Jump to content

Server screw-up exposes Clearview’s facial recognition AI software

Spartan

By Spartan
in Discussions

 Share

Recommended Posts

Spartan PRODUCER

Spartan

Posted
Posted
 

Clearview AI is widely seen as a privacy nightmare by the public and is even looked down on privacy-challenged tech giants like Google. Now, the company has shown that it can’t even take care of its own data, according to a report from TechCrunch. It managed to expose its source code to anyone with an internet connection due to a server misconfiguration, a flaw spotted by a security researcher at the Dubai-based firm SpiderSilk.

The repository held app source code that’s used to compile apps. The company also stored its Windows, Mac, iOS and Android apps on the server, including pre-release developer apps used for testing, according to SpiderSilk research chief Mossab Hussein. It also exposed Clearview’s Slack tokens which would let anyone access the company’s internal messages without a password.

The leak also revealed Clearview’s prototype “Insight” camera that has since been discontinued. As TechCrunch showed in a video, SpiderSilk reportedly found 70,000 videos in one storage bucket that were taken from an Insight camera installed in a residential building in Manhattan. The company said it “collected some raw video strictly for debugging purposes, with the permission of the building management.”

Clearview’s facial recognition AI that can identify a person using data from Facebook, Instagram and other public-facing internet services. It obtains this data by “scraping” billions of photos from social media sites and elsewhere. The company markets its service to law-enforcement agencies and other businesses, which can use it to identify a person simply by uploading their photo. Clearview was breached earlier when a list of businesses using its services was leaked.

Clearview CEO Hoan Ton-That has defended the company’s practices, saying that it should be allowed to store any publicly-available information, just as Google and others do. However, the company has shown that it not only exposes the public to privacy violations, it can’t even protect its own data

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...