Can someone snap a photo of me in the street and use it to identify me?
Oct 2, 2016
Daniela Bowker
Daniela Bowker is a writer and editor based in the UK. Since 2010 she has focused on the photography sector. In this time, she has written three books and contributed to many more, served as the editor for two websites, written thousands of articles for numerous publications, both in print and online, and runs the Photocritic Photography School.
Share:
With facial recognition technology you can take pictures of people in the street, run them through publicly available photographs online, and get a match.
You would have heard this statement if you had been listening to the 20 September 2016 episode of Seriously on BBC Radio 4, called ‘The Online Identity Crisis’. I only heard it yesterday, though, as I caught up with it by podcast. It did, however, set me thinking. Just how likely, or easy, is it that someone should take a photo of me in the street, run said image through facial recognition software, and be able to identify me?
Anyone who has ever watched a police drama will be well aware that a crime-fighting duo can have their technologically-savvy lackey run an image through facial recognition software that will spit out a positive match within 30 seconds. Having successfully identified their nefarious quarry, mobile phone records and corresponding mast pings can be used to locate her or him, allowing our fearless heroes to thunder off across town, apprehend the suspect, and save the world from imminent disaster.
There’s also FindFace, the app launched by a Russian startup, which allows users to identify people by comparing images with those on the Russian social network, Vkontakte. FindFace boasts a 70% reliability rate. That created a bit of a storm earlier this year.
Both of these methods would meet with obstacles in trying to identify me, though. The first exists in TV-land and the second relies on my having an account with the Russian equivalent of Facebook, which I don’t. Is there a more likely method of identifying me, then?
The big players
What about the big players, the Googles and the Facebooks? Would either of these be able to somehow identify me? Both Facebook and Google have some powerful facial recognition programmes at their disposal. Facebook’s Deepface programme is a highly sophisticated operation. It can correctly identify the faces in two different photos as belonging to the same person over 97% of the time.
Does that mean that Creepy Guy sitting in the corner of my favourite café could snap a photo of me when I’m enjoying tea and cake with my grandmother there on a Saturday morning, upload it to Facebook, and its automatic facial recognition would identify me? In theory, Facebook’s DeepFace has that capability. In practice, it certainly cannot happen in the EU, owing to stringent EU privacy laws. It would also face a major stumbling block when it comes to me specifically because I do not have a Facebook account.
How about Google? Google, too, has developed facial recognition tools that are tack-sharp when it comes to identifying people. It’s called Facenet. If you’re in the right part of the world, its Photos app will use a pared-down take on facial recognition to sort your images for you. But, here in the EU that’s not an option.
What about trying to use Google in the classical sense to identify me? I tried a reverse image search of my mug to see if that would provide me with a workable result only to find that I couldn’t be identified anymore usefully than ‘head’. You would have to conduct your search using a copy of a photo that already exists on the web, and identifies me, to yield a result. My Saturday morning stalker wouldn’t have much success with that route either, then.
The smaller players
Are there any apps, then, which perform a subject identification function–something along the lines of FindFace, but not restricted to Russian networks? Well, I did find Facequare. You upload a photo, it scans it for identifiable features, and then allows you to search its database for similar or identical faces. Would this be able to put my name to my face? It’s highly unlikely. Facequare operates within a walled garden and as I’ve not uploaded anything to it (and have no desire to create an account) I doubt it’ll be able to identify me.
Without web-wide reverse image search these types of apps will only be able to operate within the confines of their own data sets. Unless your information has somehow made it there, as Vkontakte’s users’ data did with the FindFace app, it shouldn’t be able to find you.
The specialists
If you type ‘facial recognition software’ into Google, you will be returned with plenty of options, perhaps leading you to think that our Saturday morning scenario can be cracked. However, if Creepy Guy in the corner is expecting to upload an image of me to one of these providers and wait for it to churn out a corresponding identification, he’s going to be disappointed. These programmes tend to operate with far broader strokes.
For example, they might offer specific facial recognition services that form the basis for app security or building entry. They might monitor the ebb and flow of people in a given space. Or they could return metadata suggesting my gender, age, and ethnicity. If these services do have the capability to identify people from their photos, they’ll be doing so from a given dataset. Theoretically, if information that can be used to identify you is being stored anywhere, you should have given your consent for that. That’s quite a long way from ‘publicly available photos online’.
Who am I?
Trying to identify me from a photo snapped in the street, somewhere in the UK, is slightly harder than the Seriously team might have its listeners believe, right now, at least. Primarily, EU data protection laws are stringent; I would have needed to provide my consent for any personally identifiable information to be stored in such a way that would permit identification from a random photo. Yes, it is technically possible but practically and realistically there are some significant obstacles. Over all, I’m pretty safe from Creepy Guy in the corner.
Who am I going to be?
What the UK electorate’s decision to leave the EU might mean for my–and every other UK residents’–data security is a question that I can’t answer. But as processing power increases, even with the exponential rise in images stored on the web, and the already near-perfect recognition technologies available the likelihood of being able to use an app to identify the woman in the café is drawing closer.
All of which means that if I–or you–don’t want to be identified by Creepy Guy, we need to pay closer attention to whom we say can use our data and how. It’s either that or go incommunicado, which seems a bit extreme.
Daniela Bowker
Daniela Bowker is a writer and editor based in the UK. Since 2010 she has focused on the photography sector. In this time, she has written three books and contributed to many more, served as the editor for two websites, written thousands of articles for numerous publications, both in print and online, and runs the Photocritic Photography School.
Related Posts
Google Lens can now identify your pet in photos to create photo books and make movies
Someone stole your photo on Instagram? Here’s how to file a copyright infringement claim
Facial recognition systems can identify you even if your face is pixelated
Taylor Swift used facial recognition tech to identify stalkers at her concert
Join the Discussion
DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.
8 responses to “Can someone snap a photo of me in the street and use it to identify me?”
Yeah. You’re name is Plain Jane and you like chocolate chip ice cream
Unfortunately, being part of “big data” seems to be the price to pay to access the web… :-(
sadly, this is where the world is going to
Or people could look at you and recognize you in the strèt, how terrible.
Perfectly timed to debunk the ridiculous notion from the recent article I read on consent for street photography.
It’s not that hard to identify someone if the photographer is determined enough, people take enough selfies that’s spread through social media that’s not locked down to get a match with patience, especially since you’ve done the hard work of getting a geographical area which is usually the sticking point. In addition there’s so many shots of people on Facebook that it’s likely you’ll be on there despite having a profile and be identified due to your friends circle. If you’re a photographer who has covered any events then there will be incidental images.
This technology has been available for years, it’s only in the last 5 years or so it’s become easier due to the barrier of requirements dropping due to faster computers and the increasing availability of cloud computing.
Whilst the EU law is nice on paper, that harsh reality it that it’s easy to get around the restrictions and there is always providers on the DarkNet which offer such services alongside the usual doxing.
The only safe way to be is to drop off the grid and go ‘dark’, something that’s not really possible in this connected society if you run a business. There are measures you can take to mitigate the risks of sharing data such as salting your profiles to prevent the usual data mining thus making the data sets useless. Of course this is against most providers T&C because they sell your data.
Make sure Bluetooth is turned off on your phone, or else change the default name from “Jane Doe’s iPhone” to something less revealing.
I think that your cunning disguise where you hide behind an ice-cream cone is going to fool all but the smartest software :)