One Company Scraped 30 Billion Photos. Yours is Probably in There.

In 2020, a New York Times reporter broke a story about a company almost nobody had heard of. The company had built a facial recognition database with over three billion photos — scraped from Facebook, Twitter, LinkedIn, news sites, and anywhere else faces appeared publicly online. No partnerships. No licensing deals. No asking permission.

That company was Clearview AI.

The database has since grown to over 30 billion images. If you've ever posted a photo online, or been photographed at an event, or appeared in a news article, there is a real chance your face is in there — tagged, indexed, searchable by anyone with API access.

You never agreed to this. You almost certainly can't get your data removed. And the company's founder thinks that's completely fine.

What Clearview AI Actually Does

The pitch is simple. You upload a photo of a face. Clearview's system searches its database and returns every other photo it has ever seen of that face — along with the URLs of where those photos originally appeared.

For law enforcement, this is positioned as a breakthrough. A detective gets a blurry security camera still of a robbery suspect. They upload it to Clearview. Within seconds, they're looking at the suspect's Facebook profile, their LinkedIn headshot, a photo from their college graduation. Name, employer, hometown — all surfaced from a single face scan.

The technology works because Clearview didn't build a facial recognition tool and then look for data. They did it the other way around. They built a massive indiscriminate photo scraper first — crawling every public-facing platform, every news site, every mugshot repository — and then layered a matching algorithm on top of it. The database is the moat. The bigger it gets, the more useful it becomes, and the harder it is for anyone else to replicate.

As of now, Clearview AI claims over 30 billion photos in its clearview AI database. For reference, the entire human population is about eight billion people. The database has, on average, multiple photos of nearly every person who has ever appeared online.

Who Has Access to This

When the story first broke, Clearview AI was primarily selling to law enforcement. Over 600 agencies in the United States were using it, including the FBI and the Department of Homeland Security. Local police departments in small towns had accounts. School resource officers had accounts.

But law enforcement was never the whole story.

Private companies had been using it. A financial firm was running due-diligence searches on potential partners. A casino was checking faces of people entering the floor against their own flagged-customer list. Individuals with connections at law enforcement had run searches on personal acquaintances.

There were also reports that the technology had been licensed to governments in Ukraine, Saudi Arabia, and other countries with no meaningful privacy frameworks. The facial recognition database — built from American and European social media posts — was being used as a surveillance tool by foreign states.

Clearview's CEO, Hoan Ton-That, has consistently maintained that the company only sells to law enforcement now, at least in the United States. Whether that's currently true and verifiable is a separate question.

The Legal Fights — And Why They Mostly Haven't Worked

Clearview AI has been fined, ordered to delete data, banned from operating, and sued in multiple jurisdictions. It has complied with almost none of it.

The ACLU sued Clearview in Illinois under the state's Biometric Information Privacy Act — one of the strongest biometric privacy laws in the country. The 2022 settlement permanently banned Clearview from selling its face scraping database to most private businesses in the United States. It also banned the company from selling access to Illinois law enforcement for five years.

That was a genuine win. But it also illustrated the limits of state-by-state litigation. One state's ban doesn't touch federal law enforcement. It doesn't touch other countries. And it doesn't erase the data that already exists.

In Europe, Clearview has racked up fines across multiple countries. Italy: €20 million. Greece: €20 million. The Netherlands: €30.5 million. The UK issued a £7.5 million fine and ordered data deletion. As of late 2025, the UK's Upper Tribunal confirmed the fine was valid after Clearview tried to appeal it.

The total EU and UK fines have exceeded $110 million.

Clearview has paid essentially none of it.

The company doesn't have a legal entity in the EU. It simply refuses to engage. The fines exist on paper. Regulators have explored holding executives personally liable and pursuing criminal charges — in October 2025, Austrian privacy NGO noyb filed a criminal complaint — but collecting on any of this remains an open problem.

Australia's Information Commissioner found that Clearview breached Australians' privacy laws and ordered data deletion. Clearview ignored this too. The Australian government eventually dropped further enforcement proceedings, citing the practical difficulty of compelling a foreign company to comply.

The pattern is consistent across every jurisdiction: regulators find violations, issue orders, impose fines, and Clearview continues operating.

