Slashdot Mirror

← Back to Stories (view on slashdot.org)

None of Your Pixelated or Blurred Information Will Stay Safe On The Internet (qz.com)

Posted by BeauHD on from the prescription-glasses dept.

The University of Texas at Austin and Cornell University are saying blurred or pixelated images are not as safe as they may seem. As machine learning technology improves, the methods used to hide sensitive information become less secure. Quartz reports: Using simple deep learning tools, the three-person team was able to identify obfuscated faces and numbers with alarming accuracy. On an industry standard dataset where humans had 0.19% chance of identifying a face, the algorithm had 71% accuracy (or 83% if allowed to guess five times). The algorithm doesn't produce a deblurred image -- it simply identifies what it sees in the obscured photo, based on information it already knows. The approach works with blurred and pixelated images, as well as P3, a type of JPEG encryption pitched as a secure way to hide information. The attack uses Torch (an open-source deep learning library), Torch templates for neural networks, and standard open-source data. To build the attacks that identified faces in YouTube videos, researchers took publicly-available pictures and blurred the faces with YouTube's video tool. They then fed the algorithm both sets of images, so it could learn how to correlate blur patterns to the unobscured faces. When given different images of the same people, the algorithm could determine their identity with 57% accuracy, or 85% percent when given five chances. The report mentions Max Planck Institute's work on identifying people in blurred Facebook photos. The difference between the two research is that UT and Cornell's research is much more simple, and "shows how weak these privacy methods really are."

6 of 139 comments (clear)

  1. I felt a disturbance in the force. by Hognoxious · · Score: 5, Funny

    The algorithm doesn't produce a deblurred image

    I felt a great disturbance in the force, as if a million Japanese porn fans cried out in disappointment.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  2. Not too surprising... by orlanz · · Score: 3, Informative

    For a computer, most algorithms behind comparing two pictures is already a blurred picture of both. Most of these algorithms take samples/pixels of the pictures and see if the relationships of both sets of samples are the same or within a margin of deviation. There is little value in comparing pixel by pixel for exact matches. Similar to human finger prints.

    A blurred picture is similar to taking less samples on one picture and setting the margin of deviation wider.

    But for computers, 57% is pretty bad. 85% is also very bad and that's when you are telling the machine the answer. At those rates, this is kind of hard to do mass comparisons... the false positives would be far too high for any human to weed through. This will apply more for targeted searches where an investigator wants the 5 most probable matches to a blur. Unlike the researchers here who know the answer before hand, he still needs to take the guess on which one it actually is.

    In a criminal investigation, if we had a database of likely suspects, this would work. But we are all about mass collection of data data data. With a large population of pictures, the blur will probably match a lot more than 5.

    1. Re:Not too surprising... by AmiMoJo · · Score: 5, Interesting

      That pixelated images are insecure has been known about for years. I seem to recall it was even mentioned on Slashdot. There are many other attacks, for example if you have text (like a number plate) you can just try running a dictionary attack of images through a pixelation filter and select the closest matching result.

      Black bars have always been the preferred method.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. Re:Why? by Big+Hairy+Ian · · Score: 4, Interesting

    I'm just reminded of the case (About a decade ago) of a pedophile who published photo's of himself abusing children with his face obfuscated by the photoshop swirl tool. The police desperately wanted to ID him but couldn't deobfuscate the photos so they published them minus the abuse sections hoping that members of the public might identify the man based on his surroundings. Of course the public not being utter fucknuggets quickly deswirled the photo and published it on the internet. I never did find out how long the guy survived.

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  4. Limited usefulness by hackertourist · · Score: 3, Insightful

    They had a photo with an obscured face and the same photo with unobscured face in their training set. It seems obvious a computer can match those two. The solution would be to use unique photos, not uploaded anywhere, as the source for obscuration and only publish the obscured version.

  5. Re:Why? by Anonymous Coward · · Score: 3, Informative

    The guy was caught in Thailand. The German police "deswirled" his photograph:

    https://en.wikipedia.org/wiki/Christopher_Paul_Neil