Oregon State has a large offering of online undergrad and grad programs: https://ecampus.oregonstate.edu/. There were 11,430 ecampus students in Fall 2023 [1].
The ecampus tuition (~13K/year) is still substantial compared to the in-person tuition for out-of-state students (~38K/year), and nearly identical to the in-person tuition for in-state students (~14K/year) [2].
> Biometrics is not transmitting a picture of a fingerprint, it’s presenting your hand.
What would this "hand data" look like? A 3D model of a hand MRI or X-Ray?
Based on my understanding, in any form of biometric authentication, some amount of static data (i.e. the biometric database is not receiving a secure, updating feed of the state of your hand/body) is stored on the server and compared with the data transmitted for authentication. Biometrics change (fingerprints can be rubbed off from gardening, DNA mutates, etc.), so this static biometric data is something that is mostly environment-invariant.
If someone can compromise your "full hand scanner" or compromise the biometric database (which will inevitably happen), then you are compromised for life, since you cannot change your hand.
> If someone can compromise your "full hand scanner" or compromise the biometric database (which will inevitably happen), then you are compromised for life, since you cannot change your hand.
Suppose this happens. The world now knows all of your fingerprints. And at some point in the future you walk up to the desk of a datacenter where there's a security guard who phyiscally takes your hand, inspects it, and places it on the scanner. Can someone other than you pass this check?
Biometrics are a hard, mostly unsolved the problem, because the hard part is replacing the human security guard who verifies that you're scanning a real person's hand. For not super security sensitive applications TouchID, FaceID, and friends are good enough because most people aren't in Face Off or Mission Impossible.
They also will often install their own trusted root certificate and then MITM all HTTP/HTTPS connections. Often, this MITM will significantly reduce the cryptographic security of the connection over the public internet [1].
The solution is to tell those products' authors to improve them, as the paper you linked even recommends, and not throw the baby out with the bathwater. Unfortunately, doing the latter is more in line with the intentions of companies who want to be able to shove their content down your throat unimpeded, which is why you see so much astroturfing around this issue.
> Boeing performed an internal review and determined that the lack of a working warning light “did not adversely impact airplane safety or operation,”
Why is this review not done by a third party auditor? The cynical view is that corporations have a conflict of interest. They are only incentivized to act ethically up to the point that the cost of ethical behavior exceeds the damage done by unethical behavior... These costs do include future fines/penalties, but these are often woefully disproportionate to the damage done as evidenced by the fraudulent NASA metal supplier incident.
Because the third party auditor (the FAA) has had it's operating budget slashed so viciously, it can't compete in attracting the talent required for independent certification.
Remember, to regulate something, you need to be 10% smarter than what you are regulating. Which means you have to be able to make sure you can attract the best talent possible.
As a regulator, you have to be on your game all the time. The regulated just need to get lucky once to get away with what they shouldn't.
The ecampus tuition (~13K/year) is still substantial compared to the in-person tuition for out-of-state students (~38K/year), and nearly identical to the in-person tuition for in-state students (~14K/year) [2].
[1] https://ecampus.oregonstate.edu/news/2023-ecampus-enrollment... [2] https://financialaid.oregonstate.edu/cost-attendance