Face Recognition — Clever Or Just Plain Creepy?

Simson writes "Beth Rosenberg and I published a fun story today about our experiences with the new face recognition that's built into both iPhoto '09 and Google's new Picasa system. The skinny: iPhoto is fun, Google is creepy. The real difference, we think, is that iPhoto runs on your system and has you name people with your 'friendly' names. Picasa, on the other hand, runs on Google's servers and has you identify everybody with their email addresses. Of course, email addresses are unique and can be cross-correlated between different users. And then, even more disturbing, after you've tagged all your friends and family, Google tries to get you to tag all of the strangers in your photos. Ick."

Slow news day?

[gavron (1300111)]

How did this make it onto /.? This isn't news, it's not new, and it's not technically on the cusp of anything except *yawn* sleep.

When you choose to run your photos through facial recognition software (or give them to others who may do the same) you should expect .. ta da.. that they will run them through that software.

The criteria for success includes Facial Identification (figuring out where the face is), Facial Recognition (figuring out if the face matches one on file), and some method of Facial Labeling ("tagging" that face with an identifier).

Calling google "creepy" (pejorative nontechnical evaluation) doesn't give it the credit for doing all three parts correctly. Not liking that google's choice of identifier is more unique than "LAST, FIRST" or "FIRST LAST" is a personal foible, not a problem with the technology.

Was this a slow "news" day?

E

Re:Slow news day?

[mccalli (323026)]

"Calling google "creepy" (pejorative nontechnical evaluation) doesn't give it the credit for doing all three parts correctly. Not liking that google's choice of identifier is more unique than "LAST, FIRST" or "FIRST LAST" is a personal foible, not a problem with the technology."

No, that's shortsighted. There are criteria used to evaluate success that aren't technical - that a superb technical job has been done to get an unwanted result is neither here no there, the result is still unwanted.

That 'personal foible' - Google are perfectly capable of understanding unique ids, therefore they have chosen email for a reason. It's not too hard to extrapolate a scenario where they have location information and email addresses, and are therefore able to sell location-based marketing information about people who have been entered into their system without them even knowing. All it takes is one friend who doesn't realise the implications, or one business using services for free, and you're on whether you wanted to be or not.

Of course, that's already the case the moment you've been entered into someone's online service-based address book. But combined with your image and location information...I find that disturbing. I don't know exactly why I do, but it's something that I feel disquiet about.

Cheers,
Ian

Re:

[TapeCutter (624760)]

"No, that's shortsighted. There are criteria used to evaluate success that aren't technical [snip] I find that disturbing. I don't know exactly why I do, but it's something that I feel disquiet about."

And yet the point you are arguing against was "[Not liking googles identifier] is a personal foible, not a problem with the technology" - now take out your government issued drivers license and examine it closely. If you have a problem with unwanted marketing do as I do and dump it in the recycling bin on t

Re:Slow news day?

[Improv (2467)]

Unwanted to whom? Not all geeks care that much about privacy. There may be a loud portion that's always talking about PGP and privacy plugins for pidgin, including a (much smaller) contingent that hides away from cameras in real life and tries to obscure their features there. There's also a fair set of just-as-clued-and-geeky folk who are resigned to privacy being not worth the pain, as well as those who value radical openness and push for far less privacy than tradition has given humanity in the past.

Re:Slow news day?

[whiplashx (837931)]

Hear hear. I value "radical openness," and it seems to be a minority opinion sometimes. I don't mind if strangers can find me; I find it interesting to see a picture of an author or a friend of a friend that I've heard lots about. And I don't mind if people do the same for me. Mod parent up!

Tinfoil hats

[by Anonymous Coward]

They are trying to covertly establish a database for their next big project; Google People Search. With just a name you can find a person's address, email address, phone number and what they have searched for in the last three years.

Re:

[beelsebob (529313)]

Who'da thunk it, we could have a phone book in the 21st century!

Re:

[by Anonymous Coward]

The release plan shows that this feature will be available in version 1.9.84

Re:Tinfoil hats

[Dupple (1016592)]

Don't worry, even version 1.9.84 will be Beta

Re:Tinfoil hats

[Mozk (844858)]

No, by then there will be no need for numbering versions because there will only be the current version. There will be no older versions.

So Google...

[1984 (56406)]

What exactly did everyone think "Don't be Evil" would mean once the company went public, grew up and grew larger?

