Is it really that surprising, since all the photos are available on public sites? It seems this tool reveals the same a Google search for the name would reveal.
This guy's name is Tom Smith. Go ahead and pop that into Google and let me know how that turns out.
His name is about as generic as you could imagine for a white person. But they returned a bunch of images of HIM, and one Alexey Something-or-other, which could be his troll account.
Edit: the Alexey part is a joke, I'm sorry but I thought it was funny.
TIL generic names (in your geographic region) are good ways to promote privacy.
I always wondered how the Chinese authorities figured that out considering the massive name reuse in China. I can’t watch a Chinese movie or TV show without at least one character sharing the surname (the first part in China) of a Chinese person I know.
The Romani people have used it as a general tool to make it difficult to govern them. The local equivalent of "John Smith" gets used by everybody in every official form. Meanwhile, they just call each other what they otherwise would've.
the world has always been anonymous because of the lack of capability to track large amounts of data - until recently.
Anonymity allows you safety from any one who seeks to predate you. I think that safety needs to be maintained. People stupidly put photos of themselves online, then face tag their friends. This allows third parties to identify your friends and circles, and that's dangerous. All relationship should be reciprocal.
No, long ago the world was a bunch of small groups of people that knew each other intimately. At the village and tribe level there was little or no anonymity. The offset was that there was also intimacy. The problem now is that we again have no anonymity, but there is none of the intimacy needed to offset the negative aspects of this (and we probably can't, I don't think intimacy scales the same way, but who knows).
I thought about this. Perhaps youtube real videos (not staged mini tv shows like peewee) has opened up people's lives to their world. Perhaps twitch/live coding streaming provide this on some level. Perhaps onlind video games or even social media provide that intimacy into others lives at scale.
The people who left their tribes (or were forced off) were effectively anonymous to any new group of people they might come across. So if you were kicked from your group for a misdeed, sure you could continue your bad deeds in the new group or you could turn over a new leaf without the weight of your past mistakes holding you back.
> The people who left their tribes (or were forced off) were effectively anonymous to any new group of people they might come across.
The people who left or were forced out often died. The world is a scary and dangerous place without a support network, which civilization basically is.
> So if you were kicked from your group for a misdeed, sure you could continue your bad deeds in the new group or you could turn over a new leaf without the weight of your past mistakes holding you back.
Outsiders were often viewed with distrust. Why wouldn't they be, when most people can only associate their leaving the safety of the community with at best a foreign way of thinking, but more likely them being forced out for past misdeeds.
It's sort of like interviewing for a job a 35 year old that has no work experience to show for the last decade, and not a very convincing story as to why (or even if it's feasible, you don't really know). Why take the risk?
> the world has always been anonymous because of the lack of capability to track large amounts of data - until recently.
The first data privacy law ("loi informatique et liberté") were introduced in France around 1980, after a controversial government project to create a massive database of people generated a huge scandal.
So it's been possible for quite a while, it's just that it was reserved to state actors.
Privacy laws, much like noise ordinances and pollution regulations, are emergent responses to novel threats and ills.
In a world without the printing press, anti-libel laws didn't exist. In a world without photography, rights to personal image and freedom from invasive shutterbugs didn't esist. Anti-wiretapping and phone-recording restrictions were necessitated by the telephone. The Bork bill protecting the sanctity of ... video store rental records ... was necessitated by videocassette technology, a video rental market, Supreme Court nomination hearings, chatty store clerks, and newspapers interested in publishing such details.
As technologies tear down and penetrate the long-standing barriers to snooping, recording, transmitting, analyzing, and acting on what had always. been personal and private behaviours, societies turn to law to reinstitute those protections.
Privacy is an emergent phenomenon and a direct response to intrusions.
This nails it. It's not the present view of you that someone might get, but it's the fact that they can roll back the clock on you and re-interpret anything you did or said or anywhere you went. Digging up some ancient tweet is somewhat analogous to it, but it cuts way deeper when you start thinking about every moment of your life. On the flip side, if you're just living your life OpSec feels overkill...
Yep. "I trust this entity with my data" is absolutely not an argument to be lax with your privacy.
Take Pebble for example. They had a very invasive privacy policy and reserved the right to upload pretty much anything from your phone via the companion app, but they were a cool hacker-friendly hardware startup and a lot of people trusted them.
Years down the track they ran out of runway (the ugly side of "unicorn or bust" venture capital but that's another rant) and were bought out by Fitbit. Meh, Fitbit seemed pretty good with privacy too so that's alright, I guess?
Now Google's bought Fitbit and potentially has a bunch of very personal, private data on everyone who originally trusted Pebble.
And because they had only one source of data, namely their watch/armband, and were not cross referencing it with search queries, YouTube views, etc. Unlike Google, needless to say.
Exactly. Very current affairs: governments are looking into getting location data from phone networks, apps, phone manufacturers to determine whether people are sticking to the curfews. And this change in perspective happened real fast.
Does the end justify the means? A pandemic like this is the ideal chance for a government to set up emergency measures like martial law, while the people themselves are too busy trying to look out for themselves and their family to be able to protest it.
Of course, anyone with half a brain already knew that unlimited data gathering, including location or personal information, was a bad thing.
Nothing magic, they're just sending a HTTP 302 redirect if they don't see a cookie. If you hit it with wget you'll see two 302s, one of them with the old "Moved Temporarily" text and the other with "Found". I'm not sure why you only get two with wget, possibly user-agent sniffing. Tracing with firefox's dev tools I see an initial JS redirect, but that may be a bug since I've got javascript disabled for medium. Alternatively it's a bug in NoScript and that's not good. Either way they'll toss a 302 with no js at all.
