• Welcome to the WDWMAGIC.COM Forums!
    Please take a look around, and feel free to sign up and join the community.You can use your Twitter or Facebook account to sign up, or register directly.

Facial Recognition Testing

GimpYancIent

Well-Known Member
OK, you do understand that Disney is NOT storing your picture anywhere, right? Just like the fingerprint scanners never saved your actual fingerprint, these make a digital number that is stored in a database. When you enter the park, your scan your MB, the cameras look at you, and compare the number created with the one in the database. Nothing more.

The amount of misinformation in this thread is quite astounding.
The Disney legal department got to you, didn't they.
 
Last edited:

Zipitidoda

Well-Known Member
Your local BMV/DMV has been doing it for years when they take your picture. Do you go to a BMV that tells you not to smile in your photo? They are taking a photo that does facial recognition. It doesn't matter if you change your hair/wig/toupee, switch to contacts, grow a beard, get a face tattoo, gain 150 pounds. When they take the picture they are taking measurements of your facial structures. Lip to nose, distance of eyes, ears to eyes, nose to ears. That is facial recognition. At least it was when I worked for the BMV 10 years ago and they were doing it then. Everyone needs to calm down. When they ask to insert chips or want to give you a barcode tattoo, that's when you should run. :rolleyes:
 
Last edited:

mandstaft

Well-Known Member
OK, you do understand that Disney is NOT storing your picture anywhere, right? Just like the fingerprint scanners never saved your actual fingerprint, these make a digital number that is stored in a database. When you enter the park, your scan your MB, the cameras look at you, and compare the number created with the one in the database. Nothing more.

The amount of misinformation in this thread is quite astounding.
Yes, I do. But I do not trust corporate America to safeguard my personal information of any kind. Nor do I like what it can lead to.
 

lazyboy97o

Well-Known Member
So what is any other company or person going to do with a number that represents your face?????
These types of systems that aren’t supposed to be tied to you and your information, just a random number, have been deciphered in the past. Not to mention errors where more information is stored.

Your local BMV/DMV has been doing it for years when they take your picture. Do you go to a BMV that tells you not to smile in your photo? They are taking a photo that does facial recognition. It doesn't matter if you change your hair/wig/toupee, switch to contacts, grow a beard, get a face tattoo, gain 150 pounds. When they take the picture they are taking measurements of your facial structures. Lip to nose, distance of eyes, ears to eyes, nose to ears. That is facial recognition. At least it was when I worked for the BMV 10 years ago and they were doing it then. Everyone needs to calm down. When they ask to insert chips or want to give you a barcode tattoo, that's when you should run. :rolleyes:
What you describe is a big part of the problem that people in general are reacting against. Massive databases that law enforcement access to track movement and make arrests based on poor “recognition”.
 

LuvtheGoof

Grill Master
Premium Member
These types of systems that aren’t supposed to be tied to you and your information, just a random number, have been deciphered in the past. Not to mention errors where more information is stored.
So what you are saying is that some hacker could get into Disney's database, find the hashed number of your face, decipher it, and then find other information about you from that number????? If they are already into the database, the hash of someone's face is the last thing they're looking for.
 

_caleb

Well-Known Member
I know that in the past Disney has not stored guests’ thumbprint scan info. It is not clear to me from the info released that they’ll do the same with facial recognition scans after the initial test period. The official statement from Disney reads:

“Images and the associated unique numbers captured for this technology test will be discarded within 30 days after the test concludes.” and "We will not share the images and unique numbers captured for this test with third parties.”

This is NOT Disney’s policy for future implementation of the technology— just how they’ll handle the data obtained during the test.
 

GimpYancIent

Well-Known Member
These types of systems that aren’t supposed to be tied to you and your information, just a random number, have been deciphered in the past. Not to mention errors where more information is stored.