"It Was Already Public" — The Argument That Sounds Right and Isn't

Hoan Ton-That has been making the same argument since 2020. The photos were public. People posted them voluntarily. Clearview just organized what was already available. If you didn't want your photo in a searchable database, you shouldn't have posted it online.

This argument is technically accurate in the narrowest sense. The photos were, in fact, publicly accessible.

But "public" in the context of social media has always meant something specific and bounded. When someone posts a photo to their Facebook profile, they are making it visible to people who navigate to that page — friends, family, maybe the occasional stranger who finds them through mutual connections. They are not consenting to having that photo extracted, processed for biometric data, stored in a commercial database, and sold to law enforcement agencies for face-matching searches.

The difference between "accessible" and "consented to large-scale biometric processing" is not a technicality. It is the entire substance of the privacy question.

There is also the problem of permanence and aggregation. One photo is information. Thirty billion photos, cross-referenced against each other, creates something entirely different: a searchable biometric record of nearly every person who has ever appeared online. The harm isn't from any single photo being "public." The harm is from what becomes possible when all of them are combined.

What Clearview did was take a norm people relied on — that posting a photo didn't mean handing your face to a surveillance company — and quietly eliminated it without asking.

What FaceTwin Has to Do With Any of This

When you use pleasejuststop.org, the sender flow is simple. You paste in a URL of a publicly available photo. That URL gets processed, the face gets extracted, and the experience gets set up.

That's it. A URL to a public photo.

That is also, functionally, the entire input Clearview AI needs.

You don't need to hack anyone. You don't need to steal anything. You don't need access to private data or back-end systems. If the photo is publicly accessible — which most social media photos are, at least some of the time — it can be scraped, processed, and added to a facial recognition database. The FaceTwin mechanism and the surveillance capitalism mechanism are structurally identical. Both require only that the image exist somewhere on the public internet.

FaceTwin makes that visible in a way that explanations don't. The victim goes through a realistic-looking AI matching product, sees their own face reflected back at them with slight variations, and then gets a cold data receipt explaining exactly what just happened — including the source URL proving their photo was already out there.

The point isn't to scare anyone. The point is to make something abstract feel real. Clearview AI is abstract. Thirty billion photos is abstract. Your face in a searchable database, accessible to police departments you've never heard of, is abstract.

A link your friend sent you that apparently found three people who look just like you — that's not abstract.

Explore more: the panopticon effect describes what it does to behavior when people feel they might always be watched. The legal gap that lets companies like Clearview operate freely in the US is a separate problem entirely. And if you want to understand what you actually can't change — unlike a password or an email address — start with the face you can't change.

---

FAQ

Is Clearview AI legal in the United States?

Partially. The ACLU settlement in 2022 permanently banned Clearview from selling its database access to most private companies in the US. But there is no federal law prohibiting what Clearview does. The company continues to sell to federal law enforcement. Without a national facial recognition privacy law, the legal landscape varies entirely by state — and most states have no relevant protections at all.

Can I get my photos removed from Clearview's database?

Clearview offers an opt-out tool, but only in states with specific biometric privacy laws, and the process requires submitting a photo of yourself to the company to verify your identity — which is its own notable irony. Whether submitted opt-outs are actually honored, and whether Clearview might re-scrape you in the future, is not something the company is transparent about.

Has Clearview AI ever misidentified someone and caused harm?

Yes. Multiple documented cases of false matches have led to wrongful arrests. A man in Detroit was arrested and held for 30 hours based on a Clearview AI match before charges were dropped. A man in New Orleans was jailed for a week. The NIST has consistently found that facial recognition algorithms perform significantly worse on Black faces, meaning the accuracy disparity falls hardest on people who are already disproportionately subject to police scrutiny.

Does Clearview AI scrape photos that people have made private?

The company claims to only index publicly accessible images. In practice, "publicly accessible at the time of scraping" doesn't mean "currently public" — social media privacy settings change, accounts get locked down after scraping has already occurred. Once a photo is in Clearview's database, changing your privacy settings doesn't remove it.

Why hasn't the US passed a federal facial recognition law?

The short answer: there's no political consensus, and the lobbying pressure runs the other way. Law enforcement agencies don't want restrictions on tools they find useful. Tech industry groups argue broadly against biometric regulation. The longer answer is in the post on why there's no federal facial recognition law.