
Face-verify.js: Monitoring who is physically looking at a website - thetall0ne
https://blog.machinebox.io/face-verify-js-monitoring-who-is-looking-at-a-website-for-additional-security-1d6025a8fedd
======
jstanley
Please, no. This _has_ to be a parody.

> Banks don’t want private account details (like the user’s current balance
> and credit limits etc) being seen by anybody other than the account holder.

This is _exactly_ the kind of justification they'd use. And surprise surprise
there won't be a box that says "I'd rather risk somebody seeing my account
details than have a biometric model of my face stored in your database and
given to whoever you give it to".

~~~
nabeards
Do people really consider the ethics of introducing tech like this? I guess it
just comes down to a consequentialism vs deontology whether someone thinks
this is a good idea. And, obviously, if they don't do it, I guess someone else
will?

~~~
gricardo99
The great irony is that often technological innovations are believed to be
liberating and done with the motivation of improving the common lot of
humanity.

Two examples:

Social networking - Enabling more meaningful and greater connection between
people, leading to greater happiness and fulfillment? Or, fostering more
divisions, balkanization into "like" echo chambers, promulgating fear and
prejudice, leading to greater depression and mass manipulation?

Cryptocurrencies - Disintermediation! need I say more ;) All kinds of utopian
views of how this is supposed to promote freedom, security and efficiency. But
top of the wish-list for the most paranoid and repressive authoritarian tyrant
would have to be a magical way to fully control and monitor all economic
activity: A cash-less society where every single transaction is done with the
government controlled digital currency, recorded on the government controlled
blockchain.

~~~
politician
> Social networking - Enabling more meaningful and greater connection between
> people, leading to greater happiness and fulfillment?

I don't believe that this was a serious motivation for any of these companies
for a second. That might have been in the press release, but most of these
social networks were either born from Geocities-begets-Myspace incrementalism,
or "watch these idiots give away their personal data" egocentrism.

An abridged survey of recent history:

Snapchat: it'd sure be easier to sext if these pictures disappeared

Instagram: it's easier to take a pic than write something

Twitter: pivot from failing product to internal tool

Facebook: privacy invasion as a service

Myspace 2.0: maybe we can make money off napster?

Myspace: Geocities clone

Geocities: AOL clone for the World Wide Web

AOL: Prodigy clone

Prodigy: Walled garden for selling Usenet access

Napster: OK, this one was probably the only one motivated to enable more
meaningful and greater connections between people, leading to greater
happiness and fulfillment

------
nootropicat
Black Mirror predicted this in a much more realistic business case - forcing
users to view ads.

[https://www.youtube.com/watch?v=QleMXX24v5g&t=52s](https://www.youtube.com/watch?v=QleMXX24v5g&t=52s)

~~~
demircancelebi
I think that is highly unlikely. If lots of people are not okay with watching
ads, there would be economic incentives for people to create ad-free
alternatives. Even now we have lots of such alternatives. If someone is not
able to afford that alternative, it may actually be harmful to advertisers to
spend their money on showing these people ads anyway.

~~~
smallnamespace
> economic incentives for people to create ad-free alternatives

Yes, but they will have to fight a giant up-hill battle because ads exploit a
quirk of human psychology, which is that most people strongly undervalue their
own attention.

------
wgerard
There's something about software like this that really creeps me out, even
though I realize it's not ridiculously advanced (i.e. it's way more common
than I think) anymore. That might just be a personal aversion, though. I can
imagine useful scenarios for this even if I get a bit of an icky feeling from
it.

My co-founder and I have talked about things like this as an "anti-cheating"
measure (we developed a take-home assessment platform), but it always feels
way too overboard and invasive for an exaggerated problem (and I'm just
against it in pretty much every way imaginable).

Interestingly this somehow feels better than overt measures like ProctorU, but
that's an emotional reaction and not a logical one. In some ways it's probably
much worse.

~~~
danso
Some more info about ProctorU (for others who haven't heard about it):

[https://www.chronicle.com/article/Behind-the-Webcams-
Watchfu...](https://www.chronicle.com/article/Behind-the-Webcams-
Watchful/138505)

> _Rather than one proctor sitting at the head of a physical classroom and
> roaming the aisles every once in a while, remote proctors peer into a
> student 's home, seize control of her computer, and stare at her face for
> the duration of a test, reading her body language for signs of impropriety._

That article is from 2013, I wonder how much of this is now partially
automated (i.e. relying on human remote proctors)?

~~~
tekromancr
Online proctoring is actually a really busy space in edtech. There are
numerous companies with products deployed that are fully automated. They
record videos of students taking the tests through a webcam, then send the
analysis back to the instructors highlighting which videos are worth watching.

~~~
gruez
I never got the point of that. You can use a hdmi/dvi splitter to allow your
accomplice to see your screen, and you can use your monitor's PIP function to
allow your accomplice to send messages to you. both of which are totally
undetectable to the student's computer.

~~~
briandear
It’s security theater.

------
xori
Am I the only one who doesn't quite understand the point?

I would assume you wouldn't _only_ use this tech to secure information. But I
don't see really how this adds any security when software cams exist.

Plus you have other issues, like people like me who work in low light, or
picture frames in the shot, etc.

Cool hobby project though.

