What is facial recognition?

What is facial recognition?

Facebook recently announced it would give up on its facial recognition system. Facebook, or Meta, was using software to automatically identify people in images posted to its social network. Since facial recognition has become an increasingly toxic concept in many circles and Facebook was having enough to deal with as it is, it shut the “feature“ down.  But that doesn’t mean that the technology no longer exists, or even that it isn’t used anymore.

Let’s establish first what we consider facial recognition to be.

By definition: A facial recognition system is a technology capable of matching a human face from a digital image or a video frame against a database of faces, typically employed to identify and/or authenticate users.

In layman’s terms, facial recognition is technology to recognize a human face.

How does facial recognition work?

There are different systems and algorithms that can perform facial recognition, but at the basic level they all function the same—they use biometrics to map facial features from a photograph or video. The image is captured and reduced to a set of numbers that describes the face that needs to be identified. The software analyses the shape of the face by taking certain measurements that, all put together, provide a unique characteristic for the face. The shape of the face is reduced to a mathematical formula, and the numerical code of that formula is called a “faceprint.” Such a faceprint can be quickly compared to those stored in a database in order to identify the person.

You can compare this to a person leafing through an enormous book of portraits to find a suspect. Only much faster because now it’s a computer comparing sets of numbers.

How is facial recognition used?

The most well-known example of facial recognition is the one that can be used to unlock your phone or similar. In those cases, your face is compared to the ones that are authorized to use the phone.

Another convenient method of facial recognition can be found in some major airports around the world. An increasing number of travelers hold a biometric passport, which allows them to skip the long lines and walk through an automated ePassport control to reach their gate faster. This type of facial recognition not only reduces waiting times but also allows airports to improve security.

A lot less consensual is the fact that in some countries mobile and/or CCTV facial recognition is used to identify any person, by immediately comparing an image against one or more face recognition databases. In total, there are well over 100 countries today that are either using or have approved the use of facial recognition technology for surveillance purposes. This has brought up a lot of questions about our privacy.

What is bad about facial recognition?

As we can see from the above, facial recognition is not always bad. And it can be used to improve our personal and public security. It becomes a privacy issue when the consensus from the person in the database is missing. People, especially in large cities, have become used to being monitored a lot of the time that they spend outside. But when facial recognition adds the extra layer of tracking, or the possibility to do so, it becomes worrying.

China, for example, is already a place deeply wedded to multiple tracking/surveillance systems. According to estimates, there are well over 400 million CCTV cameras in the country, and they do not shy away from using facial recognition in public shaming to crack down on people that are jaywalking and other minor traffic offenders.

It’s because of the privacy implications that some tech giants have backed away from the technology, or halted their development. Many groups like American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) have made objections against facial recognition technology as it is considered a breach of privacy to use biometrics to track and identify individuals without their consent. Many feel that there is already more than enough technology out there that keeps track of our behavior, preferences, and movement.

Can I use facial recognition to find someone?

For an individual to identify another individual would require access to a large database or an enormous amount of luck. As we explained, the faceprints are compared with those in a database. And that database has to contain a pretty large subset of the population you are looking in.

But there are other ways to identify an individual if he is nowhere to be found in the database. A picture can be compared to one that is openly posted on social media. Some organizations have built quite the databases just from harvesting pictures from social media. And you might be amazed about what a reverse image search could bring up. In essence, your chance of success finding a person based on a picture depends on how sophisticated your search algorithm is and how many pictures of your subject can be found on the Internet.

The other way around, if you do not want to be found, make sure that you don’t post your pictures everywhere, and when you do, make sure they are not publicly accessible. And stay out of the databases.

If you are interested in the subject of facial recognition, you may also want to listen to S1Ep6 of the Malwarebytes podcast Lock and Code where we talk with Chris Boyd about “Recognizing facial recognition’s flaws


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.