
Facebook sued for storing biometric data mined from photographs - huntermeyer
http://www.cnet.com/news/facebooks-newest-privacy-problem-faceprint-data/
======
mosquito242
I had the strangest interaction with the Messenger app a few months ago.

I was spending time with friends, and I took a few pictures of all of us
(didn't send them through either FB or Messenger). A few hours later,
messenger popped up a notification telling me something along the lines of
"Hey, I see you took pictures today of <friend>. Want to send them to her?"

Made me feel incredibly creeped out that FB would take my photos and
(presumably upload and) analyze them even when I hadn't given them to FB.

~~~
onewaystreet
It's called Photo Magic:

"By recognizing your Facebook friends in the photos you take (just like when
tagging or sharing photos on Facebook), Messenger can create a group thread
for you to share the photos with those friends in just two taps."

[https://newsroom.fb.com/news/2015/12/messenger-adds-new-
feat...](https://newsroom.fb.com/news/2015/12/messenger-adds-new-features-for-
sharing-during-the-holidays/)

[http://www.theverge.com/2015/11/9/9696760/facebook-
messenger...](http://www.theverge.com/2015/11/9/9696760/facebook-messenger-
photo-sharing-face-recognition)

You can opt-out by turning off tagging suggestions:
[https://www.facebook.com/settings?tab=timeline&section=sugge...](https://www.facebook.com/settings?tab=timeline&section=suggestions&view)

~~~
chinathrow
That should be opt-in. What a fucked up feature.

Edit: I don't give any of my friends consent to use that feature - yet the
would still scan my face. How can this even be legal.

~~~
toomuchtodo
Lax data privacy laws in the US (compared to Europe).

Lobby your congressperson to fix it.

~~~
plainOldText
You don't need to take it to the congress; just stop using the services of a
company whose practices you don't agree with. If more people would do this,
maybe the company will get the message and change its practices.

~~~
takeda
This information is too valuable to dissuade companies from collecting and
using it. You can't do much as an user if everyone is doing it. In many
situations you might not even know that you're being tracked, there already
technologies that track you in public places.

IMO this is something that should be regulated.

------
TazeTSchnitzel
Facial recognition is really scary. This was recently demonstrated for
Russia's Facebook, VKontakte, when a service appeared that let you look up
people on that site by photo. So people started looking up the profiles of
random subway passengers, outing sex workers to their families and friends,
etc.

~~~
rvense
I really don't like having my picture taken anymore. You don't where it's
going to end up.

I also do wonder how much infrastructure would need to be added in a country
that already has a lot of video surveillance (like the UK) to implement a
"find this person" feature, where you could just feed it a photo and it would
go looking at all camera feeds.

~~~
saturncoleus
Getting your picture taken kind of puts you on the defensive, but that
probably isn't going away. You have to be able to go outside, go to the bank,
go to work, and go to the grocery store. Each of those places are going to
have cameras up for their own peace of mind.

The alternative would be to not go out and enjoy life, which is the worse of
the two options.

~~~
Jill_the_Pill
There is always niqab.

~~~
dsfuoi
Maybe we are the primitive ones.

~~~
kardos
What?

~~~
dsfuoi
In terms of sociologic development the middle-eastern countries are considered
backwards with their stone-age laws, ingrained religion, and treating women
like lesser beings, and yet we may soon be wearing 'burka' like clothing to
protects our identity. Of course apart from the physical look, there is no
connection between the two.

~~~
Natanael_L
There's at least a few options.

[https://cvdazzle.com/](https://cvdazzle.com/)

~~~
sudojudo
Now this is my type of dystopian future; those are very cool, like something
straight out of Bladerunner. Fashion with a function, all that's missing is a
clear raincoat.

------
Esau
"Facebook hoped to get the case thrown out on the grounds that its user
agreement states any disputes should be governed solely by California law".

What about those people whose biometric data is being stored but don't have
accounts of Facebook?

~~~
amelius
Let me just guess ... probably the people who uploaded that data are liable
for it.

------
gcr
To be clear: the article claims that Facebook can recognize anyone just by
seeing them. They haven't demonstrated this ability.

It's far easier to judge who's in your picture among your 20 closest friends
than it is to find that face among all two billion Facebook users.

State of the art recognition systems still have a few orders of magnitude of
accuracy improvements to go before they can solve that problem.

See the Iarpa Janus project for some recent government+academic-sponsored work
on this front:
[http://www.nist.gov/itl/iad/ig/facechallenges.cfm](http://www.nist.gov/itl/iad/ig/facechallenges.cfm)
The task is to recognize terrorists in airport surveillance pictures and such.

~~~
Chronic51
Using only facial recognition cannot identify a person in the world. However,
combined with one or two GPS points (photo geotags), you can get pretty damn
close.

------
gcr
If you don't want your face to be recognized, you can sometimes prevent it
from being detected in the first place.

Our research group recently looked into how to hide from Facebook's face
detector. If you're uploading photos, adding white bars around the eyes of the
subjects in the photo is the best way to prevent Facebook from finding the
face. However, if you're out and about in the real world, even scarves and
masks aren't enough--facebook sometimes finds these occluded faces too. There
aren't very many easy answers.
[https://arxiv.org/abs/1602.04504](https://arxiv.org/abs/1602.04504)

~~~
sudojudo
Years ago, I read about a hat that some Hollywood stars had found useful for
fighting paparazzi. Mind you, I don't recall the source, and it my have been
tabloid nonsense.

