
FaceApp Now Owns Access to More Than 150M People's Faces and Names - ElectronShak
https://www.forbes.com/sites/johnkoetsier/2019/07/17/viral-app-faceapp-now-owns-access-to-more-than-150-million-peoples-faces-and-names/#25ca052b62f1
======
stunt
The coverage on FaceApp and the way they talk about it is ridiculous. When it
comes for instance to Snapchat's numbers, the coverage is about the success of
the company.

How is FaceApp different than all other apps and social networks that are
storing all your photos with location and tags to your friends except that
FaceApp is a Russian company?

I'm not defending FaceApp. I don't use social networks either for the same
reasons. But this double standards in media is ridiculous in my opinion.

~~~
jklinger410
>except that FaceApp is a Russian company?

Well, I mean, nothing. Except that FaceApp is a Russian company.

What was different about Huawei? Except that it was a Chinese company.

And here's the thing, I don't even necessarily disagree with the worry around
these foreign companies. They are outside of our jurisdiction and these
countries have been known to use companies on the behalf of their governments
to perform intelligence/psy-op activities.

Why is this different than the US? It's not. But it's like nuclear weapons,
yeah? We are the only ones who can be trusted with them. Therein lies the rub,
as they say.

Either you buy into post WWI America runs the world and our military prevented
an apocalypse and got every American a car and garage by rigging the world
markets and protecting the world with our Navy and every country has to go
through us to technologically advance, or you are un-American? Tongue and
cheek here, but this is seriously the proposition.

This is the exact decision that was made and accelerated by our military
during wartime. This is our playbook.

~~~
jbverschoor
The Cold War never ended

~~~
johnchristopher
Yes, it did.

What's happening now is going on under a different set of paradigms. If you
approach today's geopolitics or military considerations with a cold war
mindset you will miss things out. Globalization has happened and that changes
a lot of things.

~~~
mike_ivanov
"Globalization has happened and that changes a lot of things."

This is exactly what they said before WWI.

~~~
mike_ivanov
Context (please read):
[https://www.washingtonpost.com/news/wonk/wp/2016/12/29/the-w...](https://www.washingtonpost.com/news/wonk/wp/2016/12/29/the-
world-today-looks-ominously-like-it-did-before-world-war-i/)

This specific way FaceApp resonates in mass and social media is quite telling.

~~~
johnchristopher
Interesting, thanks. I still disagree about the cold war not being over though
and how the situation is different from the cold war.

------
mikeash
We keep harping on about privacy, and then shit like this happens.

There are two possible conclusions to draw.

One is that the general public actually doesn’t care about privacy at all.
It’s a niche concern.

The other is that the general public cares but is completely and utterly
clueless about how to defend themselves, to the point that an app can
literally say “give us your name and face and we can do whatever we want with
it in perpetuity throughout the universe” and people will happily oblige.

I don’t know which one is correct but neither one is great.

~~~
Voloskaya
Option 3: No one read the terms of services, and 99% of the app users are not
even aware of that, didn't even give it a passing thought.

~~~
tictoc
Are terms of service somewhat consistent in their language? And if that's the
case, couldn't someone build something that scans Terms across products and
summarize what exactly it is you are giving up by accepting the Terms?

~~~
zarq
[https://tosdr.org/](https://tosdr.org/) \-- it's not automated, but it's a
start. Also FaceApp isn't listed.

------
imgabe
Is "what your face looks like" private information? You publicly display your
face everywhere you go all the time. It's not really practical to hide it.
Likewise your name you pretty much freely give out to anyone who asks. Is that
private information?

So Faceapp knows "There's a person with this name who looks like this". Was
that supposed to be a secret?

I'm concerned about privacy too, but it seems like some people just want to
hide under a rock for their entire lives. I don't know how anyone manages to
leave the house if having people see your face and know your name is a serious
concern.

~~~
bagacrap
Faceapp knows what 150M faces look like. That concentration of information is
valuable. Google built a fortune by taking freely available information and
organizing it for easy access. In the case of faceapp there are many nefarious
actors who could serve as clients.

~~~
stlark
I'd also add that facial recognition is also becoming more common as a way to
authenticate into systems. This might be a naive analogy, but, this feels like
thousands of people providing a company with their name and their phone's lock
screen combination.

