AI based Privacy Filter for Photos


We are living in the world of social media where privacy and data security on social networks have become one of the major concern in our lives.

In order to address this issue, researchers from University of Toronto Faculty of Applied Science & Engineering have come up with an algorithm that can dynamically disrupt facial recognition system.

Privacy filter to fool facial recognition software

The solution leverages a deep learning technique called adversarial training, which pits two artificial algorithms against each other. In this solution, researchers designed a set of two neural networks. One works to identify faces while the other disrupt the facial recognition task of the first. They constantly battle and learn from each other setting up an ongoing AI arms race.

These two algorithms result in an Instagram-like privacy filter, which can be applied to photos to protect privacy. The algorithm only alters very specific pixels in the image, which results in changes that are imperceptible to the human eye.

“The disruptive AI can ‘attack’ what the neural net for the face detection is looking for,” said Avishek Bose, one of the researchers. “If the detection AI is looking for the corner of the eyes, for example, it adjusts the corner of the eyes so they’re less noticeable. It creates very subtle disturbances in the photo, but to the detector, they’re significant enough to fool the system,” he added.

Testing of the system

Researchers tested their system on the 300-W face dataset, an industry standard pool of more than 600 faces that includes a wide range of ethnicities, lighting conditions and environments. The system can reduce the proportion of faces that were originally detectable from nearly 100 per cent down to 0.5 per cent.

The new technology not only disables facial recognition but also disrupt image-based search, feature identification, emotion and ethnicity estimation, and all other face-based attributes that could be extracted automatically. Now, the team hopes to make the privacy filter publicly available, either via an app or a website.