FaceBook’s habit of creating new weaknesses in privacy and security is starting to look like a common tactic for allowing third-parties to exploit them before users realise and patch their privacy settings. This time, FaceBook has enabled facial recognition by default, without the knowledge of its users. It’s a system that encourages people to tag uploaded images, and suggests names based on the facial recognition. Although this has only just made the news here in the UK, it’s something I strongly suspected roughly a year ago, when the option to prevent others tagging a user in images was removed. I posted something about this at the time, long before any tech journalists picked up on it.
Graham Cluley of Sophos Security seems to agree this was intentional, stating: “Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.” Indeed, Sophos has been considering privacy and FaceBook as a serious issue for a while.
The implications of this are worrying, because it allows people to upload photos of each other and tag them, as well as posting information in as much detail as they want. Short of deleting an account, it’s impossible for one user to prevent another doing this. We don’t know who has access to this information, or how that data is used by third parties, but I believe that governments are going to take advantage of this for the following reason.
FaceBook has the one thing governments need for reliable facial recognition – a lot of sample data, in other words, identities matched to loads of photos. There are CCTV cameras everywhere, and there’s speculation about facial recognition being involved there, but for that to actually work with any reliability, a single passport-type photograph isn’t enough to mark someone out. A lot of sample images are needed, just like a reliable spam filter requires a large sample of spam emails – FaceBook is the most obvious source for that data, and millions of people prepared to volunteer and tag the images.