Connect with us

Hi, what are you looking for?



The Impending Facial Recognition Singularity

The radical changes taking place in privacy and security, both for better and for worse, are driven by the rapid adoption of facial recognition technologies and the exploding use of social media to share personal photos.

The radical changes taking place in privacy and security, both for better and for worse, are driven by the rapid adoption of facial recognition technologies and the exploding use of social media to share personal photos.

With respect to my particular interest in privacy and anonymity, these changes are mostly for worse. Facial recognition systems are becoming cheaper, better, easier to use, and more widely deployed, while social media platforms are creating an ocean of easily identifiable faces that are widely accessible.

The majority of online social platforms incorporate facial recognition in their service. If your face is online, it is almost certainly being tagged and identified by these systems. As a result, keeping your face off these sites is increasingly difficult. Even if you resist the urge to post photos of your vacation or selfies, someone else probably is. If you are tagged, your facial profile and identity are paired in a database. As more and more photos are uploaded, the accuracy of the recognition improves. The systems will have examples of your face in full sun and in darkness, forward-facing and in profile, with and without sunglasses, hats, makeup, etc.

Facial RecognitionThe result is that you will be identified every time your picture appears. If you use a real photo as your avatar, then your accounts will be connected, even if you use different names, account IDs, and email addresses. Even if you post an untagged photo of yourself to a site, the surrounding text will probably allow the system to know that you are in the picture somewhere; and after a hand full of pictures, it will be obvious to the computer which face is yours. On the opposite side of the spectrum however, an account with absolutely no photos might prevent identification, but it will stand out as fake. 

The offline situation is no better. Cameras are becoming so inexpensive that they are built into all kinds of things. Cameras can be a cheap and easy way of allowing computers to sense and react to their environment. For example, cameras have been built into thermostats, smoke detectors, door bells, and toys. Overtime, all of the camera equipped IoT devices have created an Internet of Cameras (IoC). When paired together, government and private cameras provide almost complete coverage of our lives. Soon we will be seen and recognized everywhere we go. We are about to see what David Brin’s “Earth” looks like in the real world.

Once we are reliably recognized everywhere we go, both online and off, we will have reached the facial recognition singularity.

Taking on an alias or protecting your privacy, when there is constant and universal facial recognition, will be nearly impossible. This is already causing major problems for intelligence organizations attempting to travel across controlled borders while using an alias. While an ATM recognizing you and making sure your face matches your card could be great for security, having every shop you pass identify you and memorize your patterns of movement would be a huge invasion of privacy. Both are coming, and it is likely that only a few businesses will end up powering the vast majority of these facial recognition services. This adds the possibility that all of this data will be correlated, even if collected at unrelated businesses or locations.

I imagine that governments and law enforcement will be one of the most aggressive users of these systems. The ability to identify individuals, both online and off, is one of the greatest tools in their belt. It has the potential to greatly improve security, but can also harm civil rights when abused. Because the images of our faces are freely shared or captured in public places with no expectation of privacy, it will be difficult to rein in the development and use of facial recognition by governments. 

Policies and regulations may provide some protection, but the security, convenience, and targeted advertising provided by facial recognition is likely to overpower privacy concerns. I often encourage people to limit the number of tagged photos of themselves uploaded online, because that forms the initial core of recognition data. Unfortunately, trying to prevent yourself from getting fully profiled is like telling the tide not to come in; it is only a delaying tactic. Privacy regulations may be the only long-term way to ensure that these facial databases are not used in an excessively abusive way.

Advertisement. Scroll to continue reading.

RelatedNew iPhone Brings Face Recognition (and Fears) to the Masses

RelatedHuge US Facial Recognition Database Flawed: Audit

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...


The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.