What you describe is a big part of the problem that people in general are reacting against. Massive databases that law enforcement access to track movement and make arrests based on poor “recognition”.
The tech has been in use for a while in a multitude of applications no one disputes that. Yes it is actually very useful to Law Enforcement and Security of sensitive facilities. Airports for instance, absolutely! I have only been posting reference to Disney and the applicability of the tech to what Disney purported purpose / needs are. Obtaining facial images of guests can be done w consent of the guests in a fully welcoming (non-intimidating, non-terminator-ish ) manner. Have you read the disclaimers? There is reason for the disclaimers. No an army of photopass photograhers are not needed as Disney already has automated systems in use already just add them to the park entry points. Amusement parks, hey, make it amusing. Anyway, Disney will do as it wishes, if, the results are not beneficial to Disney it will be abandoned.
 
In the Parks
Yes
I know that in the past Disney has not stored guests’ thumbprint scan info. It is not clear to me from the info released that they’ll do the same with facial recognition scans after the initial test period. The official statement from Disney reads:

“Images and the associated unique numbers captured for this technology test will be discarded within 30 days after the test concludes.” and "We will not share the images and unique numbers captured for this test with third parties.”

This is NOT Disney’s policy for future implementation of the technology— just how they’ll handle the data obtained during the test.
It is my understanding that Disney DOES store an encoded hash of every guest's finger scan that participates. The hash is a simple one, taken from 5 points on the print (there would be no way to recreate your fingerprint from the small amount of information they store). All that is important at the gate is that those 5 points from today's scan match (more or less) the 5 points initially measured. The probability that someone else using your ticket would match your original print measurements is very small, and that's enough for what Disney is trying to achieve here.

The same is true for facial recognition. 9 distance measurements are made around points on your face and then those numbers are stored, to be used the next time you enter. Again, there is no way Disney could recreate enough of your facial features to make the stored data useful to a hacker - they just want it to match your new scan every time you enter the park. Currently, and for this test, Disney is storing the entire facial image, as well as the individual measurements. This is a test after all, and they need more information than normal to debug the system and algorithm. Once the test is complete, Disney will erase the full image scans as well as the test measurements. If they decide to put the system into full time use, they will start from scratch using the basic measurements only.

In both of the above situations, the stored data is encrypted. The encryption is very similar to that used to store your banking website password (that's why you can't get your human-readable password restored by the bank should you lose it). The original measurements (or banking website password) can not be recreated from the encrypted data - the comparison being done when you re-enter the park are between the data encrypted at the terminal and the stored, encrypted data in the database, making it almost impossible for a hacker to use that data after possibly hacking the guest database (this would be the same for stored credit card numbers, and other sensitive information that you gave to Disney). It's really a one-way street because the original human-readable numbers never directly leave the gate area, only encrypted data.

The goal, of course, is to both cut down on guests illegally sharing the ticket(s) and to take CMs out of the security loop (as unreliable). And just like most loss-prevention method, being 100% effective is never really achieved - but Disney will keep trying new things to bring that effectiveness as close as possible to 100% as long as the cost of the system doesn't overshadow the small loss they are trying to fix. Another example of this would be shoplifting. Disney has cameras and under cover security at work to prevent this but they will never catch 100% of the shoplifters. They would need many more security persons ($$$) and many more cameras ($$$) to do that. But as long as they can keep the losses down with the staff they have, it's enough.

Side note: WDW security does also have a full featured facial recognition system. It's expensive and operated manually. The only stored data on that system represent those that have been flagged by security for one reason or another (banned guests for example). The stored data is on a system that is not connected to the internet, or to any other internal system, and thus even more impossible to hack.

That's my understanding anyway. Sorry I went on a bit long...
 

SteveAZee

Well-Known Member
It is my understanding that Disney DOES store an encoded hash of every guest's finger scan that participates. The hash is a simple one, taken from 5 points on the print (there would be no way to recreate your fingerprint from the small amount of information they store). All that is important at the gate is that those 5 points from today's scan match (more or less) the 5 points initially measured. The probability that someone else using your ticket would match your original print measurements is very small, and that's enough for what Disney is trying to achieve here.

The same is true for facial recognition. 9 distance measurements are made around points on your face and then those numbers are stored, to be used the next time you enter. Again, there is no way Disney could recreate enough of your facial features to make the stored data useful to a hacker - they just want it to match your new scan every time you enter the park. Currently, and for this test, Disney is storing the entire facial image, as well as the individual measurements. This is a test after all, and they need more information than normal to debug the system and algorithm. Once the test is complete, Disney will erase the full image scans as well as the test measurements. If they decide to put the system into full time use, they will start from scratch using the basic measurements only.

