Captcha-designed tests that prove you’re not a robot range from typing in a random series of characters to picking all the photos that contain a certain object — but Facebook is testing a new way to determine if a user is really human: a selfie. On Tuesday, November 29, Facebook confirmed that it is resting a photo-based identity test after screenshots of the test leaked on Twitter.
a friend sent me this: Facebook is now locking users out of account features, then demanding that those users “verify” their account to get back in by scanning an image of their face. AN IMAGE OF THEIR FACE. pic.twitter.com/T4TIsJFxX8
— can Amy Goodman pls stop inviting Assange on thx (@flexlibris) November 28, 2017
According to the screenshot of the tested feature, the tool asks users to upload a photo that “clearly shows your face.” The prompt also says that, after the image is utilized, it will be deleted from their servers. The tool asks for an upload, rather than asking permission to access the camera to take a photo right then.
Facebook said that the feature is intended to catch suspicious activity and could be used at a number of different points if the platform wants to verify you are who you really says you are, including creating an account as well as creating ads. Facebook software then automatically reviews the photo. While Facebook didn’t go into detail on the safeguards to prevent the potential captcha tool from misuse, the software does make sure that the image is unique and not a random photo pulled off Google.
Several users expressed concern over sending a photo of themselves to the social media network, while one tweet that was later deleted also suggested that users can’t log in until the software verifies the image. The selfie captcha tool is currently only in testing and it’s unclear if the verification process will actually roll out globally or if the program will change before that potential rollout.
While sending a selfie could make some users uncomfortable, Facebook is working to try to prevent abuse on the platform after a year that saw the exploitation of a number of different vulnerabilities. Research recently proved that many “users” posting during the 2016 presidential election were Russian bot accounts. The updated ad policy in response to that research will ask users who buy political ads to verify their identity and location. While Facebook didn’t say what “suspicious activity” would prompt the selfie captcha, the tool could potentially be used when a U.S.-based user is suddenly shown to be logged in from another country.
The test represents the second time this month that the social media platform has proposed using photos as a security measure — Facebook recently also said users could upload nude photos of themselves to prevent another user from uploading those photos as revenge porn. The images would be “hashed” then deleted from the servers.