The hat had a circle of IR LEDs (or something of the sort) emitting 360
degrees of invisible-to-the-naked-eye light. Photos of anyone wearing the hat
had a similar effect to using a flash in a mirror, the subject was completely
washed out by light.

Again, I'm not sure if this was bogus or not, but it seems the demand for such
a product is only going to become greater. Hell, I'd buy one.

Does anyone with expertise in this area know if this type of device is
technically possible? I'm voting no, otherwise we'd be seeing these devices
everywhere, and there would be laws against wearing them.

~~~
nalllar
Most cameras have an IR filter so that won't work.

In the past, phone cameras often didn't have an IR filter.

~~~
Natanael_L
Near-red IR is hard to filter without also accidentally making red colors look
off, because getting the frequency response perfectly match human eyes is
extremely hard. You don't want to detect less, and detecting just a bit more
usually won't hurt.

------
superobserver
Not merely will it store biometric data, if you happen to use their Messenger
to share photos, those photos will remain stored on their servers even after
you've deleted the associated conversation. Facebook's disregard for privacy
and content control for its users is the biggest problem with its platform by
far. And with its latest profit reports, it's bound to get worse.

~~~
vvanders
Yup, people laughed when photographers started moving off FB to other
platforms that had a better perspective towards photo rights.

Won't use FB for a lot of what's already been mentioned in the thread.

------
AndrewKemendo
I think technologists need to help the public understand how if they are going
to continue to fully integrate technology in assisting with their lives, they
will be moving closer to a "privacy free" future.

The trade-off between having tailored services and "smart" systems is privacy
from machine systems.

The technology community pines for futuristic technology like amazing machine
personal assistants, forgetting that human personal assistants (see:
professional executive secretaries) know basically everything about the person
they are assisting.

~~~
Normal_gaussian
In the case of the human personal assistant the governing terms originate with
the person being assisted, and so the data and the ways it can be used remain
in control of the owner.

Tech companies are inverting this control, which has very dangerous
implications for those they assist.

There are ways to keep control with the user, however these require a level of
architecture inversion the consumers haven't fought for yet.

~~~
AndrewKemendo
_In the case of the human personal assistant the governing terms originate
with the person being assisted, and so the data and the ways it can be used
remain in control of the owner._

Well, the data and ways it can be used are also in control of the user now,
they just all agree to it - even without knowing it in many cases. My question
is: how do we talk to consumers to show them the benefits while also informing
them of how it works?

 _There are ways to keep control with the user, however these require a level
of architecture inversion the consumers haven 't fought for yet._

I'd be curious to know how you see this working - especially in the case of
providing a benefit from network effects. The benefit from these systems is
using the inputs of other people, and those by definition release control.

Beyond that case, making each user train their own CNN is an impossible
consumer demand. The way facebook does it with face tagging and google does it
with number/letter recognition, everyone is training the CNN - crowd-sourced
neural net training.

~~~
Normal_gaussian
You seem to be arguing as though the current situation is preferable and
consumers just need to be convinced of that.

Firstly, the user is not in control of the contract. They have no realistic
means of modification or exerting pressure, nor resisting or requiring
changes. Take it or leave it is not control.

Secondly. You are likely aware of the permissions systems being introduced on
modern smartphones. This is an interesting step towards inverting the control
of the device back towards the user.

Similar steps can be made in other areas. CNN training is certainly a
different action to usage, and has different privacy implications, so they
should obtain permissions independently.

Note how these systems are not permission forever, but permission for now.
Handling this sort of data access is a pain, but it isn't actually hard.

~~~
AndrewKemendo
_You seem to be arguing as though the current situation is preferable and
consumers just need to be convinced of that._

My whole stance is that it's unknown if it's preferable because people don't
know what the long term costs are - as no one has told them about it.

Clearly they are gaining value from utilizing these systems or they wouldn't
be using them. What isn't understood is if they would still use them if they
understood the potential long range privacy implications.

 _Firstly, the user is not in control of the contract. They have no realistic
means of modification or exerting pressure, nor resisting or requiring
changes. Take it or leave it is not control._

In the case of private services, it most certainly is control. Irrespective of
that however, these systems aren't basic services or things that people have a
right to, so your control argument is in the wrong context. Facebook et al.
are frivolities - not needs.

------
KhalilK
I attended a talk by Stallman last year and he implored anyone who took a
picture of him not to post it on Facebook. Now I can see why.

