For some reason, after two years of pretty much lying dormant (at least as far as the internet is concerned), face-altering selfie app FaceApp has gone ridiculously viral… again.
Why? It’s a question I asked myself repeatedly on Tuesday as my social media timelines were flooded with pictures of people thinking they were oh-so-clever.
On Wednesday, I and the rest of the internet woke up to learn some bad news about FaceApp. One, the app was created in Russia.
[protected-iframe id=”527f5f6329829df12a7bcea6d3b02da4-97886205-92827192″ info=”https://giphy.com/embed/XhcSIUIkgbmuY” width=”480″ height=”360″ frameborder=”0″ class=”giphy-embed” allowfullscreen=””]
And two, FaceApp apparently violates pretty much all of its users’ privacy in direct conflict with app store Terms of Service.
If you are thinking of using the #FaceApp consider Section 5 of the ToS & that you grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable licence to use your content (and which may be of your friends or colleagues)
— Privacy Matters (@PrivacyMatters) July 17, 2019
for a range of commercial purposes & that you acknowledge that some of the Services are supported by advertising revenue & may display advertisements & promos, & you agree that
— Privacy Matters (@PrivacyMatters) July 17, 2019
.. FaceApp may place such advertising & promos on the Services or on, about, or in conjunction with your User Content.
Recall that your behavioural data may be used to support such commercial purposes such as advertising. Ask, what would my friend say about using her/his image?
— Privacy Matters (@PrivacyMatters) July 17, 2019
Section 5 #FaceApp ToS.
S10, you also "indemnify, defend, and hold harmless FaceApp .. your violation, misappropriation or infringement of any rights of another (including intellectual property rights or privacy rights)”
<waves at friends and their privacy rights pic.twitter.com/ZL3uuZqxxW
— Privacy Matters (@PrivacyMatters) July 17, 2019
Section 5 of the Tos https://t.co/NzxZ5KHH4a should be read in conjunction w/the privacy policy https://t.co/ZS019tuVLj
"Log file information is automatically reported by your browser each time you make a request to access (i.e., visit) a web page or app.” That’s a lorry data pic.twitter.com/bPYlSDwlMO
— Privacy Matters (@PrivacyMatters) July 17, 2019
And don’t forget those device identifiers.
👀 "A device identifier may deliver information to us or to a third party partner about how you browse and use the Service and may help us or others provide reports or personalized content and ads.” 😲 personalised content 🤔 Ads 🤔 pic.twitter.com/2TXQrwtnwe
— Privacy Matters (@PrivacyMatters) July 17, 2019
Nice, right?
Well, as reported by the folks over at TechCrunch, the company behind FaceApp has now addressed exactly what the deal is with their almost non-existent privacy policy?
Their statement reads as follows…
We are receiving a lot of inquiries regarding our privacy policy and therefore, would like to provide a few points that explain the basics:
1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
“Most images” … very specific.
3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
Did you create a log in? You did, didn’t you?
5. We don’t sell or share any user data with any third parties.
6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
As my good friend Cass commented, “Exactly what I’d expect a Russian data mining service to say.”
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.
So there you have it. It’s all good, apparently.
[protected-iframe id=”d4fb12a027c691c21943e41cd40d258f-97886205-92827192″ info=”https://giphy.com/embed/zv1dUbr5oC0ta” width=”640″ height=”450″ frameborder=”0″ class=”giphy-embed” allowfullscreen=””]