Daniel sent us this one. He wants to talk about one of the most controversial uses for AI: facial recognition. He’s asking us to explore the technical guts of it, how it works with facial landmarking, and then to walk the line between legitimate uses, like organizing family photos, and the much murkier territory of mass surveillance. Specifically, he wants to know how law enforcement builds these vast databases to minimize errors, and how that tech adapts when people try to evade it, like covering their face at a protest.
That is a fantastically dense prompt. Good on him. He's hitting on the exact tension point—the same math that creates a cute photo album can also power a panopticon. And he wants us to get into the how, not just the why.
And just to set the stage for everyone, by the way, today's episode is being powered by deepseek-v3.
Always nice to have a helping hand from the friendly AI down the road. But back to Daniel's question. You're walking down a street, completely ordinary day. An AI system mounted on a lamppost or in a police body cam identifies you, without your consent, pulling your name and details. The match isn't from a driver's license photo you knowingly submitted. It's from a grainy picture of you at a protest four years ago, posted online by a friend. That’s not science fiction. It’s where the policy debate is right now.
The debate is white-hot because the European Union just passed its Facial Recognition Ban Act of twenty twenty-six. It’s sparking global conversations, and frankly, panic, about where the line should be. The stakes for privacy, for free assembly, have never felt more concrete.
They really haven’t. This goes so far beyond whether your phone unlocks when you look at it. This is about being permanently seen, identified, and logged by systems you never opted into. So where do we even start with this? The technology itself, I suppose.
The technology itself. Let's begin at the beginning. What is facial recognition, at its core, and why does it spark such instant, polarized reactions? From "oh, that's handy" to "this is dystopian"?
At its core, it’s an AI system that uses neural networks to map and identify human faces. The polarization comes entirely from context. The same fundamental tech that powers the 'Memories' photo album on your phone, grouping pictures of your kid, is also being used by governments to create real-time surveillance networks. It’s the ultimate dual-use technology—one person's convenient feature is another person's instrument of control, and that's the tension right there.
It’s like finding out the same hammer that built your house was also used to break a window. The tool is morally neutral, but its application absolutely is not.
The neural network doesn't know if it's looking at a birthday party or a political rally. It's just processing pixels, finding patterns, and making a probabilistic match. The intent, the database it's checking against, the consequences of a match—that's all layered on by the humans who deploy it.
Which is why the reaction is so visceral. It feels like a violation because, in the surveillance context, it is. You're being processed without your knowledge, turned into a data point in a system you can't audit. The handy version requires your explicit consent—you train it on your own photos. The dystopian version assumes consent by mere existence in public.
And that assumption is what's being legally and ethically challenged. The EU's ban is a radical statement that public space should not be a continuous identification parade. But even within that, there are nuances. Is it okay for finding missing children? For unlocking your own phone? The public isn't monolithically against the tech; they're against specific applications of it.
The polarization isn't really about the algorithm itself. It's about power, consent, and the scale of observation. A tool that helps me organize my life is welcome. The same tool, used by a corporation or a state to organize me into a profile, is a threat.
That's the perfect framing. It's a spectrum. On one end, you have purely assistive, user-controlled tech. Think iPhoto's 'Memories' feature, or even medical applications where it tracks facial paralysis for therapy. On the far other end, you have real-time, persistent surveillance networks that can track a person's movement across a city, linking their face to databases of personal information.
In the murky middle is where most of the real-world conflict lives. Law enforcement use, retail analytics, school security systems. Each claims a public benefit, each chips away at the expectation of anonymity.
Which brings us back to Daniel's prompt. To understand why that middle ground is so contested, and why the evasion tactics at protests are even necessary, we have to get under the hood—to understand how the machine actually processes what it sees.
That process is called facial landmarking. The machine isn't looking at your face as a complete picture. Instead, it identifies key anchor points and calculates the geometric relationships between them.
Like the corners of your eyes, the tip of your nose.
Early models used a sixty-eight-point map. Sixty-eight distinct coordinates on a face. The newer, more accurate systems, like the ones deployed in the last two years, use one hundred and twenty-eight points, or even more. They map the contours of your lips, the curve of your eyebrows, the unique shape of your jawline. Each of these points gets converted into a mathematical vector.
A numerical signature. But how does it actually find those points? Is it just looking for color changes?
It’s more sophisticated than that. The neural network has been trained on millions of labeled faces. It learns to recognize patterns of light and shadow that correspond to physical features. For instance, the dip under your nose, the philtrum, creates a specific shadow pattern. The corners of the eyes have a distinctive confluence of curves. The system doesn't "see" a nose; it detects a configuration of pixel intensities it has learned to associate with the landmark "nose tip.
