For someone not really familiar with the FB API, is it possible to get a list of all people in a certain city, or are data mining techniques necessary?
Now, most of you probably don't care enough, only some are doing adult stuff. But let's imagine such a complete image/id database comes into hands of a bad regime.
Most countries already collect and save biometric photos not even for general passport and driver's license documents but also for health insurance issues (like in Germany). Do you trust the health insurance company to store the photos in a way, that no employee nor external attacker is able to "collect" them?
CCTV cameras in public and private places are all over the country, placed in public transportation but also in places like gas stations, restaurants, even in the entries of restroom facilities and of course all over in airports. If you connect all those image sources, which is not a technical problem anymore, you can easily track people, like shown in the fictional "person of interest" tv-series.
You can turn of or throw away your mobile phone/SIM card. But you can't change your face.
Not to mention that is only for facial recognition.
If you want to look at a much better way of tracking people check out CreapyDOL [1]. It works by looking only at wifi data. As he says it "Stalking an entire city on the cheap."
Not only this, but if you want to stay in the CV realm you will also need to switch up:
* Your stride
* Your height
* Width of shoulders
* How far or if you sway your arms while walking
All of those could be used to track an individual. It's not an absolute game, it's a numbers and percentage game.
In some (quite a lot of!) jurisdictions there are already laws that prohibit concealing ones' face. While the laws are against masks, it won't be a big stretch (esp. for a rogue regime with a plenty of corrupt judges at hand) to apply or extend such laws for this sort of make-up as well. All in the name of public safety, of course.
That'll only delay the inevitable. Hair. Height. Walking patterns. Stride Length. Each added Criteria helps improve the odds. Oh this masked person waked out of building but they know of 28 people identified in building. So even without identifing your face they only need to build Confidence among a very small subset. Even if you go from building to city or country. They could likely narrow it to high confidence especially if they can actively ID the locations of all others with similar characteristics as you.
In quite a few countries upon visiting they take a photo of your face. Some also add finger prints.
You cannot obscure that photo as they won't allow you to do so.
So yes this can be used against you, actually at th border it is only collected for that purpose, to be able to identify you as a possible suspect.
Adding big data in the picture does make it more scary as I don't believe it is completely reliable. If you've been tagged as a possible suspect you might find a nasty surprise upon leaving the country.
Well, i don't believe they take the picture for your benefit. Actually also seen that a picture is also taken on exit. So yes there might be more reasons like making sure the biometrics match with what is stored in the rfid chip on the passport. But you can bet that the data is stored and will be mined when needed.
Heathrow and maybe other UK airports, but not all, whether you're entering or exiting, will take (two) photos, AIUI, in order to verify the correct person is boarding the aircraft.
Don't worry, they only keep your data for "as long as is necessary".
This technology could be also used for "good". For example it takes lot of time to manually identify Trump supporters and email their employers. Now it can be automated.
This may look like an option, but once technology has a low failure rate, everything that doesn't match or that does seem unusual will trigger an alarm.
Just watch the airport security checks after 9/11 when entering the US: Either you provide a biometric passport accept x-ray radiation or you will be personally annoyed… for your own safety, of course. I believe this is not because of any bad intention, however it trains people to accept such strict rules and when it works there, why not enforce it in other parts of our civil life?
For example after some madman shot at a german court house a couple of years ago, they started mandatory checks on every single court house as well.
Another case from Germany: We have started to collect car plates from trucks on the Autobahn because of a new electronic toll system (only to catch trucks that don't have the onboard unit activated, no regular use case for visual checks). Of course those car plate recognition software by design is also able to save car plates… of course everything will be deleted… really? It might be true for the moment, but in the future?
Did you read the opening posting on VK.com? I guess it only takes 10-15 years. And in some situations, e.g. entrace checks, public transport etc. you've even right now a high chance to obtain great facial images because you (as in state, authority) are able to control the environment.
From the article, they only get 90% accuracy in controlled conditions, and much, much worse when comparing images taken in the wild. In voice recognition, perhaps a smaller problem space, 90% accuracy means everything gets proofread by a human. "10-15 years" is not an estimate, it's a carrot on a stick.
I can imagine that at some point, some level of accuracy will be deemed "accurate," after which we'll still see mistakes. That will be too bad in the eventuality that this technology is used to help justify a killing.
Fingerprints also have this issue. You only get ten of them that should last your entire life.
With cooperation, we can build 'revocable biometrics' that mix faces and fingerprints with a password or PIN. To revoke your biometric, simply forget your PIN.
The only thing you can do with these models is verify your claimed identity. They can't be used for search. So they're great for users, but not so great for evil establishments that want to search for terrorists or whatever in large biometrics databases.
