This is a good question. the thing is that except you photo I have to extract its vector of facial parameters to match fakes. So with this 128-dimentional vector I can find you on other photos (if I had some)
All the pics and their vectors stay on this small server.
if you want to be deleted please drop me a letter wastemaster@gmail.com
> All the pics and their vectors stay on this small server.
This should be mentioned on the website.
> if you want to be deleted please drop me a letter wastemaster@gmail.com
There should be an easier mechanism to request a deletion of our photo. Better still, request permission from the user to store the photo in your servers before actually storing them.
I think this is the bare minimum of transparency that should required before letting people upload personal data, especially in this day and age.
Not to mention that the website is accessible from the EU, and you're required -by law- to obtain consent to store this personal data, and to tell people what exactly you're going to do with it, and with whom you're sharing it (if anyone).
I know everyone's used to the wild west but I'm glad that's changing, because of comments like yours - this transparency should NOT be something done out of the website owner's good heart (because as we've seen, most will just give us the finger), but enforced by law.
Edit: For the record, wastemaster's actually quite nice, and this is not directed at them, just websites in general.
How exactly would anyone in the EU prosecute someone outside of it for running their own website if that individual does so outside of the EU and does not have any organization or company they are affiliated with. Just because something is accessible from the EU does not make it under their jurisdiction to police.
The EU claims jurisdiction based on the fact that part of the interaction occurred in the EU, so they can fine you (it should be noted that the GDPR applies to data related to people in the EU, not related to EU citizens living elsewhere). Whether they can collect on those fines is a different matter.
How do they intend to fine non EU residents hosting a website outside of the EU? I could see if it was a company but if someone is running a server with a not for profit site on it with no way to identify the site owner and an EU resident visits it, good luck trying to fine anyone. The EU does not own or even control the internet outside of their borders.
Why do you care what happens with a photo of your face? Many thousands of them exist; you probably have a profile photo on gravatar, or linkedin, or twitter somewhere anyway, to say nothing of the many thousands upon thousands of pictures of your face captured in frames on surveillance camera footage.
You provide this information (a picture of your face) to every convenience store, casino, bank, airport, and office building you walk into, many hundreds of times per day, for permanent storage. What is the threat model here from someone with a webserver having a single picture of your face with no other associated identifying information about it?
The fact that you don't want to immediately delete the data after processing is a cause for concern.
I can't think of any reason not to immediately delete the data, other than that you intend to use it for something else in the future.
That said, I appreciate your honesty. If you had actually nefarious intentions, you would presumably just claim that you deleted the data when you don't
> All the pics and their vectors stay on this small server.
Not to take a jab at you specifically, but the fact that someone that can make websites like these is ignorant enough about privacy (law) to casually drop this line marks a worrying development in the accessibility of AI tech.
For impactful technologies, we probably want the required domain knowledge to come with some structural social disciplining so that we can collectively steer that impact in the right direction (whatever that is). Clearly AI libraries have become so easy to use professional ethics are not part of the curriculum.
>This is a good question. the thing is that except you photo I have to extract its vector of facial parameters to match fakes. So with this 128-dimentional vector I can find you on other photos (if I had some)
And - with all due respect - an alternative would be providing an open-source program to create offline this "128-dimentional vector" and upload only this latter and NOT the photo.
Sending this vector is somewhat even worse than just photo. This vector info would allow someone to match your face without your initial photo! (array of 128 floats requires less storage and less transparence)
For example if I extract color map from your photo is this your personal data still?
All the pics and their vectors stay on this small server. if you want to be deleted please drop me a letter wastemaster@gmail.com