April 22, 2016

You can’t replace your face, says face recognition

Advice Privacy Security Technology Tips

Unless you are from Russia, you probably haven’t heard of a service, that analyzes an image of a person and finds their account in VK.com social network. It’s called FindFace. It was introduced in February 2016, but has recently become quite popular; thanks to the impressive photo project, published by the St.Petersburg photographer Egor Tsvetkov. We’ve recently mentioned this project in a blog post.

You can't replace your face, says face recognition

The Kaspersky Daily editorial team decided to check out the service to see how it works and what types of portraits it recognizes and what it does not. We wanted to know if it’s possible to find out a detailed biography of a complete stranger with the help of one accidental photo, the Internet and some modern technology.

The conclusions are alarming: it’s actually possible. During the research we also made several interesting discoveries; for example, one of our colleagues suddenly found out that his digital identity was stolen.

So what’s FindFace and how does it work?

FindFace is a service that can search for VK.com accounts on the base of a portrait photo of a person. 30 search attempts are free, then you’ll have to pay.

The service has mobile apps for iOS and Android , complimented by a website version. Applications come with limited functionality and several flaws in work, but they have one valuable advantage: users can take a photo and immediately use it to search with FindFace.

The app shows profile photos of the potential matches. You can click on each photo to look through all public images on the user’s account. Just look at Egor Tsvetkov’s work in the ‘Your Face is Big Data’ project to see how easy it is to find a complete stranger.

The Web service is more convenient as it lets you immediately jump to your target’s VK.com account. To search for a person using the website you’ll have to perform several additional steps like copying photos to your hard drive first and then uploading them to the FindFace.ru.

If you upload “ideal” photos, that were taken when your target was posing, everything works just great. The program has successfully found 9 of 10 test “victims” in the office.

If you take photos of strangers on the streets or in the subway sneakily, accuracy decreases two or even three times. And if you upload images taken from a long distance, the service often becomes unable to find a human in the photo. Still, if you zoom or crop the image, FindFace will work again.

In the daylight it’s not hard to take a photo of a pedestrian with an average smartphone that would be good enough for Findface. In the subway you’ll need to use tripod or a good camera.

What did we find out

If you don’t want to be detected literally by any stranger with a phone, there are several things that you can do.

1. The service searches photos uploaded to your VK.com profile, not the whole account. This includes your current profile picture and all the previous ones. The social network keeps these photos in the ‘My profile photos’ album. It’s noteworthy that you can’t hide this album — it always stays public. The only thing you can do is to delete old profile images: the less photos you have in that album, the harder it is for the app to recognize you.

Tip: delete old photos. Store only the latest picture in this album to save yourself from face recognition tyranny.

2. It’s possible to hinder facial recognition by wearing hoodies or turning your head away from the camera or at an unusual angle. Making funny faces is also an option, with some exceptions. Eyeglasses with solid rings work just perfect, unless you have a photo with the same eyeglasses in your profile (or with the same funny face).

3. Many volunteers, who took part in the experiment, did not know that they had so many public photos. Yes, they’ve checked privacy options in ‘Settings’ but it was not enough as VK lets you limit access to albums only (and then only not all of them), not certain photos in particular.

findface test

Tip: ask anybody you know and trust to unfriend you (and befriend again after the test), explore your account and check what’s visible and what’s not. Then move photos from public albums to private if required.

4. FindFace works absolutely legally: it doesn’t cache data to show any information, hidden by the social media settings. When we removed all photos from VK.com, the service became unable to find us during the second search. Still it’s very possible that in future a new service could appear, which would behave more badly: for example, it could store the data from other popular social networks like Facebook or Instagram. So it’s better to check twice the security settings for other social media accounts beforehand.

5. FindFace describes itself as a dating service. For example, you see an attractive person, take a photo and browse through their account — ok, now you’ve to a topic to make a pass. In fact, this service can let you make a lot of more useful — and strange — things.

Just remember a story recently revealed by ABC news: surveillance camera took a video of burglars, robbing a house. If this happened in Russian-speaking countries there would be a 99% chance that criminals would have an account on VK.com. One could use the service to find the culprits.

On the other hand, many people in social media use fake names for privacy concerns, but publish real photos. They think that Internet is too huge and nobody will find them by a photo. Well, they sure will do if they want to. For example, employers like to check candidate’s pages on social networks before an job interview.

How our employee found out that his digital identity was stolen

Some people just don’t publish any photos in social networks. At all. For example, one of our employees operates in this manner. Yet, FindFace found him.

The thing is that somebody called “Vitek Tizinksilov” copied his photo from the gallery of another user, which was published in a different social network, and decided to use it as his profile picture.

When we’ve tried searching Google Images for the very same photo, we’ve found that this image was used as a profile pic on yet another social network as well, called Fotostrana (which can be translated as Photo Country). It was not a sweet discovery at all.

So if you don’t upload anything online it doesn’t mean that you’re invisible: your friends might do it instead of you. If they post your portrait or even a group photo with you — nobody can predict the future of this image.

Tip: Before VK.com locks API used by this app to work you can check if you have any clones on the social media.

Disclaimer: we have removed the data about people whose photos were taken during the experiment without their permission to publish them.