Originaly a Twitter thread

The shady Pimeyes 👀

Pimeyes is a service that search photos thru a phenomenal database scrapped from the Internet, thanks to powerful facial recognition :

Pimeyes frontpage

Pimeyes media

Pimeyes post

Pimeyes affiliate

Pimeyes monitoring

Before going into controversies, let’s track back the origins of Pimeyes ⬇️

Washington post

Pimeyes WHOIS

Carribex1 Carribex2

But what about the tech side of Pimeyes ?

Pimeyes creates more questions than answers :

How an individual could (and would) buy such a sensitive tech ?
Who are the clients ?
Why can’t it be traced and audited clearly ?
How’s the data stored and shared ? Under which regulations ?

Pimeyes seems to play on a fine line, and the investigations of some states may shed light on its operation.

Riga

[OSINT] The shady Pimeyes

The shady Pimeyes 👀

Pimeyes is a service that search photos thru a phenomenal database scrapped from the Internet, thanks to powerful facial recognition :

Before going into controversies, let’s track back the origins of Pimeyes ⬇️

But what about the tech side of Pimeyes ?

Pimeyes creates more questions than answers :

Pimeyes seems to play on a fine line, and the investigations of some states may shed light on its operation.

The shady Pimeyes 👀

Pimeyes is a service that search photos thru a phenomenal database scrapped from the Internet, thanks to powerful facial recognition :

It was originally used to find yourself, but his popularity grew rapidly to be used for other purposes, as finding people during the Capitol insurrection :

Surprisingly, Pimeyes website highlight bad press while trying to discredit them (a bit awkwardly) :

1 - They have an affiliate program, a common way to encourage subscriptions

2 - While stating that you can submit DMCA requests to remove your face, you still need a paid subscription for monitoring :

Before going into controversies, let’s track back the origins of Pimeyes ⬇️

From The Washington post article, two Polish individuals made the service since at least 2017 :

1 - WHOIS history shows that Lukasz Kowalczyk is the owner of the domain https://pimeyes.com, also revealing the contact email

2 - The late mobile app is signed by Denis Tatina

“pimeyes@gmail.com” has made two Google Maps reviews in Poland a few years ago, but no other traces are available (breach, accounts…)

As Intelligence X showed, the company was originally registered as ‘Pimeyes sp. z o.o.’ in Poland, with another entity ‘Face Api EU sp. z o.o.’

But in 2020-2021, Pimeyes moved to Seychelles (a known tax heaven) as “Face Recognition Solutions Ltd.”, while also changing the WHOIS record for more privacy :

To finally land in Belize, another tax heaven, as ‘Carribex LTD’, coinciding with the arrival of a new owner…

…Giorgi Gobronidze bought Pimeyes for an undisclosed amount as he said to netzpolitik.org

G. Gobronidze is an academic, lecturer and researcher from Georgia, who also worked for the Ministry of Defense

He also answered @alicehines questions from @ViceNews latest video :

But what about the tech side of Pimeyes ?

Even if they mostly use Cloudflare, their infra seems to be hosted on AWS & Hetzner in Germany :

Protonmail is used for emails

And contact@pimeyes.com has been created the 2021-02-05 :

And here’s the shady tech side :

❌no whitepaper

❌unclear TOS

❌ no communications with privacy watchdogs

A lot of misuse :

She thought a dark moment in her past was forgotten. Then she scanned her face online

Pimeyes creates more questions than answers :

Pimeyes seems to play on a fine line, and the investigations of some states may shed light on its operation.