This work proposes a lightweight, physically realizable adversarial camouflage method to mitigate privacy risks arising from the misuse of facial recognition systems. By projecting low-dimensional adversarial patterns—parameterized by color, shape, and orientation—onto semantically meaningful facial regions, the approach leverages multi-model joint optimization and semantic projection strategies to effectively disrupt both black-box and cross-architecture face recognition systems. Experimental results demonstrate that the proposed method significantly degrades the performance of state-of-the-art models in both simulated and real-world settings, achieving high attack success rates and strong transferability. Furthermore, the findings reveal notable differences in the robustness of various model architectures under adversarial perturbations.

While the rapid development of facial recognition algorithms has enabled numerous beneficial applications, their widespread deployment has raised significant concerns about the risks of mass surveillance and threats to individual privacy. In this paper, we introduce \textit{Adversarial Camouflage} as a novel solution for protecting users' privacy. This approach is designed to be efficient and simple to reproduce for users in the physical world. The algorithm starts by defining a low-dimensional pattern space parameterized by color, shape, and angle. Optimized patterns, once found, are projected onto semantically valid facial regions for evaluation. Our method maximizes recognition error across multiple architectures, ensuring high cross-model transferability even against black-box systems. It significantly degrades the performance of all tested state-of-the-art face recognition models during simulations and demonstrates promising results in real-world human experiments, while revealing differences in model robustness and evidence of attack transferability across architectures.