top of page

PimEyes says Meta glasses integration could have ‘irreversible consequences’

Director tells Biometric Update accounts of project authors banned


Two Harvard students made headlines after converting Meta’s smart glasses into a device that automatically captures people’s faces with facial recognition and runs them through face search engines. One of the companies providing the face search function, PimEyes, is not too happy about it.


AnhPhu Nguyen and Caine Ardayfio released a video of themselves using the smart glasses to identify people on the street and look up their personal information through services such as PimEyes. The students used the integrated camera on Meta’s Ray-Ban glasses to capture live video through Instagram and ran it through their software I-XRAY.


“We stream the video from the glasses straight to Instagram and have a computer program monitor the stream,” Nguyen says in the video. “We use AI to detect when we’re looking at someone’s face, then we scour the internet to find more pictures of that person. Finally, we use data sources like online articles and voter registration databases to figure out their name, phone number, home address and relatives names and it’s all fed back to an app we wrote on our phone.”


The whole process is completed within a minute and a half, they add.

The I-XRAY software is unique because it relies on Large Language Models (LLMs) to process and compile large amounts of information. The main goal behind the project, however, is not to demonstrate how LLMs and reverse face search work together but to highlight privacy risks from widely available technology, the two Harvard students note.

PimEyes, however, warns that while the authors claim to be raising public awareness, the project may have irreversible consequences by inspiring others to replicate the technology.


“They have not only demonstrated their point but also unintentionally provided a blueprint for malicious individuals on how to weaponise readily available tools,” PimEyes Director Giorgi Gobronidze told Biometric Update.


One consolation is that any attempt to scale this on a larger level would require API integration, which the company does not allow.


The Tbilisi, Georgia-based firm also said that the use goes against its Terms of Services and announced implementing additional security measures to prevent similar incidents in the future.


“At this moment we have already banned two accounts related to the project authors and six more are further being investigated,” says Gobronidze. “In the near future, we will be updating our security protocols and policies further to prevent any misuse of our technology.”


The PimEyes director noted that the project could have been conducted without their involvement as there are far more powerful tools, such as biometric facial recognition engines. These are 20 to 35 percent more accurate than PimEyes’ service, which focuses on photographic analysis, not biometric facial recognition, he says.


“Considering the fact that we have implemented numerous institutional and technological changes to improve our service and practices, it is indeed frustrating to see someone misuse not only our technology but also other open-source tools and databases to create something that, in my opinion, lacks purpose and contributes no tangible benefit,” says Gobronidze


PimEyes’ software used by police in New Zealand

PimEye’s is also receiving attention across the world in New Zealand where law enforcement authorities were found to access its websites.


An internal audit found that police staff accessed PimEyes’ website almost 400 times last year until they blocked the site in May 2023. The New Zealand police also used a similar service called Facecheck.ID almost 300 times.


In a statement to news outlet RNZ, the police said that it is not possible to determine what users did on the website but that it was unlikely staff used any of the scanning features.


“The total amount of data transferred was so low, it is not plausible that there was any significant use,” it said.


PimEyes told BiometricUpdate that it was not aware of the use.

“We do not have any contract or institutional cooperation with any law enforcement and whenever they want to use our services, it is on their discretion,” says the company’s Director Giorgi Gobronidze.


This year, the UK banned its largest police force from using PimEyes after it was found that it had accessed the software over 2,000 times. The use of the software by law enforcement agencies has also caused concern in Australia and Germany.


PimEyes says it has been making “substantial institutional changes” over the past year to ensure compliance, including focusing on data minimization. The company has also been working on optimizing its neural network to ensure child-related content is blocked with high accuracy.


41 views0 comments

Comments


bottom of page