In both of the above situations, the stored data is encrypted. The encryption is very similar to that used to store your banking website password (that's why you can't get your human-readable password restored by the bank should you lose it). The original measurements (or banking website password) can not be recreated from the encrypted data - the comparison being done when you re-enter the park are between the data encrypted at the terminal and the stored, encrypted data in the database, making it almost impossible for a hacker to use that data after possibly hacking the guest database (this would be the same for stored credit card numbers, and other sensitive information that you gave to Disney). It's really a one-way street because the original human-readable numbers never directly leave the gate area, only encrypted data.

The goal, of course, is to both cut down on guests illegally sharing the ticket(s) and to take CMs out of the security loop (as unreliable). And just like most loss-prevention method, being 100% effective is never really achieved - but Disney will keep trying new things to bring that effectiveness as close as possible to 100% as long as the cost of the system doesn't overshadow the small loss they are trying to fix. Another example of this would be shoplifting. Disney has cameras and under cover security at work to prevent this but they will never catch 100% of the shoplifters. They would need many more security persons ($$$) and many more cameras ($$$) to do that. But as long as they can keep the losses down with the staff they have, it's enough.

Side note: WDW security does also have a full featured facial recognition system. It's expensive and operated manually. The only stored data on that system represent those that have been flagged by security for one reason or another (banned guests for example). The stored data is on a system that is not connected to the internet, or to any other internal system, and thus even more impossible to hack.

That's my understanding anyway. Sorry I went on a bit long...
I wonder if they use RSA encryption on this stuff, if the end result is just a number.
 

_caleb

Well-Known Member
It is my understanding that Disney DOES store an encoded hash of every guest's finger scan that participates. The hash is a simple one, taken from 5 points on the print (there would be no way to recreate your fingerprint from the small amount of information they store). All that is important at the gate is that those 5 points from today's scan match (more or less) the 5 points initially measured. The probability that someone else using your ticket would match your original print measurements is very small, and that's enough for what Disney is trying to achieve here.

The same is true for facial recognition. 9 distance measurements are made around points on your face and then those numbers are stored, to be used the next time you enter. Again, there is no way Disney could recreate enough of your facial features to make the stored data useful to a hacker - they just want it to match your new scan every time you enter the park. Currently, and for this test, Disney is storing the entire facial image, as well as the individual measurements. This is a test after all, and they need more information than normal to debug the system and algorithm. Once the test is complete, Disney will erase the full image scans as well as the test measurements. If they decide to put the system into full time use, they will start from scratch using the basic measurements only.

In both of the above situations, the stored data is encrypted. The encryption is very similar to that used to store your banking website password (that's why you can't get your human-readable password restored by the bank should you lose it). The original measurements (or banking website password) can not be recreated from the encrypted data - the comparison being done when you re-enter the park are between the data encrypted at the terminal and the stored, encrypted data in the database, making it almost impossible for a hacker to use that data after possibly hacking the guest database (this would be the same for stored credit card numbers, and other sensitive information that you gave to Disney). It's really a one-way street because the original human-readable numbers never directly leave the gate area, only encrypted data.

The goal, of course, is to both cut down on guests illegally sharing the ticket(s) and to take CMs out of the security loop (as unreliable). And just like most loss-prevention method, being 100% effective is never really achieved - but Disney will keep trying new things to bring that effectiveness as close as possible to 100% as long as the cost of the system doesn't overshadow the small loss they are trying to fix. Another example of this would be shoplifting. Disney has cameras and under cover security at work to prevent this but they will never catch 100% of the shoplifters. They would need many more security persons ($$$) and many more cameras ($$$) to do that. But as long as they can keep the losses down with the staff they have, it's enough.

Side note: WDW security does also have a full featured facial recognition system. It's expensive and operated manually. The only stored data on that system represent those that have been flagged by security for one reason or another (banned guests for example). The stored data is on a system that is not connected to the internet, or to any other internal system, and thus even more impossible to hack.

