street signs vs. faces

Posted Jul 23, 2020 1:53 UTC (Thu) by gus3 (guest, #61103)
In reply to: Image "Cloaking" for Personal Privacy by FLHerne
Parent article: Image "Cloaking" for Personal Privacy

Street signs tend to have hard image borders. Muck with any of those borders, and any algorithm using them will get knocked about.

Images of human faces are a mix of hard borders and soft shading. A proper facial-recognition system doesn't depend on these; it uses the points of the face (eyes, nostrils, lips, visible teeth, ears, visible hair-line, jaw, cheekbones, musculature) to build a face it can recognize.

The hackers and crackers already have tools against the Fawkes system. The images aren't cloaked, no matter how much you want them to be.

Remember: the enemy always has the better hand. It's your job to close the gap between the enemy's hand and yours.

street signs vs. faces

Posted Jul 23, 2020 2:17 UTC (Thu) by felixfix (subscriber, #242) [Link]

It may be more realistic to say the the enemy has the better hand against bulk data. Individuals who invest some effort in differentiating themselves from the bulk data may hide from the bulk processor. But the very fact of having differentiated themselves may also make them stand out.

street signs vs. faces

Posted Jul 23, 2020 7:08 UTC (Thu) by smurf (subscriber, #17840) [Link] (3 responses)

There are lots of mucking-with-street-signs examples out there that don't touch the borders.

Their point isn't to make the image in the manipulated photos unrecognizeable, but to make it not-your-own. The problem I see with their idea is that as soon as there are two sets of images of you out there, any adversary worth their salt will not simply replace the old parameter cloud with the new, as the Fawkes authors assume, but split them off into two sets of clouds which are both recognized as "you".

So this probably works WRT shop surveillance systems that try to find who that repeat customer is, might conceivably defend against run-of-the-mill police surveillance cameras if you can get your passport photos replaced with a Fawkes pic (more difficult as authorities start to insist on taking the pics themselves instead of you walking in with one from the photo booth), but not at all when the opponent is the NSA and their ilk.

street signs vs. faces

Posted Jul 23, 2020 8:44 UTC (Thu) by Sesse (subscriber, #53779) [Link]

All the street sign examples I've seen involve pretty heavy tampering with the signs (e.g. several measures of thick tape). Obvious enough that you could really just as well write “80” where it says “30” instead.

street signs vs. faces

Posted Jul 23, 2020 12:15 UTC (Thu) by ibukanov (subscriber, #3942) [Link]

In Norway police has been taking passport photos themselves for at least 5 years in big cities. One cannot bring own photos at all. But Norwegian embassys still ask to bring own photos both when they issues passports and visas.

street signs vs. faces

Posted Jul 23, 2020 19:31 UTC (Thu) by nilsmeyer (guest, #122604) [Link]

This can also throw a wrench in systems that scrape data from social media to build/train their facial recognition software.

street signs vs. faces

Posted Jul 23, 2020 14:13 UTC (Thu) by clump (subscriber, #27801) [Link] (2 responses)

Street signs were designed for humans to understand. This will continue to be the case for a long time. As autonomous vehicles become popular it would be a good idea to augment human-readable signs with machine-friendly identifiers. Why not add a small RF box, or some kind of id that can be scanned by machines?

By all means, continue to learn to read symbols designed for humans. However it should be relatively inexpensive (and safer) to tell a machine "this is a stop sign".

street signs vs. faces

Posted Jul 23, 2020 15:52 UTC (Thu) by magfr (subscriber, #16052) [Link]

We all know that whenever the same information is encoded twice there will inevitably be a discrepancy.

street signs vs. faces

Posted Jul 24, 2020 15:04 UTC (Fri) by rgmoore (✭ supporter ✭, #75) [Link]

If you add machine-friendly identifiers, you'd better make sure they have the same kinds of legal rules surrounding them that human-readable signs do. Otherwise malicious actors will be able to mess with the system with legal impunity. It could be very bad if people could create new traffic signs only autonomous vehicles knew about.