Facebook quietly switches on facial recognition tech by default Facebook has rolled out its facial recognition technology to countries outside of the US, but has switched the feature on by default without telling its users first. UK-based security expert Graham Cluley noted earlier today that Facebook had slotted the tech into the social network. The Mark Zuckerberg-run company started …
Create one or more (preferably more) false accounts to do it with. If your account has a lot of silly tags associated it might make it easier for FB to say "fine, that person's a joker, ignore their tags".
Now I don't have a Facebook account yet. However if a large enough campaign gets underway to poison their facial recognition, I may just create a few...
It is important to drive the point home, so Mark Zuckerberg needs to be tagged.
Will this achieve anything, though? The tags that matter will be the ones that link to the named person's Facebook profile. Or public page, I suppose - so, okay, ignore the preceeding sentence. :)
There is already plenty of rubbish seeding of this new feature, anyway. Some people seem to tag photos with a bunch of friends just to draw the photos to their attention.
The option is to allow the automatic tagging of YOU in YOUR FRIENDS' pics. It's not like you can upload a photo of a crowd of people and it will search the WHOLE of Facebook to tag it with a bunch of people you don't already know. So, If you tagged a randomer as Rick Astley in a pic you uploaded, it wouldn't make any difference, because the feature only identifies faces tagged as YOU for YOUR FRIENDS in pics THEY upload.
Jeez! Why do people panic about this stuff before they take the time to understand what the feature ACTUALLY does...
The most basic of algorithms will include some sort of weighting system to maximise the probability that any given phiz is accurately tagged. Unless you make a huge effort to ensure multiple concurring false identifications your efforts will take you nowhere. And as the technology becomes more ubiquitous your chances of successful obfuscation become less and less remote.
Ok. Here's what we do then.
Everyone interested here create a facebook account under the name Rick Astley. Grab some temp email address off someplace ie hushmail or w/e.
We all post up pictures of ourselves (Zuckerberg).
We all 'friend' each other up. Vote each other up.
Can you imagine? Rick Astley has 300000 friends.... Rick Astley, Rick Astley, Rick Astley...
We probably need to rally somewhere though...
Rally point? Hmmm... Oooh... I googled. There's an anonymous on facebook.
http://www.facebook.com/pages/Anonymous/128798377161188?sk=app_2373072738
Let's all meet there :P
"The option is to allow the automatic tagging of YOU in YOUR FRIENDS' pics. It's not like you can upload a photo of a crowd of people and it will search the WHOLE of Facebook to tag it with a bunch of people you don't already know. So, If you tagged a randomer as Rick Astley in a pic you uploaded, it wouldn't make any difference, because the feature only identifies faces tagged as YOU for YOUR FRIENDS in pics THEY upload.
Jeez! Why do people panic about this stuff before they take the time to understand what the feature ACTUALLY does..."
I suspect not many people here are silly enough to actually have an account ... just a guess.
"The option is to allow the automatic tagging of YOU in YOUR FRIENDS' pics. It's not like you can upload a photo of a crowd of people and it will search the WHOLE of Facebook to tag it with a bunch of people you don't already know"
At least, that is what Farcebook tells you. Up to you to believe that, but I would like to point out that they also once said that your data was safe with them. You were obviously one of the few that actually *believed* that.
Now, I happen to have some fine swamp land in Florida..
As processing power increases this will start being used to "autotag" first the rest of your own pictures, then your friends and vice versa, and ultimately every image held on FB servers.
"Find me in other people's pictures" | "Find all my friends" | "Who do I know?" | "Find this person" and more. All the wonderful (and double edged) uses for this kind of technology.
And it won't be long before other image/social networking services start doing the same thing.
Even if settings exist to hide "your name" from different classes of other users. That privacy won't extend to law enforcement (whether or not you have any relevant connection with their subject of interest), and with the privacy settings being constantly reset there will be plenty of opportunities for third party services (such as those who make a business of digging up dirt for employers) to create thier own "name maps" which will forever be independent of any privacy settings which might or might not be in effect at any given time.
In fact with the help of a comprehensive library of highschool yearbooks your privacy settings could very well not mean a fooking thing EVER.
If an episode of you "cutting up or loose" exists in cyberspace, this technology will ultimately out you. And the camera truly will have the power to take your soul.
