The prevalence of effective facial recognition technologies emerging today presents a significant challenge to personal privacy. As Clearview.ai has shown, anyone can scan the Internet for data and train highly accurate facial recognition models of people without their knowledge. The same models can then be used to identify those people in other photographs in the future. A number of US states and European governments even recommend banning facial recognition devices in public spaces. The researchers add that "Opportunities for misuse of this technology are numerous and potentially disastrous. Anywhere we go, we can be identified at any time through street cameras, video doorbells, security cameras, and personal cellphones. Stalkers can find out our identity and social media profiles with a single snap-shot. Stores can associate our precise in-store shopping behavior with online ads and browsing profiles. Identity thieves can easily identify (and perhaps gain access to) our personal accounts"

The Fawkes system, proposed by a group of researchers from the University of Chicago, would be able to help individuals protect their photographs against unauthorized facial recognition models. Fawkes does this by introducing a cloak of pixel-level changes that are imperceptible to the human eye, but fools the face recognition AI models into believing that there are no faces in the processed image.

The system calculates precisely how to manipulate the pixels such that the AI-detected features deviate as much as possible from the real features that define someone's face, while still maintaining the exact same appearance to the human eye.

Fawkes is also capable of taking a target face image and add specific perturbations to your image in a way that your image is misidentified as the target face by facial recognition models. Fawkes offers high levels of safety against facial recognition models during tests, the team said, no matter how the models are trained. Even in cases where 'secure' photographs have already been made available to image scrapers, the manipulation of an image using Fawkes results in at least an 80 percent misidentification rate.

The user will, however, have to be vigilant to ensure that no uncloaked photos are posted publicly and connected to their identity. Some photos posted by friends and labeled with her name will provide a tracker model with uncloaked training data. Fortunately, a user on most photo-sharing sites can proactively "untag" themselves.