Carnegie Mellon's Alessandro Acquisti shows how to use Facebook to ID people on dating sites and on the street

(Credit: Declan McCullagh/CNET)
LAS VEGAS--Facebook's online privacy woes are well-known. But here's an offline one: its massive database of profile photos can be used to identify you as you're walking down the street.

A Carnegie wholesale abercrombie and fitch clothing Mellon University researcher today described how he assembled a database of about 25,000 photographs taken from students' Facebook profiles. Then he set up a desk in one of the campus buildings and asked willing volunteers to peer into Webcams.

The results: facial recognition software put a name to the face of 31 percent of the students after, on average, less than three seconds of rapid-fire comparisons.

In a few years, "facial visual searches may become as common as today's text-based searches," says Alessandro cheap moncler Acquisti, who presented his work in collaboration with Ralph Gross and Fred Stutzman at the Black Hat computer security conference here.

As a proof of concept, the Carnegie Mellon researchers also developed an iPhone app that can take a photograph of someone, pipe it through facial recognition software, and then display on-screen that person's name and vital statistics.

This has "ominous risks for privacy" says Acquisti, an associate professor of information technology and public policy at the Heinz College at Carnegie Mellon University. Widespread facial recognition tied to databases with real names will erode the sense of anonymity that we expect in public, he said.

Another test compared 277,978 Facebook profiles (the software found unique faces in about 40 percent) against nearly 6,000 profiles extracted from an unnamed dating Web site.

About 1 in 10 of the dating site's members--nearly all of whom used pseudonyms--turned out to be identifiable.

Facebook christian louboutin outlet isn't the only source of profile data, of course. LinkedIn or Google+ might work. But because of its vast database and its wide-open profile photos, Facebook was the obvious choice. (Facebook's privacy policy says: "Your name and profile picture do not have privacy settings.")

Facial recognition technology, which has been developing in labs for decades, is finally going mainstream. Face.com opened its doors to developers last year; the technology is built into Apple's Aperture software and Flickr. Google bought a face-recognition technology in the last few weeks, and Facebook's automated photo-tagging has drawn privacy scrutiny.

In the hands of law enforcement, however, face recognition can raise novel civil liberties concerns. If university researchers can assemble such an extensive database with just Facebook, police agencies or their contractors could do far more with DMV or passport photographs--something that the FBI has been doing for years. (The U.S. Army partially funded the Carnegie Mellon research.)

Acquisti is the first to admit that the technology isn't perfect. It works best with frontal face photos, not ones taken at an angle. The larger the database becomes, the more time comparisons take, and the more false-positive errors arise.

On the other hand, face recognition technology is advancing quickly, especially for nonfrontal photos. "What we did uggs on sale on the street with mobile devices today will be accomplished in less intrusive ways tomorrow," he says. "A stranger could know your last tweet just by looking at you."
Just because they were pranks doesn't mean they weren't harmful, though. Hypponen demonstrated a number of early computer viruses from which he had removed the infectors, including one called Disk Destroyer. This particular piece of nastiness would copy the contents of your hard disk into the RAM, then wipe your drive. It then loaded a rudimentary slot machine-style. game, and gave you five chances to win. If you won, it would reload your data back onto your hard drive. If you lost, your data was permanently wiped out.

Though viruses continued to get more and more complex, it wasn't until 2003 that things began to change. First, Microsoft began to take computer viruses seriously, he said, because worm infections were causing serious Internet traffic packet loss and causing real-world damage. Trains in 2003 were stopped around Washington, D.C., because the Windows computers controlling the signals and routing systems had crashed. "This is the basic reason why serious problems like these were finally taken seriously," Hypponen noted.