This is why I avoid these "enhanced" image services like the plague and am very careful about what I put on even the basic services like photobucket.
I don't spend a lot of time on Failbook; I use it primarily to promote my cartoon art, and that's all I post in my albums -- just cartoons, no photos... and, I'm already poisoning the well by tagging myself in all my cartoons.
Great idea, though, and easy to pull off.
That said, upon seeing this report, I went straight to my Failbook account and disabled the "feature" in question. Friggin' bastards.
Which I assume lots of people follow, myself included - which is to not only withhold some sensitive info (why the hell do I want Zuckercorp to know when my birthday is?) and outright lie about others (where I live, who I work for).
Who knew peeing in the data pool could be so much fun?
In fact, I supplied bogus info when I created my account. I used the nom de guerre I do my art under for my name, and totally bogus info for my age, gender and location. I didn't supply an info about where I went to school, or favorite movies or music, or any of that other crap they use to figure out which ads to shove at me.
Facebook thinks I'm a woman born on April 1, 1984 and living in Tripoli.
This reminds me of the dumbed down world in the Ben Elton book, "Blind Faith". The Government cross-correlate data on every tiny thing, to home in on the 'dissidents'. The populace are kept in an uneducated Facebook existence. Most amusing was an observance that their computers held more data than there were atoms in the universe. Needless to say, there are plenty of folk who don't understand the logical impossibility of that one He has a government mole with a whole team to fabricate a bogus profile.
Back before I semi-closed or deactivated or whatever they'll allow you to do instead of deleting a facebook account, I had my birthday set something like 5 months off, just out of habit for not posting some information online. I forgot all about doing so, until a whole lot of my 'friends' that I hadn't talked to in weeks started emailing and calling to wish me a 5 month late happy birthday...
Anyway, facebook jumped the shark when they started allowing more than one picture. Yes, I'm alright with being alone in that opinion.
Why is it scary? You might as well have put "oooh!" in conspiratorial voice too.
Sure, people should be educated about the pros and cons of any feature, in plain, simple language that anyone can understand.
Certainly, changes to the service that may affect your privacy should be made highly visible (stick it on everyone's wall, perhaps.), and the settings very accessible.
After that, surely it's your own responsibility to manage your life, online or off.
1. You don't tell Facebook to not tag you - you can only tell Facebook not to volunteer your name to others when they put up pics. Facebook still keeps a profile of your tagged face, with or without your consent.
2. Knowing this, imagine a situation (not evne a far-fetched one) where you go to an anti-war protest. Cops take pics, and demand Facebook identifies you (in the US without even a court order).
3. Most people will either be ignorant of the 'feature', or it's implications, until far too late.
Now you are welcome to cue the "ooooh" sound effect and "doo dee doo dee" music.
So you could take a picture of a random cloud and identify each and every one of them as you. Given the volume of images in the system it will have to allow for duplicates, so 10 pictures with 8 people each (faces still need to be recognisable) will pollute the pool sufficiently to make finding the real you in there hard work.
As a matter of fact, you can turn this into a crown project - do this with 10 people, rotate the pictures between you and it will become a yummie mess..
Firstly, they rolled it out on the sly as an opt-out service.
Secondly, they haven't made any statement about who will be given access to the information they used to build up their identification algorithm. Let's say, for instance, I don't like giving Facebook my photos, but friends of mine keep putting up photos of me and tagging me in them. How do I tell Facebook I don't want them to profile me based on those photos nor suggest my name for other photos of me?
It's a bugger of a thing, really.
Clearly you have missed the whole point. The issue here is not that the truly arduous job of tagging you in photos has been made easier for your friends. The issue is that Facebook are now keeping a database of face recognition data on you. Compiled from data kindly, and unwittingly, supplied to them by you and your friends.
While this may be getting used today to help out tagging of photos, who knows how it will be used tomorrow with Facebook's next income generating idea? The day you are hit with personalised, Facebook generated, marketing when you walk into a shop gets that bit closer. Maybe you don't wish to share your interests and friends with the retailer? Tough luck. Facebook had you tagged the moment you walked through the door.
