If it can't be fooled by a picture found online (but not uploaded to facebook) then that must mean facebook is indexing images across the internet and analysing all the faces they find... and if it can, what's the point (edit: from a user point of view)?
Sounds pretty weird. So if I want to steal someones account I just either A) take a picture of them or B) download a picture of their face from facebook? What's the point exactly?
Seems as silly as uploading your nekid pics so facebook can prevent them from being distributed. If they really wanted to protect you they would just let you download an app that could analyze the files and upload just enough to detect similar video/pictures.
What has facebook done in the past to earn such trust? Seems just the opposite. Isn't it crazy to assume facebook will keep anything you upload secure?
> In a statement to WIRED, a Facebook spokesperson said the photo test is intended to “help us catch suspicious activity at various points of interaction on the site, including creating an account, sending Friend requests, setting up ads payments, and creating or editing ads.”
They're basically training people to provide PII/biometrics on-demand as the price of using their service.
Knowing fb, this is for their benefit, not the users i.e, they're trying to catch spammers and fake accounts, not see if you're the one accessing your own account or not.
I fear it's much more insidious than that. Facebook has a tendency to start doing some invasive stuff and then announce it to the world only 5 years later.
They probably plan to use your facial profile for a number of things, none of which have to do with authenticating you to the Facebook website. I even see them sharing the profiles with the DHS to build more accurate facial recognition at airports, and other stuff like that. But of course they wouldn't admit it now, because it would mean everyone refusing to use it from day one.
No wonder Facebook's attempt at getting people to give them their credit cards to enable ecommerce on the platform has been such an utter failure. The most popular searches on Google on this issue are whether or not you can trust Facebook with your credit card data.
That's happening for a reason - Facebook has consistently tried to build a reputation of "shady-as-fuck" company throughout the years, and it's going to pay the price for it, either through stuff like people rejecting its ecommerce platforms, which means fewer billion-dollar monetization opportunities for Facebook in the long-term, or simply stopping using it when they get tired of the company's practices.
> I fear it's much more insidious than that. Facebook has a tendency to start doing some invasive stuff and then announce it to the world only 5 years later.
> They probably plan to use your facial profile for a number of things, none of which have to do with authenticating you to the Facebook website. I even see them sharing the profiles with the DHS to build more accurate facial recognition at airports, and other stuff like that. But of course they wouldn't admit it now, because it would mean everyone refusing to use it from day one.
This validates my little project of uploading a ton of stock photos to my Facebook account and tagging myself in them.
> Facebook has consistently tried to build a reputation of "shady-as-fuck" company throughout the years, and it's going to pay the price for it
Unfortunately, I think the fact that many people don't realize platforms like Instagram and WhatsApp belong to Facebook will allow them to avoid paying the price.
Last I checked 2fa on Facebook REQUIRES a phone number to be provided so that your phone is an sms based backup method. Apparently all the talented engineers at Facebook didn't think "oh, let them download a few spares backup codes like ever other service" or that sms based backups are a stupid idea.
Well... I don't want to legitimize their "need" for my phone number (which granted they already figure out through contact books of others, they don't even hide that they've inferred it). Phones and 2fa are not dependent upon one another.
I will never do this. I don't even post photos of myself on FB, or use "Messenger" or their mobile app, so it probably wouldn't work anyway, but I have no doubt they're looking to monetize the feature and that businesses and governments are their target markets.
They still have your face from scanning your friends' photos and contacts. Combine datestamp, location, messages, and posts over years and Facebook knows who was together for a photo whether or not you've uploaded any or been tagged. Facebook knows the face of everyone who is on Facebook or who knows a few people who are.
I can pull a fingerprint off the subway stair rails but that doesn't mean I can identify who it is. We anonymously reveal ourselves everyday but the danger comes from confirming which data is ours. The goal is to make it difficult not impossible.
They don't need you to confirm it. This isn't a criminal case. They just need to be reasonably confident. Your face is in a picture with four other people. They can see that phones belonging to four people, who regularly chat with each other, were all at the same location at the time the photo was taken. They are now reasonably confident that your face is one of those four. Do that five or six times and their robots will know your face. Whether you confirm it or not doesn't really matter.
No, not really. There are not many of photos of me on the web and any that are were taken from a distance and too low res to id me.
I've been stingy about that for a long time. FB doesn't have my phone number and I disabled the email address I used to sign up. I delete all my cookies often and use different browsers and turn off and reset my modem to get a new IP address.
I have no apps on my phone, don't use iCloud, and don't use the native "Contacts" app, I made my own for that.
I know I'm still being tracked, but not as much as most and I don't think FB could ID me right now with photos they have.
Yeah this is the real rub; even if you yourself do not give Facebook information, it's been proven that they collect profiles on you. Anyone who has messaged you, has you in their contacts, sent you invites, added you to groups, all this gets added to a hidden profile. You are being tracked whether you gave out info or not.
I doubt iOS lets a custom contacts app respond to a request from another app for contacts though. It'll presumably respond empty data (since they have no contacts in the native app), but with no option to give it the actual contacts if you wanted to.
I wonder if they are using their camera permissions in Messenger to automatically grab an image when someone opens the app...is there any way to verify that?
Perhaps a workaround would be to pick a random celebrity, somebody with a lot of photos online, and upload one of those.
Facebook would have no way of knowing that it's not you, and they aren't likely to complain that you look like somebody else, since facial recognition will likely always pick up loads of duplicates when used on a global scale.
Alright, they are using it when you've been locked out of your account to verify that you are who you say you are.
You'd have to seed the account in advance by uploading some photos and identifying them as yourself, and you'd have to be able to find photos that haven't been uploaded to Facebook previously.
Accounts using celebrities as a profile picture may actually be easier to hack, since the hacker can just upload another picture of that celebrity when challenged.
I mean you need to pick your poison here. You either give facebook more data to validate your authenticity or you allow botnets to influence the social networks. It seems impossible to have it both ways, although I'm willing to hear alternatives in the general case.
Authenticity validation could be completely external from Facebook, and if they gave a shit about your privacy they would not only be OK with it but even push for it.
Many countries already have crypto-secure solutions for verifying their identity when submitting things like tax forms. Facebook just needs to start using them, but they won't, and it's obvious why.
Because most countries don't have crypto-secure identity verification, which means Facebook would still need something like this? I suppose they could contract out to Experian (or other local providers) and ask you to answer some questions from your credit report, but I'm not sure that's really a good solution either.
I thought it was clear enough that I mean't that it's obvious why [Facebook will never implement it even in countries where it already exists]. It's not in their interest to do so, because it's not in their interest to protect the privacy of their users.
Just because you could only think of a sarcastic reason why Facebook doesn't want to do it doesn't mean that other reasons for it don't exist. That's precisely what the GP is saying—FB needs to come up with systems that work for literally the whole world.
How is my reason sarcastic? I'm being completely serious. And yes, of course it needs to work world-wide but I think it's naive to think that's the primary reason FB would be doing it. They'd be doing it because they want complete control of the authentication ecosystem.
The US isn't the world. "Government Internet IDs" already exist, and there is nothing inherent in them existing that eliminates online anonymity, it just removes it on Facebook (which is exactly the point).
Imagine having to use your government ID to even connect to the internet. Having all your data logged and cataloged to your ID. At one point in time that is what the US government wanted to do. It starts by normalizing the action. Not a world I want to live in.
You're completely de-railing the discussion and trying to respond to this nonsense in any constructive way would only de-rail it further. No amount of strawmen and US-centric "the government wants to enslave us all" propaganda will make me think that the now existing, well working digital ID systems available in the world (not the US) are the work of the illuminati, should be abolished, and/or will be surgically inserted into my brain in the near future.
