Worried About Privacy for Your Selfies? These Tools Can Help Spoof Facial Recognition AI

Fawkes and LowKey are two tools that leverage adversarial attacks to spoof AI, preventing detection by facial recognition software.

Advertisement
By Edited by Gadgets 360 Newsdesk | Updated: 10 May 2021 19:27 IST
Highlights
  • Clearview, AWS Rekognition are examples of facial recognition software
  • Such software can be duped by using adversarial attacks
  • Two methods to spoof such AI were detailed at a conference recently

Fawkes introduces pixel-level alterations to images, thwarting recognition by AI

Photo Credit: University of Chicago/ SAND Lab

Ever wondered what happens to a selfie you upload on a social media site? Activists and researchers have long warned about data privacy and said that photographs uploaded on the Internet may be used to train artificial intelligence (AI) powered facial recognition tools. These AI-enabled tools (such as Clearview, AWS Rekognition, Microsoft Azure, and Face++) could in turn be used by governments or other institutions to track people and even draw conclusions such as the subject's religious or political preferences. Researchers have come up with ways to dupe or spoof these AI tools from being able to recognise or even detect a selfie, using adversarial attacks – or a way to alter input data that causes a deep-learning model to make mistakes.

Two of these methods were presented last week at the International Conference of Learning Representations (ICLR), a leading AI conference that was held virtually. According to a report by MIT Technology Review, most of these new tools to dupe facial recognition software make tiny changes to an image that are not visible to the human eye but can confuse an AI, forcing the software to make a mistake in clearly identifying the person or the object in the image, or, even stopping it from realising the image is a selfie.

Advertisement

Emily Wenger, from the University of Chicago, has developed one of these ‘image cloaking' tools, called Fawkes, with her colleagues. The other, called LowKey, is developed by Valeriia Cherepanova and her colleagues at the University of Maryland.

Fawkes adds pixel-level disturbances to the images that stop facial recognition systems from identifying the persons in them but it leaves the image unchanged to humans. In an experiment with a small data set of 50 images, Fawkes was found to be 100 percent effective against commercial facial recognition systems. Fawkes can be downloaded for Windows and Mac, and its method was detailed in a paper titled 'Protecting Personal Privacy Against Unauthorized Deep Learning Models'.

Advertisement

However, the authors note Fawkes can't mislead existing systems that have already trained on your unprotected images. LowKey, which expands on Wenger's system by minutely altering images to an extent that they can fool pretrained commercial AI models, preventing it from recognising the person in the image. LowKey, detailed in a paper titled 'Leveraging Adversarial Attacks to Protect Social Media Users From Facial Recognition', is available for use online.

Yet another method, detailed in a paper titled 'Unlearnable Examples: Making Personal Data Unexploitable' by Daniel Ma and other researchers at the Deakin University in Australia, takes such ‘data poisoning' one step further, introducing changes to images that force an AI model to discard it during training, preventing evaluation post training.

Advertisement

Wenger notes that Fawkes was briefly unable to trick Microsoft Azure, saying, “It suddenly somehow became robust to cloaked images that we had generated… We don't know what happened.” She said it was now a race against the AI, with Fawkes later updated to be able to spoof Azure again. “This is another cat-and-mouse arms race,” she added.

The report also quoted Wenger saying that while regulation against such AI tools will help maintain privacy, there will always be a “disconnect” between what is legally acceptable and what people want, and that spoofing methods like Fawkes can help “fill that gap”. She says her motivation to develop this tool was simple: to give people “some power” that they didn't already have.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. iQOO 16 Series May Launch Without an Ultra Model Due to This Reason
  2. OnePlus N6 With an 8,000mAh Battery Arrives in India at This Price
  3. Here's How Much the Samsung Galaxy A27 5G Costs in India
  4. Oppo Reno 16 to Launch With This Snapdragon Chipset in India
  5. OnePlus N6 Review
  6. Galaxy Z Fold 8 Could Weigh Just 201g as Specifications Surface Online
  1. iQOO Pad 5c Launched With 10,000mAh Battery, 12.1-Inch 2.8K Display: Price, Specifications
  2. Nothing Ear 3a Launch Date Announced; New Teaser Reveals Four Colourways
  3. Samsung Galaxy Z Fold 8 Full Specifications Tipped; May Get 50-Megapixel Cameras, 7.6-inch Display
  4. Uber Announces Record My Ride, Ambulance Assistance in India Along With New Safety Features
  5. Google Announces Nano Banana 2 Lite-Powered Short Video Overviews for NotebookLM
  6. Assassin's Creed Black Flag Resynced Console Specs, PS5 Pro Enhancements Confirmed
  7. Redmi K90 Ultra Launched With Snapdragon 8 Elite Chipset, Cooling Fan and 8,550mAh Battery: Price, Specifications
  8. Apple May Be Required to Allow External App Payments, Third-Party NFC Access in UK: Report
  9. Samsung Galaxy Ring 2 Reportedly in Development, Could Arrive With iPhone Support
  10. Apple's iOS 26.5.2 Release With Security Fixes Was Accelerated Due to Advances in AI Hacking Tools: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.