TechEcho

Hi HN,We are the core developers behind FACEIO (<a href="https://faceio.net" rel="nofollow">https://faceio.net</a>), a product developed from scratch here at PixLab (<a href="https://pixlab.io" rel="nofollow">https://pixlab.io</a>) in the past few years.FACEIO is a cross-browser, Cloud & On-Premise deployable, facial authentication framework, with a client-side JavaScript library (fio.js) that integrates seamlessly with any website or web application desiring to offer secure facial recognition experience to their users.Put it simply, FACEIO is the easiest way to add passwordless authentication to web based applications. Simply implement fio.js on your website, and you will be able to instantly authenticate your existing users, and enroll new ones via Face Recognition using their computer Webcam or smartphone frontal camera on their favorite browser.FACEIO works with regular Webcams or smartphones frontal camera on all modern browsers, does not require biometric sensors to be available on the client side, and works seemingly with all websites and web applications regardless of the underlying front-end JavaScript framework or server-side language or technology.Implementing FACEIO is straightforward. Before so, you need to create a new application first on the FACEIO Console (<a href="https://console.faceio.net" rel="nofollow">https://console.faceio.net</a>), and link this resource to your website or web application. The checklist below highlights the steps to follow for a smooth integration of fio.js on your site:1. Create a new FACEIO application first: Follow the Application Wizard on the FACEIO Console to create your first application and link it to your website or web application.2. Select a Facial Recognition Engine: Review Security & Privacy settings, Cloud or On-Premise deployment and customize the Widget look & feel, all done via the Application Wizard (<a href="https://console.faceio.net" rel="nofollow">https://console.faceio.net</a>).3. Add the fio.js library to your Website: Implement fio.js (<a href="https://faceio.net/getting-started" rel="nofollow">https://faceio.net/getting-started</a>), our facial recognition library on your website before rolling facial authentication to your audience...4. Enroll & Authenticate your first used via the enroll() & authenticate() methods respectively, the only two exported methods from the fio.js library.The details:Each enrolled user on your website represented by its feature vector (biometrics hashes, mapped by the selected facial recognition engine), alongside with his Unique Facial ID (<a href="https://faceio.net/facialid" rel="nofollow">https://faceio.net/facialid</a>), as well as, any metadata you have already linked to a particular user, is stored in a sand-boxed binary index called Application in the FACEIO jargon. Think of FACEIO Application as an isolated container of your users' data. Only your application with its encryption key can gain access to this index (features vectors & metadata). You can retrieve your encryption key via the Application Manager on the FACEIO Console.You can create a new application via the FACEIO Console in a matter of minutes. This is easily done thanks to the Application Wizard. The wizard should automate the creation process for you. Usually, this involve inputting an application name, selecting a facial Recognition engine, reviewing security options, customizing the Widget layout, and so forth.We have baked privacy and security directly into our infrastructure. We collect and store the minimum amount of personal information needed to authenticate users, and we back that up with intelligence-backed security monitoring. The underlying Facial Recognition Engines that FACEIO rely on such as PixLab Insight or AWS Rekognition only stores hash signatures of your facial features, a stream of meaningless floating point numbers anonymously, after your full explicit consent, and/or until you submits a removal request.FACEIO itself (the service) including this Website, the fio.js facial authentication library, the Embedded Widget, the Rest API, the Console) does not store or handle biometrics nor even know anything about them. It is the responsibility of the selected facial recognition engine by the application owner (eg website or web application you use) to choose a cloud storage region or opt for on-premises deployment for storing biometrics hash.Finally, The following tutorials, and guides should help you get started with FACEIO:1.Getting Started Tutorial: Learn the fundamentals. Your first steps with FACEIO - <a href="https://faceio.net/getting-started" rel="nofollow">https://faceio.net/getting-started</a>.2.Integration Guide: Learn how to implement fio.js, our facial recognition library on your website before rolling facial authentication to your audience - <a href="https://faceio.net/integration-guide" rel="nofollow">https://faceio.net/integration-guide</a>3.Developer Center: Code samples, documentation, support channels, and all the resources you need to implement FACEIO on your website - <a href="https://faceio.net/dev-guides" rel="nofollow">https://faceio.net/dev-guides</a>4. Trust Center: Learn how we handle your data securely and in compliance with privacy and legal requirements. - <a href="https://faceio.net/trust-center" rel="nofollow">https://faceio.net/trust-center</a> | <a href="https://faceio.net/apps-best-practice" rel="nofollow">https://faceio.net/apps-best-practice</a>

