There’s a lot of conversation regarding FaceApp right now. I have friends talking about it on Facebook, politicians are tweeting about it, CNN and Forbes have reported on it, and my favorite YouTuber Philip DeFranco covered it. People around the world are torn on the privacy implications of this application, yet the person who started this dumpster fire, Josh Nozzi, has admitted he made a mistake when he said the app was uploading every photo. Will Strafach, founder of Guardian Firewall for IOS pointed out that the “upload all” concern that Josh raised was not valid in a tweet.
using a network traffic analyzer, I tried to replicate the thing people are talking about with FaceApp allegedly uploading your full camera roll to remote servers, but I did not see the reported activity occur.
here is marlo stanfiekd with a beard though pic.twitter.com/6wy8cHLNuA — Will Strafach (@chronic) July 17, 2019
So, the question then, is how did we get here? Why are my non-technical friends posting on Facebook that everyone needs to immediately remove this app from their phones? There are three concerns that seem to keep popping up.
- The app (FaceApp) is developed in Russia.
- The terms of service (TOS) are “concerning”.
- They upload all of your pictures to the cloud.
Now, FaceApp has released a statement to address these concerns, but if you don’t trust the app, why would you trust the statement? So, let’s look at each of these. The first claim is that the app is developed in Russia. Great! Big, bad, scary Russia is today’s tech boogeyman, second only to China. How about Mail.ru, original a major email provider in Russia, but now a major tech company acquiring companies like DonationAlerts (a Twitch/YouTube streamer service) and BIT.GAMES makers of the popular mobile game Guild of Heroes. Let’s not forget that until 2013, Mail.ru was an investor in Facebook. If we’re on an ‘everything developed in Russia is bad’ kick, let’s not forget that Nginx, a web server currently serving 36.7% of pages on the Internet, is a Russian developed web server and powers sites like Twitch.tv and Wordpress.com. (I should note that Nginx was acquired by F5 (an American-based business) earlier this year). Finally, and it may be a bit more questionable in the eyes of some, but Kaspersky Anti-Virus, with its 4.5 star review on PCMag.com, is also developed in Russia. Sure, there have been unsubstantiated claims in the past, but it is still incredibly popular AV software and many people reading this have probably used it. The second claim is that the terms of service are a major privacy breach. Let’s look at the terms of service for a number of popular social media platforms and services.
FaceApp
“grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you.”
“Specifically, when you share, post, or upload content that is covered by intellectual property rights (like photos or videos) on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content” “You give us permission to use your name and profile picture and information about actions you have taken on Facebook next to or in connection with ads, offers, and other sponsored content that we display across our Products, without any compensation to you.”
“Instagram does NOT claim ANY ownership rights in the text, files, images, photos, video, sounds, musical works, works of authorship, applications, or any other materials (collectively, "Content") that you post on or through the Instagram Services. By displaying or publishing ("posting") any Content on or through the Instagram Services, you hereby grant to Instagram a non-exclusive, fully paid and royalty-free, worldwide, limited license to use, modify, delete from, add to, publicly perform, publicly display, reproduce and translate such Content, including without limitation distributing part or all of the Site in any media formats through any media channels, except Content not shared publicly ("private") will not be distributed outside the Instagram Services.”
“By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods (now known or later developed). This license authorizes us to make your Content available to the rest of the world and to let others do the same. You agree that this license includes the right for Twitter to provide, promote, and improve the Services and to make Content submitted to or through the Services available to other companies, organizations or individuals for the syndication, broadcast, distribution, promotion or publication of such Content on other media and services, subject to our terms and conditions for such Content use. Such additional uses by Twitter, or other companies, organizations or individuals, may be made with no compensation paid to you with respect to the Content that you submit, post, transmit or otherwise make available through the Services.”
Discord
“Any data, text, graphics, photographs and their selection and arrangement, and any other materials uploaded to the Service by you is “Your Content.” You represent and warrant that Your Content is original to you and that you exclusively own the rights to such content, including the right to grant all of the rights and licenses in these Terms without the Company incurring any third party obligations or liability arising out of its exercise of such rights and licenses. All of Your Content is your sole responsibility and the Company is not responsible for any material that you upload, post, or otherwise make available. By uploading, distributing, transmitting or otherwise using Your Content with the Service, you grant to us a perpetual, nonexclusive, transferable, royalty-free, sublicensable, and worldwide license to use, host, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform, and display Your Content in connection with operating and providing the Service.”
Kickstarter
“We can use the content you’ve submitted. You grant to us, and others acting on our behalf, the worldwide, non-exclusive, perpetual, irrevocable, royalty-free, sublicensable, transferable right to use, exercise, commercialize, and exploit the copyright, publicity, trademark, and database rights with respect to your Content.”
I know that’s a lot of text, so I’ve added some bold lines to point out the similarities with the terms of service from other companies that you are likely using. As you can see, this is boiler plate language that you’ll find on any website if you read the TOS. Since we’ve already addressed the third claim (see the tweet above), we’ve now debunked every concern that people seem to have. So, I would say that the answer to ‘FaceApp: Myth or Mess?’ is a myth. There’s not a lot to be concerned with here, it’s pretty standard mobile app operation and you’ll find the same with most other apps that you use.
