
Facebook’s New Captcha Test: 'Upload a Clear Photo of Your Face' - artsandsci
https://www.wired.com/story/facebooks-new-captcha-test-upload-a-clear-photo-of-your-face/
======
clamprecht
Last paragraph of the article:

"The new authentication scheme is the second in recent weeks that relies on
photos. Earlier this month, Facebook asked users to upload nude photos to
Facebook Messenger, as part of an effort to prevent revenge porn. Facebook
said it would use the nude photos to create a digital fingerprint against
which to compare future posts."

Wait what? I had to check whether today was April 1st.

~~~
danso
There was a thread about this on HN -- too lazy to look it up now or repeat
some of the longer comments about it. But going into this assuming that FB has
no ill-intentions, FB's proposal seems by far the best solution in a world of
ugly and terrible solutions.

For starters, it's intended for victims of revenge porn, which is a fairly
extreme category and one in which the harassment is distinctively aggressive
and virulent. Because if it weren't, the way FB deals with abusive content
generally would seem to be good enough. If you come into this thinking that FB
is asking everyone to upload their nudes for "safekeeping", then you've missed
the point.

Secondly, it's hard to think of an implementation that wouldn't create a
potential disaster that justifies doing anything special for revenge porn
victims. Using the Facebook app is the most secure channel for sending FB the
photos because it is a secure app that all FB users know how to use. Having
the user hash on their own requires either an external app or website.

I don't think it needs to be said how such ancillary applications can be
spoofed. Even if only 0.5% of users are dumb enough to fall for these spoofs,
each incident would be a complete fucking disaster, for the victims and for
Facebook.

As for the prospect of FB owning people's nudes. Again, in the case of revenge
porn victims, the horse is already far from the barn. If we assign the worst
of motives to FB, that it's a way to secretly collect nudes from users. Again,
horse, barn. This secret process would be less efficient by magnitudes
compared to what FB can already do today.

~~~
cracell
FB has a no porn policy so wtf do you have verify you are you to get a revenge
porn picture removed?

"We remove photographs of people displaying genitals or focusing in on fully
exposed buttocks. We also restrict some images of female breasts if they
include the nipple, but our intent is to allow images that are shared for
medical or health purposes. We also allow photos of women actively engaged in
breastfeeding or showing breasts with post-mastectomy scarring. We also allow
photographs of paintings, sculptures, and other art that depicts nude figures.
Restrictions on the display of sexual activity also apply to digitally created
content unless the content is posted for educational, humorous, or satirical
purposes. Explicit images of sexual intercourse are prohibited. Descriptions
of sexual acts that go into vivid detail may also be removed."
[https://www.facebook.com/communitystandards#nudity](https://www.facebook.com/communitystandards#nudity)

~~~
ncallaway
FB removes pornographic content, but it doesn't always do so proactively.

If a user shares pornographic content, it may be visible on the site for a
short period of time before the content is removed by Facebook.

The goal of the initiative Facebook was attempting to implement was to prevent
any revenge-porn photos from being shared on the website _at all_. Even for a
brief period of time.

From a user's standpoint, one hour of pornographic content available is
disturbing but not catastrophic. However, one hour of images of pornographic
content of _themselves_ being shown to their friends and family is
catastrophic.

~~~
ctack
I find the concept quite strange.

It's kind of like having the police live at your house because 'just in case'.

~~~
ncallaway
I realize this is a late reply, but I just saw this today.

I think the idea isn't that this is a "just in case" service. More like, if
someone sends you a message that they've got compromising photos of you and
will release them unless you pay $XX,XXX then you would use the service.

In the analogy, it'd be more like having the police live at your house after
having a credible threat made against your life. Which is a thing that happens

------
will_hughes
Instagram did this same bullshit to me when I signed up for an account to to
follow some photographers.

'Please provide a clear photo of yourself holding your government issued ID,
and a piece of paper with the following code handwritten on it'.

No, fuck that for a joke.

There's this growing trend of everyone wanting your photo and some ID, and
then you have no way to verify that information is being kept securely or used
for appropriate reasons.

~~~
benwilber0
This is the KYC (Know Your Customer) laws. Online-only banks like Ally and
Simple require the same thing.

In fact, every bank requires this. If you opened a bank account in-person some
years ago you may not remember but they asked you for your government-issued
ID card.

It's the same thing.

~~~
smsm42
I have opened several bank accounts online and never have been asked for photo
id. SSN and some knowledge-based auth sure, but no photos.

