What part of this was a good idea in the first place? A new smartphone app uploads your picture, sends it to an unknown server, and then returns a manipulated image for your entertainment by making you look … really old. Back in the day, whippersnappers, we had grandkids to make us feel old. And get off my damn lawn, too.
Anyway, given where the servers are located and who wrote FaceApp, it’s tough to blame the DNC for being a wee bit nervous about where this all might lead:
The Democratic National Committee on Wednesday warned presidential campaigns against using the viral face-transforming FaceApp, citing the software’s Russian developers. It urged campaign staff to “delete the app immediately.”
The app allows users to upload photos of their faces and have them automatically edited to look like their future selves, replete with wrinkles and graying hair — a popular trick that filled the social media feeds of millions of users, including celebrities such as Drake, LeBron James and the Jonas Brothers.
But concerns over how the photos could be misused by the company, whose developers are headquartered in St. Petersburg, raised alarms among many users as well as DNC officials, who urged 2020 campaign staff and “people in the Democratic ecosystem” not to use the app.
“This novelty is not without risk: FaceApp was developed by Russians,” DNC security chief Bob Lord wrote in the alert to campaigns, which was first reported by CNN. “It’s not clear at this point what the privacy risks are, but what is clear is that the benefits of avoiding the app outweigh the risks. … If you or any of your staff have already used the app, we recommend that they delete the app immediately.”
The Russians should be just as worried. Any use by Joe Biden or Bernie Sanders to get their “aged” pictures might just melt down their servers.
Just how serious are the security risks? NBC News found out that the app isn’t grabbing all the pictures off of users’ smartphones, as rumors had it, but “FaceApp is not completely risk free” either:
“I would be cautious about uploading sensitive data to this company that does not take privacy very seriously, but also reserves broad rights to do whatever they want with your pictures,” said Brookman, a former policy director for the Federal Trade Commission’s Office of Technology Research and Investigation.
“They could turn them into stock photos or advertisements in Russia,” Brookman said. “But I don’t know how much the Russianness is concerning, although Russia has been known to use personal information in the past.”
The app’s ToS gives it “perpetual” rights to any images uploaded to their servers by users, though, and pretty much carte blanche to use those in any way they see fit. The Washington Post asked FaceApp’s CEO to explain the limits of its usage, but the answers may not alleviate some concerns:
3. What are they doing with my data?
Is FaceApp using our faces and the maps it makes of them for anything other than the express purpose of the app, such as running facial identification on us? “No,” Goncharov said. Legally, though, the app’s terms give it — and whoever might buy it or work with it in the future — the right to do whatever it wants, through an “irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferrable sub-licensable license.” (Clear as mud?)
4. Who has access to my data?
Do government authorities in Russia have access to our photos? “No,” Goncharov said. FaceApp’s engineers are based in Russia, so our data is not transferred there. He said the company also doesn’t “sell or share any user data with any third parties” — aside, I pointed out, from what it shares with trackers from Facebook and AdMob. (Another exception: Users in Russia may have their data stored in Russia.)
5. How can I delete my data?
Just deleting the app won’t get rid of the photos FaceApp may have in the cloud. Goncharov said people can put in a request to delete all data from FaceApp’s servers, but the process is convoluted. “For the fastest processing, we recommend sending the requests from the FaceApp mobile app using ‘Settings->Support->Report a bug’ with the word ‘privacy’ in the subject line. We are working on the better UI [user interface] for that,” he said.
Why not post this information to FaceApp’s website, beyond the legalese? “We are planning to make some improvements,” Goncharov said.
The moral of the story is: Beware of Russians sharing GIFs. Seriously, though, one has to wonder why people are so anxious to share personal information in the first place, let alone why politicians running for office would use an app without carefully checking its provenance. In an era of DeepFake, do we really want to go out of our way to contribute our close-up and detailed headshots with third parties for the express purpose of image manipulation? It’s not just that the provenance of FaceApp could hide a malicious purpose, which at least at present doesn’t seem to be the case. It’s that the process leaves one ripe for that kind of victimization regardless of where it comes from or who made it.
If you want to know what you’ll look like in in 25 years, go visit your parent, or maybe learn how to use Photoshop. Or better yet, wait 25 years … that face will stare back at you in the mirror soon enough.