alt Hacker NewsHow much do I need to change my face to avoid facial recognition?
Comments
"Hum," a new novel by Helen Phillips, addresses this question precisely.
The premise: A woman who's not well off financially after losing her job signs up for a study in which an advanced robot surgically alters her face ever so minimally so as to use her as a test case for the company's state-of-the-art/bleeding edge (sorry) facial recognition software.
She signed up because having become unemployed with no prospect of future employment, her husband's job as a gig-handyman which is mostly pest control and pays terribly, and two young children, she fears being evicted from their apartment.
The study offers a huge payment in advance, enough for their family to live in comfort for 10 months without any other income source.
One problem soon becomes apparent: in altering her appearance ever so slightly, her family and everyone she knows are taken aback: she look just like she used to, but somehow not quite: the study is intended to see how surveillance video handles faces in the uncanny valley — by creating them.
NO — I have not ruined the book if you're thinking about reading it: my introduction above happens early on, following which the story explodes in unexpected, compelling directions.
This book is beautifully written: it's sci-fi, the sixth book by a highly regarded and awarded novelist.
Read the first 19 pages (of 244) here: https://www.amazon.com/Hum-Novel-Helen-Phillips/dp/166800883...
Their conclusion reminds me of this lady in China, Lao Rongzhi, who was a serial killer along with her lover, Fa Ziying [0]. They both went around the country extorting and killing people, and, while Fa was arrested in 1999 via a police standoff, Lao was on the run for two decades, having had plastic surgery to change her face enough that most humans wouldn't have recognized her.
But in those two decades, the state of facial recognition software had rapidly increased and she was recognized by a camera at a mall and matched to a national database of known criminals. At first police thought it were an error but after taking DNA evidence, it was confirmed to be the same person, and she was summarily executed.
In this day and age, I don't think anyone can truly hide from facial recognition.
If what you’re trying to do is to publish prepared images of yourself, that won’t be facially recognized as you, then the answer is “not very much at all actually” — see https://sandlab.cs.uchicago.edu/fawkes/. Adversarially prepared images can still look entirely like you, with all the facial-recognition-busting data being encoded at an almost-steganographic level vs our regular human perception.
“Asking our governments to create laws to protect us is much easier than…”
A bit naive that, it’s too late since data is already mostly available and it just takes a different government to make this protection obsolete.
That’s why we Germans/Europeans have tried to fight data collections and for protections for so long and quite hard (and probably have one of the most sophisticated policies and regulations in place) but over time it just becomes an impossibility to keep data collections as low as possible (first small exceptions for in itself very valid reasons, then more and more participants and normalization until there is no protection left…)
I've often wondered what would happen if I wandered around with a bright IR led flashing on my lapel at about 30 or 60 Hz and sufficiently invisible to human eyes yet low wavelength enough to get into most CMOS chips and dazzle the camera.
I think this on shopping trips routinely. I don't like being surveiled and even though I have nothing to hide (I've never shoplifted in my life!) I hate the persuasive nature of it all. I don't even mind being followed by a human that much, but I do mind algorithmic analysis that is far more effective, scary, and invasive. Sadly I think the answer to this experiment would be being asked to leave or an uncomfortable chat with a policeman. Nevertheless I silently would like someone braver than me to try it. You're allowed to wear a light on your clothes -- why not make it an IR one?
How much do I need to change my face to avoid facial recognition?
Taboo opinions inspired by W.O.P.R. Avoid playing the game:
- Stay clear of areas with cameras when possible. Revenue impacting.
- Do Zoom or Jitsi calls with businesses and associates when you can.
- Become self sufficient. Stop spending money when it is not required and have healthy groceries delivered to you. Reduce tax revenue.
- Work from home if your company permits it. Go mostly off grid.
- Hire someone to run errands for you when they can not be avoided. Pay cash to a neighbors kid to run into town.
I know none of this will be popular with anyone but I am that guy.
Not a bad piece, all told, though the general practical advice hasn't really changed in the decade-plus since I last touched the stuff: stop looking up (in general), keep as much of your face obscured as practical, try mixing up patterns to make it difficult for algorithms to match you over time, know where cameras are and how to avoid them, and if you do have to enter a known surveillance area, exit it as quickly and discreetly as possible - and adjust outfits between surveillance areas if you're particularly paranoid.
That said, let me just help dash any hopes of fooling government surveillance right now. Any competent Nation State that has an axe to grind with you specifically, already has you in their dragnet. They already have enough information to match your face in grainy analog B&W surveillance footage from an ancient grocery store camera. You're not beating those short of significant cosmetic surgery or prosthetics of some sort, and even then, if they want you badly enough then they'll just pull partial prints off something you touched and validate that way.
