PimEyes
Facial recognition reverse-image search engine — finds photos of a face across the open web. Powerful for identification work, ethically fraught, used by journalists and stalkers alike.
What should journalists know about PimEyes?
PimEyes is the most powerful publicly available facial recognition search engine, and that fact alone is the story. For journalism, it can be useful — verifying whether a person in one photo is the same as in another, identifying anonymous figures in crowd photos, tracing image reuse across the open web, finding additional photos of a public figure during background research. The Bellingcat-style OSINT community uses it routinely for identification work. The New York Times called it "alarmingly accurate." The BBC called it "facial recognition on steroids." Both descriptions are correct. But this is not a tool that can be recommended without a long ethical discussion. PimEyes scrapes billions of face images from the open web — news sites, blogs, personal pages, court records, conference photos, university directories, anything indexable that contains a human face. It does not scrape Facebook, Instagram, or video platforms (officially). It builds biometric vectors from those faces and lets anyone with $30 search them. The opt-out process exists, but multiple investigations have shown opt-out is unreliable, the company is structurally opaque, and the tool has been used to identify children, stalk private individuals, and dox protesters and federal employees. The owner is Giorgi Gobronidze, a Tbilisi-based AI academic who bought PimEyes in December 2021 through a Dubai-registered shell corporation, EMEARobotics. The company's prior owners were a Polish team, then a Seychelles shell. Legal entities tied to PimEyes include corporations in Belize, Poland, Dubai, and the United States. An Illinois Biometric Information Privacy Act (BIPA) plaintiff's attorney spent two years trying to serve the company notice of a lawsuit and could not find a valid contact in any of those jurisdictions. This is not how a trustworthy data processor structures itself. The misuse record is severe. The New York Times, NPR, Washington Post, and Business and Human Rights Resource Centre have documented PimEyes returning images of children labeled "potentially explicit." In October 2023, after sustained pressure, PimEyes added age detection to block child searches. Harvard students built a Ray-Ban Meta glasses demo using PimEyes to identify strangers in real time and pull their addresses and phone numbers. Activists have used it to dox ICE officers. UK and German privacy regulators have opened investigations. An Illinois BIPA class action remains ongoing. For journalism, the honest framing is this: PimEyes is genuinely useful for legitimate identification work, especially in human-rights investigations where you have a perpetrator photo and need to find the person's name. It is also a tool that, by existing, makes mass surveillance of ordinary people trivially cheap. Using it for journalism funds a company whose business model depends on private individuals being identifiable. There is no clean answer. If you use it, use it sparingly, only for clear public-interest identification, never on private individuals or minors, and never as the only basis for identification — always corroborate with other evidence. Consider whether your story can be done with FaceCheck.id, Yandex reverse image search, or Google Lens instead, none of which are clean either but each of which makes different tradeoffs. Document your methodology in the story. If you used facial recognition to identify someone, say so, and explain how you verified the match. Readers should know.
Verifying whether two photos depict the same public figure. Identifying perpetrators in human-rights investigations where you have a face but no name. Tracing image reuse across news sites and the open web. Background research on public figures. Confirming claimed identities in romance-scam, deepfake, and impersonation investigations.
Identifying private individuals, minors, protesters, or anyone whose identification serves no public interest. Stories where the identification is the only piece of evidence and cannot be corroborated. Routine background checks. Anyone who is not prepared to disclose facial recognition use in their methodology. Newsrooms with strict ethics policies prohibiting biometric surveillance tools.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
PimEyes uploads of search photos are processed for biometric matching and, according to the company, deleted after the search session. The underlying face index is built from web-scraped images and biometric vectors derived from them — billions of faces of people who never consented. The opt-out form requires submitting government ID and a current photo (which is itself a biometric submission to the same company you are trying to opt out of). Multiple journalists and researchers have documented opt-outs failing or being reversed when new images of the same person appear online. The company does not publicly disclose its data retention, breach history, or third-party processors. The privacy policy is published in English from a Dubai entity.
How to protect yourself:
Treat PimEyes as a hostile data processor. Never upload photos of confidential sources, victims, minors, or anyone whose face you do not have explicit permission to query. Use a dedicated browser profile, ideally on a separate device, with a payment method that does not link to your real identity if your investigation is sensitive. Pay with a virtual card or prepaid card if possible. Do not use single sign-on. Never enable the alerts feature — it persists your query subject indefinitely on PimEyes infrastructure. Save results immediately, since opt-outs and takedowns can remove evidence later. Document in your story methodology that you used facial recognition and how you verified the match. Consider whether the same identification could be done with non-biometric tools first (Yandex, Google Lens, FaceCheck.id, or direct outreach). For your own personal protection, submit an opt-out request — but do not assume it will be permanent.
The caution rating is not primarily about technical security — it is about trust, governance, and ethical risk. PimEyes uses HTTPS and standard payment processing, but the company is structurally opaque (registered across Dubai, Belize, Poland, and Seychelles), refuses to disclose data retention or breach history, has been the subject of three open regulatory investigations (UK, Germany, Illinois BIPA), and has been documented enabling stalking, child-image searches, and protest doxing. The opt-out process requires submitting ID to the same company you are trying to escape. For journalism, the tool can produce useful identifications, but using it means trusting an entity with no meaningful accountability and a track record of misuse. Newsrooms should treat PimEyes as a tool of last resort, document its use in published methodology, never query private individuals or minors, and never upload photos of confidential sources. If a comparable result can be obtained with Yandex reverse image search, Google Lens, or direct reporting, prefer those.
Who Owns This
Known issues
Child safety failures: Investigations by NPR, NYT, and the Business and Human Rights Resource Centre documented PimEyes returning images of children, some labeled "potentially explicit," to anonymous searchers. PimEyes added age detection in October 2023 only after sustained press pressure. Whether the fix is reliable is contested. Doxing and stalking: PimEyes has been used to identify ICE officers, far-right figures, romance-scam victims, and private individuals at protests. A 2024 Republican senator letter targeted PimEyes for ICE doxing specifically. The Washington Post documented stalking use cases. Harvard students built a real-time identification demo using PimEyes plus Ray-Ban Meta glasses. Opt-out unreliability: The opt-out process requires submitting government ID and a current photo to the same company you are trying to escape from. Multiple journalists have shown opt-outs being reversed when new images of the same person appear online, since the system re-identifies and re-indexes faces continuously. Structural opacity: The company is registered across Dubai, Belize, Poland, Seychelles, and the United States, with no clear single legal home. An Illinois BIPA class action plaintiff's attorney spent two years trying to serve notice and could not find a valid contact in any jurisdiction. This makes data-rights enforcement under GDPR, BIPA, or CCPA effectively impossible. Active regulatory investigations: The UK Information Commissioner's Office (via Big Brother Watch complaint, November 2022), Germany's Hamburg DPA (December 2022), and the Illinois BIPA class action (May 2023) have all opened proceedings against PimEyes. None has resulted in a final binding order yet. Consent: The face index is built from web-scraped images of billions of people who never consented to being added to a biometric search engine. This is the core ethical problem and is not a bug to be fixed — it is the product.
Pricing
Free tier shows blurred matches without source URLs. Paid plans: Open Plus $29.99/month (75 daily searches, 10 alerts), PROtect $34.99/month (100 searches, takedown assistance), PROtect Plus $70.99/month (125 searches, 200 takedowns), PROtect Pro $159.99/month (150 searches, 400 takedowns), Advanced $299.99/month (unlimited searches, 1,000 takedowns). Yearly plans get 20% off. One-time $14.99 unlocks results for a single search session.
This is an editorial assessment based on publicly available information as of 2026-04-07, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.