MIDS Capstone Project Spring 2025

RUFake: Separating AI-Generated from Real Photos

Team members
Tamar Brand-Perez
DJ Fajana
Qinchen Jiang
Jasmine Lau
Sanjiv Narayan

Elevator Pitch

The Economist recently called online scams the “largest illicit industry in the world,” valued above $500 billion1.  Online scams including romance scams and business scams have cost individuals their life savings and left them emotionally devastated.   RUFake protects you from online scams by identifying a deepfake photo from a real one - rapidly, accurately and with your privacy and ethics built in.  We developed RUFake’s state-of-the-art AI using unbiased analytics from archives of millions of images. We do not store any data, we do not take advertising money, and nobody can ever hack us for your data - as we don’t have it. Use RUFake - because we don’t want you to be the next victim

Problem & Motivation

Online scamming is a $500B global challenge that can cause financial ruin - and emotional distress.  53% of men & 47% of women are victims of a romance scam. Users require a trustworthy safe solution to detect scamming and protect them. 

RUFake 

addresses several unmet needs by providing an  online tool with >85% accuracy to detect real vs fake photos of individuals you interact with. Our primary use case is online dating; our secondary use case is online ID checking. We prioritize privacy - nobody will know you are checking. We prioritize security - we don’t store your profile or photos.  Our AI was built from millions of photos in broad, diverse populations.

Privacy and Ethics (By Design)

  • As described by Nissenbaum2, this project requires privacy by design, for which strategies are well outlined3.
  • The purpose of RUFake is to reveal features about data (the photo of an individual) which could cause emotional distress, financial disruption or embarrassment in potentially vulnerable populations4.
  • Privacy and ethics concerns result from:
    • Revealing to a vulnerable user that a photo is manipulated;
    • A need to mitigate the legal, financial and emotion impact of incorrect determinations (app errors).  Mitigation is difficult, even using detailed explanations6.
    • Risks of biased analysis, that preferentially tag photos by certain individuals or locations as fake.  Risks can be legal, financial or psychological, and impact the user, RUFake and data owners. Mitigation must avoid perpetuating structural biases at several levels7.  These risks exist even if bias was introduced inadvertently through class imbalances in our training data.
    • Must keep the photo, app determination and user’s data secure.  We will provide disclaimers that it is difficult to ascertain the source of photos, particularly if fake. This will mitigate the risks to RUFake of storing or analyzing sensitive or even illegal data.
    • Identity, membership or attribute disclosures could have secondary or implied meaning as outlined in a recent publication by members of the RUFake team8.
    • Mitigate against ethical concerns.
  • Our Solution will thus minimize legal exposure5 and emotional distress for the user, the subject of the photo and the owner of the photo.
    • Mitigation Plan for inaccurate authenticity determination. We have engineered this by providing confidence intervals in our model outputs..
    • Disclaimers for errors (inaccurate authenticity determination), including the limitations of training data, limited languages or dataset sizes.
    • No data storage. This avoids the need to prevent data leakage.
    • Reduce risks of aggregation, as outlined for specific data types in our recent paper8.
    • How long should data security last? This is open ended but may not be relevant as we will not store data. Similarly, data review, editing and deletion is not relevant. 

Data Source & Data Science Approach

  • Real images were obtained from the million image Celeb-A dataset. The motivation was because this has a rich annotation of >40 attributes, in a large and diverse population. Images were taken in a wide range of poses and lighting conditions. The data are publicly available, facilitating bias and fairness studies. Fake images are taken from matched datasets. Accordingly, we did not have to use AI to generate fake images 

  • Figure 1 below shows examples from our data repository of real and AI generated images.

  • Data matching.. Our final strategy was to match real:AI images in a ratio of *** (Jessica, Tamar)
  • Final Dataset Selection is summarized below. We obtained real images from the million image Celeb-A dataset. Our motivation was that this has a rich annotation of >40 attributes, in a large and diverse population. Images were taken in a wide range of poses and lighting conditions. The data are publicly available, facilitating bias and fairness studies. Fake images are taken from matched datasets. Table 1 below summarizes our final curated dataset.

