Facebook's New Captcha Test: 'Upload A Clear Photo of Your Face'

An anonymous reader shares a report: Facebook may soon ask you to "upload a photo of yourself that clearly shows your face," to prove you're not a bot. The company is using a new kind of captcha to verify whether a user is a real person. According to a screenshot of the identity test shared on Twitter on Tuesday and verified by Facebook, the prompt says: "Please upload a photo of yourself that clearly shows your face. We'll check it and then permanently delete it from our servers." The process is automated, including identifying suspicious activity and checking the photo. To determine if the account is authentic, Facebook looks at whether the photo is unique.

WHY?

[tripleevenfall]

Why do Facebook, Apple, and others thing public information (like what your face looks like) is more secure than a private key that exists only in your mind?

Re:WHY?

[Anonymous Coward]

Because they want to build a comprehensive and, more importantly, up to date image of what you look like for their facial recognition software.

I'm sure there's some guy out there who gets a massive boner when he thinks about with one hi-res crowd shot of people they can pull sophisticated buying demographics to sell to advertisers.

Re:

[Anonymous Coward]

Also they want your location data from photo so they can match you to nearby people.

I wish there was an option to remove exif when uploading photos from album...

Re:

[denis-The-menace]

utilities do exist. The real issue is that you should not have to strip out private info that you did not ask to insert into EVERY picture.

Re:

[e_pluribus_funk]

>Because they want to build a comprehensive and, more importantly, up to date image of what you look like for their facial recognition software.

With "they" being US intelligence agencies.

Re:

[markdavis]

>"Because they want to build a comprehensive and, more importantly, up to date image of what you look like for their facial recognition software."

+1

This has NOTHING to do with security and EVERYTHING to do with gathering yet more information about their users. Hopefully people will take a clue and revolt against such crap.

Re:

[dgatwood]

Will this mean you'll have to supply a fresh photo every time you log in? Funny, replay attacks should now be awfully easy, even if they get a fresh picture every time. Pictures aren't hard to manipulate, after all.

I assume this is for people creating new accounts, i.e. not for authentication, but rather for drastically reducing the number of fake accounts that use the same two or three pictures of half-naked girls and send out friend requests to random people.

So now, the scammers will at least have to use

Re:

[BitterOak]

Why do Facebook, Apple, and others thing public information (like what your face looks like) is more secure than a private key that exists only in your mind?

They're not making any such claim. They're proposing using an image of your face as a captcha, not as a login credential.

Re:

[Bryansix]

Exactly. The only captcha that I remember on Facebook is when you are creating a new account or recovering your password.

no. freaking. way.

[swschrad]

this is going way too far. next they'll put biosamplers in your phones to check your DNA, and it will cost you $50 per login for a replacement sensor.

Re:WHY?

[religionofpeas]

And in this case, FB isn't interested in adding security to your account, they just want a new way to prove that it is a person behind the account instead of a robot. Nothing to do with security.

We're already at the point where a computer can generate unlimited artificial faces that are good enough to fool such a system:
https://www.youtube.com/watch?... [youtube.com]

I guess it has nothing to do with security, but rather with building a database of people, or analyzing your facial features and linking them to your preferences.

Not really

[bagofbeans]

You just stopped your own future access to your account. FB still has it.

Re:

[war4peace]

I suggest everyone to use the same image of Jesus, just for kicks.

Re:

[Anonymous Coward]

There can be only one correct image of Jesus [kinja-img.com]. (SFW, unless you work in a bowling alley)

Re:

[arth1]

I suggest everyone to use the same image of Jesus, just for kicks.

If Facebook were telling the truth, everyone (and all bots) could indeed use the same image, as long as nobody uploaded it anywhere where it could be scanned by Facebook. Because if they immediately delete the image as they claim, they won't know whether it has been used by others.
However, in reality...

Re:

[torkus]

They will delete the image and keep a one-way hash of it.

They can then log those hashes and, if they see one repeat then they know something fishy is going on. The data level of the hashing determines if they reject after a single match or if they're looking for multiple matches before they consider it a duplicate login attempt.

It's actually a pretty inventive way to prevent bots if you have the data processing capability ... and FB/Google/Amazon types DO have it. If you add in some facial recognition you

Re:

[TangoMargarine]

So you just apply a filter to the photo that adds a little random visual noise to the data, and everybody can still use the same photo.

Re:

[sheramil]

I would suggest rotating it by 0.414 degrees each time, until the algorithm says "You appear to be upside down. Please try again."