Which just ends up bouncing you back and forth, unless JS is allowed to percolate through. However, there is some useragent sniffing happening, so the exact set of headers changes.
I used to think some of my peers were being overly cautious by purposely trying to obfuscate their online profile. Back in the day, I couldn’t care less about putting in effort to try to protect my online privacy. I have slowly but surely come to see the light. Now it’s at the forefront of my mind at all times.
Learning about this company (and I imagine other unknown entities are doing the same) has encouraged me to get more aggressive.
I think I will start to try some shenanigans I learned from a friend. I plan on replacing my online profile pics to a random grab from https://www.thispersondoesnotexist.com/. Might not make much of a difference for the old stuff, maybe I can successfully request a data deletion as the article suggests. At least it will introduce a little bit of noise to the AI overloads :)
Starting in the early 90's, 'everyone's a dog on the internet', so my profile pics were dogs. One buzzed evening, I changed a few to Fabio. Good luck, Fabio,
I too am extremely opposed to any and all non-consenting invasions of digital privacy (i.e., the problem isn’t the known-known of what you upload, but the hidden implications of it), but on the contrary, I make a disciplined effort to make my digital fingerprint reflect my actual views and identity. Whatever time capsule my digital identity ends up in, I want to be as accurate and beautiful as possible.
This includes my avid support of corporations which make good faith efforts to defend natural rights and freedoms, and my vehement opposition to corporate/political nonsense that does not represent, in good faith, the interests of humanity and nature. “A reasonable amount” of surveillance is an essential aspect of society, but it SHOULD be considered invasive, and should never be invisible. I suspect that there will be BS metrics to evaluate how “consenting” a given individual is to NSA/Clearview type behavior, and I would hope that I am casting a shield of protection. I feel bad about the fact that an element of bitterness is necessary to be resilient. I know no other way than truth.
I truly act as if AI is learning from me, and believe that there are long reaching and metaphysical effects to all actions.
Thank you for sharing this viewpoint. Your end goals are admirable. I will seriously consider adopting your strategy.
Obviously, I'm using a nym. Because I've wanted to my life to be faceted. I've lived very publicly before (ran for office). But in geekdom, I didn't want people to casually correlate my politics (activism) with my open source efforts.
Replacing pictures wont help (they already have them), GDPR request for deletion might work better but on the other side you also give them your confirmed identity. With companies as shady as this one, they might just set a flag in their database and add your documents data to them.
As you have figured out on your own, public should listen to some people warning about this for more than decade instead of making fun from them (tin foil hat,...).
And if anyone thinks that google and facebook are not having their own versions of clearview, think again. Any form of online presence under real name has to be minimized and it is doable but this would mean that all personal narcissistic pushes would need to be stopped (or should I say - cured) and refrain yourself from using any personal information (no, you wont secure my account by having my phone number, provide me TOTP if the security is really the reason) on the internet while avoiding it beeing stolen by apps (application firewalls, sending back fake data and not using any google applications including removing their preinstalled spyware by rooting the phone).
I can guarantee you that you wont be missing anything relevant (I am doing it for more than decade). But. Will you do that? Can you do that? Do you want to do that? Most people just rather take blue pill.
> With companies as shady as this one, they might just set a flag in their database and add your documents data to them.
This is exactly my fear. If they were more legitimate, I wouldn't be worried about sending an ID card. Thinking if it makes sense to fake an ID with my real picture on it so they can give me the data and 'delete' it but with a fake name to make sure I'm at least not feeding the troll.
Dumb question - how can anyone be sure that companies actually delete the data? What about the backups, what happens to the data there? How do these govt enforcers verify this? Also, what about Clearview's employees abusing the data? what stops them from snooping on someone they are interested in?
It is actually not stupid. Nothing stops them except a liability for a hefty fine if they are cought. In same manner as nothing stops criminal from stealing your car. But there might be a jail sentance that deters him from doing it. Some cars will be stolen, some criminals cought and jailed.
Sure, car has locks. It is preventive measure. Same as not uploading your personal data/pictures/... to "public" servers.
Just for the record, the journalist who broke the story on Clearview noted that Clearview AI has specifically demonstrated it isn't fooled by thispersondoesnotexist.com:
You may be surprised to learn that your face is your least identifying trait online. You network of friends/followers/likes identifies you far more readily—even if you use a random username.[1]
Managing your privacy is a lot like CPU side channel attacks. It forces you to re-evaluate your fundamental assumptions about what information can be exploited.
They might have already scraped all of the faces on that site. They aren't generated on demand so you conceivably scrape the entire database of fake people and tell the algorithm to ignore anything matches them. Then, the algorithm would just treat any photos of a person that doesn't exist that it finds in the wild as it would if you have no profile pic. It might fool a person or an AI not trained on those pictures. Another option is to generate your own people that do not exist and use those images. This could work as long as Clearview isn't doing some sort of image analysis to look for telltale signs of AI-generated faces. You could start photoshopping fake faces onto your real pictures in an effort to blur the line between AI generated pictures and real pictures.
It's the fact that it returned no matches, that indicates it isn't fooled. If it were fooled, it would have associated those faces with the accounts that use them (assuming anyone is using the, which they probably are).
By returning no accounts, it demonstrates their AI isn't using those faces for identification.
