For $29.99 a month, a website called PimEyes offers a potentially dangerous superpower from the world of science fiction: the ability to search for a face, finding obscure photos that would otherwise have been as safe as the proverbial needle in the vast digital haystack of the internet.
A search takes mere seconds. You upload a photo of a face, check a box agreeing to the terms of service and then get a grid of photos of faces deemed similar, with links to where they appear on the internet. The New York Times used PimEyes on the faces of a dozen Times journalists, with their consent, to test its powers.
PimEyes found photos of every person, some that the journalists had never seen before, even when they were wearing sunglasses or a mask, or their face was turned away from the camera, in the image used to conduct the search.
This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.
If that sounds familiar, it’s because it’s almost exactly the scenario that got Mark Zuckerberg dragged in front of the US Congress. The parallel was not lost on Google, and the company chose not to disclose the data leak, the Wall Street Journal revealed Monday, in order to avoid the public relations headache and potential regulatory enforcement.
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
Shortly after the story was published, Google announced that it will shut down consumer access to Google+ and improve privacy protections for third-party applications.