~~~
RickS
SSN and knowledge based auth are sometimes sufficient depending on where you
fall against the company's risk model.

KYC processes are a type of situation where it is not a good idea to
extrapolate all people's experience from one person's. The underlying
mechanisms intentionally vary from person to person.

------
cbhl
Sure, Facebook might delete your photo when they're done, but they probably
won't delete any machine learning models that they trained using it.

~~~
jesperlang
wording like this is really tricky (intentionally so!), it exploits our naive
notion of digital information as files. One aspect is the machine learning you
mention but basically they can also create a new "file" from your image with
metadata about your image. Metadata rich enough to render the original image
unnecessary. There is no way out of this relatiohship with FB, however they
formulate words to comfort you, there is always a different unexpected side to
what they are saying..

~~~
halflings
The more data they keep about these images that they are promising to delete,
the more they would make themselves liable to be sued for privacy violation
(especially in the EU).

It is a blurred line, but one that most rational companies (=not Uber) would
prefer to avoid in the first place by only storing data that is necessary for
their main functionality.

~~~
goialoq
What is Facebook's "main functionality"?

~~~
andrei_says_
Monetizing on people’s relationships and social addiction, collecting and
providing detailed data on all user activities, sentiments and connections,
selling sets of such data to ...?

~~~
kfrzcode
Advertisers. If you've ever bought an ad on facebook and see you can pick your
target audience by which types of food they shop for or their income range
from 10k increments alongside thousands of other filters.... fuck man they
have a helluva ad platform

------
bsaul
I used to think richard stallman was just a paranoid lunatic... Well, the more
time goes by, the more i think he was just 100% right. It's time to be much
much more careful and radical with the path technology is taking us.

It's time we all invest a bit of our time to provide real open and benevolent
alternatives to facebook, google, amazon, and all the rest, because they're
steering internet toward an orwelian nightmare.

~~~
Santosh83
Network effects. You and me care. Sadly the vast majority around us bow
unquestioningly to demands made by powerful groups like their govt or huge
mega-corps. People seem to think these power-centres will always be benevolent
and flawless... which history shows is a big mistake to assume.

~~~
bsaul
I wouldn’t put a democratic government on the same level of danger than profit
driven mega corps. I’m pro free market, but some corps have reach state-level
impact on people lives, and they remain without any kind of overview.

I also don’t want state-run web sites to try to provide alternatives to Google
( like europe tried to do 10 years ago), so i think the foundation model is
the perfect structure for that. Economically responsible, but not profit
driven.

------
oblib
I will never do this. I don't even post photos of myself on FB, or use
"Messenger" or their mobile app, so it probably wouldn't work anyway, but I
have no doubt they're looking to monetize the feature and that businesses and
governments are their target markets.

~~~
Harkins
They still have your face from scanning your friends' photos and contacts.
Combine datestamp, location, messages, and posts over years and Facebook knows
who was together for a photo whether or not you've uploaded any or been
tagged. Facebook knows the face of everyone who is on Facebook or who knows a
few people who are.

~~~
staplers
I can pull a fingerprint off the subway stair rails but that doesn't mean I
can identify who it is. We anonymously reveal ourselves everyday but the
danger comes from confirming which data is ours. The goal is to make it
difficult not impossible.

~~~
sandworm101
They don't need you to confirm it. This isn't a criminal case. They just need
to be reasonably confident. Your face is in a picture with four other people.
They can see that phones belonging to four people, who regularly chat with
each other, were all at the same location at the time the photo was taken.
They are now reasonably confident that your face is one of those four. Do that
five or six times and their robots will know your face. Whether you confirm it
or not doesn't really matter.

~~~
staplers

      They can see that phones belonging to four people, who regularly chat with each other, were all at the same location at the time the photo was taken.
    

How would they "see" your phone without the facebook app installed?

~~~
sandworm101
They buy/rent that data from google or any of a thousand other companies that
might have access to your phone's location.

------
Waterluvian
I should write a blog post about this, but to those thinking about deleting
Facebook,

My experience deleting it 5 years ago is summarized as: my friend count went
way down, my friend quality went way up.

Your results may vary, but the purpose of my comment is not to immediately be
worried that Facebook is a mandatory lifeline for your social life.

~~~
reaperducer
A few years ago I walked away from Facebook. Three months later, I got a phone
call from my mother (who's not online) because she heard through the grapevine
that I was dead. My stupid Facebook "friends" took my silence for something
sinister and jumped to conclusions.

I ended up returning to Facebook and purging my "friend" list down to just a
dozen actual friends.

