FaceApp: Age Your Photos — And Compromise Your Privacy?

With Meghna Chakrabarti

Have you used FaceApp — the hugely popular app that lets you age your face? It was made by Russian developers and members of Congress say the app could be a national security threat.

Brian Barrett, news editor at Wired Magazine covering security and consumer technology. (@brbarrett)

Patrick Jackson, chief technology officer at the cybertechnology firm Disconnect. Former National Security Agency researcher. (@patjack)

Carrie Cordero, senior fellow at the Center for a New American Security. Former counsel to the assistant attorney general for national security and senior associate general counsel at the Office of the Director of National Intelligence. Legal and national security analyst for CNN. Professor at Georgetown University Law Center. (@carriecordero)

Vox: "Privacy concerns over viral photo apps are totally valid. But they’re also often overblown." — "If you’ve been on Twitter or Instagram recently, you may have noticed that every person you know is suddenly 80 years old. There’s been a huge spike in use of the Russian photo-editing application FaceApp, which allows a user to submit a photo of their face and be shown an elderly version of themselves.

"Of course, there is a moment in every fad where someone loudly points out that the fad is bad, and that moment has come for FaceApp this week because of a heated conversation around the app’s terms of service and privacy policy.

"In a representative article from Fast Company published Wednesday morning, it’s noted that FaceApp uploads photos to its servers, and 'the age effects are crunched by the AI there, off your device.' The piece also includes, in bold, 'FaceApp does not alert the user that their photo has been uploaded to the cloud, nor does it specify in its policies if the company retains your original photo.'

"Many worried citizens on Twitter have screenshotted and shared a section of FaceApp’s terms of service, which discusses what the company may do with photos that users upload:

"'You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.'

"All of this sounds bad. And it is, objectively, not great. But if you’ve already uploaded your photo and there’s nothing you can do about it now, it’s worth considering how warranted the panic really is. As is usually the case with app privacy: It’s all relative."

Washington Post: "You downloaded FaceApp. Here’s what you’ve just done to your privacy." — "When an app goes viral, how can you know whether it’s all good fun — or covertly violating your privacy by, say, sending your face to the Russian government?

"That’s the burning question about FaceApp, a program that takes photos of people and “ages” them using artificial intelligence. Soon after it shot to the top of the Apple and Google store charts this week, privacy advocates began waving warning flags about the Russian-made app’s vague legalese. Word spread quickly that the app might be a disinformation campaign or secretly downloading your entire photo album. Leaders of the Democratic party warned campaigns to delete the app 'immediately.'

"I got some answers by running my own forensic analysis and talking to the CEO of the company that made the app. But the bigger lesson was how much app-makers and the stores run by Apple and Google leave us flying blind when it comes to privacy."

Wired: "Think FaceApp Is Scary? Wait Till You Hear About Facebook" — "FaceApp is a viral lark that takes a convincing guess at what you’ll look like when you’re old. FaceApp is also the product of a Russian company that sends photos from your device to its servers, retains rights to use them in perpetuity, and performs artificial intelligence black magic on them. And so the FaceApp backlash has kicked into gear, with anxious stories and tweets warning you off of its charms. Which, fine! Just make sure you save some of that ire for bigger targets.

"The response to FaceApp is predictable, if only because this cycle has happened before. FaceApp went viral when it launched in 2017, and prompted a similar—if far more muted—privacy kerfuffle. But compared to Meitu, that year’s other viral face manipulator, which is quite a phrase to type, FaceApp was downright saintly in its data collection. At least FaceApp didn't access your GPS and SIM card information. More energy was directed at bigger problems, like FaceApp’s blackface filter. (Yep!)

"The latest frenzy appears to have been kicked off by a since-deleted tweet that claimed FaceApp uploads all of your photos to the cloud. That certainly would be alarming. But FaceApp has denied the claim, and multiple security researchers have confirmed that it’s not so. FaceApp takes only the photo you ask it to manipulate. The company also says it deletes “most images” from its servers within 48 hours of uploading, although admittedly there’s no way to confirm that it does so in practice. If you want FaceApp to remove all of your data from its servers, you can send a request within the app, by going to Settings > Support > Report a bug and putting 'Privacy' in the subject line. 'Our support team is currently overloaded, but these requests have our priority,' FaceApp founder Yaroslav Goncharov said in a statement. 'We are working on the better UI for that.' "

Anna Bauman produced this hour for broadcast.