~~~
judge2020
> providing a company with their name and their phone's lock screen
> combination

In consumer devices the face data is stored only on-device, so any privacy
concerns are defended by "it's not sending your face to the cloud" and/or
"don't use it if you don't trust it"

~~~
asdff
But if they have your face from another source and it's good enough to
authenticate, that doesn't matter. Your face is a good strong password, but
what good is that if it leaks? You can't reset your face like a password,
after all.

At least with fingerprints you have 9 extra passwords you can use if your
index finger print leaks (I bet my prints are already out there just from
getting pre employment background checks from workplaces with hulking old
school IT bureaucracies and a workforce pounded daily by phishing attempts).

------
lechiffre10
I find it incredibly ironic that it took me about 30 seconds to go to the
author's profile, see him plaster all the social media platforms we can reach
him on. Went to his Instagram and could tell where he lives, where's staying
at when he travels, that he enjoys walks with his mom in Centennial beach in
Delta, BC and what he does for hobbies.

All this in under a minute and yet here we are panicking over a Russian
Company that can do whatever it wants with your face pictures.

Ok.

~~~
rolltiide
> I've been a journalist, analyst, and corporate executive, and have
> chronicled the rise of the mobile economy.

Thats because he needs to be able to be contacted to gain outsized benefits
from society. Writing about this stuff "first" gets you tapped for corporate
executive roles or lucrative expert witness roles in judicial proceedings. It
is called "thought leadership"

He is much more objective about doing this than malleable people fearing
missing out

------
llarsson
This is entirely standard legalese language that ALL apps that handle data on
your behalf will have in their ToS. It sounds broad and nefarious, and it most
certainly CAN be used in such a way, but it is what they need to be granted,
lest they get sued by someone for obvious things such as creating derivative
works (i.e. the altered face), hosting the images somewhere, being able to
make a profit at all off their business, and so on.

Go look up other ToS for similar services, it is almost verbatim the same
wording.

My problem is that this is the "least amount" of permissions to realistically
make a media centric app, because legally, there's nothing stopping them from
abusing the hell out of these rights.

------
break_the_bank
It's worse when it has access to your picture because a friend thought it'd be
funny. In that situation the App gets my picture without my consent.

~~~
thecatspaw
Can a friend agree to these terms when it is my face, my name, and my private
data though?

~~~
the_seraphim
Define private, you walk in public in front of security cameras wearing your
face in public. your face is now public information.

Your name is on your mail, your census, your driving licence, you provide your
name and address to companies all the time. your name and address is now
public information.

If someone can tie your public face to your public name then thats public
information.

you dont like it, get a PO box and wear a mask all the time.

------
logfromblammo
Interestingly, "look at all the photos on this device" is a permission that
people may be uncomfortable granting to their closest friend. And yet, people
will grant it to a complete stranger of a conscience-less corporation with
nary a qualm.

------
erichurkman
What an utterly infuriating article to read: as you scroll down Forbes drops a
giant floating video… on top of the text you're trying to read and it follows
you as you scroll.

------
Raphmedia
Every one I know is already using either Facebook Messenger (which has the
same face scanning features) and/or Snapchat (which also has this feature).

This is not new.

I've been using FaceApp since its release.

There are a lot of other similar apps that I've used in the past. Especially
makeup simulator apps. BeautyPlus, YouCal, InstaBeauty, BeautyCam, Facetune,
Photo Plastic, Visage Lab, etc.

~~~
bengotow
I think FaceApp in particular strikes a chord in the United States because
it's owned by a Russian Company. Name + faces (and therefore age and gender
and race) + Location is the kind of data that enabled a lot of granular
facebook ad targeting in 2016.

~~~
Raphmedia
As someone who is not an American citizen and does not live in the United-
States, I get the same fears and issues from companies based in the US. I
distrust the American and Russian governments and companies equally.

~~~
armandososa
As a Mexican, I honestly distrust Trump more than Putin.

~~~
kofejnik
and that is a serious mistake, I believe

------
slg
Can someone explain how a company can claim the uploader gave them a license
to an image when they do nothing to check if the person uploading the image
had ownership in the first place? I have seen plenty of examples of people
using the FaceApp on famous people with some image that the uploader clearly
doesn't own.

Furthermore, don't people have rights over their likeness that overruled
certain rights the copyright holder has over the image? For example, I would
own the copyright if I met some celebrity on the street and took their photo.
That doesn't mean I can freely use that image in my advertising.

------
sergiotapia
>To make FaceApp actually work, you have to give it permissions to access your
photos - ALL of them. But it also gains access to Siri and Search .... Oh, and
it has access to refreshing in the background - so even when you are not using
it, it is using you.