I made a point that there are already ways for Facebook, in certain countries, to verify the identity of their users, if they so please; and that Facebook will never use these because they'd rather control the system of verification themselves (prioritizing profit, not privacy and integrity of users). They could use the systems already in place and say "you know what, the state of Estonia is telling us this guy is who he says he is, we'll accept that". What you're doing is arguing against government-backed digital identification in any broad definition of the term, and you can have that opinion but it's off topic.
> You realize Facebook's algorithm is most likely keeping those posts well hidden from your "friends", right?
Yes, but not completely. I do get a handful of likes/comments on them and one friend commented in person about how often I post them. If they're suppressed by the algorithm, they're not getting suppressed too much.
In any case, I don't put a ton of effort into them. They're just articles I've discovered naturally with a pull quote or short summary.
> You either give facebook more data to validate your authenticity or you allow botnets to influence the social networks
My basic logic/truth table says there's another (possibly more likely scenario): that you give FB more (intimate) data AND botnets still influence your social networks.
I mean, a bot could simply designate using a given stock image for each of their imposter personas, non?
> The process is automated, including identifying suspicious activity and checking the photo. ... The Facebook spokesperson said the photo test is one of several methods, both automated and manual, used to detect suspicious activity.
So I don't get if this "captcha" process is automated or manual (...or both)? Somewhere else in the article it says that users are apparently locked out of their accounts until the pic is verified. Seems odd that there should be a lock-out period if the process is automated (as the first sentence of the above quote implies).
ALSO, for a captcha, isn't this dead easy for bots? Get a DeepDream/Generative Adversarial Network instance to generate faces for you. Bam. This is not a barrier.
> The face has to match the face of the account, so generating a new face won’t work.
It quite easily could work well if the account has, or is tagged in, any public images and those are used as input to the generation process. (Or if it's associated with a person of whom there are public images in other sources, off of Facebook.)
I'm assuming the process is sophisticated enough that you can't just post an existing public Facebook image of the user without modification, but that may be too generous.
Where was it specified that lock-outs are to prevent repeated attempts? It is a plausible reason but the premise of my question (and confusion as to whether this process is automatic or not) stems from:
> ...users are locked out of their accounts _while the photo is being verified_. A message said, “You Can’t Log In Right Now. We’ll get in touch with you _after we’ve reviewed your photo_. You’ll now be logged out of Facebook as a security precaution.”
Emphasis mine.
"after we've reviewed your photo" --> FB can autotag people as pictures are uploaded. Surely they can verify face similarity instantly?
Skynet is entertainment. A real ASI will be much more proficient at removing threats.
Both nanobots and a genetically engineered super virus, for example, would be very well suited to extinguish humanity in a timeframe that makes resistance / retaliation impossible.
Now if I as a dumb human can come up with that, just imagine what a being incredibly smarter than anything we could imagine could come up with.
This doesn’t seem too weird considering the service is called “face” book, and the point is to upload photos of your face. They have been using facial recognition for years now, this is a natural extension of that.
I am not a user, but I see the value. It’s creepy as hell, yes, but I see the value.
My account went inactive and eventually was disabled. To get back into the "nightclub" now, I must submit a copy of my photo ID to verify my identity. No thanks to the Facebook bouncer thugs guarding the entrance...
I had a similar experience, but submitted a picture of my congressman (who was standing in front of a billowing American flag) which was accepted without comment by Facebook.
A few years ago I walked away from Facebook. Three months later, I got a phone call from my mother (who's not online) because she heard through the grapevine that I was dead. My stupid Facebook "friends" took my silence for something sinister and jumped to conclusions.
I ended up returning to Facebook and purging my "friend" list down to just a dozen actual friends.
Why are they stupid? All of a sudden, with no warning or explanation you stopped posting and responding? If I had a friend like that I might be concerned and reach out to friends or family to see if everything is okay. To me that signifies that they care about you, not that they're stupid. It's not like they filed a police report or anything.
> my friend count went way down, my friend quality went way up.
This is an important distinction. FB has programmed us to believe quantity is the goal, when quality probably should be. How many FB "friends" does the average user have meaningful relationships with? I'd speculate not many more than it's possible to maintain offline/without FB's "help".
I'm not sure how true that is; virtually everyone I've encountered distinguished unqualified “friends” from “Facebook friends”, the two groups being distinct, usually overlapping, categories. There are certainly people who treasure their number of social media followers, just as there have always been people who treasure the offline equivalent, and social media like Facebook makes it easier to quantity and compare than the offline world. But I don't think it's really that common for people to conflate social media network sizes with genuine friendship.
It's just a tempting, low-hanging way for HNers to feel superior to others.
"I bet all these idiots cannot tell the difference between real friends and the Facebook friend counter like I can. ;) BTW I've deleted my Facebook because I had a crippling addiction to it."
> my friend count went way down, my friend quality went way up.
I too quit around then, and I think I feel that most on my birthday. I only hear from probably a tenth the people but now when they remember on their own and text/call it means a lot more.
I may be exceptionally bad at attracting and maintaining friendships. But my experience is that my time between friends is not fungible, and the strength of my friendships are not constant.
For example, my best friends are on the opposite coast. It's not financially realistic for us to hang out in person frequently. The 5 hours a week I could spend sending them letters or calling are not the same as 5 hours I could be spending turning acquaintances who live next door into good friends. Maybe even best friends. It's not theoretically a zero-sum game, of course, but we all know that's not how life actually works and that for one friend to have more of your time/attention means that another loses some time and attention.
What FB has helped me do is to remain easily connected to good friends and acquaintances everywhere. When moving to a new town, finding acquaintances who live there who have common interests with FB is much easier than calling those acquaintances out of the blue and hoping they'll hang out. Most of these acquaintances remain acquaintances, but some become friends -- and the cost of making those friends was substantially lowered.
For remote best friends, FB gives us a way to passively share our lives beyond calling and writing letters. Even if I had unlimited time to spend creating and sending scrapbooks and doing FaceTime, my other friends may not. It's not as good as being together, but I love the option to browse a friend's albums of past recent events on my own time, and then being able to at least experience those memories in a small way.
So I guess I see Facebook has being a very interactive rolodeck. It's not where I conduct my friendships (although I do, to some degree), it just makes maintaining friendships much more efficient. To the point that I keep connections that I would've otherwise dropped, because Facebook has reduced the long-term "maintenance cost". But since it's ultimately a rolodeck to me, I find it easy to ignore and not care what anyone is doing if I don't feel like it, and I have lowered expectations of what I should be getting from FB
Apart from possible biometrics collection, it is Facebook that now decides how do you behave and what to grant you for your behavior. Like Santa for adults.
Maybe it’s time to open your eyes and see that there is no Santa since 1984?
FB is most likely trying to ward off spammers with this idea. Generating unique faces per spam-bot is easy now, for sophisticated spammers, then for every spammer in a few months. The poster is trying to say that this FB effort won't work well and is already only adversely affecting the most stupid and trusting.
Good point, I was only considering the case where FB uses this technique to verify an existing user's identity using facial recognition (which seems like a "logical" use case).
I missed the part where they said they might use it for account creation as well (which makes less sense and seems like a pretty baroque, intrusive and ineffective captcha).
Facial verification, together with cell phone number, which requires an ID to purchase, has been the standard practice for internet companies in China for a while now, e.g. for WeChat, Alipay, etc.
"The new authentication scheme is the second in recent weeks that relies on photos. Earlier this month, Facebook asked users to upload nude photos to Facebook Messenger, as part of an effort to prevent revenge porn. Facebook said it would use the nude photos to create a digital fingerprint against which to compare future posts."