He thought giving them a fake face would gum up their search quality and ability to resolve him. I'm saying it would basically be a null-photo to Clearview.
In that case, how about the opposite strategy? Take your own picture and a GAN with a latent space feature (i.e. a thispersondoesnotexist that lets you decide age, gender, etc.). Then set the parameters so that you get a picture of yourself. Upload this picture to social media and watch Clearview ignore it, while you still look like you to humans.
I was thinking something similar. Maybe with some randomization to it, so different profiles across (social) media wouldn't link together through Clearview et al. but still all look like you to humans.
I grew up with the "don't use your real name on the internet" in the back of my head, this was before kids got internet safety classes.
5-10 years later, Facebook came up with their real name policy and started asking people to snitch on their friends if they used a fake name. Google, and mainly Youtube, came with a real name policy as well, on the one hand for Google+, but on the other to try and fight comment abuse - theory being people are more hesitant to be a dick on the internet if they use their real name.
But people got used to that real fast, and since there was little consequences anyway, it didn't work.
People have valid reasons to use a fake name on the internet; government and business surveillance is a big one. Abusive / stalker exes are another. Having an alternate persona (e.g. entertainers, authors) which people are trying to hide from their un-understanding or abusive family, or society at large.
Your peers were being rational, but it's a drop in the bucket. I've come to the conclusion that privacy can only be protected with legislation. There is too much surface area to protect for the average person to police their own data trail online. Even experts have a tough time doing it. You'd have to abstain from virtually everything, and even then you can't keep other people from posting you, tagging you, etc.
This isn't a technical issue. It's a political issue.
Its absolutely wild that for anyone that's not a resident of California or EU/UK -- there isn't a way for you to request anything other than specific images/links.
> This tool will not remove URLs from Clearview which are currently active and public. If there is a public image or web page that you want excluded, then take it down yourself (or ask the webmaster or publisher to take it down). After it is down, submit the link here.
At least for GDPR reasons (as far as I understand it) you can forbid the use of your data. They then are not allowed to use your data in any way. Even data already public or put on the internet by you in the future.
If they do they are in "deep shit" (pardon my french) legally. I actually hope they do this - and somebody can catch them in the act. I believe they will be gone soon then.
Also I would advise anyone under GDPR legislation to also request exactly with whom the data was shared and go on to also request deletion and usage information from them. It is a pain that one has to jump all these hoops. I would love for the GDPR to have a way of forcing such a company to also do the information and deletion requests on your behalf and prove that to you.
It makes sense to me. This is a database keyed by facial images. They don't know your name with certainty. The only way to look you up in the database is by face. Then presumably they need the ID to make sure it's you who's requesting the info. Hard to imagine how else to do it, given the nature of the technology.
Exactly. Otherwise, this is just a vector for any person to exploit the process and freely play cop by uploading a photo of someone they're trying to track.
Yes, but the value is to provide that in exchange for money, and ostensibly only to law enforcement agencies and similar organizations. (If you try to sign up on their website, it says "Clearview is available to active law enforcement personnel" and that you need to apply for access.) If you're a random citizen and can get the same data, especially for free, the value proposition breaks. And the privacy implications would be worse.
So, I get why they ask for ID, even though I also get the reluctance to give them your ID since it could help tune their system.
This is a case of 'never click "opt-out" on spam'. Clearview is not to be trusted. One should not go through their process. They are not likely to delete the data, and if they have none, they are likely to create a profile for you.
I wonder what would happen if I were to issue them a $5000/mo/piece retroactive license invoice for any/all use of my name/likeness/etc for their profit.
CFAA enforcement is only for large corporations. Try to get an AUSA to enforce CFAA violations against a big company as an individual person with a website and they will probably laugh in your face.
Remember: there are two sets of laws in the US: ones that apply to you, and another set for large corporations that cooperate with the police and military.
A class-action suit that would probably last for a couple years and end in a settlement where the claimants - assuming they fill(ed) in forms x, y and z, would be entitled to at best a few hundred dollars.
See also the Equifax settlement. I'd say Equifax is the best / most recent example about something like this.
Bit of a rub that to request your messy, potentially erroneous, public profile, you have to give private, authenticated identification and contact information - basically the most valuable information they could want, dramatically increasing the value of your profile that you were so concerned about in the first place.
> Bit of a rub that to request your messy, potentially erroneous, public profile, you have to give private, authenticated identification and contact information - basically the most valuable information they could want, dramatically increasing the value of your profile that you were so concerned about in the first place.
The concept of being opted-in by default and being forced to authenticate yourself to opt out is getting more and more ridiculous by the day.
These systems need to be opt-in, and that requirement needs to be enforced by some kind of powerful government agency with the power to arrest and jail non-compliant operators. Anything less feels like it would end up being a complete surrender to companies like Clearview AI.
I've been thinking about this for a while. A fairly simple solution would be to turn the incentives around. In the EU, people are already the rightful owners of their data, so that needs to be applied world wide. But that's not enough.
To really flip the table, we need to make it mandatory to pay people for use of their data. If a company is exploiting[ß] someone else's property, the owner must be compensated for the privilege. Take a page from SaaS companies' nickel-and-diming ("pay per use") billing strategy, too. Just turn it around: forbid blanket permissions and consents.
The idea is to ensure that other people's data needs to be universally treated as a toxic liability, not an asset.
ß: in economic sense, although other meanings apply equally well.
> The governments are the customers of such products. We can't expect them to protect us.
So you're saying we should just surrender to companies like Clearview AI? I don't agree with your fatalism.