It's building a constellation of points from learned patterns of light.
Then it connects the dots, geometrically. This is why it can work even with different expressions, lighting, or slight angles. The system normalizes the face, adjusts for tilt, and then calculates the distances and ratios. Is your nose width seventy percent of the distance between your pupils? That's a datapoint. That vector is what gets stored in the database, not your photo.
That's what they're matching when they scan a crowd. They're not comparing a live image to a gallery of photos pixel by pixel. They're generating a vector from the live feed and searching a database of millions of other vectors for the closest mathematical neighbor.
Which is computationally efficient and terrifyingly scalable. Now, the accuracy of that match depends overwhelmingly on two things: the quality of the landmark detection and the diversity of the data used to train the system to find those landmarks. This is where bias creeps in. If the training data is mostly white male faces, the system gets really good at finding landmarks on white male faces, and less reliable on others.
The infamous false positive problem. But walk me through that a bit more. Why does biased training lead to more false positives for some groups?
It's about confidence. If the system has seen a million examples of a specific facial geometry—say, the distance between the eyes and the brow ridge common in one demographic—it can map it with high confidence. For a face with different geometry it's seen fewer examples of, the landmark detection might be shakier. The resulting vector is noisier, less distinct. When you search for a match, that noisier vector might accidentally be closer, mathematically, to someone else's noisy vector in the database. Boom, false positive.
A false positive is when the system says it's you, but it's not. A false negative is when it's you, and the system says it's not. Eliminating false positives is much, much harder because of the way these systems are tuned. Think about an airport security scanner. The cost of a false negative—missing a weapon—is catastrophic. So they tune the system to be ultrasensitive, which creates more false alarms. With facial recognition for surveillance, the perceived cost of a false negative—missing a person of interest—is high for the agency. So they lower the confidence threshold for a match.
Which floods the results with more potential candidates, more false leads. And if the underlying system is worse at reading certain faces, those false leads disproportionately land on those groups.
MIT's audit in twenty twenty-five of the major vendors showed that while gender and racial bias had improved with better datasets, age-related errors in landmark detection were still a problem. The facial geometry of a teenager versus a seventy-year-old can throw off the vector mapping. But the bigger issue is when a false positive leads to real-world harm. There are documented cases, particularly with Black individuals, where a flawed match led to a wrongful arrest. The system gives a detective a name and a ninety percent confidence score. That detective now has a lead, and confirmation bias takes over.
It becomes a digital eyewitness that can't be cross-examined. The detective thinks, "The computer says it's him with ninety percent certainty," and suddenly all other evidence is filtered through that assumption.
A perfect, and harrowing, example is the case of Michael Oliver in Detroit, 2023. A fuzzy still from a gas station robbery was run through the system. It flagged him with a 92% match. That was the sole piece of evidence that initiated the arrest. He spent three days in jail before they verified his alibi—he was at a job interview miles away, with time-stamped building security footage. The charges were dropped, but the trauma and the record?
The ethical chasm between an airport scan and a protestor scan is about consequence and consent. At an airport, you're submitting to a security process for a specific, narrow purpose: to board a plane. The scan is immediate and, in theory, not stored or linked to a permanent identity database.
At a protest, you are exercising a fundamental right. The scan is non-consensual, it's often linked to a permanent law enforcement database, and the consequence of a match could be surveillance, inclusion on a watchlist, or even retaliation. The NYPD's upgrade to their Persad three point zero system in twenty twenty-five is a perfect case study. It reportedly reduced false identifications by forty percent, which they tout as a win for accuracy.
It also dramatically expanded their surveillance coverage and the types of cameras it could pull from. So while each individual match might be slightly more reliable, they were casting a vastly wider net, capturing more innocent people in the dragnet to begin with. It's a perverse equation. Lower false positive rate, times a massively larger input volume, can still mean a higher absolute number of innocent people flagged.
That’s a critical point. A "more accurate" system deployed everywhere is more dangerous, not less, if the oversight isn't there. It creates an illusion of infallibility.
And this brings us to the evasion tactics Daniel mentioned. If the system is building a vector from landmarks, what happens when you hide the landmarks? Sunglasses, a mask, a scarf.
The obvious thought is, "Well, if it can't see the points, it can't map the face.