Not that this is necessarily anything premeditated and sinister, but notice how thinking through whether something might seem weird or discomfiting isn't at the top of the list?

Re:So Google...

[ShieldW0lf (601553)]

What exactly did everyone think "Don't be Evil" would mean once the company went public, grew up and grew larger?

A better public relations strategy than Microsoft?

Re:

[yancey (136972)]

Google itself, and other companies, may have the best of intentions and never willingly violate your privacy. At the same time, the NSA, tapped into the major Internet routers as they are already and probably with unlimited access to services like ChoicePoint, could be watching everything we do on Google, Facebook, MySpace, Twitter, SMS texting, mobile location, AIM, Yahoo, QQ, and every other significant networking system, as well as banking and debit/credit transactions. The companies themselves do not ne

Facebook?

[NiteRiderXP (750309)]

Taking away the facial recognition technology, it's not that much difference than facebook. A friend takes a photo of me somewhere, sticks it on their facebook profile, labels me in the picture, and links it to my facebook profile. Then your pictures can be searched.

Given enough labeled pictures of me, one could run it through a facial recognition system. It would have the same applications, without the initial creepy factor.

Talking about facebook, I guess soon people will not need to label you. Facebook will label you automatically. Recognition error rates can be reduced by making sure you are in the same circle of friends.

Total Information Awareness

[turing_m (1030530)]

Given enough labeled pictures of me, one could run it through a facial recognition system. It would have the same applications, without the initial creepy factor.

It's all creepy to me. The fact is, it's pervasive and very difficult to opt out of as current social norms exist. Even if you don't have a gmail account, if you have even a small circle of friends there is a high chance of someone else having a gmail account that you have sent mail to, which puts your email in that circle of friends. If someone else in the same circle of friends has your picture and labels it, that would be enough to reliably link your email, first name, last name and face together. (Your friends would be identifiable as a cluster.)

With the above and a sample of your writing, there is a good chance that you have a statistically improbable phrase or two (or vocabulary) that is going to identify you elsewhere on the net.

Have enough cameras in a given country, and you can build up a database of people and locations they have been to, updating in real time. Those whose faces haven't yet been identified will relatively easily be able to be associated with the groups of people they associate with (enough times at nearby camera locations with a given person at the same time, with extra weight if those other people are there at the same times, coupled with cell phone location information), and their domicile located to within the nearest camera. In fact, just correlate the cell phone location info with the face from the camera - if they have a phone you have a match. Remember there is also the database of passports (with photos) that can be assumed scanned, and nicely labeled high-school graduation photos for all potentially subversive people coming of age. And those unidentified faces might be driving a car which will have a license plate, again, traceable to a database of names and addresses.

At this point the number of unidentified people should be small enough so that there are only a relative handful of people who are just unidentified faces. These people will be probably be high value enough on average to make it worthwhile to find out who they are. It would be relatively inexpensive to obtain their identity - identify from the database the scheduled activities they keep, send an undercover vehicle there to stake them out at probable times, when the camera gives a positive, trail them home to an address etc. You'll get at least an alias if not a name, an address, a face, and a likely circle of friends.

If they can recognize faces they should be able to recognize ethnicity (if you can recognize a face and an ethnicity from a photograph, so can a machine). The facial measurements and last names will form a cluster. A scan through the last names will identify the ethnicity probably within the first few entries or so.

If I can think it, google/NSA has smarter people than me working for them and they will have done that and more.

The only way to opt out is to live as a hermit or with similarly google avoiding hermits. Maybe not even possible. It seems harmless enough now, but the moment the rulers are actually fearful (e.g. if there was a large enough depression, people out of work started rioting in sufficient numbers or with arms), you can bet that there will be unmarked vans going around the city in the night picking up people with their "SubversiveRank (TM)" above an arbitrary threshold with a one-way ticket to either a slave labor camp or an unmarked grave.

Who exactly does google's "Don't be Evil" motto apply to? It makes MUCH more sense if it is externally directed.

You need to get yourself som black-bar sunglasses.

[mccdyl001 (808761)]

With the advent of automatic facial recognition technology, you need to get yourself some black bars [stupidiotic.com], and you need to wear them anytime you're out in public. Then any photos of you will come out pre-censored, no more worries about automatic facial recognition!

