The viral face-changing app is proving immensely popular – but it’s also potentially harvesting metadata on its users. If you haven’t tried it out yet, learn more about what it could be doing with your likeness and other personal data before downloading the app.
There’s no harm in a little fun, right?
That’s what hundreds of millions of users have been assuming for the past week or so, as Faceapp, a Russian-based photo-filtering app, has seen another surge in popularity thanks to its age-based filters.
Users can upload a selfie and have it automatically aged or de-aged to see what they would look like plus or minus a few decades. Posting wizened selfies on social media has become a viral fad among celebrities and everyday users alike over the past few days, reaching well over 150 million users around the world.
Is Faceapp Safe?
Not in principle, and it’s difficult to tell if it is in practice.
“FaceApp cannot ensure the security of any information you transmit to FaceApp or guarantee that information on the Service may not be accessed, disclosed, altered, or destroyed.”
When it comes to a user’s likeness, ideally, you’d want more reassurance that your photo wouldn’t be sold or used in any way other than in the app’s primary function. Unfortunately, that’s not the case, especially given how the app works (that is, as compared to how it could work)…
How Does Faceapp Work?
Faceapp uses a neural network (which is a type of artificial intelligence) to change the user’s face according to its processes that help develop the intended product – in this case, an older version of the user’s uploaded image. When it sees colored hair, it changes it to white or grey. When it sees smooth skin around facial features, it adds convincing wrinkles, etc.
In a vacuum, Faceapp is actually a rather interesting application of new technology. But the key issue is that, in order to make these changes, Faceapp stores the image in the company’s own servers. The filters are not, as some would assume, applied on the user’s phoneThis is worrying, given that Faceapp is a Russian company. However, Faceapp CEO Yaroslav Goncharov told the Guardian that data is not transferred to Russia, but is actually stored in US-based data centers operated by Amazon and Google.
Goncharov also told the Verge that photos are stored in Faceapp servers in order to save bandwidth when multiple filters are applied and that they get deleted not long after to free up server space.
Unfortunately, all of this is difficult to confirm. The uncertainty and potential for abuse of user data has led to a lot of talk about privacy and data usage policies, even by Senate Minority Leader Chuck Schumer.
Just this week, Schumer requested that the FBI investigate Faceapp, saying, “In the age of facial recognition technology as both a surveillance and security use, it is essential that users have the information they need to ensure their personal and biometric data remains secure, including from hostile foreign governments.”
If you use #FaceApp you are giving them a license to use your photos, your name, your username, and your likeness for any purpose including commercial purposes (like on a billboard or internet ad) — see their Terms: https://t.co/e0sTgzowoN pic.twitter.com/XzYxRdXZ9q
— Elizabeth Potts Weinstein (@ElizabethPW) July 17, 2019
Are You At Risk?
However, if you use Facebook, then this isn’t necessarily the first time you’ve been exposed to something like this – remember the Cambridge Analytica scandal?
The bottom line is that your likeness could be used elsewhere by other companies, but only time will tell. If your selfie shows up in an online ad on the other side of the world, this could be why.
What Can You Do To Protect Your Likeness And Data?
If you haven’t used the app yet, then don’t, simple as that. Sure, you’ll miss out on a little bit of fun that comes with seeing how you’ll look in 2050, but it’s probably not worth it.
If you’ve already used the app, then you can make a request to have your data deleted from the Faceapp servers. To do so, send a direct request through Settings > Support > Report A Bug, with the word “privacy” in the subject line.
The company told TechCrunch that it is accepting requests from users to delete their personal data, but be warned – it may take a while. According to Faceapp, their team is “overloaded” with the requests.
What About The Next “Faceapp”?
As you may have realized, even if you’re not a Faceapp user, the same thing could happen to you with an app you currently use, or may someday use.What can you do to protect your data?
There are a number of general best practices you can follow to keep your data secure across apps and platforms – for example, check out this 15-point list for enhancing your privacy on Windows 10.
A key best practice for protecting your data is to use a virtual private network (VPN), which will give you back control over how you’re identified online. A VPN creates a secure tunnel for your data to transit the Internet, using a network of private servers.
When you use a VPN, your data is encrypted, or hidden, as it moves from your device to the VPN and then continues onto the Internet through what’s called an exit node. A VPN creates the appearance that your data is coming from the VPN server, not from your device.
That makes it harder for an outside party to identify you as the source of the data – no matter whether you’re on your mobile device’s data connection, or using an unsecured retail Wi-Fi network while you’re in line for coffee. Even if third parties can intercept your data, the encryption means the attackers can’t understand your data or use it to their advantage.
In the end, it’ll always come to down to conveniences vs. security. Using Faceapp may be easy and fun (in fact, that’s the point), but by using it without double-checking what it does with your data, you potentially expose yourself to unnecessary risks. Always be skeptical when trying out a new app, or new technology in general.
Like this article? Check out the following blogs to learn more:
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.