That’s where the systems have adapted, which is where this gets truly unsettling. If the primary landmarks are obscured, the AI looks for secondary biometrics. The shape and contour of your ear, which is surprisingly unique—almost as unique as a fingerprint. The geometry of your skull visible around a mask. Your gait—the way you walk, which can be analyzed from video. They create a composite profile from whatever fragments are visible. There's research showing some systems can maintain a sixty percent confidence match with just the eye region and forehead. So the old protest tactic of just covering your mouth and nose isn't the shield it once was.
It becomes an arms race. They build a better landmark detector, we find new ways to obscure ourselves, they move to gait analysis, we try to alter our walk. All for the simple desire to be anonymous in a public square.
That's the core of the technical reality. The system is designed to be robust, to find identity in fragments. It's not foolproof, but it's powerful enough that its deployment fundamentally changes the physics of public space. It makes anonymity a conscious, deliberate act of evasion, rather than a default state of being. Which raises the question: when tech this powerful exists, how do we ensure it's used for good?
Because this fragment-seeking technology seems almost inevitable in deployment. But Daniel's prompt specifically asks us to examine the legitimate uses alongside the surveillance. Where does this tech actually help people, in ways that don't feel like a violation?
There are genuinely beneficial applications, and they often get lost in the dystopian headlines. The most widespread is the one in your pocket. Organizing family photos. Apple's iPhoto, Google Photos—they use facial vectors to group pictures of your spouse, your kids, your friends. It’s a private, user-controlled database. You consent to it scanning your photos to serve you. That’s the assistive pole of the spectrum.
It’s useful. Scrolling through twenty years of digital chaos and having it all sorted by face is a minor miracle. No one’s protesting that.
Then you have medical applications, which are fascinating. There are systems now that track micro-expressions and facial muscle movement to monitor the progress of patients with Bell's palsy or recovering from a stroke. It gives therapists quantitative data on recovery that’s more objective than the naked eye. That’s a pure good—using the pattern recognition for healing.
There’s even emerging work in diagnosing certain genetic conditions, like DiGeorge syndrome, which have subtle facial markers. It’s a diagnostic aid.
But the moment you step out of that purely personal or clinical consent box, the water gets murky fast. You mentioned retail analytics.
This is the commercial surveillance layer. Amazon’s Rekognition service is the textbook example of this dual-use creep. On one hand, it powers harmless retail analytics—counting customers, estimating demographics for store layout. On the other hand, Amazon has sold that same technology to U.Immigration and Customs Enforcement. The same code that counts shoppers in a mall was used to scan faces for immigration enforcement. That’s the jump from commercial to governmental power, and it happened with barely a regulatory whisper.
Because the underlying capability is identical. The vector doesn’t care if it’s being matched against a database of loyal shoppers or a database of undocumented immigrants. This is the "surveillance creep." A tool built for one context slides into another, far more consequential one.
That creep isn’t just commercial to government. It’s inspired by international models. China’s Social Credit System, which uses facial recognition as a core enforcement tool for public behavior scoring, has become a dark blueprint. A Brookings report noted that legislation inspired by that model, focusing on pervasive public monitoring, has been introduced in twelve U.The bills vary, but the core idea is the same: use facial recognition and other surveillance to create a system of social regulation. It’s not about catching criminals post-crime; it’s about shaping behavior in real-time.
Which fundamentally alters the social contract. You start self-censoring, not because a law says you can’t protest, but because the system will see you, identify you, and log your attendance at a legally permitted event. The chilling effect is the point. It’s a fun fact of the worst kind: the very first recorded use of automated facial recognition was actually at the 2001 Super Bowl in Tampa, a “voluntary” test by the police. It was framed as a security experiment, but it set the precedent for scanning crowds at large public events.
A precedent we’re now living with every day. And it’s why the counter-technology movement has exploded. If the state won’t restrain the tech, people will try to break it. We’ve moved beyond just wearing a mask. There’s IR-reflective makeup that confuses the infrared sensors some systems use for liveness detection. Then you have adversarial patches—like a pattern on a t-shirt or a hat that, to the AI, scrambles the facial landmarks entirely.
The Hyperface Project.
The Hyperface Project from twenty twenty-six created clothing patterns covered in false facial landmarks. Wear the shirt, and the system sees dozens of eye corners and nose tips where none exist, drowning your real face in noise. It’s a brilliant, artistic form of resistance. It turns your body into a denial-of-service attack against the surveillance camera.
That’s also an arms race. The next system update will likely include filters to ignore those known adversarial patterns. It becomes a game of whack-a-mole for your own anonymity.