Re:

[infolation]

A dusting of andom noise does not fool facial recognition. Features extraction for hashing uses wavelet image processing (among other processes). Splitting the data into different frequency ranges allows the algorithm to isolate the frequency components (introduced by factors like expression or illumination) into sub-bands. Wavelet-based methods strip out these variables and focus on the sub-bands that contain the most relevant information.

Re:

[TangoMargarine]

It does if it's hashing the binary photo data, which is what GP was talking about. For that matter, cropping the photo would do it.

The facial recognition is just to recognize whether it *is* a face, not match it against others it's seen. If by "hashes" they literally meant a hash like MD5 or SHA-1.

Re:

[TangoMargarine]

Blarg, replied before really reading the whole post. Disregard :P

I mean, you'd just need to work out which precise areas you had to munge. Make the eyes a slightly different shade of blue or whatever. If the algorithm accepts a certain amount of fudge factor that's kind of stretching the definition of "hash."

Re:

[Narcocide]

He belongs to neither political party. He's a paid astro-turfer and his only goal is to hilariously cause the exact divisiveness he's pretending to rail against.

Re: WHY?

[Anonymous Coward]

It wasn't the right wing that came up with the LGBTQI2SGMARHN+ concept. They aren't the ones pushing 87 different genders. They aren't the ones spending decades in college obsessing over race, and gender, and sexual preference, and other ways to classify people. The right wing is far less divisive than the left wing.

Re:

[Anonymous Coward]

Because lumping hundreds of millions of people under one label and then assigning specific traits to that group is a great idea, right? You dumb fucks on "either side" can't seem to understand basic goddamn fucking logic. All you dumb shits do is farm red herrings and manufacture straw men. Feminazis and religitards are both shitheads; you're just swimming in different flavored pools of mental feces while claiming your pool doesn't smell like rank sulfur-swirling ass gravy. The world would be a better place

Re:

[jedidiah]

The DNA from my blood is different than the DNA in my saliva.

Not only no

[Zorro]

But Hell No!

Re:

[magarity]

Sorry, AC, Google Images has thousands of you.

Re:

[Zaelath]

I can guarantee you they don't.

Yeah...

[WolfgangVL]

Yeah! It's nice to finally put a face to the name eh??

No thanks

[Arkham]

I get closer and closer to deleting Facebook permanently every day.

Re:

[Oswald McWeany]

I know a lot of people that have deleted their facebook account. A few go back after a short while, the rest say they're happier without it.

Re:

[religionofpeas]

I keep an empty facebook account, just in case I need to see someone else's facebook page.

Re:

[religionofpeas]

It has metadata from facebook cookies and trackers all over the web.

Just the same as for people who have never used facebook at all.

Re:

[religionofpeas]

Why would you ever want that? Virtual stalking?

Mostly for people who use facebook as their only way to announce stuff.

Re:

[forkfail]

Thing is, though, Facebook is like Pepperidge Farm on steroids.

They remember. Even if you don't.

Re:

[jedidiah]

You can get banned by the Facebook censors over a mild disagreement on some non-controversial subject just because it contradicts whatever the Facebook group think is.

No need for trolling, flaming, insults, or anything remotely offensive.

The platform is ultimately self limiting.

Re:

[Rob Y.]

You must have an interesting idea of what constitutes "a mild disagreement on some non-controversial subject", given the amount of sheer vitriol I've seen in Facebook comments. Second only to those on Slashdot - except that Facebook commenters aren't as interested as Slashdotters in convincing people that they're smart while they insult them...

Re:No thanks

[Oligonicella]

because it contradicts whatever the Facebook group think is

You left off the important part.

Re:

[magarity]

What makes you think you really can?

Re:

[JohnFen]

Why haven't you already? I did it years ago and recommend it very highly.

Re:

[Rick Schumann]

Do it. I did, YEARS ago, and never looked back once. The tipping point for me was the day when I decided I wasn't comfortable with having posts of mine exist that were beyond a certain age, so I went through to delete them. The next day I went back and discovered they had all been un-deleted. So I tried again. The next day they were all back again. That's when it dawned on me what the true nature of Facebook was and that I did not like it one bit. So I deactivated the account. That was about 10 years ago I

Re:

[fafalone]

Since when does Facebook even allow deleting posts? Last time I tried it was either not there or so well hidden the only option appeared to be to just restrict visibility to 'only me'.
And you never let people take pictures of you? You sound like a fun guy. How long does that policy last before there's no one there to try?

Re:

[Rick Schumann]

As always: I challenge ANYONE to show proof this is true, because I don't believe you.

Re:

[markdavis]

>"I get closer and closer to deleting Facebook permanently every day."

