
Facebook is now scanning your photos to make sure you send them to your friends - Sami_Lehtinen
https://finance.yahoo.com/news/facebook-now-scanning-cameras-photos-222321479.html
======
lemming
_If it still sounds a little creepy to have Facebook looking through all your
photos, especially as you take them, you are basically left with two options:
You can turn off the send-to-your-friend notifications, and you can turn off
Facebook 's facial recognition feature._

Or, you know, ditch Facebook, since this is far from the total extent of their
creepiness.

~~~
meddlepal
It's not really practical to do that. You're basically asking people to give
up email or their phone at this point. That's how wired into Facebook most
people are.

~~~
existencebox
I normally don't post in the social network threads; but I've seen this
argument enough times that I have a bunch of questions I'm legitimately
curious about, since I'm clearly not the target audience: (For context, I
tried facebook in college, found myself hating a lot of aspects about it
despite heavy use, cut myself off by the end of college and have been "clean"
for a good few years now.)

1\. Why is facebook required? (to get right to the point) I know MANY of my
friends use facebook but I still find it quite easy to keep in touch with them
over email/gchat/texting/in person.

2\. Are many people you know actually going exclusively to facebook as their
sole communication method? This hasn't meshed with my experience, but I'm in a
very limited population strata. As a followup, do these people find any
difficulties when connecting with non-facebookers, since I know plenty of
those?

3\. Is it a conscious calculation for you/most people you know? e.g. is there
even a thought of "Am I happy with the tradeoffs at hand to use this" or is it
just the accepted dogma at this point. I don't mean to demean the group by
suggesting that, I've certainly watched myself do the same in hindsight to
other things (video games), but I do wonder if it's at least being considered.

~~~
Silfen
In my personal experience, the biggest wedge is in planning events. With the
caveat that this probably only applies strongly to people currently in their
mid-twenties:

For a lot of social circles, facebook is the only service that almost everyone
will regularly check and that lets you coordinate events. My friends who don't
use facebook will regularly miss (or not get invited to) parties, book club,
skiing trips, etc. This isn't because no one likes them or thinks to invite
them, it's because they opted out of the platform.

The other big point of stickiness that I can think of is that facebook is many
people's cloud. Years of photos are backed up there and only there. It's
unfortunate that they've relinquished control of their files to a closed-
platform third party, but that's the way it is.

~~~
yock
> My friends who don't use facebook will regularly miss (or not get invited
> to) parties, book club, skiing trips, etc. This isn't because no one likes
> them or thinks to invite them...

Clearly it is, unless you make a conscious decision for every gathering to
only include people via Facebook. Does no one ever stop and think "Hey, Jake
is pretty cool but he doesn't use Facebook. Maybe someone should call him?"
I'd guess that no one thinks like this, and that his omission comes from
simply not thinking to invite people who aren't on Facebook.

I'd love it if you could explain that I'm wrong and that you are making this
conscious decision to exclude them. The justification for this would be even
more interesting.

~~~
JamesBarney
This doesn't happen when you're throwing a get-together of 5-10 close friends.

It's more frequent for me with parties of 100+ invites.

The way I accidentally don't invite people is

1\. I setup Facebook event.

2\. I scroll through a list of my friends on Facebook.

3\. As I scroll through I invite any friends I think would have a good time at
the party and are in town.

4\. Never realize I didn't to invite Jake.

5\. During or day after party I wonder why Jake didn't come. Then remember
that he doesn't have Facebook

I don't think most people sit down and try to remember every person they know.
Then create a list of people to invite and then use Facebook to invite them. I
think they go through Facebook and invite the ones they recognize similar to
the way I do it. It's also hard to keep track of who is, and isn't using
Facebook at any given time.

------
jasperf
Engineer on the feature here. This article is incorrect in describing how this
feature becomes enabled. It does __not __turn on if "you've ever sent your
friends a photo via Messenger." The feature only turns on if you see the
promotion and click "Try It".

~~~
davb
Could you please clarify if the face recognition is done on-device or if the
photo (or some subset of data) is uploaded to Facebook's servers in order to
analyse the photos?

Thanks.

~~~
malandrew
Yes, this is hugely important. If any photos are being uploaded without my
explicit action, I consider it a huge violation of trust.

I've disabled every permission messenger has until there is clarification
here.

~~~
gcr
The feature isn't live yet, is it?