Always remember the first rule of security: if someone really wants something you have badly enough, there's nothing you can do to stop them. With that in mind, plan accordingly. It's why I don't go to protests myself, or otherwise engage with events where I know facial recognition tech is deployed: I'm in that data set, multiple times, with pristine reference materials, simply by virtue of past work (not including the updates via passport photos or Global Entry access). My safest bet is simply not to put myself in that position in the first place, and that's likely yours as well.
The thing about biometrics as discussed in more intelligent circles, is "compromised once compromised for all time". It's a public key or username not a password.
Fortunately that's not true of governments. Although your government may be presently compromised it is possible, via democratic processes, to get it changed back to uncompromised.
Therefore we might say, it's easier to change your government than it is to change your face. That's where you should do the work.
> If you wore sunglasses and then did something to your face (maybe wear a mask or crazy dramatic makeup) then it would be harder to detect your face, but that’s cheating on the question—that’s not changing your face, that’s just hiding it!
So sunglasses and a mask then. Who cares if it’s ‘cheating’.
You need to:
1. move the distance between your eyes from the center of your face a random amount
2. move both eyeballs up or down a random amount
This will defeat a vast majority of simple systems. However there are far more sophisticated ones that are slower and require more resolution:
1. mess your jaw line, cheek bones, nose bones, and depth your eyes sit inside your head
Finally the creme de le creme which even identical twins are as different as dogs and cats:
1. get the white of your eyes tatoo'd with new vasculature.
Remember when technology was going to liberate the common man? It turns out the tyrants are almost always in a better position to use it for tyranny.
Basically, the trend is you have human rights.
But moving anywhere at all by any means at all is a privilege. Driving is a privilege, walking is a privilege, flying is a privilege, biking is a privilege.
Of course electronic payment systems are a privilege, health care is a privilege, internet is a privilege, school is a privilege, jobs are a privilege.
CV Dazzle (2010) attempted this to counter the facial recognition methods in use at that time.
It’s trivial to also implement gait analysis to help visually identify someone if a face isn’t available. Then when you do get a glimpse of the face you can link the gait and the face identity.
At Tianfu Airport in Chengdu, there are large screens with cameras attached that recognize your face and tell you which gate to go to. Convenient but scary, like many things in China.
> I think you could not realistically change your face to fool state-of-the-art facial recognition. I think during the pandemic they changed the systems to rely heavily on the shape of people’s eyes, because so many people were wearing masks over their noses and mouths. I don’t honestly know how people could realistically change the shape of their eyes to fool these systems.
There are multiple common cosmetic surgeries that involve eye shape.
> And now your face won’t match your driver’s license or passport, so traveling will be really difficult for you. So, honestly, why bother?
My drivers license photo went un-updated for over a decade. I didn't look remotely similar to my teenage self, and not a single person cared. Excepting one airport security person who commented on how old the photo was.
Need emp charges like in metal gear. A bunch of metallic confetti fills the air while you dash past the security cameras big and small
The timing of this with respect to AI/FR being a hotly reported technology used in the search of the UnitedHealthcare Insurance CEO is kinda gross.
But such are the times.
Between not wanting to be seen and sun protection, I'm tempted to go full Burka (even though I'm not religious).
What often is fully ignored in such articles is the false positive rate.
Like e.g. where I live they tested some state of the art facial recognition system on a widely used train station and applauded themself how grate it was given that the test targets where even recognized when they wore masks and capes, hats etc.
But what was not told was that the false positive rate while percentage wise small (I think <1%) with the amount of expected non-match samples was still making it hardly usable.
E.g. one of the train stations where I live has ~250.000 people passing through it every day, even just a false positive rate of 0.1% would be 250 wrong alarms, for one train station every single day. This is for a single train station. If you scale your search to more wider area you now have way higher numbers (and lets not just look at population size but also that many people might be falsely recognized many times during a single travel).
AFIK the claimed false positive rate is often in the range of 0.01%-0.1% BUT when this system are independently tested in real world context the found false positive rate is often more like 1%-10%.
So what does that mean?
It means that if you have a fixed set of video to check (e.g. close to where a accident happened around +- idk. 2h of a incident) you can use such systems to pre-filter video and then post process the results over a duration of many hours.
But if you try find a person in a nation of >300 Million who doesn't want to be found and missed the initial time frame where you can rely on them to be close by the a known location then you will be flooded by such a amount of false positives that it becomes practically not very useful.
I mean you still can have a lucky hit.
I'm of two minds when it comes to surveillance. I don't like that businesses, airports, etc do it but it is their property. I don't like that they can run video feeds through software, either in real time or after the fact, to so easily find and track my every move. But again, its their property.
Where the line is always drawn for me, at a minimum, is what they do with the video and who has access to it.
