Each time you upload a photo or video to a social media platform, its facial recognition systems learn a little more about you. These algorithms ingest data about who you are, your location and people you know — and they’re constantly improving.
s concerns over privacy and data security on social networks grow, U of T Engineering researchers led by Professor Parham Aarabi (ECE) and graduate student Avishek Bose (ECE MASc candidate) have created an algorithm to dynamically disrupt facial recognition systems.
Their solution leverages a deep learning technique called adversarial training, which pits two artificial intelligence algorithms against each other. Aarabi and Bose designed a set of two neural networks: the first working to identify faces, and the second working to disrupt the facial recognition task of the first. The two are constantly battling and learning from each other, setting up an ongoing AI arms race.
The result is an Instagram-like filter that can be applied to photos to protect privacy. Their algorithm alters very specific pixels in the image, making changes that are almost imperceptible to the human eye.
“The key here was to train the two neural networks against each other — with one creating an increasingly robust facial detection system, and the other creating an ever stronger tool to disable facial detection,” says Bose, the lead author on the project. The team’s study will be published and presented at the 2018 IEEE International Workshop on Multimedia Signal Processing later this summer.
In addition to disabling facial recognition, the new technology also disrupts image-based search, feature identification, emotion and ethnicity estimation, and all other face-based attributes that could be extracted automatically.
Next, the team hopes to make the privacy filter publicly available, either via an app or a website.
Rearchers at University of Toronto Engineering “Design ‘Privacy Filter For Your Photos that Disables Facial Recognition Systems”
Filed by May 31, 2018on