------
mortenjorck
There's nothing wrong with this feature by itself. Nothing! The elephant in
the room here is _consent._ If the app simply popped up a little box on first
launch of the new version to the effect of "Would you like to be automatically
notified when your new pictures contain your friends?" with a little "About
privacy" link at the bottom, we wouldn't be having this conversation.

~~~
freshhawk
To get _informed_ consent you would have to communicate that this involves
every picture taken being uploaded to Facebook servers (but not posted to your
Facebook account) to be scanned for friends. Even that 'uploaded but not
posted' distinction would be difficult to convey to a lay person.

I'm not sure hiding that in an "About privacy" section would get a reasonable
level of informed consent either, very few would read it.

This is an issue that keeps coming up: useful features involve slurping a lot
of personal data in order to do the processing remotely, that distinction is
not understood by a large number of the users and explaining it fully is
determined to be bad UX ("overly technical explanation") and bad marketing
(makes the privacy implications obvious).

~~~
gcr
Are images uploaded to facebook though? Or are the face features extracted on
the device? It's one thing to upload every picture in full to FB, but it's
another to upload only a feature vector to Facebook.

What if the entire recognition pipeline happened completely on the device
without any data being sent to Facebook?

Even if you have 1,000 friends, it might not a huuge deal to download a
gallery of 1,000 models to compare to.

Of course, we can't be sure how this system works without the source.

~~~
downer70
Pffft! Yeah right!

Like you've ever met a developer who would risk the extreme likelihood of
platform incompatibilities across a disparate menagerie of hardware platforms
and mobile devices, instead of simply base64ing some images and JSONing them
into a restful webservice, where they gain explicit control of the computation
environment, and get to conveniently crawl the entire dataset in a high
availabilty data center.

As if you've ever met anyone who would trade that, in favor of re-developing
the same features 20 times for 20 different compiles, and risk the inability
to deploy those builds to unreliable nodes, across throttled mobile contract
pay-as-you-go bandwidth, to achieve a goal that doesn't align with the
company's bottom line. As if you've ever seen any company anywhere do that...
for privacy.

~~~
gcr
Most large app developers share common source code for all of their platforms,
so I don't buy your argument about platform compatability. It's the same
reason why the Facebook native app and Messenger are native apps rather than a
simple UIWebView.

I also think that uploading tons of photos is going to be very hard on the
"throttled pay-as-you-go bandwidth contracts" that you mention. It certainly
sounds much more expensive than shipping a binary patch once in a while.

You bring up privacy, so let's explore this topic a little. I disagree that
privacy inherently conflicts with a company's bottom line. Some Fortune-500
companies treat privacy as a _desirable goal_ because it _increases the
perceived value_ of their business.

As one example, let's compare to Apple's public privacy statement[1]:

    
    
        > We also refuse to add a "backdoor"
        > into any of our products because
        > that undermines the protections
        > we’ve built in. And we can’t unlock
        > your device for anyone because you
        > hold the key — your unique password.
    

See also Tim Cook's statement[2]:

    
    
        > Finally, I want to be absolutely
        > clear that we have never worked
        > with any government agency from
        > any country to create a backdoor
        > in any of our products or services.
        > We have also never allowed access
        > to our servers. And we never will.
    

Elsewhere:

    
    
        > Apple has no way to decrypt iMessage
        > and FaceTime data when it’s in transit
        > between devices. So unlike other companies’
        > messaging services, Apple doesn’t
        > scan your communications, and we
        > wouldn’t be able to comply with
        > a wiretap order even if we wanted to.
    

This is what Apple _wants you to believe_ : that they take privacy seriously
enough to _go out of their way_ to implement it. Facebook has never, ever
tried to strike that chord. With their reputation, Facebook knows the public
would never buy it.

The comparison isn't very far-fetched. Like Facebook, Apple also deals with
biometrics. Rather than face recognition, they use fingerprint recognition. Do
they upload fingerprints to Apple's servers? Or, despite your claims of
impacting the bottom line, do they do the recognition on the device? Here's
their official statement[3]:

    
    
        > This [fingerprint representation]
        > is stored in a Secure Enclave within
        > your phone’s chip, and is never
        > accessed by iOS or other apps,
        > never stored on Apple servers,
        > and never backed up to iCloud
        > or anywhere else.
    

Maybe these claims are true. Maybe they aren't. However, you must admit that
it makes _good business sense_ for Apple to make these (strong) privacy
claims. They're setting a very good precedent here -- one that I sincerely
hope Facebook chooses to follow.