I think you're making a mistake in assuming that governments are unaccountable and cannot be prevented from pursuing interests that against those of the people. That's clearly not the case. If you were right, we'd already have unchecked police surveillance (isn't government is the consumer of surveillance products?), but we don't. That's only the case in non-democracies like China. In democracies, society (and the government itself) is capable of putting significant constraints on government action.
I suppose it depends on the definition of government. I was thinking of the executive branch (maybe I confused the terms). Parliament legislation would be the branch that has the responsibility to protect from such things.
I came here to make the same comment. I don't like what this company is doing, but the information is already public. People should know that anyone can read your public data and assemble it. It is not very different to living in a town. In a town everyone knows public, and no so public, information about everyone. Police, or a private investigator, can always go and interrogate the butcher or the hairdresser and ask information about you. They can also read the local gazette. The difference now, and it is not minor, is that the town is global.
Privacy starts from us not revealing our private information. That's why we have curtains at home. It is us who put the curtains on windows.
I asked this in a sibling comment to yours but couldn’t the government, who issued your ID in the first place, make requests on your behalf to enforce the privacy laws they’ve created?
Came here to say this. Do any of the privacy laws allow for deleting your profile without proving to the company who you are? Could you have the government make the request on your behalf? Sending Clearview your license sounds like confirming your credentials in a haveibeenpowned-like honeypot. Seems irresponsible for the author to even suggest that to readers. There should be other ways.
When it comes to information gathering, I have always assumed if it is technically possible to do, then some agency in the government is doing it. So even if people were able to shame all of Clearview's customers into not using them, that wouldn't stop this type of information gathering form going on.
Just because the government has nukes, doesn't mean citizens should have them. The government shouldn't have them, either, but there's not much citizens can do about that outside of revolt.
Meanwhile this company has been nothing but privacy abuses and lies to the public. If it isn't broken up by law, it will be interesting to see what the people do.
Is it me or did anyone find the availability of photos to be less than I would have expected.
It is worrisome but a facebook could produce a lot more privacy related connections from private photos no one knows existed. I guess I was expecting that.. perhaps in the future facebook will offer this service.
To my knowledge, only 1 photo of me exists online (I've never even taken a selfie), in a concert crowd that showed up in our online newspaper. Feeling pretty secure about that.
It's interesting how collecting or distributing files with music is a grave crime and corporations can take down anything they don't like with a half-assed DMCA request, with no repercussions for "mistakes", but a person's face image doesn't belong to that person and the same corporations can safely collect and distribute these images for profit.
It goes even further than corporations being able to request things from being taken down. Kim Dotcom's house was raided by the FBI in New Zealand over this. He isn't even an American!
Probably because nobody in the EU currently has this company on their screens. Or because those who are critical of this company and its practices have not yet reported it to the relevant authorities.
In Germany not only the GDPR regulation but also the so-called "right to the own picture" applies here.This means that no one may use/sell pictures of a person without explicit consent. Therefore, photographers must also have an explicit release of the person for the respective context of use.
Clearwater did not obtain consent, so the data shouldn't be there in the first place.
Each and every data protection Behörde here in Germany should be investigating this.
Well I would advise everybody to file a complaint to their local DPA. Even if you can oppose the processing, they rely on legitimate interest (doubtful their balancing act is acceptable) and they acquired the data in a legal way, they failed to inform the user of a second-hand data collection[1].
So If they have data on you, that is older than a month, and did not contacted you to inform you of it, you can file a complaint!
Search for how many of those enforcements came from Ireland. Now look up what country's GDPR authority Google and Facebook and most American companies are choosing to be subject to. It's not a coincidence that the place that hosts all US company's remote headquarters isn't participating in GDPR enforcement.
Ireland tried to give a great deal to Apple. The EU didn't take it very well [1]. I wouldn't be surprised if the EU will investigate Irish GDPR enforcement.
Just a correction - consent isnt the only legal basis. Thought it was important to correct you here so others reading the comment wouldn't get the impression that no consent = illegal
YouTube takes this one step further to the ridiculous extreme that if you are live streaming a DJ set, it censors your stream in realtime whenever it detects a copyrighted song, i.e. a good 1/3 of your stream. It doesn't need a DMCA request, it does it willingly.
YouTube is so horrible now for content creation, I don't understand how content creators are able to post anything anymore without it being smashed by the copyright automation.
tl;dr ContentID is a workaround for a broken copyright system. It's not perfect, but it's better for everyone than falling back to the default of copyright through court.
I'd need to prove it, they'd skillfully dodge the request, I'd have to hire expensive lawyers (500/hr) and make a more formal request that's harder to dodge, they'd say the data is distributed across the globe in multiple jurisdictions in a very complex form, I'd have to hire an entire law company that works with international cases (1M/month?), they'd drag their feet and mud the discovery requests as much as possible and at the end of the day it'll be about who runs out of money first and who has better connections. The copyright law is made to resolve disputes between big companies.
> but a person's face image doesn't belong to that person and the same corporations can safely collect and distribute these images for profit.
The irony is that companies like Facebook, Twitter, etc are really bothered when another business scrapes profiles to mine data uploaded to those sites.
I wouldn't be surprised to find out that one of these companies gets sued by them for "stealing" content they host and violating the licenses for user content they grant themselves via their ToS.
Private companies can do whatever immoral garbage they want, and in exchange for access to the data or the product they developed in an unethical manner, the government slaps them on the wrist, or does nothing, allowing it to get worse and worse and allowing them to assert more control over us.