Wait what? I had to check whether today was April 1st.
It really does seem like something an elite private club would do to get a laugh out of fooling the proles while smoking a cigar and browsing the pictures.
It's more like oblivious high-paid product managers and devs who can't fathom why people wouldn't trust Facebook or that Facebook might not be a purely beneficial organization.
Sexting is quite common about young adults and so is the subsequent sharing of those photos. Being able to stop that from happening is incredibly valuable.
I am just surprised Facebook didn't instead look at a way of running these image hashing algorithms on the device instead.
I think they look for modifications of the photo as well so a cropping/tilt/text overlay/etc would still be flagged. Their model might require per-processing beyond what they can or want to deploy on-device.
Not sure how I feel about it still, but this article doesn't really accurately portray the service. From the source linked by the Wired article [1], this is specifically intended to prevent a nude photo from being shared maliciously when a user has reason to believe that it will be. They then voluntarily upload the image to Facebook which uses the digital fingerprint to prevent it from being reposted either in its original form or with slight modifications. It's always completely voluntary, Facebook is certainly not requiring or even really encouraging average users to upload their nudes.
> yes, you're going to have to trust them with a copy of it.
No. They could have you compute a fingerprint locally without uploading the image itself, preferably through some audited open source software, without auto-updates. They only don't do that because they want to guard their image hashing as corporate secrets.
they can verify that after they have found a match.
if there is no match you gave them no data of interest.
if there is a match then they already have that image anyway and you didn't make your privacy situation worse, except maybe telling them that you claim that is you, now allowing them to associate more images was you, but that's probably an acceptable tradeoff if there is actual revenge porn of you out there.
It's not a simple hash. From Alex Stamos: “There are algorithms that can be used to create a fingerprint of a photo/video that is resilient to simple transforms like resizing.” That doesn't make it clear that they are making use of the powerful classifiers that Facebook has, but it's clearly not md5, either.
They could also combine locally computed perceptual hashes of the unwanted images with face recognition of already uploaded regular images on the profile. That combination makes it even less necessary to send nudes to facebook.
My guess would be that they trained an autoencoder network for facial recognition and they use the encoder part for fingerprinting and check images by the decoder part.
If they already have the image, then you don't need this system.
If they don't have it, but are doing verify-after, then the image won't actually be blocked right away. The proposed system would be of pretty marginal value. Some value, yes, but low enough that facebook decided it wasn't worth building that system.
That's what is missing from the internet, generally speaking. Services like public notaries. That's kindof what CAs provide. But there are a lot of similar services that could exist for things like this.
Or presumably an attacker could just slightly modify the image, and trick whatever CNN Facebook is trying to use into thinking it's not the same photo.
This is aimed at non-technical users. If we're lucky, maybe like 1% of users will be able to figure out how to do that. Not to mention all of the other issues with it mentioned below.
A hash would only match an identical file, right? It sounds like image recognition is used here to catch derivatives of the original file, which a hash wouldn't catch.
I think it would be easy to create multiple hashes (reverse, flipped, etc...) and upload them all and look for matches. Provide the users with image recognition signature creating software (which is exactly what they are going to do) and let the users do it, vs uploading extremely personal and potentially embarrassing images to strangers on the internet.
^High School (and below) sure would be interesting /s
I imagine for most people in most situations regarding their* unwanted explicit media being published, the opposite is true i.e. Facebook(social media) is the worst place for it to be
then don't send them, but don't complain about facebook allowing your nudes to be posted. I don't think Facebook is going to open source their image recognition algorithm just because you want it to.
You do have a choice, use the service or not. If I ever found out a nude picture of me was leaked, I'd definitely trust FB more than whoever took it and leaked it in the first place. The whole point of the service is pretty much: your picture is already or about to be out there.
There are specific (non-cryptographic) hashes which are built to compare equal for equal data, and to be similar for similar data (for different metrics of similarity). It's a somewhat esoteric subject, but it's a thing.
The "hash" would have to be non-reversible. When we compare images based on content, afaik we transfer them into a vector space and measure distance. Do we really have tech to make and compare such a content representation in a non-reversible way? That sounds like a lot to ask for tech that seems still in active development.
All hashes are non-reversible. Being one way is one of the characteristics of a hash. Depending on how effective it is, there may be collisions possible. This is kind of happened with previously common hashes like md5 where people were able to break it by generating collisions.
But basically saying “as long as it is unreversable” is redundant unless you think there’s some reason to think the hash sucks.
If your hash is smaller than the (compressed) image itself, then you have information-theoretical loss; there is no possible way to reverse the operation. And these hashes are usually much smaller than the original.
There was a thread about this on HN -- too lazy to look it up now or repeat some of the longer comments about it. But going into this assuming that FB has no ill-intentions, FB's proposal seems by far the best solution in a world of ugly and terrible solutions.
For starters, it's intended for victims of revenge porn, which is a fairly extreme category and one in which the harassment is distinctively aggressive and virulent. Because if it weren't, the way FB deals with abusive content generally would seem to be good enough. If you come into this thinking that FB is asking everyone to upload their nudes for "safekeeping", then you've missed the point.
Secondly, it's hard to think of an implementation that wouldn't create a potential disaster that justifies doing anything special for revenge porn victims. Using the Facebook app is the most secure channel for sending FB the photos because it is a secure app that all FB users know how to use. Having the user hash on their own requires either an external app or website.
I don't think it needs to be said how such ancillary applications can be spoofed. Even if only 0.5% of users are dumb enough to fall for these spoofs, each incident would be a complete fucking disaster, for the victims and for Facebook.
As for the prospect of FB owning people's nudes. Again, in the case of revenge porn victims, the horse is already far from the barn. If we assign the worst of motives to FB, that it's a way to secretly collect nudes from users. Again, horse, barn. This secret process would be less efficient by magnitudes compared to what FB can already do today.
FB has a no porn policy so wtf do you have verify you are you to get a revenge porn picture removed?
"We remove photographs of people displaying genitals or focusing in on fully exposed buttocks. We also restrict some images of female breasts if they include the nipple, but our intent is to allow images that are shared for medical or health purposes. We also allow photos of women actively engaged in breastfeeding or showing breasts with post-mastectomy scarring. We also allow photographs of paintings, sculptures, and other art that depicts nude figures. Restrictions on the display of sexual activity also apply to digitally created content unless the content is posted for educational, humorous, or satirical purposes. Explicit images of sexual intercourse are prohibited. Descriptions of sexual acts that go into vivid detail may also be removed."
https://www.facebook.com/communitystandards#nudity
It might prevent them from being sent in the first place. If it matches a fingerprint photo, the message stops. It's especially important in revenge porn scenarios where you don't want it seen by anyone, and even the short amount of time between report and take down can have a lot of views.
This is for FB messenger, not FB posts. Messenger has no such rules for no pornography. Plus, this allows them to be proactive, rather than waiting for people to report posts.
I've never been a revenge porn victim but I think you might oversimplify the problem. For instance, if a former lover of mine has nude photos of me and distributes them to other people in private channels, I'm not able to even see them to report them. And that's just a one-time stoppage of the harassment.
FB removes pornographic content, but it doesn't always do so proactively.
If a user shares pornographic content, it may be visible on the site for a short period of time before the content is removed by Facebook.
The goal of the initiative Facebook was attempting to implement was to prevent any revenge-porn photos from being shared on the website at all. Even for a brief period of time.
From a user's standpoint, one hour of pornographic content available is disturbing but not catastrophic. However, one hour of images of pornographic content of themselves being shown to their friends and family is catastrophic.
I realize this is a late reply, but I just saw this today.
