哈佛学生利用 Meta 的智能眼镜和人工智能从人们的照片中获取私人信息。你能做些什么?
【中美创新时报2024 年 10 月7 日编译讯】(记者温友平编译)一对哈佛本科生想出了一种令人不安的侵犯人们隐私的新方法:一种人工智能工具,只需给陌生人拍照就可以泄露他们的姓名、地址和其他敏感信息。《波士顿环球报》记者Hiawatha Bray对此作了下述报道。
通过将人工智能与智能眼镜和常用的在线数据库相结合,哈佛大学三年级学生 AnhPhu Nguyen 和 Caine Ardayfio 开发了一种名为 I-XRAY 的快速简便工具,该工具可能允许执法人员、网络罪犯或酒吧里的一个人通过捕捉面部图像在短短一分钟内获取任何人的重要信息。
“理论上,你可以在街上识别任何人,”主修人类增强技术的工程专业学生 Nguyen 说。“这是一个巨大的安全问题。”
这也提醒我们,人工智能的兴起可能使现有的隐私威胁更具挑战性。现在,面部识别系统不需要搜索现有的人脸数据库,例如驾照照片。它可以在互联网上搜索与你的照片相匹配的图片,然后分析网站上的文字来找出你的名字。一旦它得到了你的名字,政府或犯罪分子就可以使用商业数据库或暗网上被盗的数据来找出你的几乎所有其他信息。
I-XRAY 可与 Meta 的 Ray-Ban 智能眼镜配合使用,该眼镜的镜框内嵌有摄像头,但也可以与智能手机摄像头配合使用。佩戴眼镜的人可以点击镜框拍摄某人的照片,照片会传输到用户在 Instagram 上的帐户,Instagram 是 Meta 旗下的在线服务。
Nguyen 和 Ardayfio 开发了一款软件,可以从 Instagram 帐户复制面部照片,并将图像发送到 PimEyes,PimEyes 是一家总部位于东欧国家格鲁吉亚的在线服务公司。PimEyes 不会识别任何人的照片。相反,它使用人工智能引擎在互联网上搜索与面部相匹配的图像,并提供托管这些图片的网址列表。
哈佛大学的两位教授开发了一款人工智能软件,可以访问 PimEyes 找到的所有互联网地址,并分析页面上的文本,以确定照片中人物的身份。这就是事情变得可怕的地方。
想象一下,Ardayfio 拍摄了我的照片。作为一名记者,我的照片出现在几十个网页上,旁边还有“Hiawatha Bray”和“Boston Globe”的字样。由于这些字样与我的照片出现在同一个页面上,因此人工智能系统会很快找出我是谁。
现在它知道了,I-XRAY 会自动将我的名字提交给 FastPeopleSearch,这是一个将名字与地址和电话号码联系起来的商业网站。免费帐户每月最多允许 100 次这样的搜索,付费版本每月允许数千次搜索,每次收费 10 美分。
我手动将我的名字输入 Fast People Search,它说从未听说过我。但我的宽慰是短暂的。当我尝试使用另一个名为 Spokeo 的数据代理时,它回复了我当前和以前的街道地址、电子邮件地址和电话号码。唉,甚至我的年龄。因此,只要对 I-XRAY 进行一点小调整,我的生活就可以变得一目了然。
最后,I-XRAY 可以将用户最近的电话号码输入 Cloaked,该网站可以告知您的个人数据是否已被黑客或数据经纪人窃取。当我手动将自己的姓名提交给 Cloaked 时,它显示了我的社会安全号码的第一位和最后一位数字,表明一些网络犯罪分子已经成功窃取了我的姓名。Cloaked 还列出了我住址的前两位数字、我母亲的名字、我的一个兄弟的名字以及几个侄女的名字。
Nguyen 和 Ardayfio 表示,从拍照开始,I-XRAY 将在大约 90 秒内提供所有这些信息。
令人高兴的是,这两名学生无意与世界分享他们的软件。他们开发这个软件是为了展示获取敏感信息是多么容易。
没有联邦法律禁止使用面部识别系统。但包括马萨诸塞州在内的许多州都有严格的规定限制政府使用此类系统。包括波士顿和剑桥在内的马萨诸塞州一些城市已经禁止政府使用该系统。
但只有伊利诺伊州等少数几个司法管辖区的法律禁止个人或企业在未经当事人许可的情况下使用面部识别系统。
大型科技公司可能不会推出这样的系统。微软和亚马逊在试图向警察局出售面部识别系统时遭到了强烈反对,迫使两家公司放弃了这个想法。但没有什么可以阻止网络犯罪分子开发他们自己的 I-XRAY 版本。
“坏人已经意识到他们可以这样做,”物理学专业的 Ardayfio 说。
并且可以对系统进行调整以一次捕获多个面部。 Ardayfio 和 Nguyen 表示,由于所有繁重的计算工作都是由云端的强大服务器完成的,因此设计一个可以拍摄人群然后查找每个人的数据的版本将很容易。想象一下,一个警察局在抗议集会上拍摄人们的照片,并能在几分钟内找到所有人的名字。
哈佛肯尼迪学院研究员、多本数据安全书籍的作者 Bruce Schneier 表示,I-XRAY 的功能并不令人震惊。
“这是我们为互联网构建的技术的完全合理使用,”Schneier 说。“这并不奇怪。而你对此无能为力这一事实也不足为奇。”