Imagine the story when people find out this or another company started skimming the porn sites with facial recognition, starts gaining access to surveillance footage from Nest or Ring, or maybe even gets access to state and federal DOT cameras and real time feeds from body cameras!
Facial recognition is going to need some regulation, ASAP.
> starts gaining access to surveillance footage from Nest or Ring, or maybe even gets access to state and federal DOT cameras and real time feeds from body cameras!
> The agreement gives the company real-time access to state traffic cameras, CCTV and public safety cameras, 911 emergency systems, location data for state-owned vehicles and more. In exchange, Banjo promises to alert law enforcement to "anomalies," aka crimes, but the arrangement raises all kinds of red flags.
> Banjo relies on info scraped from social media, satellite imaging data and the real-time info from law enforcement. Banjo claims its "Live Time Intelligence" AI can identify crimes -- everything from kidnappings to shootings and "opioid events" -- as they happen.
"What does a Clearview profile contain? Up until recently, it would have been almost impossible to find out. Companies like Clearview were not required to share their data, and could easily build massive databases of personal information in secret.
Thanks to two landmark pieces of legislation, though, that is changing. In 2018, the European Union began enforcing the General Data Protection Regulation (GDPR). And on January 1, 2020, an equivalent piece of legislation, the California Consumer Privacy Act (CCPA), went into effect in my home state.
Both GDPR and CCPA give consumers unprecedented access to the personal data that companies like Clearview gather about them. If a consumer submits a valid request, companies are required to provide their data to them. The penalties for noncompliance stretch into the tens of millions of dollars. Several other U.S. states are considering similar legislation, and a federal privacy law is expected in the next five years."
One thing you should be very careful about is licensing. If you post photos on Facebook or Instagram, you automatically grant them a license to redistribute the photo and share it with others. And these "others" can include Clearview. So, Clearview could have a contract with Facebook which legally allows them to get and save those photos. So, you are still the copyright owner, but due to licensing Clearview can legally store and use the photos.
About suing them if they would break copyrights: not sure about the US, but in Germany it wouldn't be that easy to actually sue them for such a high sum. You could argue that the company makes money by offering the search service, but there must be evidence that Clearview made that specific sum just with your photo(s), which is very unlikely.
At least if it is a photo in a news story or from a private homepage I would believe they are in trouble. I doubt they have licensing agreements from every news source. And I am sure they do not have them for private homepages.
They would have to be able to prove that in a lawsuit first. Do they have similar agreements with the alumini magazine? The python coder's meetup group? The personal blog?
Just one of those pictures would be enough for a lawsuit.
Of course, if someone were to sue, they would be heavily pushed to settle out of court. I suspect there's a lot more legal activity going on about things like this, but everyone that starts to make some noise is quickly silenced with a lump sum and a binding contract to shut up about it. If they don't, they're threatened with spending the next 5-10 years in court. Because if there's anything corporate lawyers are good at, it's stalling and making sure the suing party, especially if it's a random consumer, spends years and hundreds of thousands in court fees.
What we need is more rich people suing businesses. Or a massive public defense fund supporting the average joe's case.
But right now it's in the rich people's interests to support shady businesses, and if they don't they'll be offered massive financial incentives on the golf course.
Do the founders of this company have their profiles in the database? What about the other executives and investors? Do those profiles contain all of the same personally identifiable information as any other randomly sampled user? Does it show photos, social media posts, personal contacts, school teachers, addresses, family member data etc? If not, this sort of blunt assault on privacy would make Orwell toss in the grave.
HTML Templates; When you think you need a good website for promoting your service or good then you will need to research for picking good HTML Templates, but if you the lucky person then it’s for you, just because we will help you to take a good HTML Templates for your dream website.
I'm not entirely sure what's so shocking about public data, shared willingly by the person to the public, being used to identify the person. If the data weren't/hadn't been shared willingly, I'd definitely see that as a problem. Same thing as if the data were to have been gleaned from non-public sources e.g the person's private belongings or secured digital realms like private forums, password encrypted backups, private profiles, etc.
It's about trust and permission. If I give e.g. a local news website permission to use my portrait, I do NOT implicitly give permission to Clearview, Google, Facebook, etc to use it for their own purposes.
I mean it's implicitly known that anything you post on the internet is public property, but legally that is not the case. Portrait law (at least in my country). You can't just take someone's portrait and use it for your own gains.
Are they actually using it, though? Or are they just a search engine presenting public links that are hosting the photos of your face? Is linking to something covered by GDPR?
Couldn't this same argument be made for Google reverse image search? Reverse image search someone's face and you're likely to get links to places that photo is located; potentially including links to different photos of their face, as well.
They're likely mirroring local copies of the photos as well when they show you the link (in case a link later 404s or changes), but so is Google reverse image search, I believe.
If your position is that both things are wrong, that's fine, but would Google then basically have to remove the entire feature? Or prevent searches for any photo containing any faces?
Legal _in the US_ is an interesting point. We often see the US trying to overreach and apply US standards when US-owned material is hosted on sites outside of the US (Richard O'Dwyer), or arguing that accessing a server in the US makes you subject to US law (Gary McKinnon). Why would similar arguments not apply here? It may be legal in the US, but that doesn't necessarily place the actions outside the jurisdiction of the other country. Naturally, _enforcement_ may be an issue, but that doesn't make it legal. At the very least, I don't see how it can be seen as OP giving permission - it's effectively another country taking that decision away from him.