I think the idea isn't that this is a "just in case" service. More like, if someone sends you a message that they've got compromising photos of you and will release them unless you pay $XX,XXX then you would use the service.
In the analogy, it'd be more like having the police live at your house after having a credible threat made against your life. Which is a thing that happens
Open source a desktop and mobile tool that generates the image hash w/o the image leaving the device and have the code publicly reviewed seems like one potential approach.
- It sets a precedent for uploading nude photos to FB and for them asking for it.
- You need to trust FB to delete the photos when they receive it. Yes, I understand that they probably will, but really, how many systems are those bits going to touch? How many logs are going to have this information? Can you be really sure?
A better implementation would be for the FB client to hash the file and for the hash to be uploaded. Trust issues are still there but at least mitigated to devices that you have some control over.
Evil users that hash legitimate photos can be overcome with the same review system that is being tested today.
> - It sets a precedent for uploading nude photos to FB and for them asking for it.
Before we reduce this to a slippery slope, what scenario do you envision in which FB could coax its userbase to upload nude photos? I know the OP is about taking a selfie to prove existence. What would FB use as the basis to mandate the general user to send a self-nude?
> You need to trust FB to delete the photos when they receive it...can you really be sure?
No, never, of course. But that's why I point out that FB already has this potential vector of attack. Every time a user flags content for abuse, that is logged and presumably a copy of the asset made for manual verification. Nevermind all the sensitive content millions of users everyday send across Messenger or private groups.
> A better implementation would be for the FB client to hash the file and for the hash to be uploaded.
If the image is hashed before it reaches FB servers, then it gives every user the power and impunity to attempt to censor via a Content-ID like approach.
That's exactly the topic we're discussing now. Sorry, with "userbase" I meant "general userbase". This initiative they're proposing -- in coordination with a safety group in Australia -- is aimed at revenge porn victims. The general userbase of Facebook aren't in that group.
> If the image is hashed before it reaches FB servers, then it gives every user the power and impunity to attempt to censor via a Content-ID like approach.
Another commenter makes a good point that you could still have a human verify the first time a provided hash matches an image.
In the current setup, there is a human that verifies the image to be hashed is a nude photo instead of the McDonald's profile picture. In the proposed setup, you wait until a hash matches the photo and then have a human verify if it's pornographic content.
The main obstacle that I can think of is: where does that hashing get done? Is it a feature that can efficiently be part of the phone app? Keeping in mind that this is a feature that would only be used by a very, very small part of the general userbase.
Let's assume that it is possible, the other issue that might come up is that the system is still suspect to a sort of denial of service attack, in which a group (for whatever reason) floods FB with purported sensitive images, and FB is flooded with constant takedown requests to review.
The attack against the uploaded hash approach fails with default-deny, which seems like a good thing for users.
The current implementation can be attacked by uploading thousands of legitimate images delaying takedown requests - therefore any images that should be taken down will stay up longer.
I'll agree that whatever approach FB is doing to hash the photos may not work on a phone for technical reasons, but given FB's resources I'm not sure how far that argument really goes. But consider this - if you truly, deeply cared about user safety and privacy, would you implement this feature the same way?
> The current implementation can be attacked by uploading thousands of legitimate images delaying takedown requests
How would that work, exactly? A user uploads hundreds of fraudulent images to FB's revenge-porn-abuse queue. At some point, the human who verifies whether the image is legit is going to realize that the user account is fraudulent and then disable the account.
If images are hashed, FB has no way to know if a user who is uploading hundreds of hashes is a malicious user or is actually an incredibly unfortunate revenge-porn victim. And the price for being wrong is extremely high. Maybe it's possible for FB's auto-detection system to be robust if the hashes it has to scan for is now several orders of magnitude than ever expected, making this all a moot point. But I can't imagine that the system scales with no penalty.
> But consider this - if you truly, deeply cared about user safety and privacy, would you implement this feature the same way?
The wording of your question implies a false dilemma, and I think reveals how different the premises you and I have about it. What exactly about Facebook's implementation of this feature makes it any less safe for users and their privacy than not having the feature at all? When a user sees and reports an abusive image of themselves -- that photo and that user, and that user's connection to the photo are already in Facebook's system".
Every fear there is about this data being exposed to malicious human workers, or that FB is trying to harvest sensitive images for nefarious means -- that risk has always existed. How do you think abuse-takedown requests are currently handled?
So if my argument is accurate, that an evil-pervy Facebook wants to do a mass collection of sensitive/comprising images of its user, all the infrastructure and dataflow is already in place, then this revenge-porn initiative does nothing to make that process more efficient. Even worse for pervy-Facebook, the initiative's very existence, nevermind announcing it, reminds the entire world again that holy-shit-think-of-all-the data-Facebook-has-on-us-including-our-sexy-times -- which is generally the kind of PR you want to avoid when you're conspiring to mass-harvest illicit imagery and data.
And let's be real here: Facebook doesn't have to do anything special for revenge porn victims, in the way that the Postal Service isn't obligated to open everyone's mail to make absolutely sure there's no child porn being sent -- the act of prevention ends up causing far more harm to all users than it benefits the comparatively small number of potential victims.
The status quo seems to be to do nothing until reports come in, which is OK for most situations but inadequate for the kind of attack vector that revenge-porn victims suffer. Facebook could have accepted that, as everyone else does, but invested time/resources into coming up with a technical solution that only benefits a very small but high-suffering part of its userbase while not increasing invasiveness (FB already autoscans the content of user messages, including with the use of PhotoDNA [0]).
Call me Pollyannish, but I don't see this instance as yet another time of Facebook being heartless and devious.
They could jump straight to using ml and ai and the future where only you are in charge of who sees your FacebookEroticExpressions™ on any platform, all across the cloud!
But in the mean time they should probably tell her/him/them if they use the method that already exist to upload them we can use the method that already exist to have them gone in time for recess/study hall/wedding day/when Congress resumes/his state of the Union Address this evening/etc.
Also, if you just give us the other ones that undoubtedly exist we can nip this whole thing in the bud right now.
> Before we reduce this to a slippery slope, what scenario do you envision in which FB could coax its userbase to upload nude photos? I know the OP is about taking a selfie to prove existence. What would FB use as the basis to mandate the general user to send a self-nude?
Phishing attacks against users that this feature is supposed to protect are more likely to succeed.
Can you elaborate? People are worried (rightfully so) that this feature requires uploading via the Facebook Messenger App. But this means they don't have to visit a URL or download another application.
They don't necessarily know that. Imagine you've used this FB feature in the past. You get a mail from @facebookrnail.com that tells you you can just email them the photos without even opening the app now! Well isn't that convenient.
Now, it's fair to say that even in a technically safer implementation where the photos never leave the device, many users can't tell the difference, so this point doesn't hold a lot of water.
Still, I think making the uploading of scandalous photos to FB is a dangerous precedent to set in general. Will other services and startups that have users suffer from the same problem implement this feature in the same way, and guarantee user safety and privacy? That's a pretty high bar.
> - It sets a precedent for uploading nude photos to FB and for them asking for it.
umm, no. If I understand correctly, the user believes that their nude may end up on FB. The user takes initiative to upload their copy of the nude to FB to prove ownership or damages.
People doing this frustrates me greatly. You had to type 30 key strokes. ⌘+t "ycombinator fb revenge porn" ↵ and paste the results back. How many people are going to read your comment? Maybe 10% of them want to read those links. You spared yourself a trivial amount effort by offloading it to tens or hundreds of others.
I wish people would provide links and source what they say more often. Maybe more discussion sites should let others suggest edits, like on stackoverflow. We could save some of that wasted effort.
If would be kinda cool if HN were to start working on an algo to find those links automatically (a "possibly related" section at the top, for instance).
