Share:
FaceApp, the Russian-backed app that ages you, has a serious privacy risk
If you’ve been anywhere near social media in the last week, you’re bound to have seen a wave of realistic photos of your friends aged beyond their natural lifespan. This viral photo challenge exploded thanks to a popular program called FaceApp, which uses neural networks and machine learning in order to transform a user’s face in a variety of amusing ways.
Despite its popularity, FaceApp is no stranger to controversy. A previous version of the app received backlash when it allowed users to change their ethnicity in photos using the program’s advanced tools. Now, a section of the app’s privacy policy has ignited a new firestorm of criticism — especially in light of where the app’s developers and servers are based: Russia.
With election season just on the horizon, and privacy scandals fresh in the minds of folks across the web, there’s palpable fear surrounding FaceApp’s intentions and origins. But are these fears actually well-founded? Or is America’s ire towards FaceApp just another error of judgment in our digital Cold War? Here’s our take on this popular and mysterious Russian photo app.
A “not-so-private” privacy policy
Over the past week, the hashtags #FaceAppChallenge and #AgingChallenge went viral on Twitter — filled with strange, realistic pictures of people aged by the FaceApp program. Ordinary people, celebrities, and even political entities took part in the fun, but cybersecurity researchers aren’t so sure that the app is entirely serious about protecting its users’ privacy.
One problem is FaceApp has an unusually worded privacy policy — which states that images uploaded by the user are essentially the property of FaceApp. Once an image is sent to FaceApp’s servers, according to the policy, the company can use that information for commercial purposes.
The policy also states that, even though data is allegedly deleted from the company’s servers after a few days, the company may hold on to data to comply with “certain legal obligations.”
This means that once you submit a photo for transformation, it essentially belongs to FaceApp at that point.
From Russia with love
A fact that has rankled analysts and American politicians alike is the fact that on top of the dubious privacy policy, the app, its servers, and its developers are all based in St. Petersburg, Russia.
This is the same city that was home to the infamous Internet Research Agency, a government-sponsored “troll farm” indicted by Special Counsel Robert Mueller’s investigation for interfering in the 2016 U.S. Presidential Election.
This coincidence, combined with the fact that FaceApp now owns a vast amount of name and facial data, has some American lawmakers crying foul. In fact, Senate Minority Leader Chuck Schumer has called for an investigation into the app and its practices to make sure that no wrongdoing has occurred.
Are fears overblown?
Despite the sudden outcry and fear surrounding FaceApp, there are a number of skeptics who believe the panic around the popular app may be overblown — and even a product of xenophobia.
Many are pointing out the fact that the app’s privacy policy isn’t all that different from big names like Facebook. Additionally, initial claims that the app was “harvesting entire camera rolls” from phones was proven to be a fabrication. Security experts dispelled this story, as well as claims that the app is doing anything unusual outside of the nebulous privacy policy.
In a statement released to TechCrunch, FaceApp claimed that photos are stored in the cloud for more convenient editing and processing. Additionally, they are taking requests from users who want to have their photos permanently deleted from the app via the “report a bug” feature. Most notably, they claim that many of their servers are hosted by Amazon and Google, which are based in the U.S.
Still, reading through the company’s privacy policy should give users pause. Ordinary internet users are quite comfortable with giving up private data to apps and companies in exchange for fun, but it’s always worth taking time to consider if putting your data online is really worth it in the end.
Whether FaceApp is truly the next IRA or training a deepfake engine of some kind is unknown, and probably unlikely. Still, it never hurts to take precaution when posting anything personal online — especially your face.
We all get old, eventually. Maybe it’s better to wait until then to take a “grey-haired” selfie instead of trusting an app that may or may not have connections to a foreign government.
We reached out to FaceApp for a statement on the issue, and they have not yet responded to our request for comments. This story will be updated should they reply.
Tags: Amazon, cybersecurity, Google, security
Share: