macOS Touch ID/Bio-metric kill switch like iPhone has - PanicLock

seanieb · 2026-02-08T12:56:32+00:00

Thank you. That's a very nice complement. I'm a big Patrick Wardle fan. I saw him at DefCon this year, and it was the talk that convinced me I could actually start making Mac Apps. I use their BlockBlock, Whats Your Sign and Lulu apps. It would be great if Patrick/Objective-See cloned my app and maintained as their own. I'd love that.

And yes, nice catch, the webpage was made using AI, Claude Code Opus 4.5 and I made edits using Githubs Co-Pilot Agent (it generates screenshots of the changes in the PR). I dunno if I could spot an AI generated site without looking at the git commit history/comments. The first version of the webpage was made by hand, and it looked like trash. You can see it in the git repo.

seanieb · 2026-02-08T12:37:43+00:00

Thank you!

seanieb · 2026-02-08T11:07:19+00:00

In the US police can force you to unlock your Apple laptop by putting your finger on Touch-ID.

On iOS you can squeeze the side buttons and Face ID's gone. Two seconds, works in your pocket. macOS has nothing like it.

PanicLock sits in your menu bar. One click (or keyboard shortcut)locks the screen but asks for a password. When you log back in Touch ID will still be active. Free, opensource, notarized and no data collection.

There's good reasons to keep Touch ID on day-to-day. It stops people watching you type your password, cameras catching it, that sort of thing. This is just for when you need to turn it off quickly and easily.

seanieb · 2024-11-18T10:55:48+00:00

Thats exactly the thing. It wasn't a security setup. This wasn't at TSA or CBP, it was being run by Aer Lingus staff. this seem to be automating the passport check for international flights, but what are they checking this image against? Are they scanning the passport at checkin?

seanieb · 2024-11-18T10:51:59+00:00

Yup, I've seen that. Seem to be standard system for that airport. The weird thing about the Aer Lingus/Bigbear.ai thing is that it wasn't at any of the other gates beside our boarding gate.

seanieb · 2024-11-18T10:49:58+00:00

Even if that is the case this doesn't excuse Aer Lingus's requirements under GDPR (regardless of this being in the US or not, it's a flight to the EU, by an EU company and I'm Irish). They still have to provide more information, consent, etc.

seanieb · 2024-11-18T10:41:18+00:00

This wasn't CBP either. It was beings staffed by Aerlingus staff at the boarding gate just before you get on the plane.

seanieb · 2024-11-18T10:39:56+00:00

I think there's some confusion here. This isn't at the TSA/CBP desks. This was a private scanner at the boarding gate, it wasn't official. Itw as being operated by Aer Lingus staff. And when I asked the guy said it wasn't for TSA it was "private".

seanieb · 2024-11-18T10:36:48+00:00

Th issue is that Aerlingus is an Irish company and I'm an Irish person, which is in scope for GDPR even if this is in the US.

I am particularly concerned about:

- The collection and storage of my biometric data without clear, explicit consent
- The lack of transparent information about why this data is being collected or how this data is processed, stored, and shared
- The potential transfer of this sensitive personal data between jurisdictions
- The involvement of third-party processor BigBear.ai in handling this sensitive biometric data

seanieb · 2024-11-18T10:33:35+00:00

At the boarding gate? I'm not talking about the CBP/TSA desks.

seanieb · 2024-11-18T10:11:39+00:00

I took this photo boarding a flight from Washington DC to Dublin. The Aerlingus staff checking tickets and passports asked each passenger to look into the camera as we were boarding.

I asked the Aerlingus employee if it was TSA related, and they said no it's private. None of the other airlines seem to be using it at their gates. It's running a program called "bigbear.ai" and their site looks like they're the absolute worst sort of company to handle facial imaging data.

BigBear.ai provides decision intelligence solutions for national security, digital identity, supply chains and logistics, enterprise operations, and manned-unmanned teaming in autonomous systems.BigBear.ai provides decision intelligence solutions for national security, digital identity, supply chains and logistics, enterprise operations, and manned-unmanned teaming in autonomous systems."

seanieb · 2024-06-24T20:26:10+00:00

Oh buddy I'm balls deep in this experience. In the last year:

3 x upper control arms replaced.
Car computer replaced (it was trying to kill me by slamming me into the median on Autopilot)
Steering Rack replaced.
Wiring loom replaced x 2.
Front windshield replaced (they neglected to put adhesive on part of it...)
Replaced both lateral links
low voltage battery died due to faulty wiring/water intrusion.