I never even created one in the first place. I know, seems almost impossible, almost incredible. But it is true. I knew it would be like this, even when they first started Facebook. No Instagram, no Google+, no Twitter, no Myspace, etc. And when someone complains that I won't be able to keep in touch with them, I say "Sorry, it has nothing to do with you, I simply will not subject myself to what Facebook requires. Here is my home

Re:

[Anonymous Coward]

do you actually believe that it was deleted? Its more likely that they move that information to a secondary database that isnt referenced by their forward database that the public version of facebook sees. After all they already have shadow profiles, what makes you think that they would just delete all of that succulent information on your self instead of transferring it to your shadow profile.

I bet if you used the same email address to sign up again that your entire friends list from the previous account w

Obviously

[Waffle Iron]

They can't determine if a photo is unique unless they don't really delete the photo from their servers. (They probably keep a "fingerprint" of the photo, which would be the most valuable part for spying on people anyway.)

Re:

[religionofpeas]

Where "fingerprint" means "the original photo"

Re:

[Oswald McWeany]

They can't determine if a photo is unique unless they don't really delete the photo from their servers. (They probably keep a "fingerprint" of the photo, which would be the most valuable part for spying on people anyway.)

How difficult is it to slightly modify a picture of a face to make a new "fingerprint". This sounds less about security and more about personal invasion.

Re:

[fahrbot-bot]

They can't determine if a photo is unique unless they don't really delete the photo from their servers. (They probably keep a "fingerprint" of the photo, which would be the most valuable part for spying on people anyway.)

How difficult is it to slightly modify a picture of a face to make a new "fingerprint". This sounds less about security and more about personal invasion.

Probably as a way to increase their ability to automatically tag/identify you in other photos.

Re:Obviously

[omnichad]

This. They're probably going to point a neural network at this face-fingerprint data and train their auto-tagger. Right now, bad lighting or an odd angle will throw off the automatic face recognition.

Re:

[TangoMargarine]

It would be pretty funny if people started all using a slightly munged photo of Mark Zuckerberg.

Re:

[Bryansix]

I think you missed the point. They aren't saying the photo is unique to any you used before. They mean the photo is unique form anything indexed on the web. Most people who design bots have the bots steal photos from online for account creation purposes. They just search google images for "young woman" or "young man" and use a random image from the results. Google images and services like Tineye already have reverse image search capability. This just taps into that and checks to see if the image was just ta

Re:

[sgrover]

Give me an image file, and I can generate an SHA hash for it that is relatively unique. Then I can delete the file. I can then compare other hashes for other pictures without having the original picture, or even being able to recreate the picture. But now that begs the question, why can't I just provide the hash generated from a client side app without passing the actual image? As a dev, my spidey sense is tingling - they want the pictures for something other than just the stated reason.

Re:

[religionofpeas]

Give me an image file, and I can generate an SHA hash for it that is relatively unique

Can you make it so that two different pictures of the same person result in the same SHA hash ? If not, it's useless.

Re:

[Bryansix]

The picture of the back of your head would possibly work because it's unique. The photo of the clown or velociraptor probably exists on the Internet in which case the fingerprint is already in their data lake.

Hi, we've lied repeatedly before but this time...

[Maxo-Texas]

Jeez.

Facebook has been caught lying and engaging in dubious behavior dozens of times and the founder says you have no right to privacy (but zealously protects his own privacy).

Wake UP!

Clash of the bots...

[Freischutz]

I'm going to enjoy seeing that thing clash with this one: https://tech.slashdot.org/stor... [slashdot.org]

HAHA

[Narcocide]

Reporter: Thus solving the problem once and for all.
Little girl: But...
Reporter: ONCE AND FOR ALL! [youtube.com]

simple

[kiviQr]

CAPTCHA is evaluating your intelligence, if you upload your photo you fail (I mean you can enter glorious facebook).

How will their system handle

[Huge_UID]

my dick pics?

Re:

[Sporkinum]

ID you say? http://i.imgur.com/fKz6pKq.png [imgur.com]

Facebook closed my account over this

[cstacy]

My FB account had about six "friends" on it: immediate family members. Didn't ever post anything or upload any information, just looked at photos they posted, pressed Like sometimes, and occasional IMs. I got this "upload a photo" roadblock, although it also said it was going to compare it to my Profile photo to make sure it was me. I didn't have any Profile photo, of course, so that's bullshit. Tried logging in three more times over the course of three weeks. Yesterday tried again, but the account has gone from suspended to terminated.

They said it was for "suspicious activity". (Of which of course there was none.)
I say it was because I failed to upload content for them to monetize.
Interesting business decision.

