It’s July, and it’s hot. So hot that … your friends are all prematurely aging? Surely by now you’ve seen Facebook friends posting images of themselves in 50 years, all thanks to a fun app called FaceApp.
FaceApp uses artificial intelligence to “age” uploaded photos by 50 years. So far, the app has been downloaded by around 80 million users.
Aside from the existential horror of seeing yourself in 50 years, it’s all fun and games until researchers start reading though the user and privacy agreements: by using this app, you are granting the app’s makers “permanent rights” to any uploaded photos.
Bonus: the makers of this app are based in Russia. Read on to discover the truth about FaceApp, and what you need to know to protect your privacy.
So anything you upload, whether it’s a picture of you or one of your kids, becomes the property of FaceApp. But what does this mean, and what could possibly go wrong?
That the app’s makers are based in Russia is not cause for panic, despite some claims to the contrary. According to an article by Ars Technica, Wireless Lab, which created FaceApp, denies storing any user data in Russia. The company stated to TechCrunch that “Even though the core R&D team is located in Russia, the user data is not transferred to Russia,” and they state that images uploaded by users are hosted on Amazon and Google cloud services.
FaceApp also states they don’t sell/share any user data with third parties, the app only uploads photos selected by users and that most images are deleted from their servers within 48 hours of upload date.
Lots of popular apps are created and owned by foreign countries, for example, TikTok, which is owned by a Chinese company.
Terms of service and other end-user agreements are intentionally made to be difficult to decipher to discourage users from reading through them. Many of the apps and other services that we use likewise gobble up and own your data; many sell your data to third parties (hello, Google, and Facebook).
The truth is FaceApp is just a drop in the bucket, a tiny fish in a sea of data gobbling sharks.
What can you do? Be stingy with your data, and be careful what apps you use. Is it worth giving up the rights to your uploaded pictures forever, so that you can use an app to look old and post it on Facebook? When you use an app, keep in mind that the fun, interactive part of the app is just the tip of the iceberg; behind the scenes, they are likely making money off your data.
When using social media platforms, you can set different levels of privacy and data sharing. If you are uncomfortable with the idea of big corporations chomping up your data, make sure you set privacy settings to the max. Facebook, Google, and many others offer numerous ways you can tweak these settings. Just go to your account and look for the “Privacy” section.
In cybersecurity, one important concept is the “hardening” of a system. You take a computer and try to remove all services except those that are necessary for it to do its job. By doing so, it helps to remove unnecessary risks (things that could be exploited by an adversary) and reduce the attack surface.
Have fun with technology, but try to keep this concept in mind to protect what’s important to you. Review user agreements so that you are aware of what you are handing over to an app or social media platform. Don’t grant unnecessary permissions to apps and social media platforms; only give access to the bare minimum that is required for the service to run.
“Hardening” your social media/app permissions stance is a small way you can take back control of your data, and stop feeding the data gobbling shark swarm.
Consumer Privacy Tips:
Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.