I sometimes misunderestimate how long it'll take me to write out my thoughts or how much time I'll have before I need to get back to work. By the time I finished my comment I realize I wrote enough for the comment to be a fleshed-out enough argument; anyone wanting to see those past threads could look them up if necessary. I guess I could have saved you some angst by jumping up to the top of my comment and removing the sentence about me being lazy.
> ... it's hard to think of an implementation that wouldn't create a potential disaster that justifies doing anything special for revenge porn victims.
> ...Having the user hash on their own requires either an external app or website.
What? Why can't the hashing take place in the FB Messenger app on your phone? Why does the picture need to be uploaded to FB's servers? That just goes to what Troy Hunt was saying earlier today in his testimony to Congress about how corporations are collecting data that they shouldn't even want to have. They should collect only the hash from your phone, not the picture. The hashing should be done locally to your device.
While this totally blows my mind, I can see how those a decade younger might not bat an eye, they might have sent digital nudes in the past, or even have one on the phone. A decade younger than that (late teens), and they might be so impatient about having to upload a digital nude, they just wonder why you can't just use one of the ones they sent last week. The difference in how the generations view technology and digital exposure in vast. "Sexting" came into the public consciousness as a common term almost a decade ago, but that's just when it was publicly popularized.
I mean, I consciously think about every time I actually give a close approximation on my age in a public forum (like I did above), and make a call on whether it's needed or not. I feel like a dinosaur because of it sometimes, but I also feel like there's only so much privacy you're allotted, and once it's lost, there's really no getting it back. :/
misrepresents the idea of the service. It's supposed to tackle the 'revenge porn' issue. If someone sees their own nudes show up on facebook, they can send a picture to facebook, which I assume get's fed into an image detection service that then tries to remove the already circulating nudes automatically.
The only safe way is to not take nude pictures in the first place.
What does this FB thing protect against? In practice? Upload the images as a zip file, message "hi, here's X in the nude, remove all fruit from htappletp://linkbananashortener.copearm/84395708345643785 and use "theytrustmedumbzuckerbergfucks" minus the FB founder as password". Yeah, it's a hurdle, but those who want to see the images will take it in a heartbeat, and abusers can still do things like message all mutual "friends", right there on FB. So you gained nothing, and pre-emptively gave FB your nude photos.
Besides, Barrin92 said "If someone sees their own nudes show up on facebook" -- well, nude images aren't allowed on FB anyway, are they? So if you or anyone else can see them, if they're not posted in a private group or private messages, you can just report them, no need to even give away that it's you in them. Then what would stop FB from generating perceptual hashes of these images and removing them site-wide and in the future?
There's so many holes in this that I can't really get mad on behalf of the people who fall for it.
This is the right answer. If FB is going to automatically remove revenge porn, and all porn is forbidden, then they should just automatically remove all porn. They don't need specific porn to remove all porn.
This reads more like a gullibility challenge than a true rationale.
Can someone explain if / how this prevents someone from just changing a single pixel and thus circumventing the hash? Are they using some kind of probabilistic hashing? Or are they just relying on the offenders to not be so clever?
To be fair the type of people who are sharing naked photos via Facebook aren't likely to be all that technologically sophisticated to enough understand hashing.
Pedophiles would be using something encrypted and anonymous anyway.
So you hope. But you have to upload your picture first. If they were serious about this they would allow you to compute the hash locally and then only to upload the hash.
Note that they explicitly state that a human will look at the image and then hash it. So they are storing it at least for a while. And you will not be able to verify whether they really delete it or not.
> presumably an attacker will just use the local process to observe and develop a method to defeat it.
If they can do that then the whole method fails anyway.
Besides, I think the set of your average revenge porn idiots intersected with those that are capable of defeating the hashing scheme in order to do their dirty deed is going to be exceedingly small.
> If they can do that then the whole method fails anyway.
i'm not that sure. the memory of any application can be observed, which means the process of fingerprinting - whatever it is - can be observed. executing the process enough times with a range of inputs will provide a load of analyzable data, via recording the transformation of bytes.
this is (loosely) why basically all software can be "cracked" and drm methods defeated.
> intersected with those that are capable of defeating the hashing scheme
they don't really have to, much. think of the attackers as software crackers/warez groups, and the perps as visitors to pirate bay. you don't need to know how to break drm to download cracked software, or use nefarious push-button software. there might even be (possibly illicit) business opportunities here.
Fair enough, but when weighed against the risk of a FB employee going rogue and making copies of those files or FB 'accidentally' forgetting to wipe your images I'd take my chances on this uber elite perv and would not upload my stuff to FB.
This all of course besides the best defense against all of this: do not create such images in the first place and do not allow others to create them.
Can't they just train their system to do whatever it is they propose that it do in response to alleged revenge porn, but with any nude image/nude images generally? Will their system prevent the propagation of revenge porn videos?
They say they will permanently delete it off of their servers, but the numerous cases where they lied about deleting account information doesn't exactly engender a feeling of trust.
A friend does HW for Seagate servers and has talked a bit about the 'math' of servers. The reality is the FB may or may not delete the pics, no matter what they think they really did. With the amount of servers they utilize, one is failing about every second, permanently erasing all the data on it. Yes, back-up servers, and copies of the data. Still, a lot of data is getting trashed every second. So, they may be trying to weasel these pics, but do not trust that they are smart enough to get around the hard facts of server decay. If they are being honest, then there is still no way to determine if some back-up somewhere actually is storing the data, despite their best efforts. The code stack for something like FB is so huge, there really is no way of knowing where a piece of data is or isn't. Kafka would be beaming at it's absurdity.
In addition, they also have a lot of 'fresh' servers out there, spinning about for months, not being written to, as some algorithm works it's way around using the fresh servers. These also fail, having never been used. Seagate does not mind when companies like FB do this nonsense.
Oh boy, what's bound to be another thread full of "delete your Facebook", the new and improved "I don't own a television" statement. Good for you, some of us actually appreciate the utility value from having a place to plan events and ensure people actually see that sort of thing. That said, this is a completely nonsense "solution" when there's plenty of other ways to perform verification that don't do double duty of implementing facial recognition tech to ensure we get to the dystopian tech hellscape sooner than later.
Wow, didn't take long for the downvote brigade to show up for having a contrary opinion to the herd on this one.
>Oh boy, what's bound to be another thread full of "delete your Facebook", the new and improved "I don't own a television" statement.
Maybe you're being downvoted because this statement is just as cliché, if not moreso (given the amount of FB users vs non FB users) than the "delete your FB" cliché
I have long thought if I'm missing anything by not perusing Facebook event pages or anything. Fortunately within my interests (hifi audio, local jazz, photography and computer special interest group meetings) they all still operate within self-hosted forums or blogs and not in facebook.
406 comments
[ 6.6 ms ] story [ 312 ms ] threadI assume this only happens if you’ve uploaded pictures of yourself in the past, so they can compare them.
Seems as silly as uploading your nekid pics so facebook can prevent them from being distributed. If they really wanted to protect you they would just let you download an app that could analyze the files and upload just enough to detect similar video/pictures.
What has facebook done in the past to earn such trust? Seems just the opposite. Isn't it crazy to assume facebook will keep anything you upload secure?
> In a statement to WIRED, a Facebook spokesperson said the photo test is intended to “help us catch suspicious activity at various points of interaction on the site, including creating an account, sending Friend requests, setting up ads payments, and creating or editing ads.”
They're basically training people to provide PII/biometrics on-demand as the price of using their service.
why not a normal 2fa? it seems like there is a hidden agenda behind collecting and analyzing users facial characteristics.
