Facebook wants to be able to ‘fingerprint’ a single image to any one of its 1.5B users

by Gannon Burgett

posted Friday, September 18, 2015 at 12:45 PM EDT

In the age of the internet and always-connected devices true privacy (and anonymity) is becoming harder and harder to come by. Thankfully, more often than not, there are means by which we can protect our privacy and adhere to anonymity through the removal of data; particularly geolocation and other information integrated into the metadata of many of the photos we take.

But, those days might be gone — or, at the very least, more difficult to come by — if a new patent from Facebook comes to fruition.

According to Patent Publication US 20150124107, Facebook is working on a system that will create a fingerprint of sorts for individual photographs and cameras by analyzing the characteristics of the images that care captured using it.

In the text of the patent, Facebook explains that faulty pixels, lens scratches, other ‘camera artifacts’ and metadata within the image would be used to associate Facebook users with particular images. The patent claims these associations would be inferred, a word that insinuates a slight disconnect between the camera and the user.

However, just a sentence later, Facebook says these inferred connections could be used as a means of ‘identifying multiple user accounts created by the same user, detecting fraudulent accounts, and determining affinity between users.’

The wording of the patent, especially in the abstract, comes across as very beneficial to the end user. In the last paragraph of the abstract the patent says, ‘these associations are used beneficially for the social networking system, for example, for recommending potential connections to a user, recommending events and groups to users’.

But, as innocent as the literature makes it sound, the implications of this could be far more serious than lead to believe. As things currently stand, we can choose to not include metadata in images, or at the very least remove it afterward without much hassle.

This ‘fingerprinting’ of cameras bypasses this ability by relying on the physical attributes of individual camera sensors; physical attributes the general public is likely unaware of. Diving even further into the text of the patent (particularly the first paragraph of the ‘Detailed Description’ section), Facebook explains just how detailed the analysis of ‘camera artifacts’ is:

Other pixel attributes that can characterize specific cameras include light sensitivity (or lack thereof) for each color, minimum/maximum values for each color, and bleed of bright colored pixels to other pixels. The images can also be analyzed by matching the subject matter of the photograph, such as the person being photographed. Lens artifacts may not be on the image sensor but in the image optical path. Indicated by the zoom level, the affected pixels where the lens scratch will appear may change.

Further down in the text, Facebook explains that even the file-naming architecture of particular cameras could be used to make connections:

[…] for example, a camera can use a monotonically increasing alphanumeric string for automatically naming consecutively captured images. Therefore, if the names of the images form an alphanumeric sequence that is monotonically increasing, an image file that has a name belonging to the sequence is likely to be taken from the same camera.

Once every ounce of data is captured and analyzed from an image, it’s then given a ‘confidence score’ that determines just how likely it is that a particular image came from a particular camera (and, therefore, a particular user).

At some level, the idea of such a system shouldn’t come at a surprise. However, when it’s a social networking company that has 1.5 billion active users (over 20% of the world’s population) and relies almost purely on handing over your information for revenue, it’s slightly alarming.

Of course, there’s the possibility that someone could develop a means to affect the image before uploading it that could alter the data just enough to skew the reading of ‘camera artifacts’. But the reality is there is so much intricate information to work with that it would take multiple steps and possibly even the visual distortion of an image to obscure it enough.

It’s also important to realize this information could easily be developed by anyone else and it would still have the same result in terms of being able to analyze and interpret the data. The problem – if you see it in that light – with Facebook being the creator of this technology is that it has what is essentially the largest census ever created. With no users, the ability to match images to a particular camera isn’t nearly as invasive.

But when it’s possible to connect a single image posted anywhere on the site — including its auto-upload feature of all images on your smartphone — to a single user, the invasion of privacy is taken to an entirely new level.

All of that said, it’s not time to put on your tin hats. Yet. First off, this is purely a patent publication; this in no way states the patent has been approved. Second off, there could be many positive and beneficial outcomes to being able to connect a single image with an individual. But, if we’re to take anything away from Murphy’s Law and history, it’s highly unlikely the pros will outweigh the cons of a program in the hands of Facebook that could systematically ‘fingerprint’ every image ever uploaded to its servers, which obtains 300 million photos and 500 terabytes worth of data every day.