Social media profile pics are a gateway to privacy breaches

Soon, hiding behind pseudonyms on the Internet will likely be a thing of the past. In a presentation at the Black Hat conference in Las Vegas, Alessandro Acquisti presented the results of research in which he showed how, with basic off-the-shelf facial recognition software, he could dig up tons of information on people using nothing but their profile pictures.

In the vast social media landscape, one can make oneself unsearchable by changing personal data: name, address, email, anything correlated from one profile to the next. So while your employer might find your well-manicured Facebook page, there’d be nothing searchable to connect you to the N*Sync fan club you signed up for with a fake name. The only chance someone would have of finding you would be if they randomly stumbled across your secret profile with your photo attached, and what are the odds of that? 

Things are about to change. Acquisti, an associate professor of IT at Carnegie Mellon University, has shown just how easy it is now to create programs to datamine with images. In one experiment, Acquisti’s team developed a program to automatically search for and download publicly available Facebook profile pictures, eventually compiling a database of 275,000 faces. They then built up another database of individuals from the same city on a local dating site.

Using software developed at Carnegie Mellon called Pittsburgh Pattern Recognition, the team was able to automatically cross-reference the databases to search for matches without doing any text-based searches. According to Computerworld, 5,800 of the Facebook members also had dating site profiles, of which about 4,900 had unique (i.e. fake) names and personal data. Combined with previous CMU study that showed around 90% of Facebook users use their real name, the results show that a) a whole lot of dating site users are using pseudonyms and b) if someone finds your photo attached to your real name, they can find data on you that you previously thought was hidden.

Of course, ethics of dating sites aside, one could protect their private profiles by using a different person or image for their profile photo, which already happens a fair bit anyway. But that’s kind of beside the point. What Acquisti showed is that the entire way we think of searching the Internet (using text) is no longer the only option, and it has major ramifications for privacy and anonymity. Right now, you can walk around knowing that it’s pretty difficult for someone to find out who you are, short of you sharing that info or your wallet getting stolen. It may not be the case for long, now that Acquisti has now shown that the technology is there to treat someone’s face like a regular old QR code.

Photo via Flickr

Get our Top Stories delivered to your inbox: