人脸识别技术很厉害?用这一招即可骗过
人的脸型和指纹一样具有明显特征,所以越来越多的组织——从警察局到学校到沃尔玛(Wal-Mart)——都在借助人脸识别软件来甄别线上照片和真实场景中的人。 然而人脸识别技术也开始给个人隐私带来很大的威胁,一些研究者开始探求反制措施,其中包括多伦多大学计算机工程系的学生乔伊·博斯。 博斯称他开发了一种工具,可以在照片上传到网络前加入额外的元素,从而“打乱”人脸识别系统。用肉眼看,处理前后的照片没有任何区别,但处理后的照片有隐藏了的特性,可以阻止检测系统的运行。 博斯说:“这一工具可以给人脸图像添加特殊制作的杂质,用于干扰人脸识别软件,就像Instagram(图片和视频分享社交软件——译注)的过滤器。” 博斯告诉《财富》杂志,这个工具很快会以手机应用或者浏览器插件的形式出现,他也已经在GitHub(提供软件源代码托管服务网站——译注)的个人主页上分享了底层代码。 在这个技术猖獗的时代,阻挠人脸识别系统运作的反制措施,或许会受到很多人的欢迎。 有些私企会动脑筋,比如抓住人们对校园枪击案的焦虑,向校区推广人脸检测系统,尽管怀疑人士批驳这种系统反而造成了“安全威胁”,而且也不能阻止校园枪击案的再次发生。而据《福布斯》(Forbes)上周的报道,亚马逊网络服务( Amazon Web Services)正在向顾客售卖人脸识别技术,价格竟低至10美元。 这样一来,博斯所开发的工具,通过减少人脸检测软件所需的有效人脸数量,就能减缓人脸识别技术的大范围使用。 不过博斯的工具是预防性的,对于那些已经获取真实人脸信息,或者使用探头在真实世界监控人们的公司,这一工具就无能为力了。博斯认为,要预防此类的人脸识别,人们也可以使用一些技巧,比如带特殊形状的眼镜以糊弄检测系统,甚至在脸上贴点小标签。 猫鼠游戏 目前博斯的工具只对某几类的人脸识别软件有效,说得具体点,就是它能破坏那些训练模式(用于训练软件所设置的机器学习数据库)可公开获取的软件。 有些安全软件公司销售的人脸检测系统使用公开的数据库,而有些则不是,最有名的是Facebook, 他们拥有自主产权的人脸检测系统,博斯的工具对它就不能奏效。 博斯怀疑,Facebook可能是在综合使用不同的人脸识别技术,以对付各种反制措施,比如他所开发的工具。但博斯认为他的人脸识别破坏软件最终也能阻挠Facebook,从而开启一场识别人脸技术的开发者和掩藏人脸技术的开发者之间的猫鼠游戏。 这也提出了一个问题,阻挠人脸识别的工具会不会被商业化。博斯说已有几家风投找过他,但他决定暂不参与,今年秋季他会继续他在麦吉尔大学的博士生研究项目。(财富中文网) 译者:Hank |
The shape of your face is as distinct as your fingerprint. That’s why a growing number of organizations — from police forces to schools to Wal-Mart — are using facial recognition software to identify you in online photos and in real world locations. But facial recognition technology is beginning to pose a major privacy threat, which has led researchers to explore ways to counteract it. One of them is Joey Bose, a computer engineering student at the University of Toronto. Bose claims he has developed a tool to “break” facial recognition systems by adding extra elements to photos before they are uploaded to the Internet. The photos don’t look any different to the naked eye, but the hidden features thwart detection systems. “It adds specially-crafted noise for the face images. It’s trained to attack facial recognition software,” he said. “Think of it as Instagram filter.” Bose told Fortune the tool will soon be available as a phone app or plug-in for web browsers, and that he has shared the underlying code on his GitHub page. This opportunity to thwart facial recognition will likely be welcome by many people at a time when the technology is becoming more pervasive. Private companies, for instance, have seized on anxiety over school shootings to sell face-detection systems to school districts — even as skeptics pan this as “security theater” that’s unlikely to prevent more shootings. Meanwhile, Forbes last week reported that Amazon Web Services is selling facial recognition technology to all comers for as little as $10. Bose’s could thus slow the spread of the technology by reducing the number of faces available to companies that make the detection software. His tool, however, is only a pre-emptive measure and does not address situations where a company already has an image of someone’s face and uses a camera to detect them in the real world. In order to prevent this sort of recognition, Bose says, people can employ tactics like wearing glasses with special patterns that fool the detection mechanisms or even put small stickers on their face. A Cat-and-Mouse Game For now, Bose’s tool only works to thwart certain types of facial recognition software. Specifically, it can break the software if the training model — the machine learning data set used to train the software — is publicly available. While a number of facial detection systems sold by security companies rely on these publicly available data sets, other companies, notably Facebook, have their own proprietary versions that Bose’s tool can’t defeat. Bose suspects that Facebook uses an ensemble of different facial recognition techniques in order to overcome counter-measures, like the one he developed, to fool its software. But he predicts his facial recognition duping tool will eventually be able to thwart Facebook, and set off a cat-and-mouse game between developers seeking to detect faces and those seeking to disguise them. This raises the question of whether companies will seek to commercialize tools that thwart facial recognition. Bose says he has already been approached by a number of venture capitalists, but that he’s decided to pass for now. Instead, he says he plans to continue his research in a PhD program at McGill University starting this fall. |