This is false, you can just take a pic and never give it access to your
gallery. If the authors are lying about something so trivial, what else do
journalists lie about? That's why I don't trust them.

~~~
djsumdog
Is this true for both iOS and Android? It probably needs access to media to
store images, and once you grant it that level of access, it can read media as
well.

~~~
sergiotapia
I speak for Android. It asked me for camera access, but if I want to "oldify"
my gallery pics, it asks for a different set of permissions (which I deny).

------
antirez
LOL people keep posting their entire life on Instagram, and now FaceApp is the
danger.

------
Rannath
Aren't contracts with unlimited time periods non-binding? I was under the
impression that any contract that said perpetual anything could be trivially
disregarded. Or is that a regional thing?

~~~
bhouston
The language from their terms of service
([https://faceapp.com/terms](https://faceapp.com/terms)) is this:

> You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free,
> worldwide, fully-paid, transferable sub-licensable license to use,
> reproduce, modify, adapt, publish, translate, create derivative works from,
> distribute, publicly perform and display your User Content and any name,
> username or likeness provided in connection with your User Content in all
> media formats and channels now known or later developed, without
> compensation to you. When you post or otherwise share User Content on or
> through our Services, you understand that your User Content and any
> associated information (such as your [username], location or profile photo)
> will be visible to the public.

This is standard language that is generally enforceable. It is the license
that is perpetual, not the contract.

~~~
cmarschner
Not in Europe. I’m sure lawyers are excited.

~~~
luckylion
Can you elaborate? I was under the impression that you can give permanent
content licenses, is there something stopping that in general, or something
related to apps, or pictures?

------
d1ffuz0r
Purely anti-Russian article

------
londons_explore
I wonder if a neural network could be trained to recognise people who "look
honest" or who "look like they'll repay their loans" (aka, profitable credit
scoring data).

~~~
slg
>I wonder if a neural network could be trained to recognise people... who
"look like they'll repay their loans"

And that is how you get bigoted algorithms. This will just select for older
white men due to various socioeconomic reasons.

------
alunchbox
Hmm. Would it be possible to run these Apps in a VM like container? allow it
access a dummy, empty folder to read from somewhat of a container for all
apps? then there would be a manual transfer process between the shared folders
after you've saved an image?

So when downloading an App it will ask would you want to run this in an
isolated environment? and you can, so if it tries to scan over your photo
gallery it will have an empty folder etc..

~~~
penagwin
This is a scoping issue. On iOS devices at least no app has access to your
photo gallery unless they explicitly prompt you for permission.

That said, many apps need access to the photo gallery - say I want to put a
screenshot into discord. The issue is that now Discord has access to ALL of my
photos.

There needs to be more scoping options. "Allow access to previous 12 photos
while you're using the app" kinda deal.

~~~
ajconway
On iOS is't possible to ask the system to present a photo picker on behalf of
the app without requiring a permission to look into your photos.

~~~
penagwin
I'm not an iOS developer but if it does exist not many apps use it. Snapchat,
MS Teams, Discord, and a few others don't do it by default at least.

~~~
asdff
Apple really should force their hand and mandate that this is the only way to
get a photo upload. I hate all the sweeping permissions nearly every app for
iOS demands. Where's the sandboxing?

------
Balgair
Some commentors point out that though they never put their faces into the app,
their family and friends did upload their faces without consent. Literally
nothing is stopping anyone from just fishing through public DBs and uploading
just about anything into the app.

There are issues of consent, of what is 'personal' data, of who 'owns' that
data, of public vs. private, etc.

We've all been on this ride for a while now and it's not getting any more
clear. If anything, it's getting more and more murky. Deepfakes are now able
to be done on a laptop, essentially. EULAs are basically ghosts, the public
cannot understand/see them but is terrorized by them at random. Privacy is
meaningless despite it's proven requirement for proper adolescent/human
development.

I think we're in a time now where we need a new idea and a new way of doing
things and thinking about our world, where a paradigm shift is _required_.

Our ideas of personal data, of public data, of private data, of consent, and
of ownership are no long going to work. The ethics aside, the old ways of
doing things are not workable anymore.

What does a flawed, yet workable, solution look like?

------
garysahota93
Wow, that license agreement it brutal. What sucks is that because they have
access to the whole photo library, even if I don't want my face on it, they
can still get my face via my friends' (or parents') phones that have taken
pictures of me in the past. Because we are all connected, it makes it really
hard to not be sucked into this (even if you don't participate)

------
sysashi
If you're comfortable posting pictures to instagram, twitter and other social
means you have nothing to worry about :)

On the other hand, personally I'm freaking out whenever my phone tries to
upload photos to "cloud" without even asking or just a small prompt (which can
be easily misclicked). So apps like that are out of the question!

