Facebook is asking some users to upload a face photo to verify their identity when automated processes spot suspicious activity …
The company told Wired that face recognition is automated, and that the photo is deleted from its servers as soon as verification is complete. It appears that the user is locked out of their account until they upload the verification photo.
To guard against someone using an existing photo of a Facebook user to fool the verification system, Facebook checks that the photo is unique. This presumably means comparing a digital signature against photos previously uploaded to the service.
Facebook didn’t go into details about what constitutes suspicious activity, but did provide examples of points at which it might be identified.
A Facebook spokesperson said the photo test is intended to “help us catch suspicious activity at various points of interaction on the site, including creating an account, sending Friend requests, setting up ads payments, and creating or editing ads.”
Logging-in from an unfamiliar device or location is one signal frequently used by online services to trigger extra checks, though this generally only takes the form of sending you a notification.
Facebook is also trialling a system where users are invited to privately upload nude photos of themselves to prevent those photos being used in revenge porn attacks. Facebook creates a hashed digital fingerprint of the photo and then prevents the same photo being posted by anyone else.