236 comments
[ 15.6 ms ] story [ 7636 ms ] threadHis name is about as generic as you could imagine for a white person. But they returned a bunch of images of HIM, and one Alexey Something-or-other, which could be his troll account.
Edit: the Alexey part is a joke, I'm sorry but I thought it was funny.
I always wondered how the Chinese authorities figured that out considering the massive name reuse in China. I can’t watch a Chinese movie or TV show without at least one character sharing the surname (the first part in China) of a Chinese person I know.
Smith would be our classic version in the west.
But governments change, the data is still around to be abused.
This is what disturbs me. Is how data can be abused in the future.
the world has always been anonymous because of the lack of capability to track large amounts of data - until recently.
Anonymity allows you safety from any one who seeks to predate you. I think that safety needs to be maintained. People stupidly put photos of themselves online, then face tag their friends. This allows third parties to identify your friends and circles, and that's dangerous. All relationship should be reciprocal.
It's an awful dangerous place when you're alone out in the Wild West.
The people who left or were forced out often died. The world is a scary and dangerous place without a support network, which civilization basically is.
> So if you were kicked from your group for a misdeed, sure you could continue your bad deeds in the new group or you could turn over a new leaf without the weight of your past mistakes holding you back.
Outsiders were often viewed with distrust. Why wouldn't they be, when most people can only associate their leaving the safety of the community with at best a foreign way of thinking, but more likely them being forced out for past misdeeds.
It's sort of like interviewing for a job a 35 year old that has no work experience to show for the last decade, and not a very convincing story as to why (or even if it's feasible, you don't really know). Why take the risk?
The first data privacy law ("loi informatique et liberté") were introduced in France around 1980, after a controversial government project to create a massive database of people generated a huge scandal.
So it's been possible for quite a while, it's just that it was reserved to state actors.
In a world without the printing press, anti-libel laws didn't exist. In a world without photography, rights to personal image and freedom from invasive shutterbugs didn't esist. Anti-wiretapping and phone-recording restrictions were necessitated by the telephone. The Bork bill protecting the sanctity of ... video store rental records ... was necessitated by videocassette technology, a video rental market, Supreme Court nomination hearings, chatty store clerks, and newspapers interested in publishing such details.
As technologies tear down and penetrate the long-standing barriers to snooping, recording, transmitting, analyzing, and acting on what had always. been personal and private behaviours, societies turn to law to reinstitute those protections.
Privacy is an emergent phenomenon and a direct response to intrusions.
Take Pebble for example. They had a very invasive privacy policy and reserved the right to upload pretty much anything from your phone via the companion app, but they were a cool hacker-friendly hardware startup and a lot of people trusted them.
Years down the track they ran out of runway (the ugly side of "unicorn or bust" venture capital but that's another rant) and were bought out by Fitbit. Meh, Fitbit seemed pretty good with privacy too so that's alright, I guess?
Now Google's bought Fitbit and potentially has a bunch of very personal, private data on everyone who originally trusted Pebble.
The general 1984 style dystopia vision is that there’s a gov’t change for the worst and you could be SWAT’d out of the blue.
The most probable one is that this kind of tool would be used in far less obvious, if at all visible, ways.
In that situation some kind of honeypot/canary strategy would be nice to reveal shady use but I can’t seem to come up with a realistic one.
Does the end justify the means? A pandemic like this is the ideal chance for a government to set up emergency measures like martial law, while the people themselves are too busy trying to look out for themselves and their family to be able to protest it.
Of course, anyone with half a brain already knew that unlimited data gathering, including location or personal information, was a bad thing.
https://www.ft.com/content/19d90308-6858-11ea-a3c9-1fe6fedcc...
Most non technical people don’t understand how powerful technology is.
https://medium.com/m/global-identity?redirectUrl=https%3A%2F...
Which then sends another location of:
https://onezero.medium.com/i-got-my-file-from-clearview-ai-a...
Which just ends up bouncing you back and forth, unless JS is allowed to percolate through. However, there is some useragent sniffing happening, so the exact set of headers changes.
Learning about this company (and I imagine other unknown entities are doing the same) has encouraged me to get more aggressive.
I think I will start to try some shenanigans I learned from a friend. I plan on replacing my online profile pics to a random grab from https://www.thispersondoesnotexist.com/. Might not make much of a difference for the old stuff, maybe I can successfully request a data deletion as the article suggests. At least it will introduce a little bit of noise to the AI overloads :)
This includes my avid support of corporations which make good faith efforts to defend natural rights and freedoms, and my vehement opposition to corporate/political nonsense that does not represent, in good faith, the interests of humanity and nature. “A reasonable amount” of surveillance is an essential aspect of society, but it SHOULD be considered invasive, and should never be invisible. I suspect that there will be BS metrics to evaluate how “consenting” a given individual is to NSA/Clearview type behavior, and I would hope that I am casting a shield of protection. I feel bad about the fact that an element of bitterness is necessary to be resilient. I know no other way than truth.
I truly act as if AI is learning from me, and believe that there are long reaching and metaphysical effects to all actions.
Obviously, I'm using a nym. Because I've wanted to my life to be faceted. I've lived very publicly before (ran for office). But in geekdom, I didn't want people to casually correlate my politics (activism) with my open source efforts.
Again, thank you.
As you have figured out on your own, public should listen to some people warning about this for more than decade instead of making fun from them (tin foil hat,...).