If Facebook wants to win these kinds of brownie points with their customers,
maybe they could write a statement like this:

    
    
        > Facebook knows that the photos you choose not
        > to share are deeply personal to you. That's
        > why we take special steps to keep them that
        > way. If you choose not to share a photo in
        > your camera roll, it will never be sent to
        > Facebook.
    

But they can't even try to pull this off if people see encrypted blobs flying
across the wire every time they click the shutter button.

So. From a _privacy perspective_ , it makes _good business sense_ to implement
the recognition pipeline on the device. And Facebook knows they could win back
some public trust by doing that. The delicious question is: Is the trade-off
worth it? Do the costs you mention outweigh the perceived benefits I mention?
I think there were certainly developers on the Photo Magic team who _wished_
it could be this way. It might have even been a close decision. But we can
only find out for sure once Photo Magic rolls out to everyone.

1: [http://www.apple.com/privacy/approach-to-
privacy/](http://www.apple.com/privacy/approach-to-privacy/)

2: [http://www.apple.com/privacy/](http://www.apple.com/privacy/)

3: [https://support.apple.com/en-us/HT204587](https://support.apple.com/en-
us/HT204587)

~~~
downer70
Fair enough, maybe the development team for this particular component is much
larger than I'm imagining. Maybe I'm being naive about the head count at work
behind the scenes on a project like this.

It's not really good news either way though. In my mind this would have been a
smaller team, tasked with pulling the data over and then working on it to
construct recognition scores, and passing a message back to prompt the user.
This would have been a smallish team of 20 or 30, to do it quick and dirty.

For on-device processing, the project grows much more complicated, not just to
develop, but also to test and prove end-to-end. So time and human resources
are both more costly. And so too, come trade-offs. Network bandwidth, versus
device battery/procesor/memory resources.

But all of this to push the envelope and solicit the user to expose more data
to a for-profit service. Is it really something more convenient? Another
nagging reminder, to do something the user doesn't need much prompting for?

The more weight thrown behind these sorts of projects the more curious the
motives become.

------
alex_c
Is the face recognition done on the device, or on Facebook's servers? It's one
thing to give the app permission to access your photos, it's another entirely
to have it upload every single photo you take to Facebook's servers.

~~~
giancarlostoro
I don't work for Facebook or anything, but based on my own judgement I believe
they upload the pictures on to their servers to then analyze with their super
computing power, which our phones are not capable of yet, without of course
analyzing all their existing data within our phones, which I doubt they would
give an end user (probably too large of a data set). I've uninstalled the
Facebook Apps since a while back, they request for permission to do really
strange and intrusive things such as reading all of my SMS text messages, no
thanks.

~~~
plaguuuuuu
So basically, as soon as you take a photo, even if you don't intend on ever
uploading it, it gets sent to Facebook?

~~~
toomuchtodo
Well that's disturbing (but not surprising) if true (if you haven't opted in).

------
RexRollman
Am I the only one who is concerned that Facebook is going to eventually turn
into a passive surveillance system for the government? I don't think it would
be too difficult for Facebook to silently alert authorities when particular
matches occur.

~~~
us0r
Microsoft does this

~~~
gcr
Really !!

Sounds interesting. Source please?

~~~
uptown
Haven't you noticed all of Microsoft's latest "cute" apps are all face-based?

* We can guess your age from your face: [https://how-old.net/](https://how-old.net/)

* We can guess your emotion: [https://blogs.microsoft.com/next/2015/11/11/happy-sad-angry-...](https://blogs.microsoft.com/next/2015/11/11/happy-sad-angry-this-microsoft-tool-recognizes-emotions-in-pictures/)

~~~
gcr
us0r's assertion was that Microsoft reports certain recognition results to the
government.

You're replying with a list of some of Microsoft's technologies that use face
attribute estimation.

That's not what I was asking for. These are two very different things.

~~~
FungalRaincloud
I don't agree that "microsoft already does this" \- so don't take what I'm
about to say to mean that. I mean only to show a piece of technology that more
directly relates to the comments others have made.

That being said, Microsoft has developed a piece of technology called
PhotoDNA[0], which is designed with the specific purpose of identifying child
pornography. This is actively used on OneDrive and Bing, among other services
- including Facebook. It's safe to say that OneDrive does not just delete the
content if child pornography is detected - it reports to the authorities. Now,
it's hard to argue that they don't have a right to do that, as long as the
person is voluntarily using their services. That's where I draw a distinction
here: Facebook could elect to turn on PhotoDNA on photos uploaded to their new
service, and not properly educate their customers that stuff is being uploaded
automatically. This does, essentially, constitute a passive surveillance
system. Mind you, if it is used to establish that child pornography is found,
you will have a hard time convincing most people that it is overstepping what
Facebook should do. That's my concern - that this will be pushed as a "for the
children" thing, and then extended to "to cut down on crime" later, once
everyone stops caring about its existence.

That said, that's my concern. It's not necessarily what I think will happen. I
have no reason as of yet to believe that it's the next step. I do not,
however, want Facebook automatically uploading (or even scanning) my photos.

[0]
[https://en.wikipedia.org/wiki/PhotoDNA](https://en.wikipedia.org/wiki/PhotoDNA)

------
aswanson
I fucking hate this company, but I'm drawn into it's gravitational pull like
so many of us wanting to connect with long-distance family. There has to be
technological way to stop these sons of bitches. What is it?