~~~
didhshz
Really? Wow.

I always wondered what my Facebook acquaintances thought when I left.

I figured they didn’t care Id left to give it much thought or that I was being
a prick and had deleted them.

~~~
jventura
Most of my facebook "friends" didn't even noticed I've quit some months ago.
For those that ask, I say that it consumed too much battery..

------
tobyhinloopen
[https://petapixel.com/2017/11/07/ai-creates-photo-
realistic-...](https://petapixel.com/2017/11/07/ai-creates-photo-realistic-
faces-people-dont-exist/)

Tadaa. Another pointless privacy invasion that only affects the fair and
honest.

~~~
pierrec
Hmm, this wouldn't help you defeat the system at all, unless I'm missing
something. What you need is a model to generate photos of _your_ face.

~~~
Balgair
FB is most likely trying to ward off spammers with this idea. Generating
unique faces per spam-bot is easy now, for sophisticated spammers, then for
every spammer in a few months. The poster is trying to say that this FB effort
won't work well and is already only adversely affecting the most stupid and
trusting.

~~~
pierrec
Good point, I was only considering the case where FB uses this technique to
verify an existing user's identity using facial recognition (which seems like
a "logical" use case).

I missed the part where they said they might use it for account creation as
well (which makes less sense and seems like a pretty baroque, intrusive and
ineffective captcha).

------
alde
>"Please upload a photo of yourself that clearly shows your face. We’ll check
it and then permanently delete it from our servers."

>"To determine if the account is authentic, Facebook looks at whether the
photo is unique."

The two statements are a bit contradictory. They might delete the photo but
they won't delete its signature/fingerprint, because they need the later to
check for uniqueness of other accounts.

~~~
eternalban
Count your blessings. They could have additionally asked for a picture that
"clearly shows your genitals".

Anywho, once the 'revenge porn' crowd starts hacking around this by chopping
the said head from the said images, the central servers of FB are sure to ask
for pics of genitals.

~~~
thomastjeffery
> Count your blessings.

No.

Facebook is not the Almighty God.

------
mvdwoord
I uploaded a cropped/mirrored picture of Jack Nicholson in the Shining. After
48 hours the account was working again, no idea what happens in that process.

~~~
mirimir
Well, it's rather disappointing that they didn't catch something as simple as
that ;)

It's already nontrivial to create fake Facebook accounts. For those serious
about it, who already deal with IPs and mobile numbers, I can't imagine that
creating novel photorealistic faces would be all that problematic.

~~~
thomas_howland
Not that surprising; can you recognize random Bollywood stars?

------
lousken
Facebook already locked me out of my account asking for it and since I'll
never send it I guess I can finally stop using it... thanks facebook

------
nxsynonym
Is anyone concerned enough with their facebook profile security to want to be
verified on this level?

why not a normal 2fa? it seems like there is a hidden agenda behind collecting
and analyzing users facial characteristics.

~~~
slig
Knowing fb, this is for their benefit, not the users i.e, they're trying to
catch spammers and fake accounts, not see if you're the one accessing your own
account or not.

~~~
mtgx
I fear it's much more insidious than that. Facebook has a tendency to start
doing some invasive stuff and then announce it to the world only 5 years
later.

They probably plan to use your facial profile for a number of things, none of
which have to do with authenticating you to the Facebook website. I even see
them sharing the profiles with the DHS to build more accurate facial
recognition at airports, and other stuff like that. But of course they
wouldn't admit it now, because it would mean everyone refusing to use it from
day one.

No wonder Facebook's attempt at getting people to give them their credit cards
to enable ecommerce on the platform has been such an utter failure. The most
popular searches on Google on this issue are whether or not you can trust
Facebook with your credit card data.

That's happening for a reason - Facebook has _consistently_ tried to build a
reputation of "shady-as-fuck" company throughout the years, and it's going to
pay the price for it, either through stuff like people rejecting its ecommerce
platforms, which means fewer billion-dollar monetization opportunities for
Facebook in the long-term, or simply stopping using it when they get tired of
the company's practices.

~~~
Chaebixi
> I fear it's much more insidious than that. Facebook has a tendency to start
> doing some invasive stuff and then announce it to the world only 5 years
> later.

> They probably plan to use your facial profile for a number of things, none
> of which have to do with authenticating you to the Facebook website. I even
> see them sharing the profiles with the DHS to build more accurate facial
> recognition at airports, and other stuff like that. But of course they
> wouldn't admit it now, because it would mean everyone refusing to use it
> from day one.

This validates my little project of uploading a ton of stock photos to my
Facebook account and tagging myself in them.