And if anyone thinks that google and facebook are not having their own versions of clearview, think again. Any form of online presence under real name has to be minimized and it is doable but this would mean that all personal narcissistic pushes would need to be stopped (or should I say - cured) and refrain yourself from using any personal information (no, you wont secure my account by having my phone number, provide me TOTP if the security is really the reason) on the internet while avoiding it beeing stolen by apps (application firewalls, sending back fake data and not using any google applications including removing their preinstalled spyware by rooting the phone).
I can guarantee you that you wont be missing anything relevant (I am doing it for more than decade). But. Will you do that? Can you do that? Do you want to do that? Most people just rather take blue pill.
This is exactly my fear. If they were more legitimate, I wouldn't be worried about sending an ID card. Thinking if it makes sense to fake an ID with my real picture on it so they can give me the data and 'delete' it but with a fake name to make sure I'm at least not feeding the troll.
Dumb question - how can anyone be sure that companies actually delete the data? What about the backups, what happens to the data there? How do these govt enforcers verify this? Also, what about Clearview's employees abusing the data? what stops them from snooping on someone they are interested in?
https://twitter.com/kashhill/status/1218542846694871040?s=20
You won't be giving them any info on you, but you won't be confounding them either.
Managing your privacy is a lot like CPU side channel attacks. It forces you to re-evaluate your fundamental assumptions about what information can be exploited.
[1] http://www.vldb.org/pvldb/vol7/p377-korula.pdf
http://cdn.collider.com/wp-content/uploads/2016/02/ghost-in-...
Run facial recognition against computer generated face, got no matches. Surely that is the expected and intended result from both parties?
Or is it expected to match against a different face?
By returning no accounts, it demonstrates their AI isn't using those faces for identification.
5-10 years later, Facebook came up with their real name policy and started asking people to snitch on their friends if they used a fake name. Google, and mainly Youtube, came with a real name policy as well, on the one hand for Google+, but on the other to try and fight comment abuse - theory being people are more hesitant to be a dick on the internet if they use their real name.
But people got used to that real fast, and since there was little consequences anyway, it didn't work.
People have valid reasons to use a fake name on the internet; government and business surveillance is a big one. Abusive / stalker exes are another. Having an alternate persona (e.g. entertainers, authors) which people are trying to hide from their un-understanding or abusive family, or society at large.
Here is a more exhaustive list: Who is harmed by a "Real Names" policy?
https://geekfeminism.wikia.org/wiki/Who_is_harmed_by_a_%22Re...
This isn't a technical issue. It's a political issue.
And you can't even do that unless you've already managed to remove the image from the internet:
https://clearview.ai/privacy/deindex:
> This tool will not remove URLs from Clearview which are currently active and public. If there is a public image or web page that you want excluded, then take it down yourself (or ask the webmaster or publisher to take it down). After it is down, submit the link here.
If they do they are in "deep shit" (pardon my french) legally. I actually hope they do this - and somebody can catch them in the act. I believe they will be gone soon then.
Also I would advise anyone under GDPR legislation to also request exactly with whom the data was shared and go on to also request deletion and usage information from them. It is a pain that one has to jump all these hoops. I would love for the GDPR to have a way of forcing such a company to also do the information and deletion requests on your behalf and prove that to you.
Sadly this was not included I believe.
So, I get why they ask for ID, even though I also get the reluctance to give them your ID since it could help tune their system.
I wonder what would happen if everyone did.
I wonder if this can be combined with adding a “terms of service” to your FB profile.
Corporations have perverted contract law to the point where their terms of service are binding even if you never read them, or are even aware of them.
Turnabout is fair play, right?
Remember: there are two sets of laws in the US: ones that apply to you, and another set for large corporations that cooperate with the police and military.
See also the Equifax settlement. I'd say Equifax is the best / most recent example about something like this.
Equifax’s credit-data provenance is enshrined in law. Their mistake was in improperly distributing legally-owned data.
Clearview does not have legal claim to individuals’ or Facebook‘s copyrights. Its mistake is more fundamental than Equifax’s.
The concept of being opted-in by default and being forced to authenticate yourself to opt out is getting more and more ridiculous by the day.
These systems need to be opt-in, and that requirement needs to be enforced by some kind of powerful government agency with the power to arrest and jail non-compliant operators. Anything less feels like it would end up being a complete surrender to companies like Clearview AI.
To really flip the table, we need to make it mandatory to pay people for use of their data. If a company is exploiting[ß] someone else's property, the owner must be compensated for the privilege. Take a page from SaaS companies' nickel-and-diming ("pay per use") billing strategy, too. Just turn it around: forbid blanket permissions and consents.
The idea is to ensure that other people's data needs to be universally treated as a toxic liability, not an asset.
ß: in economic sense, although other meanings apply equally well.
So you're saying we should just surrender to companies like Clearview AI? I don't agree with your fatalism.
I think you're making a mistake in assuming that governments are unaccountable and cannot be prevented from pursuing interests that against those of the people. That's clearly not the case. If you were right, we'd already have unchecked police surveillance (isn't government is the consumer of surveillance products?), but we don't. That's only the case in non-democracies like China. In democracies, society (and the government itself) is capable of putting significant constraints on government action.
Privacy starts from us not revealing our private information. That's why we have curtains at home. It is us who put the curtains on windows.
Meanwhile this company has been nothing but privacy abuses and lies to the public. If it isn't broken up by law, it will be interesting to see what the people do.
It is worrisome but a facebook could produce a lot more privacy related connections from private photos no one knows existed. I guess I was expecting that.. perhaps in the future facebook will offer this service.
