Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Privacy

PimEyes 'Made a Public Rolodex of Our Faces'. Should You Opt Out? (msn.com) 32

The free face-image search engine PimEyes "scans through billions of images from the internet and finds matches of your photo that could have appeared in a church bulletin or a wedding photographer's website," -us/news/technology/they-made-a-public-rolodex-of-our-faces-here-s-how-i-tried-to-get-out/ar-AA1tlpPuwrites a Washington Post columnist.

So to find and delete themselves from "the PimEyes searchable Rolodex of faces," they "recently handed over a selfie and a digital copy of my driver's license to a company I don't trust." PimEyes says it empowers people to find their online images and try to get unwanted ones taken down. But PimEyes face searches are largely open to anyone with either good or malicious intent. People have used PimEyes to identify participants in the Jan. 6, 2021, attack on the Capitol, and creeps have used it to publicize strangers' personal information from just their image.

The company offers an opt-out form to remove your face from PimEyes searches. I did it and resented spending time and providing even more personal information to remove myself from the PimEyes repository, which we didn't consent to be part of in the first place. The increasing ease of potentially identifying your name, work history, children's school, home address and other sensitive information from one photo shows the absurdity of America's largely unrestrained data-harvesting economy.

While PimEyes' CEO said they don't keep the information you provide to opt-out, "you give PimEyes at least one photo of yourself plus a digital copy of a passport or ID with personal details obscured..." according to the article. (PimEyes' confirmation email "said I might need to repeat the opt-out with more photos...") Some digital privacy experts said it's worth opting out of PimEyes, even if it's imperfect, and that PimEyes probably legitimately needs a personal photo and proof of identity for the process. Others found it "absurd" to provide more information to PimEyes... or they weren't sure opting out was the best choice... Experts said the fundamental problem is how much information is harvested and accessible without your knowledge or consent from your phone, home speakers, your car and information-organizing middlemen like PimEyes and data brokers.

Nathan Freed Wessler, an American Civil Liberties Union attorney focused on privacy litigation, said laws need to change the assumption that companies can collect almost anything about you or your face unless you go through endless opt-outs. "These systems are scary and abusive," he said. "If they're going to exist, they should be based on an opt-in system."

This discussion has been archived. No new comments can be posted.

PimEyes 'Made a Public Rolodex of Our Faces'. Should You Opt Out?

Comments Filter:
  • [I] resented spending time and providing even more personal information to remove myself from the PimEyes repository, which we didn't consent to be part of in the first place

    Not only does PimEyes rape your privacy, they also rape your free time and ability to choose how your own image (as in 'self') is (ab)used.

    • by cusco ( 717999 ) <`moc.liamg' `ta' `ybxib.nairb'> on Saturday November 02, 2024 @01:58PM (#64914911)

      Seems like a waste of time, you'd have to spend all day every day opting out of thousands of other orgs worldwide, and you'd still miss some of them located in countries which don't have the requirement to create an opt out policy.

    • If they have your image or data it's because it's already "out there" aka not private anymore. But sure, give them some more of your data to help tie it all together.
      • by Sebby ( 238625 )

        If they have your image or data it's because it's already "out there" aka not private anymore. But sure, give them some more of your data to help tie it all together.

        Prove I'm the one that put it out there.

        Maybe PimEyes hires some privacy molesting photographers to snap pictures of people as they walk out of their homes. Those are also known as stalkers.

  • by jonsmirl ( 114798 ) on Saturday November 02, 2024 @11:58AM (#64914745) Homepage

    As soon as the trial lawyers in Illinois see this PimEyes is going to receive a gigantic lawsuit for violating the BIPA Act in Illinois. Already cost Facebook $650M for essentially the same thing.

  • by Calydor ( 739835 ) on Saturday November 02, 2024 @11:58AM (#64914747)

    Hasn't the rule of thumb for spam in the past three decades been to never, never, NEVER click the unsubscribe or opt-out links because you just verify that your email address goes to a real person, or in this case, who EXACTLY you are?

    Also, David, check that first paragraph. A link broke.

  • by Sebby ( 238625 ) on Saturday November 02, 2024 @12:00PM (#64914751)

    Should You Opt Out?

    No, everybody should sue PimEyes.

  • creeps have used it to publicize strangers' personal information from just their image

    It's only a matter of time until some victim is found dead, and we find out how the murder used PimEyes to find who & where their victim was.

    This is a lawsuit waiting to happen.

