The Russian startup FaceApp has swept the internet this week, offering a feature that gives users an aged-up, AI-powered look at their future selves.
But it has spurred backlash as well, thanks to three troubling facts: FaceApp's policy offers little data privacy, the company is based in Russia, and it captures its users' photos in the cloud.
The writer of one tweet that kickstarted the uproar has already apologized for a misleading claim that the app harvested your details without explicit permission. The app doesn't upload every single photo on users' phones; Just the ones that they select and allow.
The backlash might not be entirely justified, but it definitely says a lot about how public opinion on photos has evolved.
Poor Data Privacy Isn't Unique to FaceApp
FaceApp's privacy policy has drawn ire, thanks to a lawyerese-packed terms of service page that grants the application a lot of power over your likeness:
If you use #FaceApp you are giving them a license to use your photos, your name, your username, and your likeness for any purpose including commercial purposes (like on a billboard or internet ad) — see their Terms: https://t.co/e0sTgzowoN pic.twitter.com/XzYxRdXZ9q
— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019
While FaceApp might technically be able to use the 80 million faces they've collected for billboards, they probably won't. The bigger question is, why aren't we mad about how terrible all terms of service agreements are, particularly in your favorite apps like Facebook, Twitter, Instagram, and Snapchat?
For example, Facebook's terms of service explain that it won't sell your data… but it will create a user profile based on the data, and might be able to sell that. Furthermore, you can't stop it from collecting your data by changing your privacy or ad settings. And the platform can collect information about you even when you're not actively using it. And other people can grant Facebook access to your data. And it can access your GPS location. Yikes.
Here's a snippet from the Twitter ToS, which explains that everything you add to the platform is theirs to do whatever they want with:
“By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods (now known or later developed).”
Plenty of other tech companies have equally wide-ranging agreements, as Tech.co has covered before. You can avoid FaceApp and maybe even Twitter, but it's tough to fully avoid Facebook, making it arguably the bigger threat to your data privacy.
Are Russian Companies a Threat?
This line of reasoning makes sense. The Russian government did indeed interfere in the 2016 US election with the goal of sowing political discord, and doesn't seem to have a reason to stop.
This isn't even the first time a Russian tech company has gone under the cybersecurity microscope in recent months. Kaspersky made the news last month when Russia’s telecommunications regulations agency blocked every other top VPN providers for refusing to link their servers to the government system. Kaspersky's Russian VPN service will now be censored by the Russian government, somewhat undercutting the general point of a VPN service.
The issue isn't unique to Russia, either. The China-based Huawei has been banned from US government agencies due to fears of spying. In all cases, there might not be explicit evidence that Kaspersky, Huawei, or FaceApp are compromised, but just a suspicion is reason enough for most privacy-conscious users to avoid them.
Uploading Photos to the Cloud
Faced with the claim that they are uploading photos, FaceApp has officially responded to state that they don't keep the images longer than 48 hours.
“Most of the photo processing happens in the cloud,” FaceApp founder Yaroslav Goncahrov said in a statement, and “the user data is not transferred to Russia.
“We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn't upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.”
Granted, there's no way to fully confirm this is factual.
But, even if FaceApp does store your images indefinitely, this is yet another privacy incursion that massive tech companies have already been doing for years. Facebook has access to billions of users' images, with databases stretching back a decade, and, as previously mentioned, Twitter can do whatever it wants will all images uploaded to its service.
The uproar over FaceApp isn't unwarranted. But the lack of a widespread exodus from Facebook and Twitter suggests that our fully justified and steadily growing fears of who is accessing our online images still haven't hit critical mass.
It's possible that, by the time they do, we'll all actually look as old as our FaceApp selfies.
Read more tech news from Tech.co