Beware the RoseBeware the Rose
They're watching you and they know who you are. Ain't that grand?
June 18, 2007
4:20 PM -- I've been following security on the Web for a long time, and I've reached the point where most the new stuff doesn't freak me out. Heck, a lot of it is just plain annoying.
But there's a new Web service out there, Polar Rose, and it both interests me and freaks me out. In fact, my initial reaction is that maybe there ought to be a law against it.
On the one hand, it's nothing fancy. It's facial recognition. But then again, it's better than average facial recognition -- and it's been turned loose on all the pictures on the Web. In its launch announcement, Polar Rose promises that the new service will allow users to:
Search for more photos of the same person on specific sites or across the whole Internet
Collectively add information and tag people in online photos
Automatically sort online photos by the people appearing in them
Be alerted when new photos matching visual search criteria appear
There are a bunch of other capabilities, too, but I'm particularly concerned about points two and four.
Not to sound paranoid, but here's a handy way to unite all your enemies on the Web. You're at a wedding, say, and pictures are made. There you are, seated at the table with friends of the groom, and it's been posted on Mark and Melissa's "Now We're Together" blog site. With Polar Rose, people who want to monitor you will now get a heads up.
Now, I don't care if anyone knows that I was at Mark and Melissa's wedding. But it's the start of a portfolio of information about me and my friends that's automatically updated. You don't really need a paranoid like me to spin a few scarier scenarios here, do you?
Here's a weird twist. There's a new feature on Google Maps called Street View. It's only available in a few cities, but it's a concept I've always thought somebody should realize -- the ability to move through a series of sewn-together photos of the actual streets. It's great stuff if you're headed somewhere unfamiliar, and you want to know what a tricky intersection actually looks like.
Right now, the pictures in Street View are pretty blurry -- just enough detail to give you an idea what stuff looks like. But the pictures are made on normal days, presumably from a car as it drives along, and there are plenty of real people in these pictures, most of them unaware that they're being photographed.
I'm sure the blurriness is intentional (and a good thing, I'd say). But imagine a less blurry version of this, coupled with Polar Rose. See that girl walking along Fifth Avenue there? Well, just maybe Polar Rose gives me her name and shows me 15 other photos -- photos that show her to be a regular at a dance club downtown, and tends to be there Thursday nights.
Just maybe, Polar Rose becomes the stalker tool from hell.
Polar Rose, which isn't actually in public beta yet, has enough sense to know there are some privacy issues to worry about here. From the company's blog:
We’ll end up finding photos that the published never really thought of as being public. The trick, however, is not to turn off the technology -- just like Altavista or any of the subsequent search engines weren’t shut down or otherwise censored. The challenge is to facilitate a way to make sure that photos that shouldn’t be in our database, aren’t. This can be by restricting access or by telling us not to pick them up.
Polar Rose doesn't say, mind you, that it will let you opt out from being identified in pictures that appear on other people's Websites. It just just says it won't pick up photos in certain circumstances (such as if you've put them off limits to Web crawlers using robots.txt).
I suspect some creepy stuff to come out of this.
— Robert Richardson only has a couple pictures on the Web -- one of them makes him look so green-skinned that he's worried Polar Rose will mistake him for Kermit the Frog (find it yourself, thank you). In other photos he appears as the director of the Computer Security Institute (CSI) . Special to Dark Reading.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
The Rise of Extended Detection & Response