reCAPTCHA
"The attack can also work for recovering text or handwriting that's been obfuscated"
So 'reCAPTCHA' and its friends are borked?
Hmm the rise of the bots posting for us
:(
Pixellating images turns out to be a dodgy way of obfuscating identities, say researchers from the University of Texas and Cornell Tech who reckon computers can be trained to identify the “protected” people. There's an "if" here, namely that pixellation can be popped if an "attacker” has a set of clear shots to practice on. If …
just replace the faces that were going to be pixellated with those of the latest celeb wannabe.
After all they seem to want to do anything they can to get their mugshots in the media so why not help them along the way. A win-win solution I'd say.
The pixelators will also have to start removing/editing all their Tattoo's as well. They are also a dead (Sic) give away.
From the skin on show this summer those of us who don't have any artwork will soon be an endangered breed.
"There's an "if" here, namely that pixellation can be popped if an "attacker” has a set of clear shots to practice on. If they do, and the AI has access to to those shots, forget about facial blocking as an anonymity mechanism."
Which means this is a "learning" system that compares sets of data. A very clever implementation, but still not AI, at least not above the "trained monkey" level.
Perhaps against a number plate recognition algorithm, however against a car recognition algorithm less likely to be immune. First consider the dataset, as in how many of your car (same make, body shape and colour) were produced - except for the most popular car this number will be surprisingly low. Then consider any after market modifications, such as hanging ornaments (or their absence), stickers or even the odd scrape, some of which would require a relatively high resolution image, and your car is not as generic as you might think it is and therefore it should be relatively unique.
So... you headswap in photoshop, then pixelate.
If done well, it'd be virtually impossible to tell it had been photoshopped at all and the AI will conveniently finger your chosen fall guy for whatever crime the image depicts.
Frame your enemies today with the technology of the future!
"We do not even need to understand..."
Stupid.
Have a look at Google Deep Dream, and review the available videos that explain what's going on.
The conclusion is obvious.
With a suitable Neural Net debugging / emulating / visualization development environment, based on the blatantly obvious concepts exposed by Deep Dream, it would be perfectly practical for a more rigorous engineering review and modeling of any given neural network.
The pathetic and lame approach of skipping the engineering design review are now over. Mindlessly claiming joyful ignorance of the network weightings, the meanings of each node, their connections, and the true scope and coverage of the solution space, is hereby unacceptable for any serious application.
You never know until it's too late if your system can distinguish clear sky from white truck.
It's time to call B.S. on the willful ignorance of Neural Network programming.
"The pixelation destroys fundamental information from the image. Even knowing the algorithm used to perform pixelation will not allow full recovery or even ensure significant recovery."
Indeed. The only thing proved by recovering a pixelated image is that it wasn't pixelated enough in the first place. I suppose it's vaguely interesting if a computer can identify an image that's messed up enough that a human can't, but since we're dealing with a process that destroys information it's utterly trivial to do so in a way that guarantees nothing can ever recover enough information to identify anything.
"The only difficult part, in dealing with photos, is that the attacker would need to trawl social media for a “set of possible faces that may appear in a given photo”."
Not very good. Try developing an AI to reveal whats behind your frosted glass windows. Throw in night vision and infrared camera's to get a 24x7 video feed, but you do need HD cams or better. Training is simple if you think about it.