In 2020, it’s worth assuming that every status update and selfie you upload online can eventually make its way into the hands of an obscure data-mining third party, into the hands of national authorities, or both.
On the flip side, being aware of exactly how shitty these companies are has prompted a lot of folks to come up with new, creative ways to slip out of this sort of surveillance. And while some of these methods—like, say, wearing masks or loading up on face paint could theoretically keep your photos from being pilfered, you’re also left with photos that don’t look much like you at all. But now, a team from the University of Chicago has come up with a much subtler tactic that still effectively fights back against these sorts of snooping algorithms.
Called “Fawkes”—an homage to the Guy Fawkes mask that’s become somewhat synonymous with the aptly named online collective Anonymous—the Chicago team initially started working on the system at the tail end of last year as a way to thwart companies like Clearview AI that compile their face-filled databases by scraping public posts.
“It is our belief that Clearview.ai is likely only the (rather large) tip of the iceberg,” the team wrote. “If we can reduce the accuracy of these models to make them untrustworthy, or force the model’s owners to pay significant per-person costs to maintain accuracy, then we would have largely succeeded.”
See, when a facial recognition company like Clearview is trained to recognize a given person’s appearance, that recognition happens by connecting one picture of a face (ie, from a Facebook profile) to another picture of a face (ie, from a passport photo), and finding similarities between the two photos. According to the Chicago team, this doesn’t only mean finding matching facial geometry or matching hair color or matching moles, but it also means picking up on invisible relationships between the pixels that make up a computer-generated picture of that face.
By swapping out or distorting some of these pixels, the face might still be recognizable to you or me, but it would register as an entirely different person to just about every popular facial recognition algo. According to the team’s research, this “cloaking” technique managed to fool the facial recognition systems peddled by Microsoft, Amazon, and Google 100% of the time.
If you want to give this algo a whirl yourself, the good news is that the U. Chicago team has the Fawkes program freely available for download on their website. If you have a picture you want to protect from snoopers or scrapers, you can load them into Fawkes, which then jumbles those unseen pixels in about 40 seconds per photograph, according to the researchers.
You can then upload the new, secretly scrambled photo to your social media platform of choice with the knowledge that if, say, a company like Clearview comes scraping through your public photos, then this particular picture likely won’t be connected to any of your other digital details online.
Granted, the Fawkes program isn’t supposed to be a silver bullet against these companies or any others. Rather, it’s supposed to be a pain in the ass for the companies involved. “Fawkes is designed to significantly raise the costs of building and maintaining accurate models for large-scale facial recognition,” they write, pointing out that any of us would be more capable of “identifying [a] target person in equal or less time” using our own two eyes instead of using facial recognition software.
But quite frankly, any move that makes the business of face-data collection any less profitable is a win in my book.