In case you’re under a rock or simply aren’t into high ranked apps (feel no shame), FaceApp has been skyrocketing in downloads. It’s popular with males more than women in the 20 plus demo, but younger users of both genders seem to enjoy posting the aged pictures on Snapchat, Instagram, and via AirDrop. Even Lebron James is using it.

The error reported was not connected to Joshua Nozzi or anyone from Twitter. It came from a colleague and information security programmer who received a warning that one picture was uploaded without permission. During the overnight hours, my team and I have not been able to replicate the upload error reported to us where iOS 11 and FaceApp had uploaded an extra photo for which permission had not been granted.

So, groovy, that means you’re safe right? Keep uploading those pics, right? Absolutely not.

Biometrics

In the next few years, no one will be posting their actual face online. You will post an avatar or an Augmented Reality (AR) simulated version of your face. Think Instagram and Snapchat filters. You will be wearing certain glasses in public to protect your iris. Your hands will be constantly gloved to protect your fingerprints when you go outside. Your biometrics are now your passport. It’s your pin to log in to your bank’s mobile apps. (For the record, I don’t believe in logging into your banks via your phone-ever.)

The age of identity theft is about to get a thousand times worse. Just ask the people of India whose data sells on Whatsapp for ten dollars. Our US credit bureaus are not built to protect the information it has now, and soon you’ll be handing over your fingerprints to them.

FaceApp is collecting your face and processing the aging software via the cloud. They stated they use AWS (Amazon) and Google Cloud. Snapchat, Facebook (who owns Whatsapp and Instagram), and Google Photos, all have machine learning and neural network software that read, analyze and study your face. The US, European, Chinese, and Russian airports are all equipped with this.

Russia, Russia, Russia.

There are some people who refuse to believe that Russia played any role in the 2016 election. They refuse to believe that the meme they saw and re-posted on Facebook and 4chan had anything to do with Hillary Clinton losing and their tax bill skyrocketing. It wasn’t their fault- it’s your fault. “Fake news.”

Tanks, Blackbird planes, satellites all cost billions of dollars. Wars are expensive. Digital wars cost pennies on the dollar in comparison and their ROI is vastly higher. We already have proof per the Mueller investigation and security experts that Russia interfered in the US election via cyber warfare. The greatest country in the world fell prey to memes. Even scarier is how our Republican officials will not take action to secure elections, because it favors them. Although each voting district is different, authorities at state and county levels have been trying to secure their elections.

FaceApp is located in Russia, where their R&D is based. (The city is being withheld for privacy reasons.) The country where a developer is located matters. Chinese devs have Xi Jinping’s Communist party hanging over them. The Sarai app came from Saudi Arabia. Israel’s Unit 8200 is studied worldwide. Russian devs are “completely free and clear” from Putin is something Putin would say and only the naive would believe. All humans are created equal, all governments are not. Dictators are gonna dictate. Most companies do not want to break trust with their users but geopolitics trumps all. Pun intended-including in the United States.

FaceApp explicitly states, its affiliates and service providers “may transfer information that we collect about you, including personal information across borders and from your country or jurisdiction to other countries or jurisdictions around the world.”

FaceApp does not disclose how it safeguards its content stored on their servers.

Also from FaceApp, user grants license “to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed.”

The data points used are common in face recognition. Also used by Snapchat, Facebook, and Google Photos. That data is used in foreign intelligence surveillance.

If they do use your picture, you can’t sue, you can only arbitrate. You have waived your right to take any legal complains to court. Most mandatory arbitration comes with non-disclosures.

“Except for small claims disputes in which you or FaceApp seek to bring an individual action in small claims court located in the county of your billing address or disputes in which you or FaceApp seeks injunctive or other equitable relief for the alleged unlawful use of intellectual property, you and FaceApp waive your rights to a jury trial and to have any dispute arising out of or related to these Terms or our Services resolved in court.”

For the publications saying that companies don’t operate outside of the TOS, that simply isn’t true. You just haven’t found proof. If a developer was to hand over their data to their government entity, I doubt you would publish it because you would hand that data over to the FBI who would then ask you not to write about it for national security reasons. Like when news orgs wrote that soldered in cellular batteries were about design and not tracking. FaceApp doesn’t have to consent to any of this. Their location makes them vulnerable.

FaceApp does openly state in its terms of service that it can use your pictures for commercial purpose. Like on a billboard in Moscow.

Alls Fair in Love and Data

It’s not just FaceApp. Data is black gold. If it was oil in the 80s, it’s you voluntary adding all your friends to Facebook. Uploading selfies to Instagram. Spreading memes on Reddit. Talking to Alexa. Training Google Maps while you drive” as perhaps like “In the past we voluntarily added all your friends to Facebook, uploaded selfies to Instagram, spread memes on Reddit, talked to Alexa, and trained Google Maps while you drove.

The first piece of software I ever worked on was IBM’s Via Voice. Dictation software. You had to constantly read paragraphs so it could learn the patterns in
your voice. It was not connected to the internet. It was decent for 1997, but turn on Google Docs and it’s a brave new world. Google Home can hear everything you say. Even when you’re not talking directly to it. It has to. It’s the only way it can learn your dialect, speech patters, etc. Tree mapping. Neural Network analysis. All of this makes the software better. The downside is every private conversation you have, every fight, every credit card number you read aloud, is recorded.

Google Photos can geolocate every picture you take- even if you disable camera location information. Even if it’s on an SD card from an older DSLR camera not connected to the internet.

Protection not Panic

Do not throw your cell phone in a dumpster like Ron Swanson from Parks and Rec. Do not sell your house and go live in a bunker in Montana.

The reality is that every thing you post online and upload is being analyzed and reworked and resold in hundreds of different ways. From your pictures to your typing patterns.

Maybe send those family pictures via email. Update and run malware and virus protections weekly.

Be diligent. Be aware.

Submit typos here.