Saturday, September 22, 2012

Facial recognition: Nowhere to hide

Originally posted 08/10/2011 on

Jaikumar Vijayan reports on that at the Black Hat hackers conference security researcher Alessandro Acquisti presented a disturbing paper on facial recognition, social sites like Facebook, and privacy.

The research involved taking pictures and applying facial recognition software - of the shelf software, not custom software written for the research. They did use a custom program to extract images from Facebook and a dating site - all from the same city - and then used the facial recognition software to identify the people in the pictures. The results were interesting:

In all, about 5,800 dating site members also had Facebook profiles. Of these, more than 4,900 were uniquely identified. The numbers are significant because a previous CMU survey showed that about 90% of Facebook members use their real name on their profiles, Acquisiti said. Though the dating site members had used assumed names to remain anonymous, their real identities were revealed just by matching them with their Facebook profiles.

Ok, more than interesting. Disturbing. They pulled the pictures from Facebook and a dating site, but what if they had sat in the mall taking pictures of people walking past, then compared those photos to Facebook? What if they had been stalkers taking pictures of potential victims?

Thoughtless implementation of facial recognition software could be very dangerous. What happens when the only way to hide is to actually change your face? People trying to escape abuse, people in the witness protection program, or others needing or wanting to escape will find it much harder, if not impossible, without changing their face. That is...unfortunate.