U of T researchers developing tool to jam facial recognition software
Ali Chiasson | CBC News | Posted: June 6, 2018 8:00 AM | Last Updated: June 6, 2018
This digital privacy filter may be able to protect your identity when applied to a photo
While your selfie might get lots of "likes" on social media, companies and perhaps even fraudsters may like your face even more — because they can profit from it.
But a University of Toronto researcher has found a way for internet users to opt out by very slightly distorting images, and he's working on an app that will help them do just that.
"When you publicly make available photos of your face, you want the power to control who can actually use that," said Joey Bose, the masters student who developed the algorithm.
You can use AI to detect stuff, but you can use AI to break stuff as well. - Joey Bose, University of Toronto
"Facial recognition technology is booming right now, especially in Asian markets like China," Bose, a student in engineering and computer engineering who also works in artificial intelligence, told CBC Toronto.
It's how Facebook recognizes who's in your photo, it's how the funny filters on Snapchat digitally adhere to your face and catch other faces in the periphery.
"You don't have to go through [transit] security sometimes because of a CCTV camera that automatically detects your face and automatically charges your phone as you enter the subway," he said.
Keeping your selfie for yourself
What he has accomplished in the labs at U of T is a way to distort your image just enough so that the distortion isn't visible to the naked eye, but is enough to stymie the facial recognition software.
"You can use AI to detect stuff but you can use AI to break stuff as well," said Bose about how he used "anti-face detection" software to distort pixels in images to throw off the detection software.
"It's almost like a game," he said. "The [anti-face detection] software actually gets stronger as it tries to fool the detector."
Eventually, Bose says this algorithm can be installed on people's phones as an app.
If you take a photo of yourself and upload it through the app, a filter will be applied that slightly distorts the pixels just enough to fool the site you upload it on, protecting you from targeted advertising and identity theft.
But it will also protect your photo from image-based searches, emotion and ethnicity estimation — all information that can be harvested automatically from your one photo.
The future in face
Bose and his fellow U of T researchers aren't done yet. They figure they're still about a year away from putting out an app that can jam all facial recognition software.
So far, they have been successful at cracking one form of software used by some companies, but they haven't yet been able to fool the software used by social media sites like Instagram or Facebook.
As Bose explains it, those companies are known to use multiple facial recognition algorithms to extract all they can from your selfie.
"This is the first time anybody's been able to break these detectors in any way, that's a real milestone" he said.
"If your end goal is to beat every single face detector, you have to fool at least one."