FaceApp Privacy Issues Are Real But Not Unique

FaceApp’s new old-age filter is fun — who doesn’t want to see into the future? But getting a look at yourself with wrinkles and white hair comes at the expense of your privacy.

It was early 2017 and employees in the nondescript office on a Saint Petersburg side street had every reason to be giddy. Their online application, FaceApp, had exploded almost overnight. The surge in popularity was due to its face-morphing filter, which allowed users to upload images and make photo-realistic alterations to them – add a smile, say, or use a “hotness filter” to lop off a few years.

Press coverage was immense and fawning. Stories appeared in all of the largest technology publications as well as mainstream international press houses. Soon the app would have 80 million users. But, like a photo, the FaceApp's fortunes changed. Controversy struck over another of the app’s filters – a so-called ethnicity filter that allowed users to alter photos to see what they would look like with other skin colors. The press coverage turned negative, then faded. User numbers ebbed.

Until now. FaceApp is having its second turn in the spotlight, once again going viral thanks to the app's old-age filter, which uses artificial intelligence to render an image of what you might look like a few decades from now. Who’s ever said no to seeing into the future? The press coverage has returned. So too have the users. FaceApp recently overtook Instagram and Whatsapp on the Apple App Store's list of most downloaded apps. The explosion of popularity has also given rise to the FaceApp Challenge, in which everyone from your neighbor to your favorite pop star shares their age-filtered images for comparison and ribbing.

The real cost of fake aging

But it’s not all fun and games. Users are (often unwittingly) agreeing to an immense trade, handing over not only the rights to the image they alter, but also a trove of personal data, including browsing history. This information is stored on the company’s servers both in the United States and Russia. According to the company’s extremely broad terms of use and privacy policy, FaceApp maintains the right to do essentially anything it wants with both the photos one uploads and the other data it is able to collect, often through cookies and log files.

Most users of the app aren’t aware that the photo they upload and change is not actually altered directly on their device. Instead, it’s uploaded to a cloud, and FaceApp maintains ownership of it from them on. Under the aforementioned terms and conditions, FaceApp has "perpetual, irrevocable, nonexclusive, royalty-free, worldwide" ownership of all uploaded images as well as the freedom to "use, reproduce, modify, adapt, publish [and] translate" them however they see fit.

There’s no technological reason for FaceApp to move images to a cloud, other than to maintain control over them. Images certainly could be processed directly on a user’s device. Yaroslav Goncharov, the company’s CEO, has said the reason for not doing this is to save bandwidth, and that many users’ photos are deleted within a month of their upload anyway. There is, of course, no way to verify this.

FaceApp runs afoul of EU law

All of this makes FaceApp’s legal footing in Europe very suspect. The translation or transmission of users’ photos and data to third parties, without the clear consent of each user, violates the European General Data Protection Regulation. So too does moving said data to any location the company wishes without prior authorization from the user.

In an interview last month, Goncharov told The Washington Post that FaceApp neither shares nor sells data with third parties. Yet a follow-up analysis by the newspaper found that FaceApp data was indeed given to third-party Facebook and Google trackers that many apps use for online advertisements. According to the company’s privacy policy, it also maintains the right to save all user photos and data even if the user deletes them from their personal account space.

Many are accurately pointing out that FaceApp isn’t doing anything particularly unusual with the data it harvests, nor are its terms and conditions highly unusual in the industry. But the founder’s responses to privacy concerns have, at the very least, been less than wholesome. It’s also troubling that the company calls Russia home, a place under de facto totalitarian control by a man whose government actively harvests and manipulates internet data to meddle in foreign elections.

There’s also no reason that the relative whataboutism of FaceApp apologists should be taken as a reason to furlough our privacy concerns. The control that social media companies and internet applications have over our personal data – and the amount of this data they collect without our knowledge – is something we should’ve been more concerned about long ago. If the privacy debate surrounding FaceApp helps wrest some control of our data from these companies, it matters little that the tipping point came in the form of FaceApp’s old-age filter. It could have, and should have, come much earlier.

You need to accept 3rd party cookies to see this content.