Video should always be deleted when it is no longer reasonably needed. That timeline would be different for airports vs convenience stores, but I'd always expect the scale of days or weeks rather than months or years (or indefinitely).
Maybe more importantly, surveillance video should never be shared without a lawful warrant, including clear descriptions of the limits to what is needed and why it is requested.
I don't suppose anyone here knows the answer, but claims of matching accuracy like this make me wonder why basic touch ID so often fails and I need to delete my fingerprints and re-enroll. I always figured it was because of rock climbing tearing up my fingers and making the prints gradually different enough that they no longer match. Is it really easier to fool a fingerprint match than a face match? Or was I just wrong all along and the sensors suck? But if the sensors suck, why does deleting and re-enrolling work?
Kidding. (But maybe not?…)
It feels increasingly like the only way to avoid such facial recognition is to suddenly grow a religious conviction that your face should not be seen by strangers
This has been answered since the 80s. This much:
Can wearing realistic face masks and contact lens that changes iris color possibly fool modern face recognition software?
The face ID feature on Bryan Johnson's phone no longer recognized him after many months of his intense health regimen: https://twitter.com/bryan_johnson/status/1777789375193231778
Is the tech to do facial recognition at this accuracy available to public ?
Last time I checked there was deepface https://github.com/serengil/deepface/tree/master but it was far to work as well as that
First order approximation is 10 years’ worth of aging, or 5 years’ worth for a child under 16. These are the timelines in which you must renew your American passport photo.
Apple Face ID is always learning as well. If your brother opens your phone enough times with your passcode, it will eventually merge the two faces it recognizes
To circumvent facial recognition, wear a mask. Nearly all of the BLM rioters wore masks and very few (if any) were caught. Most of the J6 people didn't wear a mask and almost all of them were caught. Wear a simple surgical mask like was common during covid.
Whether we ultimately outlaw facial recognition or not is unimportant. Cameras and data are now so cheap that soon we will be able to track every public movement of every person in the country, making crime impossible. Once you leave your house, a street camera will see, and trace the movements of you or your car into the city and as you go about your business, with or without your face. It will follow you until you return home or check into a hotel or fall asleep in your car. Your address is public information so this isn’t a privacy violation. The current cost of storing 24 hour footage of the entire urban street area of the USA is just $100 billion annually, far less than the current total of $300 billion spent on criminal justice.
This will bring an end to crime and herald a massive revival of public trust and socialization.
The article correctly points out that the amount of information available in a controlled environment. makes it not even that same problem. If I have data on your irises and blood vessels and cranium shape, good luck evading a match if I get you where I can get the same measurements. On the street there are some hacks, like measuring gait, that can compensate for less face data, but evading a useful match that's not one of a zillion false positives is much easier.
I was traveling internationally earlier this year and I have grown a heavy beard since my passport photo was taken. None of the automated immigration checkpoints had any trouble identifying me.
I would be very surprised if every large grocery store isn't already trackin every customers movement. It would be relatively cheap to implement.
More so than the face, gait recognition is even more hard to fool. A person’s gait is as unique as a fingerprint.
Changing face doesn't matter. You will simply not be allowed to enter some area without a successful scan.
I wonder if adding stickers, tattoos, or makeup that look like eyes above or below your real eyes would do it.
I think we should push for legal frameworks that govern biometric data collection and usage
> Soon, the only real defense may be federal regulation.
That doesn't sound like much of a defense!
according to the DMV and Passport office just having bangs is enough to fool the system
> I think during the pandemic they changed the systems to rely heavily on the shape of people’s eyes, because so many people were wearing masks over their noses and mouths. I don’t honestly know how people could realistically change the shape of their eyes to fool these systems.
Eh party contacts maybe? I use those a lot.
[dead]
[dead]
I welcome such tracking and surveillance.
It is too easy to get accused of something. And you have no evidence to defend yourself. If you keep video recording of your surroundings forever, you now have evidence. AI will make searching such records practical.
There were all sorts of safe guards to make such recordings unnecessary, such as due process. But those were practically eliminated. And people no longer have basic decency!
I had a similar thought last time I was in an airport for an international flight and instead of scanning my boarding pass and looking at my passport they just let everyone walk through and as you passed the door it would tell you your seat number.
When I was in Mexico I filed a report with the airport after an employee selling timeshares was overly aggressive and grabbed my arm and try to block me from leaving. Quickly they showed me a video of my entire time with all my movements at the airport so they could pinpoint the employee.
Like the article says I think it is just a matter of time until such systems are everywhere. We are already getting normalized to it at public transportation hubs with almost 0 objections. Soon most municipalities or even private businesses will implement it and no one will care because it already happens to them at the airport, so why make a fuss about it at the grocery store or on a public sidewalk.