On using adversarial methods to avoid face recognition on Facebook or elsewhere, I think this is only currently possible because the models used are primitive. I think it's not enough to expect deep learning to learn edge detectors in the first layer as is usually supposed. Probably those detectors become overtuned with high levels of optimizing for accuracy, and so can subsequently be gamed.

The bad news is that I think face detection will be able to avoid these problems by explicitly pre-processing with multiple fixed filters for edges, color, gradient, DoG, etc. That will make adversarial methods which involve twiddling around with individual pixels a lot less effective.