------
2_listerine_pls
Facebook owns access to your face, body, name, friends, family, trips, events,
conversations, location, groups, interests, political orientation, estimated
IQ, payments, workplace, other sites you visit, etc...

Yet, Forbes & others talk about FaceApp.

~~~
Cthulhu_
> Yet, Forbes chooses to talk about FaceApp.

[https://www.forbes.com/search/?q=facebook](https://www.forbes.com/search/?q=facebook)

~~~
2_listerine_pls
Obviously meant that there are many other elephants in the room and but they
decided to promote an alarming article about this new app that records your
photos!!! Is it so difficult for You to understand?

~~~
asdff
You want every article they put out to be about all the elephants at once?
Because they've already put out articles about all the other elephants and
continue to do so. This one just joined the zoo is all.

~~~
2_listerine_pls
What is so alarming about another App doing the same? Why are major newspapers
writing these overblown articles at the same time?

------
acd
I think easy to understand end user license agreements should be enforced by
law.

A lawyer rewrites Instagrams terms of service to one page easy to read
english. [http://dontai.com/wp/2017/01/10/a-plain-speak-end-user-
agree...](http://dontai.com/wp/2017/01/10/a-plain-speak-end-user-agreement-
for-instagram/)

Here is a service that explains common terms of services for web sites.
[https://tosdr.org/](https://tosdr.org/)

------
hello_asm_world
So here is the irony. You can use the app without revealing your identity (no
emails, facebook creds). However, if you want them to immediately delete your
data ("most" data within 48 hours) you need to _EMAIL_ them with a subject
line "PRIVACY". So now I add an EMAIL to the Face. Perhaps I can send a mock
email id but what about those that are not that aware but care about their
privacy? They probably have now identified their photos, oh US needs laws,
this is a bipartisan issue

------
jonas_kgomo
Solid is a MIT project aiming to improve privacy and data ownership, founded
with Prof. Tim Berners-Lee, inventor of the World Wide Web. Perhaps this kind
of initiatives and blockchain will remind people what valuable data they are
sharing.

Information Economy should directly incentivize those who share their
identity, I couldnt imagine some stanger in the street asking me for all this
information, and me giving it without a doubt. It is scary but it's
normalized.

------
martin1975
One could now conceivably write an app that scours the internet for these
faces on social media and inject propaganda designed to tilt an election
outcome one way or another.... (e.g. perhaps by looking at which group an FB
user follows, just one of many examples). It wouldn't be outright sabotage,
but FaceApp certainly paves the way to greater influence by a foreign
government over USA's or anyone's election process/campaign.

~~~
soared
You could do that exact same thing without FaceApp data though.

~~~
martin1975
Very true. This just adds more fuel to the fire.

------
sjg007
This type of app should run on local hardware only. Apple and Google could
enforce that.

------
treebeard901
The permission api for photo access needs to be redesigned. In addition to all
of the personal pictures we take, think about all of the screenshots we take
of important stuff, like passwords, access codes or conversations.

------
ceedan
Apple/Google need to start surfacing information regarding an apps privacy
policy. If there is this large of a discrepancy between an app's functionality
and it's privacy policy - why should it even be allowed?

------
magoghm
"You have zero privacy anyway. Get over it." \-- Scott McNealy 1999

------
troycarlson
The Facebook login flow requests permission to access your "photos". Does
anybody know what that entails? Can they freely query your photos edge on the
FB API?

------
hkon
In some months, "This is how faceapp actually influenced US elections..."

------
stevehiehn
Can't you just scrap LinkedIn or something and have your own name to face db?

~~~
asdff
Sure can, doesn't make this app any less of an issue though.

------
adamnemecek
When Fascism comes to America, it will be using the tears laughter emoji.

------
enterx
TL; DR

Russian company has the ability to identify the person.

My guess: Probably using already existing KGB software in the backend.

------
bhouston
It should be worth millions to have pictures of 150M faces and associate them
with names. If I had that I would sell it to the people running the in-store
camera networks that identify customers into demographic categories and offer
them this so that they can associate real identities.

Another data broker, now of people's faces. I am surprised that this isn't yet
done by the free make-up apps or even by snap chat.

I guess there are people crawling Facebook and probably other profile services
like LinkedIn, etc. But probably crawling these is not legal to resell.

