FaceApp, Social Media, and the Disregard for User Data Privacy

FaceApp, Social Media, and the Disregard for User Data Privacy

FaceApp is just helping people revel in some self-deprecating humour, using AI to alter their appearance to reflect their older self. Then why are experts cautioning people against the #FaceAppChallenge on social media?

While the photo-editing tool is currently viral, with celebrities and commoners sharing hilarious results of their older selves, experts are concerned with the way FaceApp is mining user data.

While FaceApp CEO and Founder Yaroslav Goncharov told The Washington Post that the company does save user data on the cloud, but does not transfer that data to its research-and-development team based in Russia. Goncharov added that “most images” are deleted from company servers within 48 hours.

What is FaceApp?

Wireless Lab is a St. Petersberg, Russia-based startup that launched FaceApp, a photo editing tool in 2017. The app uses AI to add a filter to any selfie, thereby allowing a user to look younger or older, to add facial hair, or a toothy smile to their images.

FaceApp first made headlines two years ago when the app came with ‘ethnicity’ filter, transforming any face of one ethnicity to another. It sparked a huge backlash, and the filter was subsequently dropped from the app.

Also Read: IBM Study Finds That the Middle East Has the Highest Number of Data Breach Records

FaceApp and the Concerns Around User Data

Almost as immediately as the social media hype around the FaceApp Challenge went up, so did the news headlines about security concerns around the user data.

Developer Joshua Nozzi caused a frenzy on Twitter when he said that the app was uploading all the photos from the user’s phone camera on its servers. Will Strafach, the founder of a popular firewall app for iOS, found that Nozzi was wrong. The app only uploaded single images to its server to apply the filters. This caused the second wave of frenzy, especially among American politicians who were worried that Russians had access to American user data ( Wireless Lab being a Russian company).

French cybersecurity researcher Baptiste Robert, who goes by the pseudonym Elliot Alderson, found that the app only took a back-up of photos submitted by the users to its servers present in an Amazon Data Centre in the US.

However, concerns around the use of all this data remain. FaceApp’s Terms And Conditions clearly state that they can use the data they collect as they please.

“You grant FaceApp a perpetual, irrevocable, non-exclusive, royalty-free, worldwide, fully-paid, transferable sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”

BBC reported that US lawyer Elizabeth Potts Weinstein argued the app’s terms and conditions suggested user photos could be used for commercial purposes, such as FaceApp’s own ads.

Also Read: Data-driven Marketing is Critical for Brands

Justin Brookman, Director of Privacy and Tech Policy at Consumer Reports, cautioned everyone about the app’s user agreement. “I would be cautious about uploading sensitive data to this company that does not take privacy very seriously, but also reserves broad rights to do whatever they want with your pictures,” said Brookman, who is a former policy director for the Federal Trade Commission’s Office of Technology Research and Investigation.

However, when it comes to mining and selling user data, FaceApp is hardly the first culprit to do so.

Social Media Platforms are Mining and Selling Data

Facebook, as we all are aware, needs advertisers for sustaining its business, advertisers on Facebook need customer data to target specific audiences, and Facebook users, who provide this customer data to Facebook for advertisers to use, simply can’t stop using the platform.

Facebook’s Chief Technology Officer Mike Schroepfer told Slate about the possibility of third parties harvesting contact information from Facebook users’ public profile data. The revelation came after he was talking about how a Facebook feature that allowed users to search for other users via a phone number or an e-mail address was abused by hackers to locate and copy users’ public profile information. The feature was subsequently disabled, but Schroepfer was quoted saying that Facebook believed, “most people on Facebook could have had their public profile scraped in this way.”

A survey conducted by Reuters and Ipsos of more than 2000 American adults post the Cambridge Analytica data breach scandal, found that it hadn’t affected Facebook’s popularity or usage, the Study found that half of Facebook users said they did not recently change the amount that they used the site, in fact, a quarter of those surveyed reported that they were using it more. The remaining quarter said that they were using it less, had stopped using it, or deleted their account entirely.

Lance Ulanoff, Editor-in-Chief of Lifewire, pointed out that popular social networking site Twitter’s terms contained a clause similar to that of FaceApp, yet 326 million people use Twitter every month.

Google researchers have previously revealed that the company had used 2,000 YouTube (which is one of the GSuite offerings) videos of people doing the mannequin challenge to train an AI model on predicting the depth of a moving object in a video. Not just business organisations but academic organisations too are harvesting data without user consent. The University of Colorado, US came under heavy criticism when it was reported that it had secretly been photographing students for a facial recognition study, the University had collected images of more than 1,700 people between 2012-2013 without their consent or knowledge, which went into a dataset used for training facial recognition algorithms.

Also Read: Measurement, The Key to Driving Multichannel TV Campaigns

Safety issues will always remain a concern when it comes to large amounts of user data. Most of the time, we don’t realise that organisations are collecting information when we install an app or use a site. Information like location, activity, shopping patterns and behaviour, demographic, is collected daily. We may not want this data to fall into the wrong hands, but if advertisers and marketers are using it to enhance overall customer experience, it is a small price to pay.