Re:

[140Mandak262Jamuna]

Wow! That is how you get your account Deleted! Very nice to know. My understanding was that Facebook never deletes the account. No matter how hard you try.

Re:

[cstacy]

Wow! That is how you get your account Deleted! Very nice to know. My understanding was that Facebook never deletes the account. No matter how hard you try.

I am sure they don't delete all the information that they collected, but the account is "deleted" in the sense that its existence and content is no longer seen by other users (like Deactivation) and you can never log into it again.

Re:

[Bryansix]

Did you know anybody can say anything on the Internet?

Take a photo of the chic your stalking

[wolfheart111]

Then upload it to facebook and get access to the account? Is that how this works?

But can FB reconstruct a hashed photo?

[billrp]

TFA says FB will hash an image and then delete the original. But to implement a similarity metric with previous "hashed" images of the same person, they will need a distance function that works on hashed values of all the photo's features that they capture. Unless they have conquered homomorphic encryption, FB will likely need to reverse the hashed features and then do similarity measures with previous photos, and will also be able to reconstruct "deleted" photos.

Re:

[markdavis]

>"TFA says FB will hash an image and then delete the original."

Does anyone really believe that? It is like thinking that if you are fingerprinted for some stupid reason it ISN'T going to end up in every local, state, and national database out there and be searched and compared to every time they have suspect print to run.

so, um...

[Kierthos]

Yeah, fine, this is meant to stop bots. Whatever.

What's keeping me from uploading a picture of someone else if I'm asked to? More to the point, how do they know it's a picture of me?

Same applies to bots. Yes, I'm completely and earnestly sincere in my belief that this will wholly stop bots from placing advertisements. At least until the people that run the bot networks find a workaround. You know, just like with other CAPTCHA methods.

I'm certain that Facebook has taken into consideration that people who run

Nope

[cybersquid]

I will not comply.

Re:

[GerardAtJob]

Same for me... hey, I don't even have a cellphone to take that photo lol

First My Phone Number, Now This?

[Tempest_2084]

Facebook kept badgering me for years to give them my phone number 'just in case' to which I repeatedly said no. Finally they stopped bugging me about it and all was good for a few weeks. Then I got a new notice that said 'help verify that this is your number and keep your account up to date'. Lo and behold that was indeed my phone number, but I never gave it to them. I don't know where they scraped it from, but they got it. That left me creeped out for a long time and I considered closing my account. In the end I kept it, but I watched what I posted and really dropped my usage. If I get this prompt I'll drop it completely. I'm not a social media junkie, so I'll live. In fact the only reason I'm still on it is for a few interest groups that I'm involved with who moved to FB (terrible decision) and so my family can tell me who died and who had a kid. Both of which I could live without.

Re:

[Tempest_2084]

I'm sure they do. It's kind of unnerving that they could get the info that way though. I'm starting to think investing in tinfoil hats might not be that crazy after all. :P

Re:

[FrankHaynes]

When a buddy created his FB account years ago he called me up and was raving about how REALLY NEAT it was that it presented a metric crapload of his friends without him having to lift a finger. After I picked my jaw up off the floor I explained how this was not neat, but rather creepy and scary. He couldn't understand what I meant.

So, yes, one of your "friends" is complicit with FB in gathering intel on The Resistance. I choose my irl friends carefully and on those rare occasions when I'm not acting the her

No problem

[nospam007]

Clearly a job for the morphing apps.

This is great news

[argStyopa]

...I'm looking forward to them deleting my account ...finally.

Good thing I dropped Facebook years ago

[bettodavis]

Since the day they asked me for 'my real name' instead of a pseudonym my friends and family know, even threatening me with blocking my account.

"Fine". I told myself, and proceeded to promptly close my account and never looked back.

Seems like it isn't getting any better of late.

Re:

[jedidiah]

Since they can ban your account for trivial violations of their group think, the value of having only a single account linked to your true identity is very limited.

They also seem to be the anti-slashdot. The most trollish responses get the most attention. So off topic nonsense gets filtered to the top and useful stuff gets hidden.This is strangely contradictory to their complaint/moderation polices.

Re:

[FrankHaynes]

They pulled that crap with me a few months back, so I dutifully fabricated one of the accepted documents for proof displaying my pseudonym and they reactivated my account. I would've let them keep it suspended forever if I weren't required to stay in touch with a group that had the bad sense to plop its home down on FB instead of some other host that is less imposing.

Wait wait wait

[Chris Katko]

Wait.

You mean FB, the company that vacuums up everyone's personal and private information... is going to require us to GIVE THEM ADDITIONAL private information every time they want you to "prove" you are yourself? They're going to have an entire compilation of your same face, with different lighting angles, different positions/age/makeup/etc.

