How To Prevent Face Recognition System From Decrypting Your Network Photos

2021-01-28   |   by CusiGO

Anonymity is not easy in the 21st century. It’s not that our lives are portrayed on our social networks, or that companies like Clearview in the United States collect billions of photos of citizens from all over the world to develop and provide facial recognition services. “What companies like this do is sift through a lot of images from social media and create a huge database of photos for everyone. “Your LinkedIn profile, your Facebook profile,” explains Micah Goldblum, a machine learning researcher at the University of Maryland To prevent our photos from eventually appearing in these crowded galleries, we have two options: either not uploading them to the Internet or making them unrecognizable.

Lowkey chooses the second option. The dual goal of this tool to modify images is that the characters in the images can still be recognized by human eyes, but they are not recognized by face recognition systems. Once processed on this platform, the recognition accuracy of these images will be reduced to less than 1%. The application was made by a research team composed of gorbloom and Valeria cerepanova, Tom Goldstein, Duan Shiyuan, John Dixon, Gavin Taylor and Harrison Foley.

Lowkey technology uses so-called malicious attacks, which is characterized by finding a way to cheat machine learning system. In research, these systems are often used to build a cat and mouse game, in which the progress of one model promotes the improvement of another model, but it has little practical significance for any citizen. “A lot of work in this area has focused on issues of interest to researchers,” Goldblum said Lowkey, by contrast, is already ubiquitous on a website that allows you to upload original images, adjust attack strength, and download poisoned versions.

How did you do it? The tool redraws the appearance of the photo from the perspective of the machine. “These neural networks turn your face into a series of numbers that describe your characteristics,” Goldblum said This conversion from face to number is unreadable to us: it doesn’t represent the width of the nose or the color of the hair. This is a manifestation of the computer way of thinking, so in order to cheat the system, we don’t need make-up or wig, but modify it to produce different digital sequences.

“It’s always possible to modify images successfully,” Goldstein stressed Lowkey’s real challenge is that, in the eyes of the human eye, the modified image still has an acceptable similarity to the original image. ” In some cases, we achieved the goal with very little interference, but in other cases, the change was very big, “the expert acknowledged.

Black box

Complex face recognition systems like Amazon rekognition or Microsoft azure face recognition API have been tested by lowkey, but they are not accessible to the public because they are the private property of the companies that develop them. This forces researchers to develop their countermeasures to attack based on the information available in the latest personal identification tools. This is also the reason for the variability of the results, but the team continues to work to improve this part. ” So far, lowkey has been able to handle a single photo and make less visible changes with smaller, low resolution images, “says Valeria cherepanova.

Can we expect your system to continue to run, and these companies modify their facial recognition systems? Goldblum explained that a happy result of blindly designing lowkey is that its effect is quite common: “although they become more complex, neural networks also become more vulnerable to deception. If they don’t specifically defend lowkey, But as recognition systems become more sophisticated, I don’t see any reason to believe that they will become less vulnerable to deception. ”

In addition to providing the public with an easy-to-use tool to protect their photos, lowkey also aims to raise awareness of the vulnerability of content uploaded to the Internet. If we use this tool, we will stifle new content, but we cannot save the information that has been collected from previous images. ” Many people don’t have good practices in social media and privacy. They just upload a lot of their photos in different places. So they provide a lot of information that can be used to identify them, “Goldstein explained. In this regard, a more secure way is to maximize the number of photos we use: if we have three accounts on different platforms, then use the same account on all three platforms. ” The best thing we can get from lowkey is a better understanding of the problem and how to use personal information. “