I do sod all with it because I'm not really into self-publishing (I prefer my life a tad more private) - it was just there to stop others using my name. I think I'll empty it, as few pictures exist of me (deliberately) I wish them luck with that..
They don't need your picture or your privacy setting to turn off face scanning. The face scan profile is independent of the original picture. You can delete the picture but they don't have to delete the the scan from their database. They aren't legally obligated to delete the face scan profile and they don't have to tell you they have it.
It is to late.
Ok, reasonable comeback. However...
1. Facial recognition software exists. Repositories of photo's exist. Spooks don't need FaceBook to help them with that part. I'm not sure that's enough to make them the villian. Have you seen the number of CCTV cameras lately? You're being watched, but not by FaceBook.
2. Anti-war protests aren't illegal (not in the UK anyway) so why would I need anonymity? Other country's mileage may vary, natch.
3. Agree about ignorance, there are some right muppets out there. Hence my comment about making it very visible, understandable, and accessible.
4. Wish I'd thought of "doo dee doo dee".
Well, actually, I'm not sure that it does in the most obvious sense - i.e. that it can identify a new photo of a person that's in its database with any very useful accuracy, unless the database is very small. And if it's unknown whether the person is in the database or not, it's even less likely to be accurate.
But face recognition must, I think, work something in the way that Bayesian spam filters do - adjusting the weighting it assigns to various metrics (distance between eyes, shape of ears, skin tone etc) as it is fed more examples.
But the spam filter only gets better when users hit the "spam" or "not spam" buttons. In other words, the input is only useful for learning if each item is tagged by a human being.
So your spook who is looking for a particular terrorist passing in front of a security camera needs to train the system with lots of different pictures tagged This Is Mr X, and lots of pictures tagged This Isn't Mr X. And he needs to do this for every wanted terrorist. Then, at best, the system can examine the people passing its camera and ping when it sees someone that it thinks look like Mr X. At this point, a human operator must look at the image and either confirm (hit spam) or refute (hit not spam). In other words, the system doesn't replace the need for human operators - it probably needs more people.
What the spook actually needs is a vast database of random face shots, each of which has already been tagged for him by a human volunteer. But where can you find millions of people ready to spend some time looking at pictures and tagging them for free?
"Facial recognition software exists. Repositories of photo's exist. Spooks don't need FaceBook to help them with that part".
In part you're right. For example, anyone with a passport already has their biometrics on file. But that still doesn't excuse Facebook for making it opt-out by default instead of opt-in.
Also, it's not just about governements, it could be a potential/current employer who may take offence to a photo posted by a mate, who thought it would be funny to upload a photoshopped photo of you for a laugh.
I think to collect extra data (such as identifying your presence on images) needs your consent in the UK; but I'm not quite sure (come to think of it, I can't quite put my finger on what aspect they screw around with as they use the usual backdoor to all privacy laws - I cannot ask you for your data without consent, but there's nothing stopping me asking your friends about you - at which point you have bypassed Data Protection).
Worth asking the relevant privacy commissioners, and I don't think it'll go very positive for Farcebook, but what can they do against a US company that blatantly ignores any privacy law? Google is at least partially obliged to obey other laws as it has offices all over the place.
There are, however lots of countries where Facebook might operate (Syria being an excellent example in this case) where attending a demonstration and getting your picture taken and ID'd vs. Facebook will get you killed or thrown into prison.
There is also the risk that corrupt law enforcement might get carried away at a demonstration(not like that ever happens, right) and ID you vs. Facebook in an effort to intimidate or discredit you as a witness.
Or hey, maybe you witness a crime and the local organized crime gang matches your picture vs. Facebook so they can find and kill you before you can testify, or maybe even find you in a witness protection program if you enter one and then get on Facebook. Its not like getting crushed in a car compactor ever hurt anyone!!
Add in the usual stalkers, sexual predators who snap your pic because you float their boat, obsessive ex's, people who feel you wronged them and want revenge, etc.
"Have you seen the number of CCTV cameras lately?"
Most CCTV cameras are legally blind. Seriously, if classified according to human sight rules then most CCTV cameras would be collecting their disability payments, so to speak. Your 12MP Canon DSLR with a £2,000 lense however, is not.
