U of T researchers developing tool to jam facial recognition software

While your selfie might get lots of “likes” on social media, companies and perhaps fraudsters might “like” your face even more, because they can profit from it. Now, a Toronto researcher has found a way for internet users to opt out.

This digital privacy filter may be able to protect your identity when applied to a photo

Joey Bose knows facial recognition software is everywhere and expects to have an app available next year that can jam it. (Michael Cole/CBC)

While your selfie might get lots of "likes" on social media, companies and perhaps even fraudsters may like your face even more — because they can profit from it.

But a University of Toronto researcher has found a way for internet users to opt out by very slightly distorting images, and he's working on an app that will help them do just that.

"When you publicly make available photos of your face, you want the power to control who can actually use that," said Joey Bose, the masters student who developed the algorithm.

You can use AI to detect stuff, but you can use AI to break stuff as well.- Joey Bose, University of Toronto

"Facial recognition technology is booming right now, especially in Asian markets like China," Bose, a student in engineering and computer engineering who also works in artificial intelligence, told CBC Toronto.

It's how Facebook recognizes who's in your photo, it's how the funny filters on Snapchat digitally adhere to your face and catch other faces in the periphery.
Chinese police are sporting high-tech sunglasses that can spot suspects in a crowded train station, the newest use of facial recognition that has drawn concerns among human rights groups. (AFP/Getty Images)

"You don't have to go through [transit] security sometimes because of a CCTV camera that automatically detects your face and automatically charges your phone as you enter the subway," he said.

Keeping your selfie for yourself

What he has accomplished in the labs at U of T is a way to distort your image just enough so that the distortion isn't visible to the naked eye, but is enough to stymie the facial recognition software.
The photo of CBC Toronto reporter Ali Chiasson on the left has the privacy filter applied to it. The distortions created by Bose's algorithm are visible in the rendering on the right. (Ali Chiasson/Joey Bose)
"You can use AI to detect stuff but you can use AI to break stuff as well," said Bose about how he used "anti-face detection" software to distort pixels in images to throw off the detection software.
A display shows a facial recognition system used by law enforcement in the United States. (SAUL LOEB/AFP/Getty Images)

"It's almost like a game," he said. "The [anti-face detection] software actually gets stronger as it tries to fool the detector."

Eventually, Bose says this algorithm can be installed on people's phones as an app.
An example of facial recognition technology on a drone camera. (Submitted by Raman Paranjape)

If you take a photo of yourself and upload it through the app, a filter will be applied that slightly distorts the pixels just enough to fool the site you upload it on, protecting you from targeted advertising and identity theft.  

But it will also protect your photo from image-based searches, emotion and ethnicity estimation — all information that can be harvested automatically from your one photo. 

The future in face

Bose and his fellow U of T researchers aren't done yet. They figure they're still about a year away from putting out an app that can jam all facial recognition software. 

So far, they have been successful at cracking one form of software used by some companies, but they haven't yet been able to fool the software used by social media sites like Instagram or Facebook. 

As Bose explains it, those companies are known to use multiple facial recognition algorithms to extract all they can from your selfie.

"This is the first time anybody's been able to break these detectors in any way, that's a real milestone" he said. 

"If your end goal is to beat every single face detector, you have to fool at least one."