I'd like to avoid solutions that facilliate an implicit assent to the collection of biometric data.
The plan you've outlined still has large organizations building massive libraries of immutable identity data. (they'll still have the fingerprints, however mixed and matched and re-ordered, and they'll still have the scanned faces)
At the end of the day, we'd still be letting them, asking them, begging them to store our finger prints and recognize our faces. Putting bald data in the hands of amoral, faceless, collective entities like corporations and governments.
The work I'm thinking about (revocable biotokens) is a bit like a hash, so Facelesscorp never gets access to your raw biometric. The only thing Facelesscorp can see is an opaque blob that they can only use to verify a cooperative subject's identity; it's not useful for anything else.
A face, or a fingerprint, or a social security number, is like a username, not like a password.
Separately, simple facial recognition cameras can be fooled with printed photographs. Will 3d printing in elastomers let us fool whatever countermeasures are being developed against that?
Separately, we need to get started on building a society where we all are comfortable and safe without privacy, because privacy is dying. Trying to save it is like trying to provide subsidies for horse carriage manufacturers in the age of the car.
I don't see how your first two points are relevant to the article- it never discusses face detection use as a password, only as a means of indexing into social networks. ("Only.")
Regarding your third point, sadly, such a society is still so far away as to be essentially inconceivable. Most people don't trust their governments, and only the most forward-thinking segments of society are even tolerant of the range of cultural, sexual, and religious lifestyles that real humans live. We're going to have to find ways to subsidize those horse carriages for a long time to come.
> ...we need to get started on building a society...
Well the "comfortable" part of that makes it impossible, because of the whole chilling effect thing surround private thoughts and activities necessary for building a basic personality. The "safe" part is certainly doable though, but fans of government prosecution will be disappointed. I don't care if the Girl Scouts of America have a copy of my browser history, because they can't do anything with it - but an agent of the state certainly can. Not because there is anything presently illegal in the browser history, but the simple combination of information + uncertainty + power = bad time for the lesser-thans.
But if the Girl Scouts also have a copy, that could help protect you if a state agent accuses you of something. The danger is a state monopoly on information.
While the monopoly makes the situation worse, what you are suggesting depends on the state being subject to some form of universal justice - which isn't the case. States pull that sort of crap all the time and rarely are there any consequences for bald-faced lying to the public.
"... privacy is dying ..." Even without discussing the merits of the idea, this is one of the most defeatist sentiments I've heard lately, and I'm an eternal pessimist. Privacy will not be dead so long as I have any say in how I live my life. Call me a tin foil hatter, but anonymizing/removing my internet/societal fingerprint, preferring higher anonymity when performing transactions, and taking steps to minimize my overall public profile are all actions I can, will, and do take until the day I die to sustain my personal privacy, and I will take any opportunities I have to impact change to support privacy on a broader scale.
Again, while the intrinsic benefits of privacy are discussed at length by those far more able to eloquently defend it than I, I instead make a far more tractable statement: My quest privacy will be dead when I am, and if that makes me isomorphic to a Luddite, I readily accept that hypocrisy. (Being progress seeking in almost any other domain I can think of.) There is too much benefit to privacy given the current power asymmetries, social climate, and frank human nature for me to ever give it up, for myself and others.
(as a postscript, your statement re: biomentrics as UID is absolutely right, albeit a bit repeated ad nauseum within HN nowadays, I just wanted to enunciate my distaste for any sentiment suggesting we accept a loss of privacy)
49 comments
[ 2.8 ms ] story [ 76.9 ms ] threadhttp://www.imdb.com/title/tt0409459/
Now, most of you probably don't care enough, only some are doing adult stuff. But let's imagine such a complete image/id database comes into hands of a bad regime.
Most countries already collect and save biometric photos not even for general passport and driver's license documents but also for health insurance issues (like in Germany). Do you trust the health insurance company to store the photos in a way, that no employee nor external attacker is able to "collect" them?
CCTV cameras in public and private places are all over the country, placed in public transportation but also in places like gas stations, restaurants, even in the entries of restroom facilities and of course all over in airports. If you connect all those image sources, which is not a technical problem anymore, you can easily track people, like shown in the fictional "person of interest" tv-series.
You can turn of or throw away your mobile phone/SIM card. But you can't change your face.
You can obstruct it enough to confuse OpenCV: https://cvdazzle.com/
I wonder if this is the future of fashion?
If you want to look at a much better way of tracking people check out CreapyDOL [1]. It works by looking only at wifi data. As he says it "Stalking an entire city on the cheap."