~~~
AbacusAvenger
Yeah, this whole thing seems a bit silly. You can't trust the webcam to be
real or even functional.

And even if you could trust the entire website-to-webcam path end-to-end, you
can't trust the image the hardware is reading. There's a reason that other
face recognition systems like Windows Hello require that you have an IR
camera, so that it knows it's not just looking at a photograph of a person.

------
bbarn
So what stops me from creating a device that registers itself as a webcam
natively, but just puts a loop of a pre-recorded video that satisfies the face
recognition software?

Stop trying to find solutions to problems that aren't real.

~~~
Mayzie
i.e. what people were doing on ChatRoulette for a long time (and probably
still are).

------
exabrial
If you can be prosecuted for storing someone's diagnostic medical images
improperly under HIPAA law, this seems like a VERY risky thing for a company
to implement.

------
danjoc
Coursera required face verification recently. Once I found out, I had my
course fee refunded and have not signed up for another course.

~~~
exabrial
The policy might have been changed? An article I just read says: "taking a
photo via webcam, uploading a photo of a picture id issued by the government,
and making a record of their typing pattern."

------
txsh
Do people realy think identities are stolen by criminals peaking over
shoulders?

And, if so, couldn’t they use a camera, or mirror, or periscope to bypass this
software?

~~~
gruez
or looking at the screen outside the camera's fov, which shouldn't be hard to
do considering IPS have up to 178 degrees viewing angle.

~~~
unit91
For real, good grief. Telescopic lenses and office windows also exist.

~~~
epicide
Alright, it might be time to finally jump on getting a privacy filter.

------
cocochanel
No! No! No! How much more intrusive do we need to get seriously? This is a
naive solution to the problem stated. And a bad one at it, too.

------
nitwit005
> Banks don’t want private account details (like the user’s current balance
> and credit limits etc) being seen by anybody other than the account holder.

Unless it's an in-person interaction, a face has little security value,
because it's not a secret. Getting a photo, or even full motion video of
someone often just requires finding their Instagram page.

------
jageen
How much secure this will be ?

My concern is what if some one show my digital photo to the website, will
framework detect it ?

Apple said that they over come this by using true depth technology (which i
guess required specific hardware).

I like the idea thought, but there is a big reason people did not implemented
this before.

------
thetall0ne
I think this is really about having powerful machine learning tools like face
recognition, image recognition, content personalization and recommendation
etc. in the browser.

------
cmaureir
Technologically speaking: Yeah, that's a nice feature. Real world: This will
be awful, I really don't want any DB to have a photo of me associated with
transaction or authentification. Yes, I do have profile pictures, but allowing
a service to get a "stream" of your face will be way worse, and I cannot
imagine what would happen if this DB get compromised...anyway...still a nice
Black Mirror episode though..

~~~
cjmoran
"We noticed that you've looked away from your screen. Please continue watching
the advertisement in order to continue!"

"Eye roll detected. Would you like to send feedback to this ad partner?"

~~~
Deestan
"Thanks for watching! Please help keeping this channel alive and do not look
away during the ads. Bye!"

------
ycmjason
What happens if I do inspect elements and remove styling? :D

------
tzahola
We _obviously_ need to make this tech mandatory. You wouldn’t want your
children looking at harmful websites, would you?

------
desireco42
I see we will soon stop putting stickers on camera holes, but will use
screwdrivers to pry them out and remove them. :)

------
no1youknowz
I can see from a privacy standpoint, this may cause some concern.

However, from a credit card processor point of view and combating "friendly
fraud". This could be an excellent tool to prevent that.

For example. The scenario where a transaction has been processed and 6 weeks
later, it is disputed because the card holder doesn't recognise the
transaction. Perhaps the wife used the husbands card whilst he was in the
shower, for [insert candy crush clone].

A capture of the users face would definitely help the merchant win the
representment against Visa/Mastercard.

In a scenario where goods are being shipped cross-border. Lets say from China
to the US and it's for a large amount. Then this could be an extra step, where
the data hasn't passed a certain threshold and thus further information is
required. Having a real-time snapshot and validation to prove the card holder
is legitimate. Ensures the transaction goes through.

Ultimately, I do understand it's about weighing privacy concerns. But that
doesn't mean some good can't come out from this.

~~~
jstanley
No. I'm not having a photo of my face and the inside of my home associated
with every online purchase. That's ludicrous.

~~~
no1youknowz
I agree. From a consumer point of view, you are welcome to take that position.

However, my comment was purely from a credit card processor, acquirer or even
bank.

At the end of the day, if something like this was introduced. You are free to
not comply, pay with an alternative method or shop elsewhere.

~~~
wu-ikkyu
>You are free to not comply, pay with an alternative method or shop elsewhere

You are increasingly _not_ free to choose an alternative, given the increasing
centralization of the "too big to fail" finance and tech industries.