I'd be way more worried if it was finding stuff like me in the background of someone else's photo in a crowded city or something like that.
Source? The US asked for his extradition and the NZ authorities raided his home, as far as I know.
I am surprised they haven't been fined out of existence yet.
In Germany not only the GDPR regulation but also the so-called "right to the own picture" applies here.This means that no one may use/sell pictures of a person without explicit consent. Therefore, photographers must also have an explicit release of the person for the respective context of use.
The article claims you could ask for deletion of your data without uploading your ID.
https://www.golem.de/news/gesichtserkennung-datenschuetzer-r...
So If they have data on you, that is older than a month, and did not contacted you to inform you of it, you can file a complaint!
[1]https://github.com/LINCnil/Guide-RGPD-du-developpeur/blob/ma... (In French sorry)
edit: also France did fine Google just fine.
[1] https://en.wikipedia.org/wiki/EU_illegal_State_aid_case_agai...
YouTube is so horrible now for content creation, I don't understand how content creators are able to post anything anymore without it being smashed by the copyright automation.
tl;dr ContentID is a workaround for a broken copyright system. It's not perfect, but it's better for everyone than falling back to the default of copyright through court.
Copyright applies there too, and if you sued them for it, it's not inconceivable you might win.
The irony is that companies like Facebook, Twitter, etc are really bothered when another business scrapes profiles to mine data uploaded to those sites.
I wouldn't be surprised to find out that one of these companies gets sued by them for "stealing" content they host and violating the licenses for user content they grant themselves via their ToS.
Imagine the story when people find out this or another company started skimming the porn sites with facial recognition, starts gaining access to surveillance footage from Nest or Ring, or maybe even gets access to state and federal DOT cameras and real time feeds from body cameras!
Facial recognition is going to need some regulation, ASAP.
https://www.engadget.com/2020-03-04-banjo-ai-utah-law-enforc...
> The agreement gives the company real-time access to state traffic cameras, CCTV and public safety cameras, 911 emergency systems, location data for state-owned vehicles and more. In exchange, Banjo promises to alert law enforcement to "anomalies," aka crimes, but the arrangement raises all kinds of red flags.
> Banjo relies on info scraped from social media, satellite imaging data and the real-time info from law enforcement. Banjo claims its "Live Time Intelligence" AI can identify crimes -- everything from kidnappings to shootings and "opioid events" -- as they happen.
"What does a Clearview profile contain? Up until recently, it would have been almost impossible to find out. Companies like Clearview were not required to share their data, and could easily build massive databases of personal information in secret.
Thanks to two landmark pieces of legislation, though, that is changing. In 2018, the European Union began enforcing the General Data Protection Regulation (GDPR). And on January 1, 2020, an equivalent piece of legislation, the California Consumer Privacy Act (CCPA), went into effect in my home state.
Both GDPR and CCPA give consumers unprecedented access to the personal data that companies like Clearview gather about them. If a consumer submits a valid request, companies are required to provide their data to them. The penalties for noncompliance stretch into the tens of millions of dollars. Several other U.S. states are considering similar legislation, and a federal privacy law is expected in the next five years."
About suing them if they would break copyrights: not sure about the US, but in Germany it wouldn't be that easy to actually sue them for such a high sum. You could argue that the company makes money by offering the search service, but there must be evidence that Clearview made that specific sum just with your photo(s), which is very unlikely.
Just one of those pictures would be enough for a lawsuit.
Of course, if someone were to sue, they would be heavily pushed to settle out of court. I suspect there's a lot more legal activity going on about things like this, but everyone that starts to make some noise is quickly silenced with a lump sum and a binding contract to shut up about it. If they don't, they're threatened with spending the next 5-10 years in court. Because if there's anything corporate lawyers are good at, it's stalling and making sure the suing party, especially if it's a random consumer, spends years and hundreds of thousands in court fees.
What we need is more rich people suing businesses. Or a massive public defense fund supporting the average joe's case.
But right now it's in the rich people's interests to support shady businesses, and if they don't they'll be offered massive financial incentives on the golf course.
I find it extremely surprising that they would be responding to GDPR subject access requests, given that they appear to be ignoring the rest of it.
HTML Templates; When you think you need a good website for promoting your service or good then you will need to research for picking good HTML Templates, but if you the lucky person then it’s for you, just because we will help you to take a good HTML Templates for your dream website.
https://www.electronthemes.com/html-templates/
#30TopHTMLtemplate #TopHtmlTemplate #BestHtmlTemplate #TopFreeHtmlTemplate #BestFreeHtmlTemplate
Personal data may soon become the same as a credit score. No data, high risk.
"We detected suspicious blah blah blah"
https://mastodon.cloud/@TheAdmin/103880990266428449
https://mastodon.cloud/@dredmorbius/103882090290877356
> And remember that once you receive your data, you have the option to demand that Clearview delete it or amend it if you’d like them to do so.
I mean it's implicitly known that anything you post on the internet is public property, but legally that is not the case. Portrait law (at least in my country). You can't just take someone's portrait and use it for your own gains.
Couldn't this same argument be made for Google reverse image search? Reverse image search someone's face and you're likely to get links to places that photo is located; potentially including links to different photos of their face, as well.
They're likely mirroring local copies of the photos as well when they show you the link (in case a link later 404s or changes), but so is Google reverse image search, I believe.
If your position is that both things are wrong, that's fine, but would Google then basically have to remove the entire feature? Or prevent searches for any photo containing any faces?