Can photo-tagging violate privacy?

What's in a face? A name, to a friend you haven't seen in a long time; or a credit card number to a thief. It could be a blank canvas to a make-up artist, or just mere visual data to a security guard profiling travellers entering and exiting the airport.

But to Carnegie Mellon University's Alessandro Acquisti, an associate professor at the university's cybersecurity research and education institute studying privacy risks posed by facial recognition software and social media networks, a person's face is "the veritable link between her offline and online identities".

It is now possible to identify strangers and gain their personal information (In the US, perhaps even their social security numbers) by using readily-available facial recognition software and social media profiles, so it would be a good idea to think twice before tagging those holiday photos on Facebook.

"When we share tagged photos of ourselves online, it becomes possible for others to link our face to our names in situations where we would normally expect anonymity," said Acquisti.

He and his research team combined three technologies: an off-the-shelf face recogniser, cloud computing and publicly available information from social network sites to identify individuals online and offline in the physical world.

Using a self-developed augmented reality-capable smartphone app, they ran three experiments. First, Acquisti's team identified individuals on a popular online dating site where members protect their privacy through pseudonyms. In the second experiment, they identified students walking on a campus based on their profile photos on Facebook. In the last experiment, the research team predicted personal interests (and in some cases even the social security numbers of the students, starting with only a photo of their faces).

The smartphone app was built to demonstrate the ability to make the same sensitive deductions in real time. In an example of augmented reality, the app uses offline and online data to overlay personal and private information over the target's face on the smartphone's screen, which Acquisti said "raises the issue of what privacy will mean in an augmented reality world".

Cloud computing is already becoming a norm in some of our lives (think Dropbox) and is set to improve performance times at cheaper prices. Online people-tagging, already a norm in Facebook and also a standard feature in Google+, will provide more means of facial identification.

Since these technologies are also accessible by end-users, the results signal a future when we all may be recognisable on the street not just by friends or government agencies using sophisticated devices, but simply by anyone with a smartphone and Internet connection.

So, for those of you living your digital "second life" to the fullest, it's probably best to pay careful attention to what's shared and tagged online. It's no longer just going to be about the social implications of your colleagues stumbling across photos of that lost weekend.

"Ultimately, all this access is going to force us to reconsider our notions of privacy," Acquisti said. "It may also affect how we interact with each other. Through natural evolution, human beings have evolved mechanisms to assign and manage trust in face-to-face interactions. Will we rely on our instincts or on our devices, when mobile phones can predict personal and sensitive information about a person?"