{"id":24427,"date":"2018-06-08T11:26:34","date_gmt":"2018-06-08T15:26:34","guid":{"rendered":"https:\/\/www.tun.com\/blog\/?p=24427"},"modified":"2022-03-16T11:00:35","modified_gmt":"2022-03-16T15:00:35","slug":"privacy-filter-protect-online-personal-information","status":"publish","type":"post","link":"https:\/\/www.tun.com\/blog\/privacy-filter-protect-online-personal-information\/","title":{"rendered":"New \u2018Privacy Filter\u2019 Protects Online Personal Information"},"content":{"rendered":"

Every time you, your family or friends upload a photo or video to a social media platform, facial recognition algorithms learn more about who you are, who you know and where you are. <\/span><\/p>\n

To account for people\u2019s privacy concerns, researchers at the University of Toronto (U of T) have developed <\/span>an algorithm<\/span><\/a> that can disrupt facial recognition systems, and prohibit the systems from learning more about you. <\/span><\/p>\n

The full study, explaining the algorithm, is available <\/span>here<\/span><\/a>. <\/span><\/p>\n

\u201cWe are able to fool a class of state-of-the-art face detection algorithms by adversarially attacking them,\u201d said <\/span>Avishek Bose<\/span><\/a>, a graduate student in the Department of Electrical and<\/span>
\n<\/span>Computer Engineering at U of T and co-author of the study. <\/span><\/p>\n

\u201cPersonal privacy is a real issue as facial recognition becomes better and better,\u201d <\/span>Parham Aarabi<\/span><\/a>, associate professor in the Department of Electrical and Computer Engineering at U of T and co-author of the study, said in a statement. \u201cThis is one way in which beneficial anti-facial-recognition systems can combat that ability.\u201d <\/span><\/p>\n

The technique<\/b><\/h2>\n

The team\u2019s solution involves making two artificial intelligence algorithms, a face detector and an adversarial generator, compete against each other, explained Bose. <\/span><\/p>\n

The face detector works to identify faces, and the adversarial generator works entirely to disrupt the face detector. <\/span><\/p>\n

\u201cThe face detector has no knowledge about the existence of the adversarial generator, while the generator learns over time how to successfully fool the detector,\u201d said Bose. \u201cInitially the generator is very bad at doing so, but it learns through observing its mistakes, as determined by the output of the face detector.\u201d<\/span><\/p>\n

The adversarial generator eventually gets to a point where it is capable of fooling the face detector nearly 99 percent of the time. <\/span><\/p>\n

Essentially, the researchers created an Instagram-like filter that can be applied to photos to protect personal privacy. <\/span><\/p>\n

The new algorithm makes slight changes to the pixels in an image that are imperceptible to humans, but capable of fooling a state-of-the-art face detector. <\/span><\/p>\n

\u201cThe disruptive AI can \u2018attack\u2019 what the neural net for the face detection is looking for,\u201d Bose said in a statement. \u201cIf the detection AI is looking for the corner of the eyes, for example, it adjusts the corner of the eyes so they\u2019re less noticeable. It creates very subtle disturbances in the photo, but to the detector they\u2019re significant enough to fool the system.\u201d<\/span><\/p>\n

The researchers tested their system on a pool of 600 faces, including many different ethnicities, environments and lighting conditions. <\/span><\/p>\n

The system effectively reduced the amount of faces recognition devices were originally able to detect from nearly 100 percent to only 0.5 percent. <\/span><\/p>\n

Additionally, the technology can disrupt image-based search, ethnicity estimation, feature identification, emotion and any other face-based attributes that are capable of being extracted automatically. <\/span><\/p>\n

Motivation <\/b><\/h2>\n

This study was sparked by Aarabi and Bose\u2019s interest in researching the failure modes of modern deep-learning-based face detection and recognition algorithms.<\/span><\/p>\n

\u201cWe initially started by testing these algorithms to extreme conditions such as blur, brightness, and dimness,\u201d said Bose. <\/span><\/p>\n

From their experiments, the researchers noticed that even pictures in decent conditions could occasionally cause the devices to fail, which connected well with some of the new literature on adversarial attacks, explained Bose. <\/span><\/p>\n

\u201cEssentially an adversarial attack causes small and often imperceptible changes to the input image, which causes the machine learning models to fail catastrophically,\u201d said Bose. <\/span><\/p>\n

\u201cThis is a known phenomena in many Deep Learning Models but it was never investigated in the context of Face Detection\/Recognition systems.\u201d<\/span><\/p>\n

What\u2019s next?<\/b><\/h2>\n

Aarabi and Bose wish to extend this style of attack to other classes of detectors. While this might be difficult or impossible in some cases, the primary goal is to understand and characterize the concept. <\/span><\/p>\n

Once the researchers are successful in accomplishing this task against multiple classes of detectors, a tool could be made, but they are still far from this, said Bose.<\/span><\/p>\n

\u201cIn the future you can imagine an app that applies this privacy filter to your photos before you upload it the internet,\u201d he explained. <\/span><\/p>\n

But at the moment, a lot of research must still be done. <\/span><\/p>\n

\u201cOur paper is just the starting point rather than anything close to the end goal,\u201d said Bose. <\/span><\/p>\n

Bose would like to note that while the researchers were able to fool a state-of-the-art face detection algorithm, they do not yet claim to be able to attack every single face-detecting device. <\/span><\/p>\n

\u201cThis is a small step to a larger goal where we empower the user to protect their own privacy if they so choose,\u201d said Bose. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Every time you, your family or friends upload a photo or video to a social media platform, facial recognition algorithms learn more about who you are, who you know and where you are. To account for people\u2019s privacy concerns, researchers at the University of Toronto (U of T) have developed an algorithm that can disrupt […]<\/p>\n","protected":false},"author":32,"featured_media":24424,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_uag_custom_page_level_css":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[232,629,230,229],"tags":[],"class_list":["post-24427","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","category-security","category-news","category-lead-stories"],"aioseo_notices":[],"uagb_featured_image_src":{"full":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition.jpg",830,533,false],"thumbnail":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition-224x144.jpg",224,144,true],"medium":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition-300x193.jpg",300,193,true],"medium_large":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition.jpg",830,533,false],"large":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition.jpg",830,533,false],"1536x1536":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition.jpg",830,533,false],"2048x2048":["https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition.jpg",830,533,false]},"uagb_author_info":{"display_name":"Jackson Schroeder","author_link":"https:\/\/www.tun.com\/blog\/author\/jackson-schroeder\/"},"uagb_comment_info":0,"uagb_excerpt":"Every time you, your family or friends upload a photo or video to a social media platform, facial recognition algorithms learn more about who you are, who you know and where you are. To account for people\u2019s privacy concerns, researchers at the University of Toronto (U of T) have developed an algorithm that can disrupt…","featured_media_src_url":"https:\/\/www.tun.com\/blog\/wp-content\/uploads\/2018\/06\/Facial-Recognition.jpg","_links":{"self":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/posts\/24427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/comments?post=24427"}],"version-history":[{"count":0,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/posts\/24427\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/media\/24424"}],"wp:attachment":[{"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/media?parent=24427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/categories?post=24427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tun.com\/blog\/wp-json\/wp\/v2\/tags?post=24427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}