“Exposing.AI itself does not use facial recognition. It pinpoints photos only if you already have a way of pointing to them online, with, say, an internet address. People can search only for photos that were posted to Flickr, and they need a Flickr username, tag or internet address that can identify those photos. (This provides the proper security and privacy protections, the researchers said.)
Though this limits the usefulness of the tool, it is still an eye-opener. Flickr images make up a significant swath of the facial recognition data sets that have been passed around the internet, including MegaFace.
It is not hard to find photos that people have some personal connection to. Simply by searching through old emails for Flickr links, The Times turned up photos that, according to Exposing.AI, were used in MegaFace and other facial recognition data sets.
Several belonged to Parisa Tabriz, a well-known security researcher at Google. She did not respond to a request for comment.
Mr. Gaylor is particularly disturbed by what he has discovered through the tool because he once believed that the free flow of information on the internet was mostly a positive thing. He used Flickr because it gave others the right to use his photos through the Creative Commons license.
“I am now living the consequences,” he said.
His hope — and the hope of Ms. O’Sullivan and Mr. Harvey — is that companies and government will develop new norms, policies and laws that prevent mass collection of personal data. He is making a documentary about the long, winding and occasionally disturbing path of his honeymoon photos to shine a light on the problem.”