Re:Total Information Awareness

[Rob Kaper (5960)]

It seems harmless enough now, but the moment the rulers are actually fearful (e.g. if there was a large enough depression, people out of work started rioting in sufficient numbers or with arms), you can bet that there will be unmarked vans going around the city in the night picking up people with their "SubversiveRank (TM)" above an arbitrary threshold with a one-way ticket to either a slave labor camp or an unmarked grave.

By introducing a depression, rioting society and fearful rulers to an argument you can make almost anything look bad. Yes, under such circumstances this technology could be abused by government or other enemies.

But people have been succesfully identified by malicious parties for ever. If you want true individual privacy we should go back to pre-Sovjet, no, pre-Nazi, no, pre-Napoleon times. And even in those times, without a surname, just one friend, co-worker, acquaintance or shop keeper would be sufficient to rat you out to the authorities.

Cracked facial recognition scanners

[G3ckoG33k (647276)]

From http://www.vnunet.com/vnunet/news/2236775/researchers-hack-facial [vnunet.com]

"VNBusinessNews - Researchers from Viet Nam have cracked facial recognition scanners on laptops to bypass security. They will be demonstrating how to hack facial recognition biometrics at the Black Hat security convention in Washington DC this week."

From Feb 20, 2009

What about video facial recognition?

[jtownatpunk.net (245670)]

I want to know when I'll be able to run my porn through a facial recognition program and sort by actress. That is, uh, a friend of mine wants to know when...

Re:What about video facial recognition?

[by Anonymous Coward]

Why stop at facial recognition?

Re:What about video facial recognition?

[jlp2097 (223651)]

Where's the "-1, Disturbing" mod, when you need it?

Facial recognition + EXIF

[ArchMageZeratuL (1276832)]

Assuming that the uploaded pictures also contain the proper EXIF data, then Google will also know exactly when was the picture taken. If you they can also figure out the location the picture was taken on (perhaps as a tagging feature connected to Google Maps?), then they'll be able to track people - where and when they were, and in whose company. They could even extend the concept to try to combine pictures of the same event from different albums into a massive "super-album" of the event, even if the owners of the photographs never found out about each other.

Re:

[clarkkent09 (1104833)]

If you they can also figure out the location the picture was taken on (perhaps as a tagging feature connected to Google Maps?)

Won't be necessary in many cases since EXIF specification contains gps tags and some GPS enabled phones, notably iPhone, already embed gps data in the photos. Some high end cameras do it as well, while others provide a gps add-on http://www.google.com/search?q=exif+geolocation [google.com]

Terrible Parents...

[Enki X (1315689)]

Did Anyone else notice that the photo in TFA is credited to Simon Garfinkel? Poor bastard.

Re:

[Zwicky (702757)]

Simson Garfinkel. Hint: Turn your attention to the poster. You just offended a fellow Slashdotter. ;)

Facebook

[bdigit (132070)]

Facebook will do this. I've been waiting for them to do it, it only seems natural, they have a ton of data available to them for face recognition when users tag photos of their friends. Soon you can just upload your photos and they will automatically identify your friends in them

Google *are* creepy

[CuteSteveJobs (1343851)]

These days you can't sunbathe in your backyard without appearing on Google Earth. Forget to draw a curtain and you might end up on Google StreetView. Giving you the chance to opt-out-after-the-fact is disingenuous.

We've seen people hugging, fondling, urinating, staring and even coming out of sex shops. Google doesn't give a toss (sic) about anyone else's privacy. Privacy laws were written in a time when you could wander behind the barn if you wanted a quiet conversation. These days, we have Google peeping a

Re:

[SoupIsGoodFood_42 (521389)]

Think this could possibly all be put down to Google being cheap. I'm sure Google care about privacy, but they also care about profit, and dealing with the privacy issues probably costs a lot of money. Hopefully they will decide to take the issue more seriously and set a precedent so that the government doesn't have to, as privacy issues don't appear to be going away anytime soon.

Re:

[drinkypoo (153816)]

If Larry Page and Sergey Brin install webcams in every room of their house so we can see them in the nude, urinating and making love (StreetView has already caught that)

If you don't want to be on google streetview, don't have sex in public. If you have sex in your front window, it's legal for people to stand on the sidewalk and watch you. It's not legal for them to enter your backyard to watch you, although in some jurisdictions if they don't have to defeat a fence (no matter how pathetic) they're not really trespassing until you tell them to leave.