I'm honestly at a loss for who is more evil at this point. Uber, Google, or Facebook.

Re:

[FrankHaynes]

Facebook, by far.

There are alternatives to Uber.

Google doesn't seem to have the same insidious nature as FB and indeed has alternatives.

But FB enjoys the network effect that no other platform can duplicate; if you're not on FB you are "missing out". I could start another FB replacement tomorrow, but nobody would be on it, therefore it would provide no value and would therefore attract no users.

FB is like those creatures left behind by The Shadows on Babylon 5 that would infiltrate your nervous system, watch

You can count in MicroSoft in that list

[ffkom]

You buy a gaming console for some child, and they require you to create an email account for it - which is a bad thing on its own. Then, 24h after that account was created, they say it's "temporarily suspended" and demand a private mobile phone number to send you a "verification code". This is just the same crap: Corporations trying to bully you into giving them sensitive private information. (And so the console was returned to the person who brought it as a gift, and ultimately returned for a full refund.)

I don't see the problem

[rsilvergun]

I mean, there's already plenty of good quality pics [google.com] I'd be willing to upload.

Re:

[Whorhay]

I was thinking that a retouched version of the old Slashdot link trolling picture would be optimal.

Kodachrome

[jabberw0k]

A new photo of me? I'll have to wait a week to get this film developed, and then go to Walgreens to have it scanned so I can put it on a usb stick to bring it home. Right sure.

Re:

[almitydave]

For people without immediate access to digital cameras, they'll provide a phone number so you can just hold your face up to a fax machine...

We'll check it and then permanently delete it

[Oligonicella]

Bullshit. FaceBook has a proven record of lying.

SubjectIsSubject

[p0p0]

May soon? It's already happened.
I just made a new account in September for business use, and before I had time to even put any photos or information in, they locked me out of my account and demanded a photo of my face to verify my identity.
How could that possibly work, when I hadn't even uploaded a picture to compare it to? 3 days later they finally unblocked the account, but then proceeded to do it 4 more time, each taking an extra day to unlock.

There also seems to be more going on, since I edited on

No problem

[Drunkulus]

I'll be happy to upload more photos, there are plenty on the wayback machine- www.goatse.cx.

Just wear Guy Fawkes masks

[turp182]

Remember, remember, the 18th of May, not November
The 2012 "You have no privacy" plot
I know of no reason why Zuckerberg's season
Should NOT be killed off and forgot.

That's the IPO date by the way.

https://en.wikiquote.org/wiki/... [wikiquote.org]

Easily automated

[HalAtWork]

What exactly is stopping anyone from uploading them photos that were morphed between two existing images? This can easily be automated.

About ready to delete my FB and Twitter accounts.

[Chas]

Not just because of this.
But because the sheer, unbridled stupidity emanating from the platform is starting to affect people I see as friends.
And I don't want to witness it.

Re:

[viperidaenz]

You can't delete your profile. You can only delete your access to it.
Facebook will keep gathering data on you via other users though.

commentsubject

[Falos]

"we'll delete the picture"

Jesus Christ. Son of Josesph and Mary, holy son of God, etc, I am invoking the name of a sacred figure because at least you guys should know that means jack, shit, and diddly fuckall.

They'll use it to cross-reference the rest of their massive data, validate associate collaborate in ways we can't possibly predict. Cuff Example: Code that makes soft conclusions re: ancestry, marking potential associations by facial data that relate well with genetics.

They're use it to store everythin

We'll delete the photo

[viperidaenz]

But keep the metadata for future facial recognition of you in other people's photos.

I don't believe them

[AndyKron]

"We'll check it and then permanently delete it from our servers". Bullshit.

Synergy

[markana]

How long until they combine this with their "anti-revenge porn" scheme? Where you'll have to upload a new nude picture every time you log in. They'll be sure to delete them, after the admins have verified the identity of the user ("yup, they got a mole in the right place"), and checked the ownership of the photos.

(FB - this is not a suggestion, btw).

This is the sort of thinking that comes from living too long inside a bubble - with double-thick, clue-proof walls.

Dear Facebook

[nuckfuts]

Here is a recent photograph of my naked ass. Please apply lip marks and return it to me for verification.

All those people who modeled for stock photos...

[dizzy8578]

Will never get back in their account.

Re:

[viperidaenz]

They don't need to keep your photo. They have no use for it.
What they have a use for is training their recognition algorithms to be able to recognise you in any picture.
That's going to help them further enhance your profile from pictures and videos other people upload. Even if they don't tag you, or even know you.