back to article Research finds data poisoning can't defeat facial recognition

If there was ever a reason to think data poisoning could fool facial-recognition software, a recently published paper showed that reasoning is bunk. Data poisoning software alters images by manipulating individual pixels to trick machine-learning systems. These changes are invisible to the naked eye, but if effective they make …

  1. b0llchit Silver badge

    Data overload

    When the model is fed with faces maybe we should be feeding it generated fake faces instead of poisoned real faces.

    There exist systems to generate fake faces. You can generate and publish many more fake faces than real faces exist. Each recognition program has a limited capacity to discriminate. That is the threshold you must reach. So, if 1 in 50 faces published online is a real face, then you reduce the chances of you being in the set. Generate a data overload by improving the generators.

    1. Anonymous Coward
      Anonymous Coward

      Re: Data overload

      So all you have to do is convince the general public to use generated images instead of their own photos en-masse, and then, as the article points out, within a few months the effort is stymied anyhow.

      Maybe people should just wake up to what was obvious to me in the mid '80s when the internet still ran on dial-up and ISDN:


    2. This post has been deleted by its author

    3. Doctor Syntax Silver badge

      Re: Data overload

      Also the same image, real or fake, with multiple times with different identities attached and multiple faces with the same identity.

      I wouldn't even call what they were doing poisoning. It doesn't force the signal to noise ratio into oblivion.

    4. Anonymous Coward
      Big Brother

      Re: Data overload

      ElReg just covered this

      TLDR - "These datasets won't be cheap to make, however. The researchers said it currently requires "substantial computational resources" to run, and they needed "[three] CPU-years of compute-time" to create one particular dataset."

  2. vekkq

    Arguably, swapping pixels won't be enough, but changing facial features digitally would

    Brain won't notice anyway.

    1. Swarthy

      Re: Arguably, swapping pixels won't be enough, but changing facial features digitally would

      In all pictures uploaded, swap your left eye for your right, and have your mouth as a mirror image. That should do it.

  3. Mike 16

    Make pervasive facial recognition illegal?

    Because as we all know, every law enforcement officer and politician is simply incapable of breaking the law, no matter what riches and powers await.

    "You can make it illegal, but you can't make it unpopular" (allegedly said of prostitution by New Orleans mayor Martin Behrman)

  4. Adrian 4 Silver badge

    quelle surprise

    Did anyone expect any different ?

  5. Ian Johnston Silver badge

    I think we already know how to defeat facial recognition systems. Be black.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like