That's my understanding anyway. Sorry I went on a bit long...
Thanks for outlining how it works! I'm not concerned about this at all, just curious what they'll end up doing with the technology in addition to just trying to cut down on ticket sharing and keeping banned people out.

I have not seen Disney comment one way or the other about using the same system for things like Photopass, personalization, etc. I would imagine things like that might require storage of a bit more information (plus a lot more processing power). Any insight into these extended applications?
 
In the Parks
Yes
Thanks for outlining how it works! I'm not concerned about this at all, just curious what they'll end up doing with the technology in addition to just trying to cut down on ticket sharing and keeping banned people out.

I have not seen Disney comment one way or the other about using the same system for things like Photopass, personalization, etc. I would imagine things like that might require storage of a bit more information (plus a lot more processing power). Any insight into these extended applications?
I have no insight into what plans, if any, Disney has for the technology but as you point out, major uses of the technology would require a much different (bigger) set of data, more bandwidth and would probably raise many concerns over privacy. Let's see how the early testing works out and then perhaps there will be more news from Disney on this.
 
In the Parks
Yes
I wonder if they use RSA encryption on this stuff, if the end result is just a number.
I know that the data messaging, between the gate terminal and the park server(s), is RSA encrypted. The data gathered by the facial-recognition is encrypted differently, by the manufacturer. I don't know what algorithm they use. And the number you refer to is 48 bytes long (not including header(s) and CRC). Just a number I guess, although quite a large one...
 

1HAPPYGHOSTHOST

Well-Known Member
1617071842297.png
 

LovePop

Active Member
The fact that it's a number doesn't make it less invasive. All information on the computer is in the end numbers. It just means somebody who has the number can reconstruct the face back if they know the algorithm. But I'm fine with face recognition as long as it works as one might expect. If it takes too long and creates a time consuming entry process, or if it equates me to a criminal and have me arrested, than I wouldn't like it so much.
 

SteveAZee

Well-Known Member
The fact that it's a number doesn't make it less invasive. All information on the computer is in the end numbers. It just means somebody who has the number can reconstruct the face back if they know the algorithm. But I'm fine with face recognition as long as it works as one might expect. If it takes too long and creates a time consuming entry process, or if it equates me to a criminal and have me arrested, than I wouldn't like it so much.
That's one of the nice things about RSA coding and the like. It's nearly impossible to reverse engineer/decode a number if you don't have both of two very large prime numbers that are used to generate the encoded message. To decode it, you need to take a VERY large (200+ digits) number and find the two prime numbers used to generate it, something even VERY fast computers can take years to discover because it requires exhaustive iterations. You can even give someone part of the encoding process, from which they can encode a new message, but without the set of two primes, one can't decode anything.

There are papers on the subject; it has been around for... 40 years? Two of my three professors in school came up with it. (R and A, for those scoring at home).
 
In the Parks
Yes
The fact that it's a number doesn't make it less invasive. All information on the computer is in the end numbers. It just means somebody who has the number can reconstruct the face back if they know the algorithm. But I'm fine with face recognition as long as it works as one might expect. If it takes too long and creates a time consuming entry process, or if it equates me to a criminal and have me arrested, than I wouldn't like it so much.
My point was that they CAN'T reconstruct the face back if they know the algorithm. The information currently scanned is far insufficient for that. They can tell the basic shape of the face (oblong, wide, off-center, brow, etc..) but not the face color, eye color, skin complexion, skin type, nose length, wrinkles, bruises, amount of hair, ear shape, etc, and etc... I think I heard that the result of this simple facial scan narrows the owner down to an approx 1 in 2000 facial 'types' - which is enough to make the illegal sharing of a park ticket a rare occurrence. Even Mickey Mouse and the other Disney characters fit into these (approx) 2000 facial types and with the limited additional information Disney keeps, would be just as hard to recreate. All you'd have to go on is 'big eyes' and 'big nose' - which could be a lot of people.
 

Register on WDWMAGIC. This sidebar will go away, and you'll see fewer ads.

Top Bottom