~~~
cpeterso
Staying off Facebook is not enough. Facebook could easily write a web crawler
to find off-site photos of people tagged on Facebook. They could even create
shadow accounts to track tagged people who don't have Facebook accounts. Even
people _not_ tagged could have shadow accounts seeded from Wikipedia or news
photos.

~~~
dcacaac
Writing web crawlers and astroturfing to get all that data is hard. Facebook
would more likely just buy that data straight from the source, since most
other tech companies are similarly unscrupulous and happy to sell.

------
FreedomToCreate
Facebook was great when it was a way to connect with close friends and people
in your immediate community (ex. university) and see what to happening around
you. Now thats it trying to evolve into this platform that targets you so that
it can make an insane amount of ad revenue, it has become less and less worth
it. Especially in respect to our privacy.

~~~
Mendenhall
I feel that was always the plan and people just didnt see it coming.

~~~
Kristine1975
"They trust me. Dumb fucks." \-- Mark Zuckerberg
([http://www.businessinsider.com/well-these-new-zuckerberg-
ims...](http://www.businessinsider.com/well-these-new-zuckerberg-ims-wont-
help-facebooks-privacy-problems-2010-5?IR=T))

~~~
Mendenhall
Thank you for posting that, I have never read that before, it does seem to
give a glimpse of the problems I see with FB.

------
visarga
Maybe photos should carry a "robots.txt"-like permissions tag explicitly
banning social networks from using it, and a cryptographic watermark embedded
in the picture that is hard to remove, so they are not tempted to delete the
tag.Cameras (and apps) should auto-tag files if the user so wishes.

~~~
bradbeattie
[https://en.wikipedia.org/wiki/Analog_hole](https://en.wikipedia.org/wiki/Analog_hole)

~~~
visarga
I was thinking along the lines of a "Do not track" flag that is to be
voluntarily observed by large social networks like, FB. It would be a "Do Not
Share" flag.

~~~
bradbeattie
I hear you, but I think enforcing compliance would be impossible not
dissimilar to the "Evil bit".

------
powera
Humans have evolved for millions of years on the expectation that other people
will recognize our faces. I'm sure we'll come up with a better solution than
"file lawsuits to hopefully make computers recognizing our faces illegal".

------
crisisactor
To be honest, most of these are surface level traits of an individual. There
are deeper traits which go much more personal, and have even been touched on
in popular culture in recent times, like in the new James Bond movie (think
gait recognition). But even gait, although highly individual, is still
touching the surface. I was thinking of 'trimming the bloom filter' to such a
degree that we can recognize not only a person on sight, but by cue words, and
individual dictionaries alone.

It is no secret that our world is divided by language alone, so then as
analysts we can attach certain words to certain behaviors, and this has been
proven countless times to expose a person. If I speak English I probably
respond in the same way to 'pizza'. Pizza means food, and therefore pizza
emotes a pleasure response. But 'bomb' and other words must decide a different
response then?

Marketers have copped this early on and frequently use talismanic phrases to
elicit positive responses to products, so why not Facebook, and any other tech
harvester of data such as Google, et al? Last time I checked it is not a crime
to elicit responses using personal, and individualized key-phrases.

~~~
matt4077
Which reminds me of the researcher at Berlin's Humboldt University who ended
up in jail because he was the only one at the time who used the word
'gentrification'.

Him, and this left-wing group setting cars on fire.

~~~
Kristine1975
I think you mean Andrej Holm:
[https://de.wikipedia.org/wiki/Andrej_Holm](https://de.wikipedia.org/wiki/Andrej_Holm)
(no article on him in the english Wikipedia, sorry).

------
fiatjaf
Stop fighting it, just stop using it.

~~~
Natanael_L
[http://www.makeuseof.com/tag/facebook-shadow-profiles-you-
pr...](http://www.makeuseof.com/tag/facebook-shadow-profiles-you-probably-
have-one-too-weekly-facebook-tips/)

~~~
fiatjaf
Oops.

------
breatheoften
Photos permission access is too granular on iOS -- they should add a third
access state for photos that grants an app permission to "write new photos to
photo album, but prevents an app from scraping the photos library" ... Or
maybe that should be the behavior of the current permission grant ...

------
huevosabio
Assuming that the concentration and mining of huge personal datasets is
inevitable, can we design systems (other than law) that prevent these data to
be misused?

------
Mendenhall
One of the exact reasons I never used the data mining center known as
facebook, creepy. The things You can do with such data is legion.

------
Jill_the_Pill
Can you obfuscate your "faceprint" by tagging a few other people as you?

~~~
sudojudo
You'd have to be pretty vigilant, and it would require others to do the same.
There'd have to be an equal, or greater, amount of photos tagged as another
person. Who is this other person, anyhow? Where's their account? All data says
it's Jill_the_Pill, so she must use pseudo-names. Flag her account for further
investigation.

It's best to just stay off of Facebook if you care at all about privacy. At
least, that's the underlying message that I get from this, and every other
story I read about the site.

~~~
kardos
> It's best to just stay off of Facebook if you care at all about privacy

Anyone who cares about privacy already does not use facebook. It's the fact
that facebook still gets your photos/info that is the problem. It's a
difficult problem to solve. Simply avoiding facebook sadly does not cut it.