"Anti-war protests aren't illegal (not in the UK anyway)"
Not yet, except for the middle of London unless you get some very deniable permission, and you only have to look at docu-films like "Taking Liberties" (play.com for a fiver last I looked) to see how sometimes even the police don't know the rules.
"Agree about ignorance, there are some right muppets out there. Hence my comment about making it very visible, understandable, and accessible."
Unless you don't fancy being tagged all over Facebook. In which case, you're kind of stuffed. Only option left if you can't go under the radar, is to make sure you utterly obliterate the radar with chaff. Hence my earlier suggestion of poisoning things. And why shouldn't we? It'll be fun!
"Wish I'd thought of "doo dee doo dee"."
I prefer "Dun dun DUNNNNNN" myself.
The article isn't clear on what actually happens if I 'turn it off' in privacy settings. I don't mind that my friends can automatically tag me, what bothers me is that Facebook are storing facial recognition data about me and linking it to other information about me. Is all that turned off or is it just the presentation of that data to my friends that is turned off?
It doesn't matter what you do, your STUPID friends will still upload pictures of you, tag you in them, and share them with the world, along with some helpful comments about the easiest way to break into your basement and your home address. But I suppose you're still asking for it, right? Better if you don't have any friends...
I know it's trendy to blame the victim, but it's still weak.
I remember reading once, some investigative journalist followed the money trail and job histories of everyone involved with facebook and it all led back to the CIA. The thing was designed from the start for data mining and for compiling lists of known associates. That is why I don't have a facebook account.
.. to SERIOUSLY pollute their data. If you try to wage a tech war you'll lose, they have far more resources, but deception is a very underused tool - it allows you to mount an aggressive defense by going into the offensive.
You're missing out, trust me on this :-).
Yawn. The CIA has a budget larger than most countries. They don't need a photo database. They can simply pick a picture at random and change the shape of your face until it fits.
"Ah, but how did they find me?" I hear you ask. Well not by trawling through vast oceans of mindless social networking drivel. That has been the promise of snake-oil merchants ever since the invention of the punched card. In practice, the noise is always too big for the signal and always will be. The noise outnumbers the signal millions to one AND the noise is trying to be a loud as possible whereas the signal is trying to keep a low profile. Real (successful, Mossad-style) intelligence uses old-fashioned information gathering. Similarly, real (El Al-style) airport security puts trained eyes in front of the passengers and waits to see who sweats.
Facebook can crawl the whole net for this searching for profile pics of you on other services.
Let's say, for example you tagged an account on another service under a pseudonym (I prefer sudonym), and uploaded a photo to go with it...
They could then use this to detail a list of services, accounts and pseudonyms for each user tagged on facebook.
No need to make this info available on Facebook, just sell it to whoever wants it...
I was about to go turn it off, after all, someone doing something like that without my consent is bang out of order but then it hit me....
i dont add anyone i dont consider a friend anyway, yeah yeah my feeble 130 odd mates seem very low compared to the 500-800 odd mates some folk have but i trust them all and dont have a problem with FB suggesting my name for a photo of me, the chances are that anyone on my friends list and happens to have a photo of me quite likely actually knows me well anyway so i dont see the problem here
Now the big question is if this is "Friends of friends" or just friends? i maybe missed that bit but if its the former then its getting turned off.
Did anyone else know that Groups no longer send out an invite, instead your friends can automatically add you to any group they choose and it automatically posts this information to your wall as if *you* chose to join the group.
What's worse, it automatically signs you up to receive emails from the group
http://www.facebook.com/help/new/?faq=147058305366686
I don't care that the facebook client only lets you apply this feature to 'friends' - its what the server does with the info thats the interesting question. For the user its good enough if it can distinguish between, say, a couple of hundred people, but what happens when the server applies it across several million ?
It doesnt!
Not unless you have millions of friends.
IF FB should in the future tag people in pictures that you have taken but didnt know it would create a mass of problems and law suites that would sink the company, it would be the ultimate stalker tool kit, hop down to a nudist beach or night club, take a few pics, pop them on face book and bobs your uncle, the very least you would get is their name, from a name and location it doesnt take too much to find an address, and there you have it, instant stalker.
FB doesnt do that and i highly doubt they will ever do that for that very reason i mentioned above.
