As privacy concerns grow and as facial detection/recognition technologies improve, a new arms race is emerging. Researchers have created a new privacy photo filter that prevents facial recognition systems from detecting and recognizing faces.
The researchers at the University of Toronto, led by Professor Parham Aarabi and graduate student Avishek Bose, created two neural network AI systems: one that constantly tries to detect faces and one that constantly works to disrupt the first AI.
“The two are constantly battling and learning from each other, setting up an ongoing AI arms race,” UToronto writes.
What resulted from the arms race was a new Instagram-like photo filter that can be applied any photo to protect privacy.
Here are three examples of portraits that have easily detect faces (upper left), photos with the privacy filter applied (upper right), and the pixel differences between the two photos (bottom) — note that the pixel changes have been magnified 10x to make it easier for you to see, as the filter itself is virtually invisible:
The filter makes tiny changes to specific pixels in photos — changes that can barely be seen by the naked eye. But these modified pixels hide the things face detection AI systems look for in a face.
“The disruptive AI can ‘attack’ what the neural net for the face detection is looking for,” says Bose. “If the detection AI is looking for the corner of the eyes, for example, it adjusts the corner of the eyes so they’re less noticeable. It creates very subtle disturbances in the photo, but to the detector they’re significant enough to fool the system.”
Using a large set of portraits of various ethnicities, lighting, and environments, the researchers found that the privacy filter reduced the number of faces detected from 100% down to 0.5%.
The researchers are aiming to make the privacy filter available to the public through an app and/or website.