AVG Invisibility Glasses and other slick tactical tricks to fool face recognition

AVG Innovation Labs created a prototype pair of “invisibility glasses” that protect privacy by making it “difficult for cameras or other facial recognition technologies to get a clear view of your identity.” In essence, the glasses use infrared LEDs around the eyes and nose to make it difficult for facial recognition programs to recognize a face. AVG’s prototype glasses were revealed at Mobile World Congress.

While it’s not yet a sexy look, it might be after some more design tweaking. For those of you who love privacy and recognize that type of LED manipulation to trick face detection, then ding, ding, ding, you’re a winner and you move on to the bonus round!

Back in 2012, the National Institute of Informatics proposed a Privacy Visor (pdf) “for protecting photographed subjects from the invasion of privacy caused by photographs taken in secret and unintentional capture in camera images.”

This is something that AVG Innovation Labs acknowledged before pointing out that such methods can break face recognition, but “many cellphone camera sensors have an IR filter strong enough to cut off any wavelengths beyond the visible spectrum.”

Another similar approach, also in 2012, happened after the Trapwire surveillance scandal, when the hacktivist collective Anonymous released how-to instructions for fooling facial recognition. In the video, around the 1:24 mark, instructions are given for adding LED lights to a baseball cap, powered by a 9-volt battery, to “create a device that renders yourself invisible,” stated the Anonymous voice in the video. “It guarantees complete anonymity to cameras while appearing perfectly normal to the rest of the world.”

Before we get back to AVG’s “invisibility glasses,” let’s look at several other “fashionable” tactics to fool facial recognition technology.

Adam Harvey, an artist who found ways to beat surveillance technologies in 2010, came out with CV Dazzle. In the example below, the faces with red squares around them were identifiable by facial recognition software.

Yet the same camouflage that thwarts face detection also attracts more attention from people as they stop and stare. Computers can also be confused by “a spike of hair” so long as “it covered the area where the eyes, forehead and nose come together;” that’s where computer-vision software often looks “and will not detect a face without it.”

Most folks probably opt for wearing hoodies when they would like to obscure their likeness from security cameras, but if it’s hot outside then that will likely get you reported as “suspicious.” You could choose to wear a ski mask, but if it’s not winter then someone would probably call the cops thinking you plan to rob a bank or are a masked member of ISIS. Wearing a mask, such as the Guy Fawkes mask embraced by Anonymous, can be illegal and get you thrown in jail in states that have an anti-mask law.

Some folks believe wearing a hat and big sunglasses can trick facial recognition, but that’s mostly a myth as pointed out by Joshua Marpet at Def Con 18 when he presented “Facial Recognition: Facts, Fiction, and Fsck-ups” (video). Also at the European Signal Processing Conference in 2010, EURECOM researchers presented a paper (pdf) about improving face recognition by the system recognizing when a face is occluded, such as with a scarf or sunglasses. Systems can recognize and remove the occluded objects before analyzing the rest of the face.

After the detection and removal of occlusions, there is missing information in the face. In 2014, another paper explored restoring the missing pieces via a 3D image for face recognition; “a restoration method then eliminates occlusion and renders a restored facial image. It exploits the information provided by the non-occluded part of the face to recover the original face. Restored faces are then applied to a suitable face recognition system. The proposed system will provide better accuracy to eliminate the occlusion and restored facial information method is independent of the face recognition method.”

An anti-surveillance step forward, then a step back; it’s like a surveillance society dance. There’s even anti-drone Stealth Wear fashion and RealFace Glamouflage clothing; the latter are t-shirts that are plastered with famous people’s faces on them, so face detection and auto-tagging systems like on Facebook’s will focus on those faces and not yours.

Back to AVG, it was the first to attempt “a hybrid technique of combining infrared with retro-reflective materials in a single wearable.” They pointed out that a “drawback” to a retro-reflective approach is that “it only works with flash photography as otherwise, not enough light will be sent back to distort the camera sensor. Secondly, a camera with higher dynamic range can be used to minimize the darkening of the subject.”

Don’t expect to be able to buy a pair of AVG’s proof-of-concept Invisibility Glasses. The company said, “Rather than designing a product for market release, tech experts are investigating how technology can adapt to combat the daily erosion of our privacy in the digital age.”

If all else fails, there’s also the no-tech approach of walking around with a huge smile, as that theoretically makes face recognition more challenging…as in no smiling in passport photos or in driver’s license photos due to REAL ID. Of course that won’t stop face recognition, but a huge smile annoys your enemies and makes them wonder what you are up to.