As for the server doing it without telling us, yeah it could be doing it already, it could have been doing it since the site was made, CCTV IS doing it up and down the country but the important bit of information is that they can not sell or pass information to 3rd party companies that can personally identify you, posting a picture and your name without your consent is against EU law, of course FB is in the US but i think the EU would jump at the chance to get some extra cash from something like this if there was a case to answer.
Servers have been doing this for decades, the important bit is that they remove the identifiable part (name, exact address, picture) and sell on the rest. If you dont like the idea of a server doing this then i suggest you never use a credit card or debit card and definitely not those club cards, dont have internet access, mobiles or a telephone line, dont walk up and down some high streets make sure you were born out side of the system and never registered. you would need to live without any utilities in the countryside as well.
If you do any of that and much much more you will be giving a huge amount of data to people which is kept on a server somewhere, if your that paranoid then FB wouldnt be something you would have used in teh first place.
Mountain - Mole Hill (at least as things currently stand)
Step 1: Facebook gather enough images with human-supplied tags (see my earlier post) that they have at least one tagged image of 20% of US citizens and 40% of teenagers.
Step 2: Feeding this massive amount of data into their Bayesian system improves it to the point where they can reliably identify 10% of adult US citizens.
Step 3: ................?
Step 4: 10% of US citizens begin to notice that they can get credit more easily than other folks, that they get waved through at airports, that the highway patrol call them 'sir' instead of 'buddy', etc.
.
Of course, some pedant is going to calculate the processing power needed and demonstrate that it isn't possible, but it would be a laugh, wouldn't it?
There's no better Total Awareness tool than Facebook.
This is the 1984 we were all reading about in class.
Apparently ( check Cryptome ) all transatlantic cables are monitored
Before the telco uses the transport in / out the country.So all you do and all your data going to the american servers invariably land in the lap of those monitoring agencies.
Now they also get access to face recognition data for tens of millions of people ( and their ip ) ?
This is past creepy dudes .. Total Awareness is coming into town.
The net is becoming the tool of control they were dreaming of.
And Facebook is right there on the frontline.
If it wasn't so real and dramatic , id laugh reading this one.
face recognition has been around for decades, FB could have been doing this since they started the thing, you walk down the high street in any large town or city and im quite sure you will end up on some CCTV camera and thus computer that could be connected to facial recognition software, from what ive read this can happen almost in real time, hell, even many digital camera have facial recognition built it that allows the camera to try and take the best possible picture, ie it makes it easier to take the picture.
This thing with FB is not new, its not some attack on your civil liberties, all it does is allow the person who is posting pictures on their face book to tag you easier, but it only works within your friends list, so i cant post a picture from a beach whilst on holiday and find out all the names of the people topless sunbathing, unless i already know them, it just doesnt and cant work that way.
More information can be found out about you from those bloody necter cards and tesco club cards.
Ok since im going to get downvoted on this one i want someone to tell me how this can be missused, step by step and what could happen. Keep in mind that whilst FB can sell off information about you they can not identify you personally outside of their company and also remember that this is not automatic, it only works on photos uploaded with the person uploading them IF they allow it to happen, IF your on their facebook list and assuming you dont delete the tags.
what happens to that information is anyones guess, the problem i have with making this in to a big deal is that if there is any photos of you that are tagged its quite possible for anyone with access to this information to apply facial recognition and link it to anything else available on the net.
The mere fact that you have a facebook or other social networking account pretty much means your out there for anyone to find and that information is availible to who ever can pay for it.
Store loyalty cards are actually the worst for this, you know, those tesco club cards or even worse those nector cards if you have one of those you will be staggered to find out the level of information they hold on you (if you use it)which is sold to anyone who can pay for it.
my point is, unless you live in a cocoon without any form of digital connection to anything you will be leaving all sorts that will identify you. A friend tagging you is no different to FB automatically tagging you (although the poster needs top confirm them), just as there is no difference in the way you can remove those tags. you either have pictures of you tagged or you dont, you cant stop people uploading pictures of you but you can stop them tagging you, the same applies to FB auto tagging, you are prompted that its happened and given the choice to remove it.
I suppose If your going to have one of these accounts then you have to face up to a number of things, firstly who ever runs the thing will do whatever they like with the information they get from you, doesnt matter what privicy settings you use, data protection only applies to sending personally identifiable information outside the company.
