SSH keys. My face is the password of my private key.
Generating another private key with the same password is still possible and it's a different key.

Jake in the desert Feb 21

@capitainesam the ultimate argument against the stupidity of moving away from just using passwords. All this biometric stuff can go take a leap. I'll never use any of it.

Deus Figendi.jwd Feb 21

I would say you do the exact same thing:

If you used to use biometric for access control and your biometric is "leaked"…
You remove the biometric login and setup something else (password, certificate, passkey… just something else)

Moeveninsel Feb 21

@capitainesam
Well, You got ten toes ten fingers two handpalms and feet as well as eyes and a face. Should be kB64 ... err ... sufficent for everybody.

Else You are free to use facepalms and passwords.

Ryek Darkener Feb 21