They probably plan to use your facial profile for a number of things, none of which have to do with authenticating you to the Facebook website. I even see them sharing the profiles with the DHS to build more accurate facial recognition at airports, and other stuff like that. But of course they wouldn't admit it now, because it would mean everyone refusing to use it from day one.
No wonder Facebook's attempt at getting people to give them their credit cards to enable ecommerce on the platform has been such an utter failure. The most popular searches on Google on this issue are whether or not you can trust Facebook with your credit card data.
That's happening for a reason - Facebook has consistently tried to build a reputation of "shady-as-fuck" company throughout the years, and it's going to pay the price for it, either through stuff like people rejecting its ecommerce platforms, which means fewer billion-dollar monetization opportunities for Facebook in the long-term, or simply stopping using it when they get tired of the company's practices.
> They probably plan to use your facial profile for a number of things, none of which have to do with authenticating you to the Facebook website. I even see them sharing the profiles with the DHS to build more accurate facial recognition at airports, and other stuff like that. But of course they wouldn't admit it now, because it would mean everyone refusing to use it from day one.
This validates my little project of uploading a ton of stock photos to my Facebook account and tagging myself in them.
Unfortunately, I think the fact that many people don't realize platforms like Instagram and WhatsApp belong to Facebook will allow them to avoid paying the price.
https://www.facebook.com/help/148104135383285?helpref=search...
I've been stingy about that for a long time. FB doesn't have my phone number and I disabled the email address I used to sign up. I delete all my cookies often and use different browsers and turn off and reset my modem to get a new IP address.
I have no apps on my phone, don't use iCloud, and don't use the native "Contacts" app, I made my own for that.
I know I'm still being tracked, but not as much as most and I don't think FB could ID me right now with photos they have.
If anyone who has you in their contact list uses Facebook, I can pretty much guarantee they have your number.
That's a good idea. You could then grant other apps permission to see your contacts, but have the app optionally return fake or empty data.
Facebook would have no way of knowing that it's not you, and they aren't likely to complain that you look like somebody else, since facial recognition will likely always pick up loads of duplicates when used on a global scale.
You'd have to seed the account in advance by uploading some photos and identifying them as yourself, and you'd have to be able to find photos that haven't been uploaded to Facebook previously.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb fucks.
https://news.ycombinator.com/item?id=1349934
Many countries already have crypto-secure solutions for verifying their identity when submitting things like tax forms. Facebook just needs to start using them, but they won't, and it's obvious why.
Because most countries don't have crypto-secure identity verification, which means Facebook would still need something like this? I suppose they could contract out to Experian (or other local providers) and ask you to answer some questions from your credit report, but I'm not sure that's really a good solution either.
I made a point that there are already ways for Facebook, in certain countries, to verify the identity of their users, if they so please; and that Facebook will never use these because they'd rather control the system of verification themselves (prioritizing profit, not privacy and integrity of users). They could use the systems already in place and say "you know what, the state of Estonia is telling us this guy is who he says he is, we'll accept that". What you're doing is arguing against government-backed digital identification in any broad definition of the term, and you can have that opinion but it's off topic.
I won't create a new one, but I might as well use the one I have to do some good.
You realize Facebook's algorithm is most likely keeping those posts well hidden from your "friends", right?
Yes, but not completely. I do get a handful of likes/comments on them and one friend commented in person about how often I post them. If they're suppressed by the algorithm, they're not getting suppressed too much.
In any case, I don't put a ton of effort into them. They're just articles I've discovered naturally with a pull quote or short summary.
My basic logic/truth table says there's another (possibly more likely scenario): that you give FB more (intimate) data AND botnets still influence your social networks.
I mean, a bot could simply designate using a given stock image for each of their imposter personas, non?
So I don't get if this "captcha" process is automated or manual (...or both)? Somewhere else in the article it says that users are apparently locked out of their accounts until the pic is verified. Seems odd that there should be a lock-out period if the process is automated (as the first sentence of the above quote implies).
ALSO, for a captcha, isn't this dead easy for bots? Get a DeepDream/Generative Adversarial Network instance to generate faces for you. Bam. This is not a barrier.
1.) The face verification is automatic. It is among other processes that are automatic and some other processes that are manual.
2.) Lock out periods are to prevent repeated attempts.
3.) The face has to match the face of the account, so generating a new face won’t work.
It quite easily could work well if the account has, or is tagged in, any public images and those are used as input to the generation process. (Or if it's associated with a person of whom there are public images in other sources, off of Facebook.)
I'm assuming the process is sophisticated enough that you can't just post an existing public Facebook image of the user without modification, but that may be too generous.
> ...users are locked out of their accounts _while the photo is being verified_. A message said, “You Can’t Log In Right Now. We’ll get in touch with you _after we’ve reviewed your photo_. You’ll now be logged out of Facebook as a security precaution.”
Emphasis mine.
"after we've reviewed your photo" --> FB can autotag people as pictures are uploaded. Surely they can verify face similarity instantly?
Both nanobots and a genetically engineered super virus, for example, would be very well suited to extinguish humanity in a timeframe that makes resistance / retaliation impossible.
Now if I as a dumb human can come up with that, just imagine what a being incredibly smarter than anything we could imagine could come up with.
I am not a user, but I see the value. It’s creepy as hell, yes, but I see the value.
My experience deleting it 5 years ago is summarized as: my friend count went way down, my friend quality went way up.
Your results may vary, but the purpose of my comment is not to immediately be worried that Facebook is a mandatory lifeline for your social life.
It's not like facebook is a nightclub that will refuse re-entry once you leave or anything.
I ended up returning to Facebook and purging my "friend" list down to just a dozen actual friends.
I always wondered what my Facebook acquaintances thought when I left.
I figured they didn’t care Id left to give it much thought or that I was being a prick and had deleted them.
I'd add that the lessened noise contributes to a sense of clarity which in turn contributes to an ability to think critically on the spot.
This is an important distinction. FB has programmed us to believe quantity is the goal, when quality probably should be. How many FB "friends" does the average user have meaningful relationships with? I'd speculate not many more than it's possible to maintain offline/without FB's "help".
"I bet all these idiots cannot tell the difference between real friends and the Facebook friend counter like I can. ;) BTW I've deleted my Facebook because I had a crippling addiction to it."
I too quit around then, and I think I feel that most on my birthday. I only hear from probably a tenth the people but now when they remember on their own and text/call it means a lot more.
For example, my best friends are on the opposite coast. It's not financially realistic for us to hang out in person frequently. The 5 hours a week I could spend sending them letters or calling are not the same as 5 hours I could be spending turning acquaintances who live next door into good friends. Maybe even best friends. It's not theoretically a zero-sum game, of course, but we all know that's not how life actually works and that for one friend to have more of your time/attention means that another loses some time and attention.
What FB has helped me do is to remain easily connected to good friends and acquaintances everywhere. When moving to a new town, finding acquaintances who live there who have common interests with FB is much easier than calling those acquaintances out of the blue and hoping they'll hang out. Most of these acquaintances remain acquaintances, but some become friends -- and the cost of making those friends was substantially lowered.
For remote best friends, FB gives us a way to passively share our lives beyond calling and writing letters. Even if I had unlimited time to spend creating and sending scrapbooks and doing FaceTime, my other friends may not. It's not as good as being together, but I love the option to browse a friend's albums of past recent events on my own time, and then being able to at least experience those memories in a small way.
So I guess I see Facebook has being a very interactive rolodeck. It's not where I conduct my friendships (although I do, to some degree), it just makes maintaining friendships much more efficient. To the point that I keep connections that I would've otherwise dropped, because Facebook has reduced the long-term "maintenance cost". But since it's ultimately a rolodeck to me, I find it easy to ignore and not care what anyone is doing if I don't feel like it, and I have lowered expectations of what I should be getting from FB
I'll give up Facebook before I give up that level of privacy.