You cant stop people posting pictures of you (although you can stop them tagging you)
If you have a 1000 friends, half of which you dont really know then dont be too supprised that they may turn out to be freaks in which case yes you probably dont want to be identifiable in pictures, of course you could just delete them or add them to exclusion lists
and if you dont like any of that then its best to have not set one up in the first place
I just looked at my settings again. The option is still greyed out for me. Maybe they have given up on me because everything is set to friends only have access. Even those bits I left blank.
I might be OK from the spooks though. Several of my friends have already poisoned the database for me. I have been tagged as various domestic animals, and someone was threatening to put in some pictures of plants and tag them too.
Just everyone do this for all your friends and all will be well. Alternatively, just put in a picture of your (un)favourite politician and tag that as yourself.
For those who suggested that you tag the Zuck, you can't. Only his friends can. You could do it the other way round and tag yourself onto a picture of him.
Happy to be a sad old git with no interest in having mates on Facebook. When you turn into an old git, you may lose your eyesight but your bullshit detector's ability compensates for things like that. Also as you get older you get a smaller circle of closer friends and as we're such a small group we're still be able to use the phone system to arrange stuff.
I've no doubt I will have zero privacy one day, especially with the UK gov in charge I've lost most of it already but I am no hurry to lose the last little bit, so I am happy miss-out on the benefits the wonderful FaceBook offers thanks.
the one config setting I DO want isn't given to you... the setting to prevent people from even tagging you in the first place... it's all very well not suggesting you... or telling you when you've been tagged... but I do NOT want people to tag me in the first place... telling me I've been tagged after the fact is NO good even if I do delete the tag (which I consistently do) as FB have already got the data stored that I was that shape in that image...
rather amusing though is the ridiculous tag spam that unscrupulous FB page owners do to promote their wares... you know... the stuff whre you see one of your friends announced as having been tagged in a picture of some rubbish online tat for sale... and when you examine the picture, you see it's stuffed with very small tags of all the people who've ever made the mistake of liking that webshop FB page
must annoy the hell out of %uckerberg as his servers are filling up with garbage tag data
Which is that, up until now, nobody has demonstrated a facial recognition system that actually works.
Just read this paragraph ("Effectiveness") on Wikipedia.
http://en.wikipedia.org/wiki/Face_recognition#Effectiveness
You have to bear in mind that face recognition belongs to the field of human endeavour called 'Artificial Intelligence'. AI is mainly about devising new and creative meanings for the word "success".
The danger is, however, that the problem isn't insoluble as most AI problems are. Given the massive amount of raw data that FB could potentially gather here - billions of face shots each of which has been identified by a human - and the processing power at FB's disposal, they may be able to develop a system with a useful effectiveness. It doesn't have to be 100% right to be useful - spotting 20% of terrorists would be a win. It also doesn't need to be instantaneous - a system which which took 1 day to deliver a verdict would still have its uses.
@Dazzza: The face-recognition software you spoke of in cameras only needs to say 'that is a face, not a tablelamp'. This problem is an order of magnitude simpler than saying 'that is Justin Bieber's face, not Lady Gaga's'. Even so, I bet it would be easy to trick such a camera into focusing on the wrong thing. And what a horrible idea, anyway.
There's an implication to the existence of face-recognition ('that is a face') software on cameras which might escape some people:
The first step in face recognition will be precisely this - to determine exactly where in the image the face is. If this step fails, the image will simply be rejected. Therefore, uploading pictures of pot plants or domestic animals tagged as people won't work. The noise you're injecting is easily filtered out. You should use faces, but mis-tag them to create effective noise.
We have clients who use Facebook - that's the only reason we have accounts ourselves. We've tried to do useful stuff with Groups and Business pages, but the whole thing just doesn't hang together.
An creative writers group I belong to have tried to use Facebook to keep in touch and to share and exchange information - we're creating our own hosted solution because Facebook just isn't up to it.
After many years in IT I can confim Facebook is the most poorly thought out and executed application I've ever come accross (and I've seen quite a few bad ones in 25 years!)
I don't want to have to keep checking Privacy (or any settings) in case the goal posts have been moved again.
Please, someone create the alternative - Facebook would soon die.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