但 Nguyen 和 Ardayfio 表示,这并非完全没有希望。你无法阻止人们使用人工智能识别你的脸。但我们可以让我们的敏感数据更难在网上找到。
I-XRAY 的发明者建议人们联系主要的在线数据经纪人和面部图像搜索公司,并要求从他们的数据库中删除信息。PimEyes 和 FastPeopleSearch 表示,他们会根据要求删除用户信息,还有许多公司,包括 Cloaked.com 和 DeleteMe,提供从多个数据经纪人那里删除信息的服务。
但并不能保证所有数据库运营商都会如此通融。尽管 I-XRAY 的工作原理是秘密的,但这两位哈佛大学研究人员表示,有人开发开源版本并将其公之于众只是时间问题。
“真相有时很伤人,”Nguyen 说,“我们必须让大家知道这个消息。”
题图:AnhPhu Nguyen(左)和 Caine Ardayfio(右)是两名哈佛学生,他们在 Meta Ray-Ban 智能眼镜中添加了软件,可以进行面部识别并查找相机范围内任何人的数据。Jonathan Wiggs/Globe Staff
附原英文报道:
Harvard students used Meta’s smart glasses and AI to get private info from people’s photos. What can you do about it?
By Hiawatha Bray Globe Staff,Updated October 4, 2024
AnhPhu Nguyen (left) and Caine Ardayfio (right) are two Harvard students who have added software to Meta Ray-Ban smart glasses that can do facial recognition and look up data about anyone in camera range.Jonathan Wiggs/Globe Staff
A pair of Harvard undergraduates have come up with a disturbing new way to invade people’s privacy: an artificial intelligence tool that can reveal a stranger’s name, address, and other sensitive information just by taking a picture of them.
By combining AI with smart eyeglasses and commonly used online databases, Harvard juniors AnhPhu Nguyen and Caine Ardayfio developed a fast, simple tool called I-XRAY that could potentially allow law enforcement agents, cyber criminals, or just a guy at the bar to obtain anybody’s vital information in just over a minute by capturing an image of their face.
“You could just theoretically identify anybody on the street,” said Nguyen, an engineering student majoring in human augmentation. “It’s a huge security issue.”
It’s also a reminder that the rise of AI can make existing privacy threats even more challenging. Now, a facial recognition system doesn’t need to search a pre-existing database of people’s faces, such as driver’s license photos. It can instead scour the internet for pictures that match your photograph, then analyze the text on the website to figure out your name. And once it’s got your name, a government or a criminal can use commercial databases or stolen data on the dark web to find out nearly everything else about you.