~~~
DesiLurker
make something automatable with browser plugin on github .. that does sounds
interesting.

------
ameister14
They say they will permanently delete it off of their servers, but the
numerous cases where they lied about deleting account information doesn't
exactly engender a feeling of trust.

~~~
Balgair
A friend does HW for Seagate servers and has talked a bit about the 'math' of
servers. The reality is the FB may or may not delete the pics, no matter what
they think they really did. With the amount of servers they utilize, one is
failing about every second, permanently erasing all the data on it. Yes, back-
up servers, and copies of the data. Still, a lot of data is getting trashed
every second. So, they may be trying to weasel these pics, but do not trust
that they are smart enough to get around the hard facts of server decay. If
they are being honest, then there is still no way to determine if some back-up
somewhere actually is storing the data, despite their best efforts. The code
stack for something like FB is so huge, there really is no way of knowing
where a piece of data is or isn't. Kafka would be beaming at it's absurdity.

In addition, they also have a lot of 'fresh' servers out there, spinning about
for months, not being written to, as some algorithm works it's way around
using the fresh servers. These also fail, having never been used. Seagate does
not mind when companies like FB do this nonsense.

------
vonuebelgarten
Question: is Wired actively blocking archive.is? I tried to archive this
article just to get a repeated "Network error" [1] which may be a sign of a
Layer 3 block. A trivial search [2] shows no page is successfully archived
since the end of September.

[1] [https://archive.is/eU7Yn](https://archive.is/eU7Yn)

[2] [https://archive.is/www.wired.com](https://archive.is/www.wired.com)

------
Tharkun
I was recently locked out of my FB account. The only way to unlock it was to
identify my friends' pictures. Apparently sending me an e-mail was too much
trouble ...

Haven't been able to log in since, as I refuse to partake in that sort of
bullshit. Can't say I miss it.

~~~
pishpash
What do you have against identifying friends' profile images, of all things?
Facebook already has them.

~~~
cowpig
If one of my friends identified me in a photo to facebook, I would not be
happy about it.

I generally ask everyone who knows me not to upload photos I'm in to facebook
at all beyond what's already there.

~~~
jsemrau
Exactly, the point it validates and updates the current status of friendship
you have. Further it informs facebook who are the people you really know
opposite to your "facebook friends" .

------
djohnston
I mean you need to pick your poison here. You either give facebook more data
to validate your authenticity or you allow botnets to influence the social
networks. It seems impossible to have it both ways, although I'm willing to
hear alternatives in the general case.

~~~
hnarn
Authenticity validation could be _completely_ external from Facebook, and if
they gave a shit about your privacy they would not only be OK with it but even
push for it.

Many countries already have crypto-secure solutions for verifying their
identity when submitting things like tax forms. Facebook just needs to start
using them, but they won't, and it's obvious why.

~~~
bhhaskin
No. This is the absolute wrong direction and would likely help push for a
Government Internet ID. This would complete destroy online anonymity.

~~~
hnarn
The US isn't the world. "Government Internet IDs" already exist, and there is
nothing inherent in them existing that eliminates online anonymity, it just
removes it on Facebook (which is exactly the point).

~~~
bhhaskin
Imagine having to use your government ID to even connect to the internet.
Having all your data logged and cataloged to your ID. At one point in time
that is what the US government wanted to do. It starts by normalizing the
action. Not a world I want to live in.

~~~
hnarn
You're completely de-railing the discussion and trying to respond to this
nonsense in any constructive way would only de-rail it further. No amount of
strawmen and US-centric "the government wants to enslave us all" propaganda
will make me think that the now existing, well working digital ID systems
available in the world (not the US) are the work of the illuminati, should be
abolished, and/or will be surgically inserted into my brain in the near
future.

I made a point that there are already ways for Facebook, in certain countries,
to verify the identity of their users, if they so please; and that Facebook
will never use these because they'd rather control the system of verification
themselves (prioritizing profit, not privacy and integrity of users). They
could use the systems already in place and say "you know what, the state of
Estonia is telling us this guy is who he says he is, we'll accept that". What
you're doing is arguing against government-backed digital identification in
any broad definition of the term, and you can have that opinion but it's off
topic.

------
garblegarble
If it can't be fooled by a picture found online (but not uploaded to facebook)
then that must mean facebook is indexing images across the internet and
analysing all the faces they find... and if it can, what's the point (edit:
from a user point of view)?

