FaceApp went viral earlier this week as people rushed to use one of the program’s photo filters to glimpse what they might look like in old age. Then FaceApp when viral again as people shared posts and warnings that the popular app could be a Russian ploy to steal data.
Online critics shamed others for being dumb enough to share photos and data from their phones with an app whose developers were based in Russia. Their arguments caught steam and made their way into news stories, a Democratic National Convention campaign security alert and even the Twitter feed of former U.S. Ambassador to the United Nations Nikki Haley.
Public fear over FaceApp hit fever pitch on Wednesday when the Senate’s top-ranking Democrat, Chuck Schumer (N.Y.), wrote a concerned letter to the FBI and Federal Trade Commission requesting that they investigate and “mitigate the risk” of FaceApp’s data collection.
Once collective anxieties about FaceApp reached the point of being co-signed by a prominent member of Congress, signs were clear that the Twitter hivemind that pumped out scary and amply retweeted threads warning that FaceApp is an express line from your phone to Vladimir Putin’s intelligence agencies had gone too far, creating a distracting controversy over an unexceptional app.
In an illuminating, not-alarmist Twitter thread, Techcrunch editor-in-chief Matthew Panzarino pointed out that neither his publication nor Will Strafach, the CEO of Guardian Firewall, an iPhone security app, were able to find evidence for the widely repeated claim that FaceApp had access to its users’ entire phone photo libraries. While both did note that FaceApp was uploading single photos individually picked by users to a cloud server for processing, without clearly letting users know. That data privacy issue, while genuine, is hardly the nightmare scenario that many peddled about FaceApp sending your phone’s entire photo roll to Russia.
In agreeing to FaceApp’s terms of service, users agree to give it “perpetual, irrevocable, nonexclusive, royalty-free, worldwide” right to do whatever it wants with their photos—language that has caused alarm among some users, but which is similar to most agreements required to use other photo apps and platforms.
“I don’t encourage people to share photos with apps as a practice, but there are far more egregious examples available of people’s photos not only being taken without permission, but being used by governments and militaries,” says Chris Gilliard, a professor at Macomb Community College who focuses on technology and privacy. He pointed to a set of Microsoft facial recognition databases, collected without the consent of many people included, were used to train military firms and Chinese firms.
So far, no one has provided a particularly good reason to be afraid of FaceApp over other apps or general tech data collection practices. FaceApp was approved for download in Apple’s App Store, meaning it meets the company’s data privacy requirements. People may find FaceApp alarming, but is probably not the worst offender among the roughly 2 million apps available in the App Store.
Unlike many apps though, FaceApp was made by developers in Russia, a country whose online activities have become a subject of national controversy. For a lot of people, that fact itself was enough to cast a pall on the app, even though, as Gilliard and The Verge’s tech policy editor Russell Brandom noted, an app’s country of origin is not in itself an argument.
I don’t think it’s too high a bar to ask professional tech journalists for a more sophisticated argument than “the app is Russian, so it’s bad.”
— Russell Brandom (@russellbrandom) July 17, 2019
“I don’t know that Russia is going to do anything worse with this data than Facebook, Amazon or Palantir,” Gilliard also said.
While Russians have indeed waged attacks on America online, that doesn’t mean that every time a Russian builds a piece of software it was created to steal Americans’ data. Getting it wrong on that scale focuses attention about data privacy concerns on the wrong places while framing discourse in less useful ways.
Technology companies—usually based not in Russia, but in the United States—have poor track records on data collection and other hot button issues. Google runs a program that helps the U.S. military carry out extrajudicial drone strikes, often killing innocent bystanders. Amazon’s employees work under harsh conditions in fulfillment centers, rushing users’ Prime orders ready. Uber offers drivers predatory car financing deals, pays what some researchers say usually works out to be under minimum wage after expenses, and gives them no healthcare. Over the past several years, Facebook’s name has become synonymous with online data breaches. And of course, all of these companies have concerning robust surveillance capabilities.
FaceApp doesn’t deserve a pass just because other, bigger companies are doing bad things. But being myopically and gravely afraid of a quotidian problem can drown out other very real concerns about big tech and surveillance. And it can contribute to the illusion that ending that one small thing is a big step towards fixing broader issues.
Gilliard is hopeful that something else will happen, and that FaceApp can push attention towards those structures. “I think it creates more awareness,” he said. “There are better examples of privacy violations, but If this is an entry point to people realizing what’s wrong with this, than all the better.”