undetectable.me

How to remove your photos from face-recognition sites

How to remove yourself from face-recognition search engines, what each opt-out can and cannot delete, and why source takedown still matters.

By The undetectable.me team
5 min read
Contents

Removing your photos from face-recognition sites is a per-engine, reactive process worth doing, but it is structurally whack-a-mole, not a clean deletion: several engines each scrape their own corpus, each has its own opt-out, and none controls the source photos.

The landscape is several engines, not one

There is no single face-search database to delete yourself from. PimEyes is an open consumer tool and offers a free opt-out request form. Clearview AI says its service is restricted to government and law-enforcement use in the United States following litigation under the Illinois Biometric Information Privacy Act, and its individual privacy-requests page is gated to residents of states with applicable privacy laws, including California, Colorado, Connecticut, Illinois, Utah, and Virginia. FaceCheck.id, FindClone, and other services run their own scraped indices and their own rules.

That means each engine must be handled separately. Removal from PimEyes has no effect on Clearview. A Clearview deletion request has no effect on FaceCheck.id. An engine that appears later can scrape the same source photos again.

The reason this works as a search product is the same reason cleanup is difficult. Deng, Guo, Xue, and Zafeiriou’s ArcFace paper at CVPR 2019 describes face recognition as an embedding problem: a face image is mapped into a space where identities can be compared. Once a recognisable face is public, many separate systems can build their own index around it.

Opt-out removes you from search, not from the web

Opt-out is suppression at the index. It is not removal at the source. If a photo remains on a school site, employer page, image host, social profile, archive, or news story, the original photo remains online. A face-search engine may stop showing it, but the page still exists and another crawler can find it.

The companies’ own processes also require sensitive uploads. PimEyes asks for a clear face photo and an anonymised government ID. Clearview’s privacy process can allow eligible users to request access or deletion, but opting out of processing is not the same as deletion. Only a deletion request removes stored data, according to Clearview’s own framing.

That distinction matters. A processing opt-out may limit use. Deletion is a stronger request. Neither changes the original pages on the web.

Why the face stays matchable

A face remains matchable if the underlying images remain available. Recognition systems do not need a perfect passport photo. Kim, Jain, and Liu’s AdaFace paper at CVPR 2022 states that “Recognition in low quality face datasets is challenging because facial attributes are obscured and degraded.” Modern systems are built around that challenge, so casual, compressed, or low-quality images are still part of the threat model.

Blurring a copied image is also not a reliable fix once the original is elsewhere. Todt, Hanisch, and Strufe’s Fantômas work at PoPETs 2024 shows why partial anonymisation is not the same as irreversible removal: face anonymisation can be reversible.

There is also a broader privacy problem. Tkachenko and Jedidi’s Scientific Reports 2023 megastudy found 82 of 349 personal attributes predictable better than random from a facial image and warned that “facial analysis can strip away privacy.” Removing yourself from a search result does not mean the face has stopped leaking information.

Doing it properly, and its limits

A practical cleanup starts with the largest visible engines. Check PimEyes and submit its free opt-out request form if you appear. If you are eligible under Clearview’s state-gated privacy process, use the access or deletion route and prefer deletion where that is available. Check other engines such as FaceCheck.id and FindClone separately. Then move upstream: ask the original sites to remove or replace the source photos.

Retest after the requests have had time to process. Search your own face again. Use different images, because face systems are designed to match across image variation. ArcFace at CVPR 2019 is the useful mental model here: the product is not searching for one exact file. It is matching face identity.

The limit is that cleanup stays reactive. The web keeps being re-scraped, new engines appear, and old source pages are copied or archived. Each opt-out can reduce exposure in one place, but none can make every public copy disappear.

Where stronger image protection fits

If you still need to publish new photos, opt-out is not the only lever. Active perturbation tools try to alter the image before publication so the face is harder to match. Cherepanova, Goldblum, and Foley’s LowKey paper at ICLR 2021 describes it as “the first such evasion tool that is effective against commercial facial recognition APIs.”

That is a different strategy from removal. Removal asks an index to suppress or delete stored data after scraping has happened. Active protection changes the image before exposure. For already-public photos, start with opt-out and source takedown. For future photos, publish fewer identifiable images and consider active image protection where the tradeoff makes sense.

For a narrower PimEyes walkthrough, see How to opt out of PimEyes.

Sources

  • PimEyes, Opt-Out Request Form (service under review; claims are the company’s own).
  • Clearview AI, Privacy and Requests (service under review; claims are the company’s own).
  • Deng, Guo, Xue, Zafeiriou (2019). ArcFace: Additive Angular Margin Loss for Deep Face Recognition. CVPR 2019.
  • Kim, Jain, Liu (2022). AdaFace: Quality Adaptive Margin for Face Recognition. CVPR 2022.
  • Todt, Hanisch, Strufe (2024). Fantômas: Understanding Face Anonymization Reversibility. PoPETs 2024.
  • Cherepanova, Goldblum, Foley (2021). LowKey: Leveraging Adversarial Attacks to Protect Social Media Users from Facial Recognition. ICLR 2021.
  • Tkachenko, Jedidi (2023). A megastudy on the predictability of personal information from facial images. Scientific Reports 13:21073.
#face-recognition#opt-out#privacy#removal
Last updated
17 June 2026
Category
Opt-out