Take a look at the three images below.
It’s the same image shown with 200 pixels across, then 100, and finally just 50.
In fact, the first image was scaled down from an original that was 500 pixels wide, which was itself cropped and scaled from an 8 megapixel original.
Now squeeze your eyelids together as close as you can, so you are looking through a thin slit, turn your head away from the images, and squint out of the corner of your eye, perhaps even from across the room. (Or try an old-school trick: peek through the hole in a digestive biscuit.)
Surprising how similar the images suddenly look, isn’t it?
In other words, pixelating faces in photos doesn’t really preserve anonymity, because there’s a lot of information left that can help you, or a computer, figure out who it is.
Even if you blur an image rather than pixelating it, so that a human eye can’t easily “squint” it into apparent focus, you’re leaving behind information that is derived from the original image in a way that can be compared with other images.
Four researchers from the Max-Planck Institute for Informatics in Germany have recently published an article (unrefereeed paper [PDF]) that tries to go even further.
It’s entitled Faceless Person Recognition; Privacy Implications in Social Media, and it looks into matching up not only blurred faces, but even those that have been completely obscured with a solid block of black or white, like this:
You can probably see where this is going by glancing (no need to squint this time) at the second set of images in turn from left to right in turn.
Once you’ve seen the first one, it’s pretty easy to figure that the same person is probably behind the mask in the other two, isn’t it?
To a court of law, image matching of that sort would almost certainly be inadmissible, because of the ease with which a false positive could be manufactured.
The blue hat and the checked shirt are strong visual clues but they are trivial to copy. (If you had an idea where to go, you could probably buy identical ones from the same high street shops that I went to.)
But to a social engineer, or a surveillance agent, or even just a curious online marketing company, a match like this would be very useful, especially if it were correct often enough to increase ad revenues.
Better yet, if you’re a privacy-buster, you could use a corpus of already-tagged photos from numerous social media sites to help your matching.
Indeed, in the Faceless Recognition paper, the researchers conclude with the following claim:
Only a handful of tagged heads are enough to enable recognition, even across different events (different day, clothes, poses, point of view). In the most aggressive scenario considered (all user heads blacked out, tagged images from a different event), the recognition accuracy of our system is 12 times higher than chance.
As you can imagine, in an image-matching system of this sort, nothing breeds success like success, so the more tagged images you have, and the greater the number of similarities between the images (imagine that I wore my blue hat everywhere and always went to the same coffee shop!), the better you can do.
The authors of this paper reached an interesting conclusion, after wryly remarking that:
It is very probable that undisclosed systems similar to the ones described here already operate online.
(We translated this very loosely into, “Organisations like Facebook, Google and the NSA have a lot more computing power than we did in these tests . And they’ve been doing this for much longer, with much more data on which to train their algorithms. So take a guess how much more accurate their systems are going to be!”)
So the authors ended with a call to everyone working on and interesting in machine vision, as follows:
We believe it is the responsibility of the computer vision community to quantify, and disseminate the privacy implications of the images users share online.
In brief: if we can measure it, we can manage it, so we owe it to ourselves to do so.
We’d like to add, while we’re talking about things we owe to ourselves and to everyone else, “Ask permission to post photos, not forgiveness!”