In summary, our dataset was as follows: 

  • ≥ 440k real || ≥ 186k fake
  • 130k female || 104k male
  • 256x256: 163k, 512x512: 52k
  • We selected 256X256 images, and matched across gender and white:non-white groups to minimize bias

Model Design and Development 

  • We developed and benchmarked several custom CNN models. We implemented Dinov2 as a feature in our basic models.

  • Featurization. Several computer vision approaches are used. Figure 2 below gives an example of how edge detection works to featurize elements of a real photo. Note that edges are not straight, and are largely discontinous. One hypothesis that we tested in the project was that modified images may have straight edges

  • We disseminated our model on the Web

Model Evaluation

  • We did exploratory data analysis as shown below, based on features tagged in CelebA

  • Troubleshooting
    • We tested a variety of model architectures.
    • We found that loss rapidly converged, and that the accuracy rapidly asymptoted to ~100%
    • Our Initial concern was that the model was biased in some way, such as data leakage of test data images into training or vice versa. However, this was not the case.
  • Evaluation of High Performance of RUFake Model We found similar results of ~100% accuracy (sensitivity and specificity) for
    • Alternative models.
    • Subsets of data.
    • We confirmed that AI and real images were of similar size
    • We identified that the color palettes of AI and real images were different. This is illustrated below in fig. 3, where the RGB color scales of real images (fig. 3A) and AI-generated images (Fig. 3B) were different and largely non-overlapping. This could readily explain the near perfect performance of our RUFake model.
    • *** Tamar and Jasmine **** image of color palette of 

Key Learnings & Impact

  • Obtaining data was relatively easy. It was difficult to curate and then propensity match data for gender and race to reduce bias
  • Model training led to surprising suboptimal results in the Test Cohort, even though the model loss reduced in the development cohort
  • Privacy was surprisingly difficult to ensure

Conclusions

  • *** ALL TO EDIT
  • We identified online scamming as a major societal and financial concern worldwide. To address this problem, we developed an app to separate real from AI-generated images.
  • Our design mandate was to make the app simple-to-use, and to make privacy and ethics a design-feature.
  • We tested a variety of de novo neural network architectures, feature extraction techniques and model sets to separate Real from altered/AI generated images of individuals.
  • We found that real and altered photo images were readily separable. In our large survey of multiple repositories, the most dramatic difference was in the color palette and intensity, and further studies could explore additional differences.
  • We deployed our best model on the web, which provided high performance.
  • Our model received excellent feedback in early market testing.
  • Our model stores no data from the user, photo provider nor photo subject, thus adhering to our privacy-by-design mandate.
  • Our team worked well together, and according to plan.
  • Future anticipated work will refine the model, with a view to potential commercialization.

Acknowledgements

  • Superb input from Prof Puja Vahabi and Prof Todd Holloway
  • We are indebted to input from the Berkeley Computer Vision Faculty
  • We acknowledge feedback from our peers who have shaped the project

References

1. The Economist, February 2025. Online Scamming.

2. Nissenbaum H. A Contextual Approach to Privacy Online. Daedalus. 2011;4:32-48. 

3. Wright D. The state of the art in privacy impact assessment. Computer law & security review. 2012;28:54-61. 

4. Allen KC, Davis A, Krishnamurti T. Indirect Identification of Perinatal Psychosocial Risks from Natural Language. IEEE Trans Affect Comput. 2023;14:1506-1519. doi: 10.1109/TAFFC.2021.3079282

5. Dankar iK, El Emam K. Practicing differential privacy in health care:. Trans Data Privacy. 2013 6:35–67. 

6. Caldwell S, Temmermans F. Fake images: how much do they matter? Towards building quantitative modeling of misinformative images. Paper/Poster presented at: Applications of Digital Image Processing XLVII; 2024; 

7. Whong C. FOILing NYC’s Taxi Trip Data. https://chriswhong.com/open-data/foil_nyc_taxi/. 2014. 

8. Narayan SM, Kohli N, Martin MM. Addressing Contemporary Threats in Anonymised Healthcare Data Using Privacy Engineering. NPJ Digital Medicine. 2025;accepted. 

More Information

Application Landing Page Sample
RUFake application
Last updated: March 27, 2025