10 comments

bsenftneralmost 3 years ago

Sigh. How many times does it have to be stated: facial recognition is not authoritative! Using facial recognition for authentication is flat out wrong, a face image is too game-able, and to make it strong enough not to be spoof-able the in-system expected users will be rejected when they undergo ordinary human facial variation.I was principal engineer of a leading enterprise FR system through 3 generations of the product, and I have global patents in the technology. This application of FR is flat out wrong and probably illegally fraudulent, because these people must know this technology cannot do what they claim!

aspyctalmost 3 years ago

Noooo thanks. The day I will happily give away biometric data online has not arrived.Just let me send you a public key instead.

评论 #32081710 未加载

scrollawayalmost 3 years ago

Hi. Congratulations on the launch.I'm sorry in advance, this is going to be incredibly negative. I'll sum it up to this: WTF?What's the motivation to build and launch this? Simplify authentication (it won't)? Make it more secure (it won't)? Make it cheaper (it won't)?Your terms (<a href="https://pixlab.io/terms" rel="nofollow">https://pixlab.io/terms</a>) are ridiculous. You might be the first SaaS I see that has both a "business-critical" tier and a "no warranty" clause in their terms.Your "GDPR compliant" terms are out of whack, actually, too. Has a lawyer reviewed this? It's written for end users with no mention of customers or data processing agreements. You don't even have a DPO.I'm doubly shocked because this looks like a lot of work and care has been put into this; what you built is a prototype at best, yet you're basically screaming that this is an enterprise-ready product you're fully launching.

评论 #32082055 未加载

评论 #32081232 未加载

manmalalmost 3 years ago

With Apple and Google supporting FIDO passkeys very soon (<a href="https://9to5mac.com/2022/06/07/passkeys-passwordless-sign-in-ios-16/" rel="nofollow">https://9to5mac.com/2022/06/07/passkeys-passwordless-sign-in...</a> and <a href="https://developers.google.com/identity/fido" rel="nofollow">https://developers.google.com/identity/fido</a>), why would anybody want to use anything else?

smt88almost 3 years ago

Why should we trust you with face data?

评论 #32080363 未加载

drzoltaralmost 3 years ago

I don’t see any mentions of what you define as “spoof-proof.” Are you performing a liveness check [0] ? Eg can I hold a picture up of someone else’s face, or commandeer the camera feed to play a video of my choosing?[0] <a href="https://www.liveness.com/" rel="nofollow">https://www.liveness.com/</a>

earthboundkidalmost 3 years ago

Credential stuffing attacks are old news. Face stuffing attacks are the new hotness.

midenginedcoupealmost 3 years ago

No independent pen test, no independent security audit or certification, no security standards certification. No thanks.

评论 #32083675 未加载

rrrrrrrrrrrrralmost 3 years ago

So I just need a username and a photo of my victim for authentication?

评论 #32081234 未加载

internxtalmost 3 years ago

More and more people are getting vigilant in handling and securing their data; this is a rather convenient method, but what makes this challenging is the fact that it can be a delicious target for cyber attackers, and if the company suffers a data breach, malicious actors can get a hold of everyone's identity. They can use it to steal their financial credentials and collect information about the user. Although passwordless authentication would be an excellent way to lessen the effects of cyberattacks, people would be skeptical about how this would turn out.

10 comments

bsenftneralmost 3 years ago

aspyctalmost 3 years ago

Noooo thanks. The day I will happily give away biometric data online has not arrived.Just let me send you a public key instead.

评论 #32081710 未加载

scrollawayalmost 3 years ago

评论 #32082055 未加载

评论 #32081232 未加载

manmalalmost 3 years ago

smt88almost 3 years ago

Why should we trust you with face data?

评论 #32080363 未加载

drzoltaralmost 3 years ago

earthboundkidalmost 3 years ago

Credential stuffing attacks are old news. Face stuffing attacks are the new hotness.

midenginedcoupealmost 3 years ago

No independent pen test, no independent security audit or certification, no security standards certification. No thanks.

Show HN: Face IO – Facial Authentication for the Web

10 comments

Show HN: Face IO – Facial Authentication for the Web

10 comments