Which circles us back to the core dilemma. The technology itself is neutral, but its power is so asymmetrical. A state or a mega-corporation has near-infinite resources to deploy and improve these systems. The individual has makeup, a clever t-shirt, and the hope of a legal challenge. The playing field isn’t level. So the question becomes: if we can’t technically opt out, what practical steps can we take? Where does the legitimate use end and the illegitimate surveillance state begin?
If someone's listening and this all feels inevitable and grim, what can they actually do? Not to stop the tide, but to at least control their own droplet in the ocean.
There are layers to it. The first is personal digital hygiene. You can opt out of the commercial facial tagging ecosystems that train these models. On an iPhone, go to Settings, then Privacy and Security, then scroll to Apple Advertising. Turn off "Personalized Ads." That prevents your device from using your biometric data for ad targeting. More directly, in the Photos app, go to Settings, then disable "Show Featured Photos" and "Share iCloud Library Analytics." That stops Apple from using your personal photos to improve their recognition models.
That’s a good start, but it feels like closing the barn door after the horse has not only bolted, but been scanned, vectorized, and sold to three data brokers.
It is reactive, but it reduces your future footprint. And on Android?
Open Google Photos, tap your profile, go to Photos settings, then turn off "Face grouping." In your main Google Account settings, under Data and privacy, find "Ad settings" and turn off ad personalization. It's piecemeal, and it doesn't remove you from external databases, but it reduces the quality of the commercial data pool. It makes you a slightly blurrier target.
The second layer is policy awareness. There's a bill floating in Congress, H.seven four two one, the Facial Recognition Act. It's not law yet, but its key clauses are worth knowing. It proposes a federal warrant requirement for most law enforcement use, a ban on real-time surveillance in public spaces except for specific emergencies, and crucially, a right to sue agencies for violations. Knowing that lets you pressure your representatives.
The third layer is local accountability. This is where you have real leverage. Most police surveillance contracts are not secret. You can file a Freedom of Information Act request with your city or county clerk. Ask for any contracts, memorandums of understanding, or procurement documents related to facial recognition, automated license plate readers, or "predictive policing" software. The request form is usually online. If they're using it, you have a right to know the vendor, the cost, and the approved use policy. If they don't have a public use policy, that's a problem Georgetown Law found with seventy-seven percent of departments.
The action isn't just shaking a fist at the sky. It's a specific request to a specific office. Demand the policy. If it doesn't exist, demand they create one with public input. It turns amorphous worry into a concrete civic action.
The tech feels monolithic, but its deployment is decided by your city council, your county commissioners, your school board. That's the pressure point. Show up at a meeting and ask, "What's our policy on facial recognition?" The silence can be very telling.
Let's leave the listeners with one open thread to chew on. We've talked consent in terms of turning off settings, but at a legal level. Should facial recognition data be treated like other biometrics? In Illinois, you need written consent to collect a fingerprint. Should walking past a camera require the same?
That's the billion-dollar question. The legal precedent is messy. The courts have generally held you have no expectation of privacy in public, so your face is fair game. But that was before AI could instantly match that face to your entire digital life. The ACLU and others are pushing for a consent-based model for any persistent biometric database, public or private. The counter-argument is that it would cripple legitimate security uses, like finding a missing child in a crowd.
Is that counter-argument valid? Couldn't you design an emergency exception, like an Amber Alert, that temporarily activates a search in a defined area? The problem is the persistent, default scanning.
It feels like the next frontier isn't just banning bad uses, but building better architecture. I've been reading about decentralized models, like the Solid project's work on encrypted facial hashes.
That's a fascinating alternative. Instead of your face vector sitting in a company or government server, it stays encrypted on your own device. A camera system, say at an airport, could send an encrypted query to your phone. Your phone does the match locally and simply returns a yes or no—"this person is on the watchlist"—without ever revealing your biometric data. The power and the data stay with the individual. It's a paradigm shift from extraction to verification.
That’s the kind of innovation that could reconcile security with privacy. The tech isn't the enemy; the centralized database is. Watch that space. It’s a long way off, but it points to a future where we might not have to choose between safety and anonymity. We can design for both.
A future where the tool serves the individual, not just the institution. That’s a note of cautious optimism to end on.
And on that note, we have to wrap. Thanks as always to our producer, Hilbert Flumingtop, for keeping the gears turning.
A quick thanks to Modal, whose serverless GPUs power our entire pipeline. They make the impossible seem… slightly less slow.
This has been My Weird Prompts. If you learned something today, leave us a review on Apple Podcasts. It helps others find the show.
Until next time.