Maybe it’s time to open your eyes and see that there is no Santa since 1984?
Tadaa. Another pointless privacy invasion that only affects the fair and honest.
I missed the part where they said they might use it for account creation as well (which makes less sense and seems like a pretty baroque, intrusive and ineffective captcha).
"The new authentication scheme is the second in recent weeks that relies on photos. Earlier this month, Facebook asked users to upload nude photos to Facebook Messenger, as part of an effort to prevent revenge porn. Facebook said it would use the nude photos to create a digital fingerprint against which to compare future posts."
Wait what? I had to check whether today was April 1st.
Teenagers who have naked photos in the possession of their peers need a solution for preventing dissemination.
And so if you're in this situation trusting Facebook is by far the lesser of two evils.
I am just surprised Facebook didn't instead look at a way of running these image hashing algorithms on the device instead.
[1] - https://www.theverge.com/2017/11/9/16630900/facebook-revenge...
If you want Facebook's computers to automatically take down any copies of the photo, yes, you're going to have to trust them with a copy of it.
Automated DMCA takedowns of copyrighted music and movies work in very much the same way.
No. They could have you compute a fingerprint locally without uploading the image itself, preferably through some audited open source software, without auto-updates. They only don't do that because they want to guard their image hashing as corporate secrets.
if there is no match you gave them no data of interest. if there is a match then they already have that image anyway and you didn't make your privacy situation worse, except maybe telling them that you claim that is you, now allowing them to associate more images was you, but that's probably an acceptable tradeoff if there is actual revenge porn of you out there.
Regardless, I think your point stands.
https://en.wikipedia.org/wiki/Autoencoder
If they don't have it, but are doing verify-after, then the image won't actually be blocked right away. The proposed system would be of pretty marginal value. Some value, yes, but low enough that facebook decided it wasn't worth building that system.
You can't avoid having a tradeoff somewhere.
one downside: i think this could allow a bad actor to directly observe the fingerprinting and assist in developing a method to defeat it.
That's what is missing from the internet, generally speaking. Services like public notaries. That's kindof what CAs provide. But there are a lot of similar services that could exist for things like this.
Though really would be better to fingerprint all removed photos and automatically prevent any matching photos from being uploaded.
You should just post the nudes yourself IMHO and be done with it.
I imagine for most people in most situations regarding their* unwanted explicit media being published, the opposite is true i.e. Facebook(social media) is the worst place for it to be
You do have a choice, use the service or not. If I ever found out a nude picture of me was leaked, I'd definitely trust FB more than whoever took it and leaked it in the first place. The whole point of the service is pretty much: your picture is already or about to be out there.
But basically saying “as long as it is unreversable” is redundant unless you think there’s some reason to think the hash sucks.
For starters, it's intended for victims of revenge porn, which is a fairly extreme category and one in which the harassment is distinctively aggressive and virulent. Because if it weren't, the way FB deals with abusive content generally would seem to be good enough. If you come into this thinking that FB is asking everyone to upload their nudes for "safekeeping", then you've missed the point.
Secondly, it's hard to think of an implementation that wouldn't create a potential disaster that justifies doing anything special for revenge porn victims. Using the Facebook app is the most secure channel for sending FB the photos because it is a secure app that all FB users know how to use. Having the user hash on their own requires either an external app or website.
I don't think it needs to be said how such ancillary applications can be spoofed. Even if only 0.5% of users are dumb enough to fall for these spoofs, each incident would be a complete fucking disaster, for the victims and for Facebook.
As for the prospect of FB owning people's nudes. Again, in the case of revenge porn victims, the horse is already far from the barn. If we assign the worst of motives to FB, that it's a way to secretly collect nudes from users. Again, horse, barn. This secret process would be less efficient by magnitudes compared to what FB can already do today.
"We remove photographs of people displaying genitals or focusing in on fully exposed buttocks. We also restrict some images of female breasts if they include the nipple, but our intent is to allow images that are shared for medical or health purposes. We also allow photos of women actively engaged in breastfeeding or showing breasts with post-mastectomy scarring. We also allow photographs of paintings, sculptures, and other art that depicts nude figures. Restrictions on the display of sexual activity also apply to digitally created content unless the content is posted for educational, humorous, or satirical purposes. Explicit images of sexual intercourse are prohibited. Descriptions of sexual acts that go into vivid detail may also be removed." https://www.facebook.com/communitystandards#nudity
If a user shares pornographic content, it may be visible on the site for a short period of time before the content is removed by Facebook.
The goal of the initiative Facebook was attempting to implement was to prevent any revenge-porn photos from being shared on the website at all. Even for a brief period of time.
From a user's standpoint, one hour of pornographic content available is disturbing but not catastrophic. However, one hour of images of pornographic content of themselves being shown to their friends and family is catastrophic.
It's kind of like having the police live at your house because 'just in case'.
I think the idea isn't that this is a "just in case" service. More like, if someone sends you a message that they've got compromising photos of you and will release them unless you pay $XX,XXX then you would use the service.
In the analogy, it'd be more like having the police live at your house after having a credible threat made against your life. Which is a thing that happens
Classification is a harder problem to begin with, and 'pornographic' is a subjective judgement.
- It sets a precedent for uploading nude photos to FB and for them asking for it.
- You need to trust FB to delete the photos when they receive it. Yes, I understand that they probably will, but really, how many systems are those bits going to touch? How many logs are going to have this information? Can you be really sure?
A better implementation would be for the FB client to hash the file and for the hash to be uploaded. Trust issues are still there but at least mitigated to devices that you have some control over.
Evil users that hash legitimate photos can be overcome with the same review system that is being tested today.
Before we reduce this to a slippery slope, what scenario do you envision in which FB could coax its userbase to upload nude photos? I know the OP is about taking a selfie to prove existence. What would FB use as the basis to mandate the general user to send a self-nude?
> You need to trust FB to delete the photos when they receive it...can you really be sure?
No, never, of course. But that's why I point out that FB already has this potential vector of attack. Every time a user flags content for abuse, that is logged and presumably a copy of the asset made for manual verification. Nevermind all the sensitive content millions of users everyday send across Messenger or private groups.
> A better implementation would be for the FB client to hash the file and for the hash to be uploaded.
If the image is hashed before it reaches FB servers, then it gives every user the power and impunity to attempt to censor via a Content-ID like approach.
The one where FB asks its userbase to upload nude photos[0].
[0]https://news.ycombinator.com/item?id=15651710
Another commenter makes a good point that you could still have a human verify the first time a provided hash matches an image.
In the current setup, there is a human that verifies the image to be hashed is a nude photo instead of the McDonald's profile picture. In the proposed setup, you wait until a hash matches the photo and then have a human verify if it's pornographic content.
Let's assume that it is possible, the other issue that might come up is that the system is still suspect to a sort of denial of service attack, in which a group (for whatever reason) floods FB with purported sensitive images, and FB is flooded with constant takedown requests to review.
The current implementation can be attacked by uploading thousands of legitimate images delaying takedown requests - therefore any images that should be taken down will stay up longer.
I'll agree that whatever approach FB is doing to hash the photos may not work on a phone for technical reasons, but given FB's resources I'm not sure how far that argument really goes. But consider this - if you truly, deeply cared about user safety and privacy, would you implement this feature the same way?
How would that work, exactly? A user uploads hundreds of fraudulent images to FB's revenge-porn-abuse queue. At some point, the human who verifies whether the image is legit is going to realize that the user account is fraudulent and then disable the account.