Not only this, but if you want to stay in the CV realm you will also need to switch up:
All of those could be used to track an individual. It's not an absolute game, it's a numbers and percentage game.[1] - https://www.youtube.com/watch?v=BcvxD7p4Suw
> Strictly no Ad-Trackers. Strictly no Google Analytics. Otherwise attribution-NonCommercial-ShareAlike
Doesn't state which version of the license, and all Attribution-NonCommercial-ShareAlike version prohibit additional restrictions.
Currently:
> As of April 28, 2016 I have revoke the Creative Commons license for these works because of projects like MegaFace.
Despite the fact that the CC license is perpetual and cannot meaningfully be revoked.
So yes this can be used against you, actually at th border it is only collected for that purpose, to be able to identify you as a possible suspect.
Adding big data in the picture does make it more scary as I don't believe it is completely reliable. If you've been tagged as a possible suspect you might find a nasty surprise upon leaving the country.
Don't worry, they only keep your data for "as long as is necessary".
http://www.heathrow.com/departures/security-and-baggage/flyi...
If a person enters a country multiple times, each time using a different passport under a different name, the government wants to know about it.
Just watch the airport security checks after 9/11 when entering the US: Either you provide a biometric passport accept x-ray radiation or you will be personally annoyed… for your own safety, of course. I believe this is not because of any bad intention, however it trains people to accept such strict rules and when it works there, why not enforce it in other parts of our civil life?
For example after some madman shot at a german court house a couple of years ago, they started mandatory checks on every single court house as well.
Another case from Germany: We have started to collect car plates from trucks on the Autobahn because of a new electronic toll system (only to catch trucks that don't have the onboard unit activated, no regular use case for visual checks). Of course those car plate recognition software by design is also able to save car plates… of course everything will be deleted… really? It might be true for the moment, but in the future?
I can imagine that at some point, some level of accuracy will be deemed "accurate," after which we'll still see mistakes. That will be too bad in the eventuality that this technology is used to help justify a killing.
With cooperation, we can build 'revocable biometrics' that mix faces and fingerprints with a password or PIN. To revoke your biometric, simply forget your PIN.
The only thing you can do with these models is verify your claimed identity. They can't be used for search. So they're great for users, but not so great for evil establishments that want to search for terrorists or whatever in large biometrics databases.
I'd like to avoid solutions that facilliate an implicit assent to the collection of biometric data.
The plan you've outlined still has large organizations building massive libraries of immutable identity data. (they'll still have the fingerprints, however mixed and matched and re-ordered, and they'll still have the scanned faces)
At the end of the day, we'd still be letting them, asking them, begging them to store our finger prints and recognize our faces. Putting bald data in the hands of amoral, faceless, collective entities like corporations and governments.
What should we change in our behavior?
(I'm not talking about intentionally obscuring photos of ones self, but more about how systems like these will effect society)
Separately, simple facial recognition cameras can be fooled with printed photographs. Will 3d printing in elastomers let us fool whatever countermeasures are being developed against that?
Separately, we need to get started on building a society where we all are comfortable and safe without privacy, because privacy is dying. Trying to save it is like trying to provide subsidies for horse carriage manufacturers in the age of the car.
Regarding your third point, sadly, such a society is still so far away as to be essentially inconceivable. Most people don't trust their governments, and only the most forward-thinking segments of society are even tolerant of the range of cultural, sexual, and religious lifestyles that real humans live. We're going to have to find ways to subsidize those horse carriages for a long time to come.
Well the "comfortable" part of that makes it impossible, because of the whole chilling effect thing surround private thoughts and activities necessary for building a basic personality. The "safe" part is certainly doable though, but fans of government prosecution will be disappointed. I don't care if the Girl Scouts of America have a copy of my browser history, because they can't do anything with it - but an agent of the state certainly can. Not because there is anything presently illegal in the browser history, but the simple combination of information + uncertainty + power = bad time for the lesser-thans.
While the monopoly makes the situation worse, what you are suggesting depends on the state being subject to some form of universal justice - which isn't the case. States pull that sort of crap all the time and rarely are there any consequences for bald-faced lying to the public.
Again, while the intrinsic benefits of privacy are discussed at length by those far more able to eloquently defend it than I, I instead make a far more tractable statement: My quest privacy will be dead when I am, and if that makes me isomorphic to a Luddite, I readily accept that hypocrisy. (Being progress seeking in almost any other domain I can think of.) There is too much benefit to privacy given the current power asymmetries, social climate, and frank human nature for me to ever give it up, for myself and others.
(as a postscript, your statement re: biomentrics as UID is absolutely right, albeit a bit repeated ad nauseum within HN nowadays, I just wanted to enunciate my distaste for any sentiment suggesting we accept a loss of privacy)