~~~
1337biz
To have the world's best biometric registry that is constantly updated and
optimized by it's users.

~~~
garblegarble
Yes, I should have been more accurate in my original post - what's the point
for the user :-)

~~~
jlgaddis
This doesn't exist to benefit the user. This exists solely to benefit
Facebook.

------
hota_mazi
I find their claim that the picture will be deleted from their servers at odds
with their claim that they will make sure that photo is unique.

I suspect that what they're not saying is that they will keep some
signature/hash/data about the photo, which I'm sure they will use for much
more than just verifying uniqueness.

~~~
rdiddly
Yep, that's in the article. They say they'll hash it and delete it (the
photo). They don't claim they'll delete the hash. Having the hash is enough to
check for uniqueness. Although it's sort of an over-strict definition of
uniqueness. Example: I change one pixel → That produces a drastically
different hash → That makes the almost-identical photo seem unique.

I'd be surprised if they weren't extracting other info from the photo or
training ML models on it as others suggest here.

~~~
jstanley
> I change one pixel → That produces a drastically different hash

If they're hashing the raw bytes, sure. If they're hashing a representation of
the face that encodes meaning (like the relative locations of facial
features), then changing one pixel is unlikely to affect that.

~~~
rdiddly
Indeed - lots of things could be concealed in that phrase "the photos are
hashed!"

------
quotha
This is literally the name of the company

------
WhoBeI
Are they allowed to sell the "fingerprint" packaged with your name to
advertising agencies? If so it should only be a matter of time before those
Minority Report inspired advertising screens start popping up everywhere..

The advertisers can always protect that system with some DRM to get the mighty
DMCA on their side. That way they don't need to build a robust solution and
can still wipe their hands clean if they loose it all to a 12 year old script
kiddie.

------
YeGoblynQueenne
>> “Please upload a photo of yourself that clearly shows your face. We’ll
check it and then permanently delete it from our servers.”

>> To determine if the account is authentic, Facebook looks at whether the
photo is unique.

I assume this means that the photo itself is deleted but a one-way hash of it
created to test against later.

However, if I change one pixel of a picture of my face, A, to produce a new
picture of my face, A', the hash of A' will not be the same as the hash of A,
correct? And I can repeat this process n x m times, where n, m the dimension
of the image, ja?

Additionally- when they say "unique", do they mean "known as unique" to
Facebook, or "unique in the entire world"? If I take a picture of myself and
put it on, dunno, my blog on Blogger, what's stopping someone copying it and
uploading it to Facebook to pretend it's me? Will Facebook search the entire
web for images potentially matching an uploaded image?

For the record, I don't use Facebook. And there are no pictures of myself
anywhere on the internets. As if.

~~~
oh_sigh
Hashes don't necessarily work on the raw bit representation of something. You
can have a hash which works on higher level constructs, which for images one
solution would be called a perceptual hash.

~~~
thisacctforreal
I thought the accepted term for this was "fingerprint" not "hash".

~~~
oh_sigh
Hashes produce fingerprints(including perceptual hashes). Most people are
talking about cryptographic hash functions when talking about 'hashing' but
that is just one type.

There is a wikipedia page for 'perceptual hashing' as well as a number of
libraries available which claim to do perceptual hashing, so it may just come
down to what kind of crowd you roll with :)

------
bartkmq
I'm sure the biometric data harvested from these pictures won't be abused by
three letters agencies.

~~~
GCU-Empiricist
You forgot your /s

------
reaperducer
Straw, meet camel's back.

I'll give up Facebook before I give up that level of privacy.

------
bogomipz
>"The company declined to share details to prevent the system from being
manipulated. Suspicious activity might include someone who consistently posts
from New York and then starts posting from Russia."

So in others words people who travel or go on vacation?

~~~
ihsw2
Numerous systems that scrutinize IP-based geolocation information already
throw up additional security checks when detecting changes.