If images are hashed, FB has no way to know if a user who is uploading hundreds of hashes is a malicious user or is actually an incredibly unfortunate revenge-porn victim. And the price for being wrong is extremely high. Maybe it's possible for FB's auto-detection system to be robust if the hashes it has to scan for is now several orders of magnitude than ever expected, making this all a moot point. But I can't imagine that the system scales with no penalty.
> But consider this - if you truly, deeply cared about user safety and privacy, would you implement this feature the same way?
The wording of your question implies a false dilemma, and I think reveals how different the premises you and I have about it. What exactly about Facebook's implementation of this feature makes it any less safe for users and their privacy than not having the feature at all? When a user sees and reports an abusive image of themselves -- that photo and that user, and that user's connection to the photo are already in Facebook's system".
Every fear there is about this data being exposed to malicious human workers, or that FB is trying to harvest sensitive images for nefarious means -- that risk has always existed. How do you think abuse-takedown requests are currently handled?
So if my argument is accurate, that an evil-pervy Facebook wants to do a mass collection of sensitive/comprising images of its user, all the infrastructure and dataflow is already in place, then this revenge-porn initiative does nothing to make that process more efficient. Even worse for pervy-Facebook, the initiative's very existence, nevermind announcing it, reminds the entire world again that holy-shit-think-of-all-the data-Facebook-has-on-us-including-our-sexy-times -- which is generally the kind of PR you want to avoid when you're conspiring to mass-harvest illicit imagery and data.
And let's be real here: Facebook doesn't have to do anything special for revenge porn victims, in the way that the Postal Service isn't obligated to open everyone's mail to make absolutely sure there's no child porn being sent -- the act of prevention ends up causing far more harm to all users than it benefits the comparatively small number of potential victims.
The status quo seems to be to do nothing until reports come in, which is OK for most situations but inadequate for the kind of attack vector that revenge-porn victims suffer. Facebook could have accepted that, as everyone else does, but invested time/resources into coming up with a technical solution that only benefits a very small but high-suffering part of its userbase while not increasing invasiveness (FB already autoscans the content of user messages, including with the use of PhotoDNA [0]).
Call me Pollyannish, but I don't see this instance as yet another time of Facebook being heartless and devious.
[0] http://www.businessinsider.com/facebook-google-and-microsoft...
They could jump straight to using ml and ai and the future where only you are in charge of who sees your FacebookEroticExpressions™ on any platform, all across the cloud!
But in the mean time they should probably tell her/him/them if they use the method that already exist to upload them we can use the method that already exist to have them gone in time for recess/study hall/wedding day/when Congress resumes/his state of the Union Address this evening/etc.
Also, if you just give us the other ones that undoubtedly exist we can nip this whole thing in the bud right now.
Phishing attacks against users that this feature is supposed to protect are more likely to succeed.
Now, it's fair to say that even in a technically safer implementation where the photos never leave the device, many users can't tell the difference, so this point doesn't hold a lot of water.
Still, I think making the uploading of scandalous photos to FB is a dangerous precedent to set in general. Will other services and startups that have users suffer from the same problem implement this feature in the same way, and guarantee user safety and privacy? That's a pretty high bar.
umm, no. If I understand correctly, the user believes that their nude may end up on FB. The user takes initiative to upload their copy of the nude to FB to prove ownership or damages.
https://news.ycombinator.com/item?id=15648080
https://www.google.com/search?q=ycombinator+fb+revenge+porn
> too lazy to look it up now
People doing this frustrates me greatly. You had to type 30 key strokes. ⌘+t "ycombinator fb revenge porn" ↵ and paste the results back. How many people are going to read your comment? Maybe 10% of them want to read those links. You spared yourself a trivial amount effort by offloading it to tens or hundreds of others.
I wish people would provide links and source what they say more often. Maybe more discussion sites should let others suggest edits, like on stackoverflow. We could save some of that wasted effort.
What? Why can't the hashing take place in the FB Messenger app on your phone? Why does the picture need to be uploaded to FB's servers? That just goes to what Troy Hunt was saying earlier today in his testimony to Congress about how corporations are collecting data that they shouldn't even want to have. They should collect only the hash from your phone, not the picture. The hashing should be done locally to your device.
I mean, I consciously think about every time I actually give a close approximation on my age in a public forum (like I did above), and make a call on whether it's needed or not. I feel like a dinosaur because of it sometimes, but I also feel like there's only so much privacy you're allotted, and once it's lost, there's really no getting it back. :/
in theory or in practice? do these ways have other caveats?
What does this FB thing protect against? In practice? Upload the images as a zip file, message "hi, here's X in the nude, remove all fruit from htappletp://linkbananashortener.copearm/84395708345643785 and use "theytrustmedumbzuckerbergfucks" minus the FB founder as password". Yeah, it's a hurdle, but those who want to see the images will take it in a heartbeat, and abusers can still do things like message all mutual "friends", right there on FB. So you gained nothing, and pre-emptively gave FB your nude photos.
Besides, Barrin92 said "If someone sees their own nudes show up on facebook" -- well, nude images aren't allowed on FB anyway, are they? So if you or anyone else can see them, if they're not posted in a private group or private messages, you can just report them, no need to even give away that it's you in them. Then what would stop FB from generating perceptual hashes of these images and removing them site-wide and in the future?
There's so many holes in this that I can't really get mad on behalf of the people who fall for it.
This reads more like a gullibility challenge than a true rationale.
http://www.thecrimson.com/article/2003/11/19/facemash-creato...
[0] https://www.phash.org/ [1] http://www.lire-project.net/
Example: SphereFace: Deep Hypersphere Embedding for Face Recognition
https://arxiv.org/abs/1704.08063v2
Pedophiles would be using something encrypted and anonymous anyway.
Except for the ones who apply for a job reviewing the nudes Facebook is collecting, anyway.
Facebook has absolutely no businesses to store nude pictures of their users.
Note that they explicitly state that a human will look at the image and then hash it. So they are storing it at least for a while. And you will not be able to verify whether they really delete it or not.
presumably an attacker will just use the local process to observe and develop a method to defeat it.
that said, perhaps such a methodology would require extra effort on the part of a revenge porn perp, so it might reduce the occurrences.
If they can do that then the whole method fails anyway.
Besides, I think the set of your average revenge porn idiots intersected with those that are capable of defeating the hashing scheme in order to do their dirty deed is going to be exceedingly small.
i'm not that sure. the memory of any application can be observed, which means the process of fingerprinting - whatever it is - can be observed. executing the process enough times with a range of inputs will provide a load of analyzable data, via recording the transformation of bytes.
this is (loosely) why basically all software can be "cracked" and drm methods defeated.
> intersected with those that are capable of defeating the hashing scheme
they don't really have to, much. think of the attackers as software crackers/warez groups, and the perps as visitors to pirate bay. you don't need to know how to break drm to download cracked software, or use nefarious push-button software. there might even be (possibly illicit) business opportunities here.
This all of course besides the best defense against all of this: do not create such images in the first place and do not allow others to create them.
Can't they just train their system to do whatever it is they propose that it do in response to alleged revenge porn, but with any nude image/nude images generally? Will their system prevent the propagation of revenge porn videos?
when will people stop using facebook?
In addition, they also have a lot of 'fresh' servers out there, spinning about for months, not being written to, as some algorithm works it's way around using the fresh servers. These also fail, having never been used. Seagate does not mind when companies like FB do this nonsense.
C
A
R
Y
Wow, didn't take long for the downvote brigade to show up for having a contrary opinion to the herd on this one.
Maybe you're being downvoted because this statement is just as cliché, if not moreso (given the amount of FB users vs non FB users) than the "delete your FB" cliché
I'd love to hear more about this.