Insights & Analyses

Facebook testing photo facial recognition as replacement for captcha authentication

November 29, 2017

Social networking giant Facebook’s massive database of tagged users could allow the company to help eliminate one of the most annoying — but necessary — facets of the internet: the dreaded robot thwarting captcha.

Facebook recently began testing its new captcha replacement tool, which was shown in a screenshot shared by Twitter user “flexlibris.” It asks the user to upload a photo of themselves, clearly showing their face, in order to show that they are a real person.

“We’ll check it and then permanently delete it from our servers,” the prompt reads.

Facebook itself later verified to Wired that the screenshot is, in fact, legit. The company said that the test system is intended to help it “catch suspicious activity at various points of interaction on the site.”

Facebook actions that could flag the prompt include creating an account, sending friend requests, setting up ads payments, and creating or editing ads.

The company’s algorithms automatically detect whether or not the image is unique. The system should prevent nefarious users from uploading a common photo on the internet, claiming it to be themselves.

The new authentication system, which is not yet being used widely across the site, comes after months of criticism toward Facebook, which saw Russian actors buy ads on the site in an effort to sway the U.S. 2016 elections.

The new verification system goes a step beyond captcha, not only preventing robots from populating content on the site, but also helping to ensure that the user accessing the service is, in fact, a real person.

A standard captcha requires users to enter a series of letters or select squares from an image. The randomized tests, in theory, cannot be correctly answered by a robot, only a real, live person.

With more than 2 billion active monthly users, most of which have uploaded selfies and tagged photos of themselves on the site, Facebook is a major player in the identity and verification space. The company has been pushing to supplant email addresses with Facebook user accounts for online identification across sites and platforms.