~~~
jerf
[https://www.youtube.com/watch?v=SlKao_Pox5A](https://www.youtube.com/watch?v=SlKao_Pox5A)

Seriously. As others on the thread have pointed out, it's not as hard to live
without as you think.

Don't believe me? Well... why don't you just try it for one week? If I'm
wrong, I'm wrong. Isn't it worth a try, though?

Try a step out of the social Skinner box.

~~~
x1798DE
Yeah, all this, "I need Facebook" stuff feels foreign to me. Maybe I'm just a
sociopath who doesn't care about his extended network, but I haven't used
Facebook in years and I haven't missed it for one second of that time.

------
monochromatic
This, and other things like this, is why I uninstalled the Facebook app. The
website is slower, but functional.

~~~
ubersync
Ditto. I never installed the messenger app. I would use the facebook app for
browsing, and logged into the web app for messages. But then I realized I can
do all the stuff in one place, the web app. So I uninstalled the main app as
well.

------
miander
How does this work? If they aren't uploading the picture how are they doing
facial recognition? Surely they aren't running their highly proprietary
recognition software on users' phones. Maybe they're doing preliminary zealous
face-finding and uploading those potential matches for further processing? If
so that means that no photo you ever take on your device is private.

~~~
gcr
You could probably run recognition on a phone.

Getting it running smoothly in the background without draining the battery?
That might be a different matter. :)

------
simplexion
I am glad I have Android Marshmallow. Facebook no longer has any permissions.

~~~
AnimalMuppet
My solution is simpler. I just don't have Facebook.

~~~
scott_karana
"Simple" is in the eye of the beholder.

For some people, it's simpler to keep in touch with friends and family by
having a "least-privileges" Facebook account.

For those people, convincing every single person to also ditch Facebook would
be very complex indeed.

~~~
chatmasta
why not just use the website?

~~~
scott_karana
I meant least-privileges in a general sense. Disallow tagging of you without
approval, upload as little as you like, show as few details as you like, and
for the app, deny any permissions you're not interested in giving up the keys
to the castle for.

------
zimpenfish
And this is why "Photos" joined all the other permissions in off-land for the
Facebook app. If the mobile web version wasn't horribly janky, I'd delete the
app entirely.

~~~
lukasm
I use only mobile web version of facebook and it good enough. No notifications
and it's simple.

~~~
ubersync
That correct. I use the web app as well. It works pretty well.

------
bruceb
turnoff suggested tags on FB:
[https://www.facebook.com/settings?tab=timeline&section=sugge...](https://www.facebook.com/settings?tab=timeline&section=suggestions&view&hc_location=ufi)

------
junto
So, let's assume that processing your photos on the device is far too
processor extensive. That means that Facebook uploads every single photo you
take to Facebook's servers.

That means that every single dick photo, or vagina/boobs photo that you have
ever taken, is now with Facebook and readily available to the NSA under the
FISA or Prism programs.

Basically the NSA has the biggest amateur porn collection in the world.

------
mixmastamyk
Creepy. I'm glad I've removed the facebook app everywhere I've had it
installed, in favor of using the mobile site under safari. The mobile site can
chat too, so that limitation is also gone.

------
workitout
Doesn't Facebook own your pictures you upload? I haven't been on there in a
long time but I thought I recalled that.

~~~
azinman2
I believe not but if you read snapchats terms they can do anything they want
with your photos

------
r00fus
Wasn't clear - is this feature for Android only? Surprised, as usually FB
releases stuff on iOS first...

~~~
scott_karana
From the article:

> For Android, [it's realtime]. For iPhone users, it will scan through your
> camera roll "periodically".

------
oselhn
Another reason to root your phone or to get phone with android 6.

------
callmeed
"Magic" is a nice euphemism

