A new report by the New York Times takes the subscription-based face search engine PimEyes for a test run, and comes back with worrying results for personal privacy. A test conducted on a number of the paper’s reporters unearthed a surprisingly accurate collection of results including decades-old pictures, pictures in which the subject’s face was obscured, and even pictures in which they were in the midst of a blurry crowd.
PimEyes claims neutrality and that it is merely a “tool provider,” but the company’s business model raises questions. It offers “premium subscriptions” that run from $90 to $300 per month in price, which allow for requests that particular photos be excluded from the search results made available to all of the platform’s other users.
“Creepy” face search engine instantly unearths photographic histories
Face search engines that trawl the internet are not a new concept, but this apparent level of accuracy (backed by an advanced AI algorithm) has not previously been made available to the general public. The obvious comparison to PimEyes is the much-publicized (and much-maligned) Clearview AI, but that firm at least restricts its access to law enforcement agencies. The only barrier to PimEyes access is a $29.99 per month subscription fee.
NYT reporters tested the face search engine on themselves and came up with pictures on the internet dating as far back as 10 years, including those in which the face was partially obscured. Masks, sunglasses and even partially turning away from the camera does not appear to be a reliable way to hide from PimEyes. Other photos picked individuals out of groups of people at concerts, in airports and at weddings.
One of the few major restrictions the face search engine imposes on these results is that it does not return photos from social media sites such as Facebook and Instagram, possibly due to the same sort of issues that Clearview AI ran into in violating various terms of service while scraping user profiles. It does, however, trawl pornography sites, and the reporters found it sometimes comes up with false positives from them as well.
One woman who suffered from PimEyes locating her old explicit photos spoke publicly to CNN about what kind of damage the face search engine is capable of doing. Cher Scarlett, a software engineer, had done an explicit photo shoot in 2005 under a different name that she thought was buried and forgotten. PimEyes matched the old photos to her from one of the (apparently numerous) pornography sites it trawls, however. She had not previously believed that any websites were still displaying the images.
Face search engine courts regulation
PimEyes owner Giorgi Gobronidze pitches the face search engine as a “tool for good” meant for people to search for their own images to protect their reputation. The site’s terms of service requests that users only search for themselves or for parties who have given consent, but does not check or enforce this in any way. PimEyes does remove specific pictures from its results upon user request, but initially it appears that the site is railroading the user into a “PROtect plan” (which costs anywhere from $89.99 to $299.99) per month to unlock the ability. A free image removal request form https://pimeyes.com/en/submit-delete-request is available, but is not advertised on the main landing page and requires exploring the privacy policy to find. There is also an opt-out request form that is free but requires the user to furnish a picture of themselves, a practice that Clearview AI also ran into some trouble with. Scarlett reported in an April Medium post that the opt-out request had not worked for her, and a follow-up search by the NYT revealed that the explicit photos were still there.
Gobronidze says that the face search engine blocks abusive users, such as those that perform an “excessive” amount of searches (he cited 1,000 searches per day as an example). He also said that the site is not taking customers from Russia due to the invasion of Ukraine. But the site is already under some amount of legal scrutiny, with the German data protection regulator initiating an investigation into it a year ago over potential abuses of the General Data Protection Regulation (PimEyes first went online in 2017).
NYT reporters tested the face #searchengine on themselves and came up with pictures on the internet dating as far back as 10 years, including those in which the face was partially obscured. #privacy #respectdataClick to PostThe controversial face search engine will likely prove difficult to regulate given that it is headquartered in Gobronidze’s native Georgia, structured as an arm of a corporation registered in Dubai. Though there may be little in the way of legal mechanisms to force the company’s hand in the near term, John Gunn (CEO of Token) believes that the company will need to adopt some sort of identification system for customers and better screening processes or it may find itself banned from one country after another (as Clearview AI has been): “It is utterly disingenuous for PIM Eyes to claim they are doing their best to limit searches to only the individual requesting the search. They could simply require users to submit their driver’s license, passport, or other photo ID, verify this with a digital identity assurance provider such as Mitek or Jumio, and then use their own technology to limit the search. If banks can lend thousands of dollars on just a photo ID, PIM Eyes can easily adopt this inexpensive technology too. Their current approach is begging for government intervention and regulation.”
