Skip to content
Naked Security Naked Security

Facebook to throw out face recognition, delete all template data

Publicity stunt? Or privacy progress?

No more facial recognition on Facebook!

Is it a publicity stunt?

Is it an admission that it simply doesn’t work very well?

Or is it a genuine attempt to disavow the sort of technology that gives both privacy advocates and cybersecurity experts the heebie-jeebies?

As Facebook, or more precisely the new holding comany Meta, puts it:

We will shut down the Face Recognition system on Facebook as part of a company-wide move to limit the use of facial recognition in our products.

To be fair to Facebook, the system has always been opt-in, meaning that the company’s servers never tried to guess which photos looked like you unless you turned the feature on yourself.

Settings & privacy > Settings > Permissions > Face recognition is where you find the option.
(Or where you used to find it, depending on when you are reading this.)

Once enabled, the company used images in which it already knew you appeared (or at least in which it assumed you appeared) in order to train its recognition software to identify you elsewhere online.

It referred to this process of learning to pick users out of crowds as constructing “individual facial recognition templates.”

At the top of the list of official reasons why you might want to opt in was to “[f]ind photos and videos you’re in so we can help you review or share content, suggest tags and provide more relevant content and feature recommendations”.

That was a sort-of two way street, helping people who actively wanted to promote themselves on Facebook to help Facebook itself target them with ads.

Very loosely speaking, Facebook would actively help you keep track of your appearances on Facebook for free, if you allowed Facebook to promote its paying customers to you in return, based on recognising your face.

Of course, Facebook also offered other reasons to turn this option on, notably that:

  • By finding you in other people’s profile pictures, the company could help to warn you about accounts where someone was impersonating you.
  • By identifying you by name in more photos, the company would benefit partially-sighted or visually impaired users who might otherwise not be able to recognise you.

But those positives were, it must be said, at the bottom of the list – it really was a trade off of ads-for-visibility, as much as for anything else.

Calling time on faces

Well, it looks as though Meta has finally decided that the benefits are outweighed by the risks, and so it’s calling time, for now, on building, storing and using facial recognition data.

Facebook, ah, Meta, does admit that only one-third of its users ever opted in, though it doesn’t say whether that was down to a sizeable majority of users actively deciding, “No”, or merely due to a significant proportion not realising they could say “Yes”.

If you have this feature turned on, then it’s going to stop working: all existing facial recognition templates will be gradually deleted from Facebook’s servers; automatic photo-tagging will, as a consequence, no longer be possible; and the Face recognition option in Facebook’s menus will disappear.

What to do?

  • If you haven’t opted in to this feature, there’s nothing you can do, because you don’t have a “template” to delete. Sit back and enjoy the sensation that Facebook has come round to your point of view.
  • If you have opted in, you can opt out manually right away if you like, now you know that even Facebook thinks it’s not a great idea. But you don’t need to do anything because your stored facial recognition data will be deleted anyway in due course.
  • If you have strong opinions on using or not using technology of this sort, don’t be afraid to make your voice heard. Meta admits that it is “civil society groups and regulators who are leading [the] discussion [on facial recognition]”, and that it intends to “continue engaging in that conversation”.
  • Be aware before you share. If you willingly identify yourself via images you post on Facebook, it’s not just Meta who “knows” what you look like. In other words, Meta’s own U-turn on facial recognition doesn’t stop other people (or other people’s computers, or other people’s business ventures) using online images where you explicitly identify yourself as tools to track you online automatically.


They must be up to something. My distrust of this org runs way too deep to be appeased by this one issue. They will still meddle in elections and censor conservatives. They’ll just do it more covertly.


Facebook facial recognition (FR) facility appears to have gone already (I never allowed it).
I have an online only bank account which makes intensive use of FR. The app is constantly checking to see that it is me carrying out activity on the account. In view of the frequency of checks I concluded that it is probably sufficiently secure. I know it’s frequent because it soon complains if my finger is over the camera. For some operations I have to make a short video which includes me reading a specified text which includes a one time digit string. I’d be interested to know if anyone thinks I am misguided in thinking this safe!


I never allowed it either… but the screenshot in the article was taken while logged in to my own account via the Android app. I just [2021-11-03T21:15Z] looked at the Settings screens from my iPhone, again via the app, and the equivalent page and option toggle is still there. I have the latest version of the app.


Organisations choose their words in public statements carefully.

So why the use of the word ‘limit’ and not ‘end’?

“ as part of a company-wide move to limit the use of facial recognition…”


I guess that if they said “end” that would preclude using facial recognition for anything at all, even for less controversial applications such as lock screens or the login process.

You only have to look at how popular facial recognition has become for authentication purposes on mobile phones to know that it is here to stay. Rightly or wrongly, people find it convenient (and you don’t even need to take your gloves off).


That’s kind of the reason they shouldn’t be trusted at all. They don’t want to lead even though they are one of the biggest tech companies in the world. If they need consumers and the government to lead their organization, they don’t deserve to be in business.


Well, consumers sort-of lead many tech companies, wouldn’t you say? Consumers, well, *consume* and if that is how and why you make your money (e.g. by the ads that work best with your consumers, the products that sell the best, the image sharing features that get the most use) then you are as much “led by consumers” as anyone…


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!