Don't want to be seen doing things? Don't do them in public. You also don't have a legal leg to stand on if Google comes up yo

What Google Wants...

[DynaSoar (714234)]

... Google should get. It wants you to name all those people? That's Sergey Brin and Larry Page. All of them. Google wants email addresses? Get a gmail account, tag them all with it, spoof yourself with it, and then surf a couple dozen porn sites and post to a bunch of usenet groups. Google wants mail? Give it to them.

The fundamental difference

[wickerprints (1094741)]

...which was pointed out in the article as well as the summary, but so far has failed to gain any notice in the comments, is that one implementation is purely local to the owner's physical machine, whereas the other is hosted on a corporate server, with no provision that the data of interest is solely under the author's control.

That's the crux of the entire matter. Talking about unique identifiers or linking to other metadata is secondary. The real issue is that anything you submit to Google, Facebook, etc. is no longer really yours. The companies who host and mine this data have a vested interest in allaying such fears. They will say and do anything to give the appearance of trustworthiness. Whether they actually follow through is simultaneously independent and irrelevant, because the fact remains: once you put data online, or have it hosted remotely, someone else has it. Data is infinitely copyable, modifiable, crackable.

When you use a program like iPhoto to tag images you took on a camera, nobody else has access to that information, provided you don't share or publish it in some manner. The recognition technology is programmed into the application, and the application runs locally. Google's service does not. The trend toward server-side computing to be alarming. The price of convenience and robustness is security and privacy. I am becoming increasingly convinced that the former is not worth the loss of the latter.

(I do not have the latest version of iPhoto. And I'm not an Apple apologist by any means--for instance, I despise MobileMe for the exact same reasons I find Google's practices to be problematic. We live in a time when avoiding the harvesting of personal user data by powerful, ethically questionable governments and global corporations is virtually impossible, and it is getting more difficult by the day.)

Re:The fundamental difference

[imsabbel (611519)]

That was my first thought, too.

When i read "Picassa 3, now with face recognition" a while ago, I thought that this is cool.
But when i noticed later on that its only available on googles servers, I was like "Fuck you, google".

Re:

[Rob Kaper (5960)]

whereas the other is hosted on a corporate server, with no provision that the data of interest is solely under the author's control.

If that's the case, don't blame Google but fix your laws on personality rights.

Here in the Netherlands, when a company collects or processes personal information on you in the broadest sense of the word, you are at all times entitled to see the data, amend it with corrections and have it removed from their system.

I'm almost sure that something similar exists in the US, so you could easily sue Google if you feel they violate your personality rights. I realise it's hard for John Doe to sue Megacorp these days

Seriously, don your tin foil hats.

[w0mprat (1317953)]

NSA and the Department of Homeland Insecurity likely already have face recognition software trawling websites including social network websites recognizing the same people popping up in photographs all over the world. I doubt it's effective in practice, if they have this, but in theory, this would be the technique to be able to 'search' for say, a suspected terrorist, drawing down shots of faces from all over the world. Someones holiday snap of a crowd in some city. pulled down from flickr. may put a pin in the map as far as tracking a known suspect goes. Nevermind what realtime access to urban CCTV that seems to be popping up in many cities all over the world.

^^^You see what I did there right... I fixed it for myself, i put 'IN' in front of 'security'.

Re:First intelligent post.

[by Anonymous Coward]

When Google finally knows everything there is to know about each of us, the government will be able to save the money it would have had to spend on ID cards. Google can issue them for free, relying on advertiser income from selling the info. Savings! Lower taxes!

Re:First intelligent post.

[dov_0 (1438253)]

If they get together with Amazon, we can have little iDentikindle cards with tasteful text ads beside our photos. Maybe the content could be matched with our profession or stage of life...

Re:

[by Anonymous Coward]

...And our medical records can be indexed online! Talk about convenience!

Re:

[The Snowman (116231)]

...And our medical records can be indexed online! Talk about convenience!

Also, our porn sites

Re:

[ultranova (717540)]

Google's option is pretty creepy. Any of my loved ones that dislike me enough to put my face to my personal details on a remote server are in trouble...

Bah, this is nothing. Just wait until someone comes up with a way to turn facial characteristics into a string, which can be stored into a database. That would let the system to automatically deduce the likely identity of everyone on each picture by cross-correlation with social networks and such. And even if they can't get your name, they'll still be able

Re:

[dov_0 (1438253)]

Facial characteristics stored in a database? The Chinese have had voice recognition systems running in their airports since the '90s. Either the facial biometrics stuff is online by now or isn't far away...

