Journal of Privacy and Confidentiality


We investigate the feasibility of combining publicly available Web 2.0 data with off-the-shelf face recognition software for the purpose of large-scale, automated individual re-identification. Two experiments illustrate the ability of identifying strangers online (on a dating site where individuals protect their identities by using pseudonyms) and offline (in a public space), based on photos made publicly available on a social network site. A third proof-of-concept experiment illustrates the ability of inferring strangers' personal or sensitive information (their interests and Social Security numbers) from their faces, by combining face recognition, data mining algorithms, and statistical re-identification techniques. The results highlight the implications of the convergence of face recognition technology and increasing online self-disclosure, and the emergence of "personally predictable'' information, or PPI. They raise questions about the future of privacy in an "augmented'' reality world in which online and offline data will seamlessly blend.