How can Facebook verify my face if it should not have one?

Question

I do not use Facebook but recently I created an account for the purpose of connecting it to an app. I uploaded several photos of myself to Facebook, did what I needed with the app and deleted the photos.

The next day I tried to login to my Facebook account and saw this:

How can Facebook use my photo to check if the account belongs to me? They now should not have any of my photos, right? Does this mean they actually keep deleted content?

Answer 1

Facebook does not need to store the deleted photos. All they need to do is to use the photos you uploaded to extract the biometric details to be able to recognise your face. That data is what they use to verify new photos.

This is all outlined in their privacy and security settings. You can turn the feature to collect facial biometric data off.

Answer 2

To determine if the account is authentic, Facebook looks at whether the photo is unique. -Wired

They simply need to see if the photo is in the system to decide whether to investigate you further. If you upload a photo used by another user, you may be trying to create a fake account. Facebook also tries to determine the location where the photo was taken and whatever other information AI could gather. All that can be done without any prior photos or other data from you.

As for whether they have your photos, Facebook says they will delete them within 90 days if you delete them.

Facebook said the photos are hashed and then deleted from its servers.

If you do decide to upload your photo for the test, it will be hashed, but the actual photo will be deleted.

The process is automated, including identifying suspicious activity and checking the photo.

You seemed to think the process was not automated in a comment, but Facebook says it is.

Answer 3

Sorry, I have no tinfoil hat for you today.

System 1 saves your photos and leaves a check in box "Account is ready for face verification".

System 2 checks said box and puts your account on an internal list of accounts that have to be verified.

You delete your photos and system 1 unchecks box "Account is ready for face verification".

System 2 does not check box "Account is ready for face verification" again before your next login, because the case that an account has only few photos that are verifiable and deletes them shortly after is a rare case and now the process hangs.

In other words:

The computation for biometric features is only done, when needed - read: only then when the verification process is triggered. There are no more photos to extract the data from, and now the verification process can't go forward.

Answer 4

Speculation

Without detailed information, which Facebook probably wants to keep secret, I can only speculate about what information they could use.

Basically FB is looking to see if you are a human opening one personal account, according to their rules. They have to fight spam bots and spam farms, where farm indicates the fact that a single individual, part of an organization, may open and manage multiple accounts without necessarily using software automations.

They could acquire the picure along with:

• It's cryptographic hash, to make sure one doesn't download and send a picture already posted somewhere on FB
• A number of visual hashes (e.g. HSV indexes, wavelets) to perform the above check loosely and to avoid simple modifications of a downloaded picture
• EXIF metadata, including the serial number of the camera that took the picture

They could also acquire, and retain, a hash of the face recognition of the subject being portrayed. This one is clearly to avoid someone opening multiple accounts. Or just to compare the face features with existing users.

In my opinion, the idea behind this is to make it a hard time for someone to open several accounts. No system is perfect, so you might be able to open two, say three, accounts using the same individual, but you'll have to take different pictures every time.

The more the system is accurate, the lesser chances you'll have to open the second account. But that might not be the ultimate goal of FB. They want to fight those who run dozens of accounts.

Answer 5

2nd Kerckhoff's principle

This principle was conceived by a cryptographer for the cryptography field but applies to any securing process:

"It should not require secrecy, and it should not be a problem if it falls into enemy hands"

See: Kerckhoff's principle

I am not able to audit or proove a process which is kept secret. Hence there is no good reason to keep a securing process secret. The only 2 reasons I imagine to keep secret a securing process I would have conceived would be:

• my process is weak and if my enemy read it he will be able to break it,
• I don't trust my process strength and I prefer to avoid the risk of case one.

In both cases I should aknowledge that my process is risky, not audited, not prooven. My secret is just a lie, a lie to me and a lie to my users.

Personal analysis

Facebook writes:

"We use this photo to help us to check that this account belongs to you"

The truth is that if they don't have an evidence this picture is one taken of you as a physical person, they can't proove that this picture is an authentic one of you. They have a relation set between:

• a photo: P,
• a sending phone number, or a sending computer IP address: N,
• an account name: A.

Not any relation with the physical person (the physical person might for example take a nice picture of his neighbour or his daughter).

R1: Facebook can't proove that a picture is an authentic one of a physical person.

What could they check? They could check that photo P is not in any:

• database of photos signaled as used in identity theft and reported to Facebook, this search would take minutes,
• database of photos used to "identify" other Facebook accounts, this search would take hours.

All in all, they could detect quickly any attempt of identity theft "from you", if and only if the previous registered photos were authentic, which unfortunately they can't proove (no one can demonstrate that they have any robust process to proove authenticity of photo see R1).

Personal conclusion

I can't trust this process for the above arguments and the lack of clear communication from Facebook. If there is any error in my arguments, someone will be able to see it and signal it publicly. This conclusion is not based on any good or bad reputation Facebook might have in the security field.

Answer 6

I don't think the answer above is helpful, in that they wouldn't have the data to go from if he deleted the photos in all cases even if they do in some.

The correct way to see what data they have stemming from your account is to to go Setttings> Your Facebook Information From there, you can see what photos you posted and what photos your were tagged in. It also lets you download your information so you can see exactly what is there.

That tells you what they have, as for the keeping old information, Facebook has said it can take up to 90 days to delete the data permanently. That means they would also get rid of metrics gained from an AI photo scan. https://www.nbcnews.com/card/facebook-does-delete-your-data-n864816

Facebook could potentially still have a photo of you for up to 90 days, but that message is automated and would still pop up even if they do not have photos of you any longer. It is considered a form of CAPTCHA, since it would be hard for a bot to replicate photos that are not publicly available, so even if Facebook does not have your photos saved, the site can scour the photos they do have to see if you are submitting a photo that is already on the site and therefore could be a bot using other people's photos. It can show you probably aren't a bot even if it can't recognize you as you. https://www.telegraph.co.uk/technology/2017/11/29/facebook-asking-users-upload-selfie-prove/