Re:

[Architect_sasyr (938685)]

Thoughts: A "fuzzing" of an image, saved down to a couple of SHA hashes and an MD5 would give you a "close match" system which you could then recognise a lot easier.

So, light colour variations in cheeks (for example) are removed (blended out) of the image, hashes are taken, close matches are processed harder for tighter possibilities.

Perhaps hashing isn't the right answer, maybe we could look at pixel-area-colours and match from there? Too many thoughts, too late in the evening.

Warning: If you are a cree

Re:

[TapeCutter (624760)]

Fractal compression [wikipedia.org] would do the job if it were not encumbered with a pile of patents issued a couple of decades ago.

Re:

[Architect_sasyr (938685)]

Actually that would be very close to what I was thinking. Remember that guy from a few weeks (months?) back who created the Mona Lisa ( http://developers.slashdot.org/article.pl?sid=08/12/09/0238252 [slashdot.org] ). The same concept but in decomposition. If every human profile could be cut down to, say, 50 polygons and we just stored their position and orientation, a relatively simple record could be kept of each person.

Still too many thoughts for me to be getting it right though.

Re:

[HuguesT (84078)]

In fact human faces can be compressed very effectively. The top 20 features from eigenfaces [mit.edu] are more than enough for recognition, so forget polygons.

Re:

[nospam007 (722110)]

Bah, this is nothing. Just wait until someone comes up with a way to turn facial characteristics into a string,

http://www.idmt.fraunhofer.de/eng/research_topics/photoid.htm [fraunhofer.de]

Re:

[erroneus (253617)]

It's not their dislike that they are exploiting, it's their like.

It amazes me that people use Google services at all considering their retention policy..."FOREVER." But people flock to Google, use their browser and other apps and without question, some of it is really good and really useful. But it isn't hard to see how it can be exploited and this face tagging thing is certainly one of them.

"Hey, you don't know me but I got your spam-target email address from google face search. I know you didn't submit

Re:

[Yetihehe (971185)]

I've just never seen such construct, does it mean "Picasa enables you to identify everybody..." or "Picasa demands that you identify everybody"? I've parsed it as "Picasa owns you identify everybody.." but it could be because I didn't have my coffee yet.

Re:

[drinkypoo (153816)]

One way to beat this feature is to change your own features as often as possible. With make up and piercings, hair style and plastic surgery if you're a woman, with all of those in addition to growing a beard and cutting it off regularly, if you're a man. This will surly confuse the system.

One way to beat this is to wear a mask.

Eventually they will outlaw masks, but that just underscores that the problem isn't with the technology (which is inevitable) but with the way it will be abused. Want to prevent abuse? Let's go take back our government. Nothing we can do to google will prevent this kind of information being used against us. Google is just one company; the future is inexorable.

The reality

[by Anonymous Coward]

The title should be "Face Recognition - Works or is Bullshit" ?

After working in computer vision for a few years, I learned how this stuff works, and I find it a lot of baloney. Sure, you can get something that works for a bit of the time for a restricted amount of data, but as we found out with the MIT debacle after 9/11, this stuff isn't robust. It can't handle simple changes in lighting, obstruction of portion of faces etc., which makes sense, since it isn't magic. Unfortunately it is a hot media topic, and computer vision researchers and others keep hammering away at it. I am here posting mainly to ask slashdotters to be more critical of the performance of such systems. Remember, when someone shows one of these systems, and this goes for other stuff like in-painting, tracking, edge detection and other standard computer vision problems, always ask yourself if the person presenting the solution has demonstrated it is a very wide variety of situations. You can always get something to work for one photo. (Usually of Lena...)

Re:The reality

[tooyoung (853621)]

As someone who has also worked in the computer vision field, I agree completely. However, I have found that it is sadly pointless to discuss out how this stuff really works on slashdot, as the only comments that will be modded up have to do with tin-foil hat like predictions. You can point out that a national database of faces is unrealistic, as techniques such as Principle Components Analysis aren't accurate on massive data sets, and your comment will squander at 1. Don't even bother pointing out all of the inaccuracies in the article, such as how face detection commonly works. Most people on this site think that this all works like it is shown in the movies.