clock menu more-arrow no yes mobile

Filed under:

Privacy concerns over viral photo apps are totally valid. But they’re also often overblown.

The panic about FaceApp’s old-person filter isn’t wrong, exactly. It’s just tinged with xenophobia and devoid of context.

Pictures of people on FaceApp showing them at their current age and older.
A Russian photo-editing app has gotten super popular again, and now it’s time for the privacy backlash.
FaceApp

If you’ve been on Twitter or Instagram recently, you may have noticed that every person you know is suddenly 80 years old. There’s been a huge spike in use of the Russian photo-editing application FaceApp, which allows a user to submit a photo of their face and be shown an elderly version of themselves.

Of course, there is a moment in every fad where someone loudly points out that the fad is bad, and that moment has come for FaceApp this week because of a heated conversation around the app’s terms of service and privacy policy.

In a representative article from Fast Company published Wednesday morning, it’s noted that FaceApp uploads photos to its servers, and “the age effects are crunched by the AI there, off your device.” The piece also includes, in bold, “FaceApp does not alert the user that their photo has been uploaded to the cloud, nor does it specify in its policies if the company retains your original photo.”

Many worried citizens on Twitter have screenshotted and shared a section of FaceApp’s terms of service, which discusses what the company may do with photos that users upload:

“You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”

All of this sounds bad. And it is, objectively, not great. But if you’ve already uploaded your photo and there’s nothing you can do about it now, it’s worth considering how warranted the panic really is. As is usually the case with app privacy: It’s all relative.


First, some background about FaceApp. It’s been around since January 2017 and has always offered the option to make yourself look old, though it has gotten much better at it. It has also always sent photos off of users’ phones to a remote server so that they could be processed by the custom neural networks that mutate your photos into new creations. (Typically, if you are going to trust any apps, the best bets are ones that do everything directly on your device.)

The more interesting feature at launch was the ability to add (very creepy) smiles to people’s faces. The more controversial feature at launch was the “hot” filter, which mostly just made people paler. (CEO Yaroslav Goncharov later said this was “an unfortunate side-effect of the underlying neural network caused by the training set bias.” I.e., the app had mostly been fed pictures of white people.) After this controversy, the company went ahead and introduced a set of racial filters including Asian, Black, Caucasian, and Indian.

There are other apps with similar capabilities that can run locally on your phone without sending photos to a remote server — e.g., Google and Facebook — but it’s not that weird that FaceApp is sending the photos out. Snapchat also uploads photos to its own servers, although, after years of questioning, it explained that it then deletes them.

This isn’t the first time a popular photo app has caused a privacy firestorm for vague reasons

Miniature panics about what photo apps are doing with the personal data they collect happen fairly often. This January, there was a firestorm around Facebook’s “2009 vs. 2019” or “10-Year Challenge,” after Wired reporter Kate O’Neill argued that the meme had been planted as a trick to get Facebook users to create a data set for machine learning. She implied that Facebook’s userbase had been bamboozled, writing:

“Imagine that you wanted to train a facial recognition algorithm on age-related characteristics, and, more specifically, on age progression (e.g. how people are likely to look as they get older). Ideally, you’d want a broad and rigorous data set with lots of people’s pictures. It would help if you knew they were taken a fixed number of years apart—say, 10 years.”

This theory was debunked by other reporters who pointed out that Facebook already has tons of photos of its users — with timestamps — and doesn’t need your help in turning them into a workable dataset. Certainly most people know this on some level, but something about the intimate invasiveness of having your selfies picked through strikes a nerve.

In January 2017, people were antsy about the Chinese photo-editing app Meitu, which also had a fairly racist “hot” filter and was full of code that could pull sensitive identifying data from users’ phones. Most alarmingly, it collected geographic data, and if it couldn’t access it through traditional GPS coordinates, would extract it from the metadata of the photographs its users were taking. All that data was being sent to China, which was cited as particularly disturbing.

However, as The Verge’s Russell Brandom pointed out, much of this attempted data collection was blocked by Apple’s operating system (for iPhone users), and though the rest of the stuff really was invasive, it was most likely used for advertising — not for identity theft or some other malicious scam. In other words: It’s wise not to download it, just like it’s wise to download as few apps as you possibly can and not use Facebook or Google for anything. But the panic, both in that case and in this one, arguably has a tinge of xenophobia as well.

A tweet from New York magazine contributor Yashar Ali that says, “Btw you all know FaceApp is a Russian company, right? Just making sure,” has been retweeted more than 5,000 times as of this writing, though the fact that the app is based in Russia has nothing to do with its privacy violations. Salon contributor Bob Cesca also tweeted, “The company is based in St. Petersburg, Russia,” as though that were, in itself, a mark against it. A PBS News Hour producer tweeted five times, “FaceApp uploads your photos to Russia.”

Several journalists have pointed out the strangeness of this argument, including Splinter’s Libby Watson, who tweeted, “I don’t understand what nefarious thing people think the Russian government is doing with FaceApp data. They’re going to use your photos of your brunch to hack the Florida voter rolls?”

Still, the Russia panic will not be stopped. The Democratic National Committee’s chief security officer issued a warning today to presidential candidates not to use the app, telling them “If you or any of your staff have already used the app, we recommend that they delete the app immediately.” (What would be the point of deleting it if you’d already used it! This question was not addressed.)

Definitely stay worried about photo apps in general

This isn’t to say that you shouldn’t worry about photo apps. Just that you’d do well to worry about them all pretty much equally. Facebook can figure out if two people know each other by looking at the metadata of photos uploaded in a small time frame in a small geographic area and then comparing the scratches and dust on the lens of the camera that took them. Shutterfly, like Meitu, pulls GPS coordinates from its users or, when that’s blocked, tries to harvest geographic information from the metadata of their photos.

The photo storage app Ever, which promised “free, unlimited private backup of all your life’s memories,” turned out to be using the photos to train facial recognition software, as reported by NBC News this May.

It is definitely weird that FaceApp is retaining your photos for possible “commercial use.” I assume this is so it can continue using them to train new AI-based features, but who knows? Maybe you are Russian stock photography now! However, the biggest motive for FaceApp to collect your information is most likely ad targeting, and the motive to make a scary face-aging filter is likely just to jack up downloads so that more people are dumping info into the data set. There is really no reason to believe that the Russian government is doing something scary with pictures of your face.

“The world is rich in available data — most of it given freely without even the need for a dastardly meme conspiracy theory — and much poorer in attention span,” New York magazine’s Brian Feldman wrote during the Facebook “10-Year Challenge” controversy. “The time a person spends on a site uploading a photo for a meme is likely much more directly valuable to the site than the data from the photo would be.”

For a more direct comparison: Snapchat, which has struggled for years, basically only gets spikes in downloads when it introduces a new borderline-offensive feature. When it introduced its gender-swap filter in May, daily downloads shot up from 600,000 to between 1 and 2 million. Snapchat collects geographic information too, and accesses private messages and photos as well as contacts. We’re just not panicking about it because it’s American and we’ve already accepted it.

Update: Updated July 17th 4:40 PM ET to include news that the DNC’s chief security officer issued a warning about FaceApp.

Sign up for The Goods’ newsletter. Twice a week, we’ll send you the best Goods stories exploring what we buy, why we buy it, and why it matters.

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.