Personally I welcome it, especially when banks do it. It's low-hanging fruit
TBH. It massively fucks with those using VPN or Tor but I'm fine with that.

~~~
bogomipz
Except that FB isn't a bank and doesn't store one's financial data.

Also this argument falls flat as we are an increasingly mobile population
whether that be travel for pleasure or business.

I remember watching in amusement/horror as a friend I was traveling with in
Thailand wasn't able to access her Facebook account unless she verified via
her phone that she was actually attempting to log into her account from
Thailand. It's like you're supposed to check in with Facebook and let them
know where you are. So creepy.

~~~
kinkrtyavimoodh
What sort of ridiculous nitpicking is this? First, FB does have a Payments
feature, so if you are being pedantic, it does deal with one's financial
world.

Second, for a lot of people, their FB profile has a lot of confidential
information, and is tied to their personal identity so they can't have the
risk of it being compromised based on leaked passwords or whatever. It may not
matter for you, but I am happy that they are safeguarding my account just the
way a bank would.

~~~
bogomipz
There's nothing nitpicky in anything I wrote. FB is not a bank. And it can not
be used as someone's financial institution.

>"Second, for a lot of people, their FB profile has a lot of confidential
information, and is tied to their personal identity so they can't have the
risk of it being compromised based on leaked passwords or whatever."

Who puts "confidential information" on FB?

FB is based on the premise of voluntarily sharing" information. If people are
willing to share information on a social networking site it can't really be
considered "confidential" or even "sensitive" to you can it?

Also FB is not one's identity, despite what FB would like you to believe that
it is.

------
gruez
feels like this could be easily bypassed with something like this
[https://www.theverge.com/2017/10/30/16569402/ai-generate-
fak...](https://www.theverge.com/2017/10/30/16569402/ai-generate-fake-faces-
celebs-nvidia-gan)

------
tudorconstantin
All that spammers have to do now is to upload other people's photos first.

Imagine the surprise we'll have when we'll find out our accounts were cloned.

------
PadThai89
What do you think Facebook could do here, that wouldn't violate privacy, to
verify that you are who you claimed to be?

------
eveningcoffee
This is outrageous invasion of privacy. Facebook must die.

------
quadrangle
I have to say: as much as I probably agree with every critic of this… The damn
thing is called FACEbook, so it would almost be wrong for them _not_ to do
this!

(I don't know a mark for whatever this is, it's not sarcasm or irony,
something about tragic comedy fate…)

------
mikgan
AirBnB does this today, had to go through the process a few weeks ago to
create an account to book a room! And of course the process failed,.. and of
course we thought we were going to miss out on our room booking,.. and of
course I now really dislike airBnB

------
vsc
Sorry, I don't understand, but wouldn't someone ( suspicious ) also have a
photo of yours if they have the access to your account. They could easily
upload that photo and pass the captcha test .. Or am I missing something?

~~~
cJ0th
If I understand it correctly they would have to provide a photo with your face
that FB hasn't seen before. Still rather easy to obtain for the determined.

------
rayshan
Facial verification, together with cell phone number, which requires an ID to
purchase, has been the standard practice for internet companies in China for a
while now, e.g. for WeChat, Alipay, etc.

------
bprasanna
Applies to most of the biggies: Since i am a behemoth of tech, give me all
your personal info and surrender yourself. I will tell you what you should
see, eat, buy, think & whom you should be-friend! In return your everyday
personal data is my asset, my asset only! Its up to me how i use your personal
data. NO QUESTION SHOULD BE ASKED! Remember you have signed the agreement
(Privacy Policy)!

------
tinus_hn
Just upload a picture of one of the millions of people that haven’t cleared
this hurdle yet and the problem is on somebody else’s plate.

------
y04nn
Ok, but would it work against generative network generated faces? cf.
[https://towardsdatascience.com/implementing-a-generative-
adv...](https://towardsdatascience.com/implementing-a-generative-adversarial-
network-gan-dcgan-to-draw-human-faces-8291616904a)

------
dv_dt
So right around we when start exploring the dumpster fire of of SSNs and
personal data collection with Equifax and the entire credit reporting /
financial industry, a new form of personal data collection as well as mixing
up identification and authorization arises ... (I blame Apple too...)

------
banderman
Uber does this for their drivers to confirm it's the registered person driving
the vehicle.

------
wruza
Apart from possible biometrics collection, it is Facebook that now decides how
do you behave and what to grant you for your behavior. Like Santa for adults.

Maybe it’s time to open your eyes and see that there is no Santa since 1984?