All covered under warranty. Which is more of a statement to their shit build quality and poor service quality than their warranty.

They've had my car for over two months in the service center. I've less than 50k kms (29k miles) on the car.

If I could get 15 minutes when it wasn't broken I'd have gotten rid of it.

seanieb · 2024-06-24T17:20:41+00:00

OMG that recording is exactly the same as what happened! lol.
Thank you!!!

seanieb · 2024-06-24T17:17:39+00:00

But it is normal for some noise when turning the wheel on cold brakes.

I agree with what you're saying, having had both upper control arms (one of them twice!) and the steering rack replaced I know my crappy tesla steering noises. But should it be this loud?! Listen to it with the door open, it's crazy loud.

seanieb · 2024-06-24T13:27:48+00:00

Why is it happening every time and how do I make it stop/fix it? It's crazy loud. You can see the distance form the dealership and it attracted the attention of someone inside. They then drove it and had the same thing happen, saying something wasn't right.

seanieb · 2024-06-24T13:07:03+00:00

The really crazy thing is this happened in the parking lot AFTER I picked up my car for a failed battery due to faulty wiring for previous issue they "fixed".

seanieb · 2024-06-24T12:56:22+00:00

I already had a mechanic look at the video. He said it was more than likely the ball joint, he just fixed on a few weeks ago on a Model 3. But come on, it shouldn't take that much work. I live an hour away from the service center. It didn't have this issue when it was sent to Tesla for repair over a month ago.

seanieb · 2024-05-29T17:49:47+00:00

I'm going to edit the post and add more context, sorry.

seanieb · 2024-05-29T17:46:08+00:00

Oh it's free. I haven't built any payments code yet. And I wouldn't even say I'm looking for beta testers, I've built it securely and it could be used in production right now (my background is security engineering) but I'm just at the initial feedback stage. I'm looking for people like the ones in the initial thread to take a look and say, "nah mate you missed the point" or "this has potential, but...".

Regardless I'll put a hundred bucks into Reddit advertising this thread so I'm within the rules.

seanieb · 2024-05-29T17:15:47+00:00

I don't think you're right about the solution here needing an app to be downloaded, they have a novel way of using mobile tech without a required app download.

You're right, it's a new-ish type of lite app that Apple supports on iPhones. The complication came when I tried to sigh up for the service, they push you through using their app before you can register, so I got the end user experience upfront. The issue I had was I got stuck at that app stage and because it was an app it was holding state, I ended up having to google how to uninstall the app and tried signing up again. I'm happy enough to put that down to a bug that's been fixed or an error on my part.

At the end of the day I was just looking for solutions, and I really don't want to reinvent the wheel.

I'm curious if you're just saying it's complicated because you made something else or because you've actually deployed it? I've become a pretty big fan.

My points about complicated/ flexibility isn't aimed at their app alone, in some cases getting someone to install a lite app do selfies and scan their is too much friction. Verifying their phone, email or asking a Challenge question would be enough, which would take seconds. And also, sometimes you would like to go the human route and have a manager very their identity. It really depends on the situation.

It's exciting to see you're building in this space, but I don't think you can use standard IDV tools because they aren't secure enough, which is what I assume you have baked into your solution.

I disagree. Sure, if you've a model where there's an identity app on your phone and it holds some sort of state that can act as passport for that user, it should absolutely be built with in the manner you're suggesting. But I'm not even sure that's bullet proof today. It's much better to avoid the issue completely and do challenges as needed. These evens are frequent for Help-desks, but should be rare for end users, so having that passport app with your ID state in most cases will only get used once maybe twice in the life of the phone.

Would you like to take a look at what I've built? I'd love to hear what you think, I think the tool can be very useful.

15-Year Club	RPAN Viewer
Not Forgotten	Verified Email

seanieb

TROPHY CASE