It’s getting old, but we must join all the rest concerned with whether FaceApp is (still) intercepting your personal data. Created in 2017 by Wireless Lab, this Russian app has recently gone viral again with its new aging filter that got everyone, from Taylor Swift to your dad, wanting to look older.
But how and what exactly is this FaceApp taking away from you?
FaceApp’s Terms of Service
Well, there is no exact answer to the aforementioned question because FaceApp’s policies are quite vague and speak a lot about what they’re not doing now – but might be doing in the future.
All processed images can be modified, reproduced, and even published, not counting out the commercialization
Again, let’s remind ourselves that if the product is free, it means you’re the product. Unfortunately, that works not only for FaceApp but for most of the apps that you use, such as Twitter or Instagram. So if you trust them, there’s no big reason why you shouldn’t trust FaceApp.
FaceApp policies have stayed the same
On the other hand, the policies are broad enough to let this happen.
What’s more, FaceApp won’t necessarily walk the extra mile to inform you about the updates on their policies: “We may also attempt to notify you by sending an email notification to the address associated with your account, if any, or providing notice through our Services.”
Ask your mom before use
FaceApp can (ab)use your face
FaceApp does not claim ownership of any User Content that you post on or through the Services
While this sounds great from the user’s perspective, further reading brings more troublesome points:
You grant an irrevocable right to use your User Content, even for commercial purposes
Also, you cannot claim any injury that resulted from FaceApp using your User Content, which probably includes any mental illness after seeing a banner with your wife sporting a beard. In fact, there’s no way you could sue FaceApp unless there’s some copyright infringement when someone else uploads your pictures. Finally, any disputes will be solved without a class action, via individual arbitration, making it pretty hard to sue FaceApp for almost anything.
The services fall under the US jurisdiction, and your data is allegedly stored in Amazon and Google servers, which means you should be worrying first about your photos getting into the hands of the US and not Russia’s government. But the worst part is that your personally identifiable information can fall into Putin’s hands as well, with the R&D team of Wireless Lab based in Saint Petersburg.
The first part about Wireless Lab servers recording your IP address, browser type, etc., and using that information to provide targeted ads is a common practice. But you have to keep in mind that all this data can now be paired with your face which can be used to learn your gender, age, and other profiling info.
Later, Wireless Labs tries to reassure that your information won’t be shared with third-parties without your consent. Unfortunately, that doesn’t include FaceApps’s affiliate partners or those who help provide the service to you. That basically means any company that Wireless Labs decides to do business with.
Where and for how long FaceApp stores your images
While your images are stored on Amazon and Google servers, they can be stored in any country in which FaceApp, its Affiliates or Service Providers maintain facilities. So please keep in mind that even though the US is not the best place when it comes to protecting personal data, having it in Russia or China is by no means an upgrade.
While the Wireless Lab founder Yaroslav Goncharov has stated that users can ask for their data deletion, FaceApp is still to provide a better way to do so other than reporting a bug as it is now. He also claims that the majority of FaceApp users don’t log in, which means there’s no connection between their photos and other personal information.
Mr. Goncharov has also stated that most images are deleted within 48 hours. While this means that there’s no reason to be concerned for the majority of FaceApp users, there will probably be some photos deemed to be interesting that will stay in the Wireless Labs servers indefinitely.
Future risks of using FaceApp today
While FaceApp doesn’t pose any immediate threat – but obviously wants to get your data to sell or use it for targeted advertising – there’s a chance that will backfire later when your face will become your ID. In case of a data breach, your photo and other data can be used to access your bank account illegally. Nevertheless, it’s far-fetched, as most likely you’ll need 2-factor authentication to access your important accounts, which would also serve as a means to put off others from skinning your face.
And thinking of how many pictures you’ve shared everywhere already, the risk of fake-facing will be there, with or without FaceApp. Google has 8 million images to train face-recognition algorithms, while Facebook boasts at least 10 million. Microsoft and IBM have also used millions of photos for their own facial recognition services.
You won’t see your nudes from your camera roll online
FaceApp doesn’t upload all your camera roll, contrary to some claims that began circulating yesterday. It’s only the photo that you’ve selected and uploaded. But this is a serious risk if the app scans and can identify the content of your photo library, which might include not only selfies but also some notes with wifi passwords or credit card numbers.
While some iPhone users might boast their “Never allow photo access” option makes then safe, the truth is that any app can override this by asking for one or more photos, and you tapping on them creates an exception to the rule. But it seems that iOS 13 will already have an “Only once” option, solving this “never means never” dilemma.
This is not the only viral action that results in data that corporations use for their benefit. For example, Google used YouTube videos with the mannequin challenge, where you had to stay still, to train AI. And who can say that your video was not one of them? And even if it was, do you feel violated now, after mindlessly clicking OK on those ToS and privacy policies that Google served you back in the day?
As always, whenever there’s something security and privacy concerning, the media is out there to create a big story of it. But the point is that we should be aware not about FaceApp or the next scandalous thing, but our online security in general. More often then not the most damage is being done silently in a prolonged period, rather than in some spontaneous action that dies out in a few days.
That’s why we’re using this occasion for another reminder to check this only security list:
- Do you use secure and unique passwords for each account?
- If no, have you considered using a password manager?
- Do you have any malware protection?
- Are you encrypting your traffic and hiding your IP address with a VPN?
If you’ve found yourself shaking your head sideways more than nodding in approval, it’s time to put some effort into protecting all of your data to save your face.
And in this case, the sooner, the better.