I-XRAY works with Meta’s Ray-Ban smart glasses, which have cameras embedded in the frame, although it could also be made to work with a smartphone camera. A person wearing the glasses can tap the frame to take someone’s photo, which is transmitted to the user’s account on Instagram, an online service owned by Meta.
Nguyen and Ardayfio created software that copies facial photos from the Instagram account and sends the images to PimEyes, an online service based in the eastern European nation of Georgia. PimEyes doesn’t identify anybody’s photos. Instead, it uses an AI engine to scour the Internet for images that match the face, and provides a list of web addresses that host the pictures.
The Harvard duo built AI software that visits all the internet addresses found by PimEyes and analyzes the text on the pages to figure out the identity of the person in the picture. This is where it could get scary.
Imagine that Ardayfio shot my photo. As a journalist, my image pops up on dozens of web pages, along with the words “Hiawatha Bray” and “Boston Globe.” Because those words appear on the same page as my photo, the AI system will quickly figure out who I am.
And now that it knows, I-XRAY automatically submits my name to FastPeopleSearch, a commercial website that links names to addresses and phone numbers. A free account allows up to 100 such searches a month, and the paid version allows thousands of monthly searches for a dime apiece.
I manually entered my name into Fast People Search, which said it never heard of me. But my relief was short-lived. When I tried a different data broker called Spokeo, it replied with my current and previous street addresses, email addresses, and phone numbers. Even, alas, my age. So with a small tweak to I-XRAY, my life could become an open book.
In a final flourish, I-XRAY can plug a person’s most recent phone number into Cloaked, a site that tells whether your personal data has been compromised by hackers or data brokers. When I manually submitted my name to Cloaked, it displayed the first and last digits of my Social Security number, indicating that some cyber criminal has managed to swipe it. Cloaked also listed the first two digits of my address, the name of my mother, one of my brothers, and a couple of nieces.
Nguyen and Ardayfio say that I-XRAY will deliver all this information in about 90 seconds from the time the photo is shot.
Happily, the two students have no intention of sharing their software with the world. They developed it as a demonstration of how easy it could be to obtain sensitive information.
There’s no federal law barring the use of facial recognition systems. But a number of states, including Massachusetts, have strict regulations limiting government use of such systems. Some Massachusetts cities, including Boston and Cambridge, have banned its use by government.
But only a few jurisdictions, like Illinois, have laws that forbid individuals or businesses to use facial recognition systems without the subject’s permission.
Big tech corporations probably won’t launch such a system. Microsoft and Amazon faced a massive backlash when they sought to sell facial recognition systems to police departments, forcing both companies to back away from the idea. But there’s nothing to stop a cyber criminal from developing their own version of I-XRAY.
“The bad actors are already aware they can do this,” said Ardayfio, a physics major.
And the system could be tweaked to capture more than one face at a time. Because all the heavy computing is done by powerful servers in the cloud, Ardayfio and Nguyen said, it would be easy to design a version which could photograph a crowd of people, then look up the data for each one of them. Imagine a police department shooting a photo of people at a protest rally, and being able to find all their names in just a few minutes.
Bruce Schneier, a fellow at the Harvard Kennedy School and the author of multiple books on data security, said I-XRAY’s capabilities shouldn’t come as a shock.
“This is a perfectly reasonable use of the technologies we’ve built for the internet,” Schneier said. “It is unsurprising. And the fact that you can’t do anything about it is unsurprising.”
But Nguyen and Ardayfio say it’s not completely hopeless. You can’t prevent people using AI to recognize your face. But we can make it harder to find our sensitive data online.
The inventors of I-XRAY recommend that people reach out to the major online data brokers and facial image search companies, and ask to be deleted from their databases. PimEyes and FastPeopleSearch say they’ll remove people on request, and there are a number of companies, including Cloaked.com and DeleteMe, that sell services that remove your information from multiple data brokers.
But there’s no guarantee that all database operators will be so accommodating. And even though the workings of I-XRAY are secret, the Harvard pair say it’s just a matter of time before someone develops an open-source version and turns it loose on the world.
“The truth hurts sometimes,” said Nguyen, “and we just have to make the message known.”