------
ArlenBales
This isn't very future-proof. Computer graphics today can produce human faces
that are extremely realistic. Someone will make a random-face generator, and a
bot will pipe random faces to Facebook.

------
caf
You would think that for captcha purposes (ie. a unique, quickly produced,
creative item) it would suffice to say "draw a picture of a dog" (or "upload a
clear photo of your hand").

------
tobyhinloopen
I want to create a library for generating photos of computer-generated faces

------
skytreader
> The process is automated, including identifying suspicious activity and
> checking the photo. ... The Facebook spokesperson said the photo test is one
> of several methods, both automated and manual, used to detect suspicious
> activity.

So I don't get if this "captcha" process is automated or manual (...or both)?
Somewhere else in the article it says that users are apparently locked out of
their accounts until the pic is verified. Seems odd that there should be a
lock-out period if the process is automated (as the first sentence of the
above quote implies).

ALSO, for a captcha, isn't this dead easy for bots? Get a DeepDream/Generative
Adversarial Network instance to generate faces for you. Bam. This is not a
barrier.

~~~
intopieces
Couple things.

1.) The face verification is automatic. It is among other processes that are
automatic and some other processes that are manual.

2.) Lock out periods are to prevent repeated attempts.

3.) The face has to match the face of the account, so generating a new face
won’t work.

~~~
skytreader
Where was it specified that lock-outs are to prevent repeated attempts? It is
a plausible reason but the premise of my question (and confusion as to whether
this process is automatic or not) stems from:

> ...users are locked out of their accounts _while the photo is being
> verified_. A message said, “You Can’t Log In Right Now. We’ll get in touch
> with you _after we’ve reviewed your photo_. You’ll now be logged out of
> Facebook as a security precaution.”

Emphasis mine.

"after we've reviewed your photo" \--> FB can autotag people as pictures are
uploaded. Surely they can verify face similarity instantly?

------
abiox
i signed up with facebook (with a unique email), and encountered this. i used
a picture (a painting, rather) of george washington.

it seemed to work at first, but when i tried logging in a month or two later
my account was disabled. perhaps i wasn't the only person using that image and
they were displeased.

------
Shinchy
This is a classic example of technical staff not thinking about what a user
would do.

------
hackbinary
No. Like Nancy Reagan said, "just say no."

Your likeness is your data.

------
jrochkind1
Like it's hard to get a bunch of photos of real faces?

------
pleasecalllater
The next level would probably be: provide your SSN.

~~~
659087
Experian probably already shared that with them.

------
elchief
Ah biometrics, the password you can't change

------
dba7dba
Eject eject eject

Abandon ship.

Or abandon Facebook. .

------
jacobush
I read at first “China’s New Captcha Test”.

------
jamiethompson
Because if you were accessing someone else's Facebook account you wouldn't
have access to a whole bunch of photos of their face would you.

------
NiklasMort
maybe this is how skynet starts

~~~
thg
Skynet is entertainment. A real ASI will be much more proficient at removing
threats.

Both nanobots and a genetically engineered super virus, for example, would be
very well suited to extinguish humanity in a timeframe that makes resistance /
retaliation impossible.

Now if I as a dumb human can come up with that, just imagine what a being
incredibly smarter than anything we could imagine could come up with.

------
spayu61
That’s not a captcha, that’s used when you’re locked out of your account and
they need to verify if it’s you. Like when they ask for your ID card.

I assume this only happens if you’ve uploaded pictures of yourself in the
past, so they can compare them.

~~~
_jal
Uh, the article disagrees.

> In a statement to WIRED, a Facebook spokesperson said the photo test is
> intended to “help us catch suspicious activity at various points of
> interaction on the site, including creating an account, sending Friend
> requests, setting up ads payments, and creating or editing ads.”

They're basically training people to provide PII/biometrics on-demand as the
price of using their service.

------
Partyone
Its good to have better security features.

------
cooervo

      big brother zuckerberg

~~~
vinchuco
Zuck: People just submitted it.

Zuck: I don't know why.

Zuck: They "trust me"

Zuck: Dumb fucks.

[https://news.ycombinator.com/item?id=1349934](https://news.ycombinator.com/item?id=1349934)

------
intopieces
This doesn’t seem too weird considering the service is called “face” book, and
the point is to upload photos of your face. They have been using facial
recognition for years now, this is a natural extension of that.

I am not a user, but I see the value. It’s creepy as hell, yes, but I see the
value.