  • Step one (Score:4, Interesting)

    by gillbates ( 106458 ) on Saturday November 02, 2024 @12:08PM (#64914763) Homepage Journal
    1. Claim to have created a giant database of personal images from the web...
    2. Create a service which allows anyone to identify anyone else with just one image. It doesn't matter if it works well or not, because...
    3. Allow people to opt-out of said service by providing personally identifying information with a photograph.
    4. Create a database of confirmed photos/personal information matches from the opt-out process.
    5. Sell said database to an affiliated company, which will do #1 and #2.
    6. Have affiliated company charge a fee to opt out of their online search.
    7. Profit!!!

    What am I missing here? Isn't this the perfect way to build a large facial recognition database with verified personal information?!

    It reminds me of the old, "Your nude photos have been found on the web!!! Upload naked pictures of yourself at this ${sketchy_url} so we can search the web and delete them!" scheme.

  • I'll rephrase what should have been the first post here:

    Fornicate PimEyes in their delicate orifices and do so to everyone who even looks like them.
  • by silentbozo ( 542534 ) on Saturday November 02, 2024 @12:24PM (#64914787) Journal

    Historically the easiest way to actually ensure individual privacy is to show that a given vulnerability has been used to out a politician or some other high level figure in government, or high-profile individual (wealthy donor or actor/actress).

    https://en.wikipedia.org/wiki/... [wikipedia.org]

    "The Video Privacy Protection Act (VPPA) is a bill that was passed by the United States Congress in 1988 as Pub. L. 100–618 and signed into law by President Ronald Reagan. It was created to prevent what it refers to as "wrongful disclosure of video tape rental or sale records"[1] or similar audio visual materials, to cover items such as video games.[2] Congress passed the VPPA after Robert Bork's video rental history was published during his Supreme Court nomination and it became known as the "Bork bill".[3] It makes any "video tape service provider" that discloses rental information outside the ordinary course of business liable for up to $2,500 in actual damages unless the consumer has consented, the consumer had the opportunity to consent, or the data was subject to a court order or warrant. "

    A different attack would be to claim right to likeness, for states where that is a thing (like California.) https://corporate.findlaw.com/... [findlaw.com] It would be best to crowdsource all affected parties and sue them simultaneously NOT as a class action, in order to force them to individually respond to each lawsuit, in order to bleed them dry and create a higher likelihood that they'll miss a response and be subject to a default judgement. Ideally you'd pierce the corporate veil (I'm assuming whoever set this thing up is not stupid enough NOT to use the protection of a corporation) and sue not only the company involved, but the parties directly.

    • by kmoser ( 1469707 )
      "Up to $2,500" and "actual damages" are the key phrases here. It's like SSN breaches: there's often no way to correlate a specific breach to a given incident of fraud related to one of the SSNs in that breach. So in other words, a relatively toothless law.
  • So many people do destructive things with their computers; they might as well something constructive.
  • The demands of the opt-outs are obviously bullshit. The obvious way would be to allow you to opt-out by simply uploading a short video snippet of your face saying “I'm opting out” (or variations of the same in the language and tone of your choice).

  • So no "opting out". Unless you opt in with informed consent, they cannot have your face. And you can withdraw consent again.

    • by cusco ( 717999 )

      Unfortunately for 'opt in' to be the rule you'd have to include the political parties and all their associated spammers and mass mailers, so it's not likely to happen.

  • Opt-Out (Score:3, Insightful)

    by Anonymous Coward on Saturday November 02, 2024 @01:54PM (#64914901)

    Yes, you should opt-out. But not by sending a selfie, but by sending a GDPR request. How they manage to remove your images without a selfie is their problem, they weren't allowed to collect it first place.

  • To the suspicious it might look as though the offer to "send your ID to be removed" is actually "send your ID under the guise of being removed to help us increase our data quality and thus the value of our offering"

  • Wow, that is creepy. Here's a stalk of the CEO:

    https://pimeyes.com/en/results... [pimeyes.com]

  • With dick picks
  • by SvnLyrBrto ( 62138 ) on Saturday November 02, 2024 @08:07PM (#64915367)

    Would this "Hand over more PII about yourself before we delete the PII we're legally obligated to delete upon request." bullshit pass muster with either or both? Seems like a fine opportunity for a mass campaign of opt-out and deletion orders; with a special helping of hell-to-pay if there are any minors in their database.

  • If anyone up top is reading this: What's with the recent trend of Slashdot editors using they/them pronouns for people who clearly identify with he/him or she/her? For example, in the summary here:

    So to find and delete themselves from "the PimEyes searchable Rolodex of faces," they "recently handed over a selfie and a digital copy of my driver's license to a company I don't trust."

    It seems like lazy writing not to respect the author's chosen pronouns, which are made clear by reading his Washington Post bio [washingtonpost.com]. It only takes a moment to use the correct language and not lazily use indeterminate pronouns.

    Or, is this the /. editors' subtle way of making a political statement?

Hackers are just a migratory lifeform with a tropism for computers.

Working...