If anybody has gone on social media in the past few days, they’ve seen the new trend – showing your 30+ years older version by using an app called FaceApp.
Anti-Russian hysteria didn’t miss it, since FaceApp is owned by a Russian company – Wireless Lab.
The app has been around since 2017, but its End User License Agreement, and specifically the alleged privacy of user data came under scrutiny just now.
The most significant piece of “evidence” to substantiate that FaceApp steals our data is that “Russian intelligence weaponized social media in order to spread propaganda during the 2016 US presidential election.”
That is mostly because nowadays, something is unproven and has had no evidence to back it up, can be used to prove a completely separate matter.
Regardless, in the US, Democrats and Republicans said that FaceApp is a cause for concern that merits further scrutiny.
BIG: Share if you used #FaceApp:
Because millions of Americans have used it
It’s owned by a Russia-based company
And users are required to provide full, irrevocable access to their personal photos & data pic.twitter.com/cejLLwBQcr
— Chuck Schumer (@SenSchumer) July 18, 2019
“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.”
FaceApp did say that it is not uploading “all” of a person’s photos, and that most of them get deleted within 48 hours.
I am not seeing much fishy in FaceApp
Photos are uploaded to FaceApp's servers on AWS w/ authorization. Not much info is being sent to FaceApp's servers other than user metrics (e.g. ui interactions)
I just wish there's an option for users to delete their photos from the server
— Jane Manchun Wong (@wongmjane) July 17, 2019
But, then again, how can anybody trust a Russian company, right?
FaceApp provided the following statement in response to the privacy concerns:
- FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
- We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
- We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
- All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
- We don’t sell or share any user data with any third parties.
- Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.”
It would be wise, before choosing not to use the application for fun, or whatever other reason one might use it, to remind yourself of a recent article by Wired, which asks a very current question: “Think FaceApp Is Scary? Wait Till You Hear About Facebook”.
“Take the most obvious example, and not only for its similar name. Facebook has nearly 2.5 billion monthly active users to FaceApp’s 80 million. It, too, applies facial recognition to photos that those users upload to its servers. It also actively pushed a VPN that allowed it to track the activity of anyone who installed it not just within the Facebook app but anywhere on their phone. When Apple finally banned that app, Facebook snuck it in again through the backdoor. And that’s before you get to the privacy violations that have led to a reported $5 billion fine from the FTC, a record by orders of magnitude.”
So far so good, but these are Facebooks terms of service:
“when you share, post, or upload content that is covered by intellectual property rights (like photos or videos) on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings).”
Naturally, though, Facebook is a US product, so they can’t possibly use their information, knowledge and power for “evil.”
Users should be reminded that quite possibly every app on Google Play or the Apple Store instantly asks for access to all your contacts, pictures, videos, call history as soon as you install it.
Regardless if it is a single player game, an online one, or an app with 50 cooking recipes. So why is it exactly that different, if an app that tells you how to make a Mac & Cheese can actually get access to all your personal photographs, among other things.
MORE ON THE TOPIC: