2

After that FaceApp got viral, so many articles have been writing about privacy issues of FaceApp. They argue that FaceApp sends user pictures to their servers and store. As the company is based in Russia most of the US news outlets mention that

FaceApp can use stored images in anyway they want

While I am not fond of these conspiracies, aren't all the apps in our phone does the same. Store any information they want to their servers and do whatever they want. Or did we start judging developers by their Nationality?

While I can also raise a question of What about Facebook, Instagram etc.? Why nobody bets on eye on them?

Most of people would say that

Facebook and Instagram are based on US, and they don't provide user information to any third parties etc... While in Russia, they don't have "democracy", "rules" so they can do whatever they want and that's why it's dangerous...

In fact Facebook recently got an issue with it's privacy converse with Cambridge Analytica. Amazon were in a news regarding providing Amazon Echo speech record to police when they requested in order to investigate murder case.

Is it really another propaganda between Russia and U.S. or do we have to be concerned about FaceApp? If we should then what about Facebook and Instagram indeed?

musooff
  • 123
  • 4
  • 3
    Allways think be for you post your Information anywhere! Read the Terms of Service if you want to know what your data is used for. My guideline is if you are not the (paying) customer you are probably the product. – Jens Krüger Jul 31 '19 at 08:39
  • What would your concern be? What is your threat model that a sole picture of you would be a problem? – mhr Jul 31 '19 at 08:53
  • You are right that it's not a treat with a sole picture. My concern was actually about reality of the issue not about what they do with my picture. Just because they are not US based company media should not judge it so. Say I make an app and since I am not based in US, would it make my app "vulnerable" ? – musooff Jul 31 '19 at 09:01

2 Answers2

7

As far as I know there is no actual proof that FaceApp is used for malicious purposes, the same that there is no public available proof that companies like Huawei (China) or Kaspersky (Russia) will knowingly harm the (American, European, ...) security. The main argument here is that there might be increased risk since the government in these countries might force the companies to do so. There is likely some truth in this, i.e. this risk is not zero.

On the other hand, there is proof that Facebook has misused user provided phone numbers. And there is proof that the NSA has made American vendors put backdoors in their products. And there are many more scandals were American (and other) companies either knowingly invaded the privacy of their users by misusing given data or that they accidentally did so by not properly protecting the data.

Which means in the end it is the question who you believe and trust more. If you are American then you might trust American companies more than Russian or Chinese companies, because you might see the role of the NSA to protect Americans while the role of Russia is to protect Russians. If you are West-European you might trust also the USA more than Russia but you might not trust it as much as Americans might do because of bad experiences in the past.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • I think the point about government control deserves to be expanded. For example, if you don't trust China, the country, for example because of the massacre on June 4th 1989, or the way that people disappear for not playing the propaganda app enough, or... *cough* you get the point, then you _really_ shouldn't trust any Chinese companies. Any country wields enormous power over the companies which operate out of it, especially totalitarian regimes like China. I obviously don't _know_ that China is coercing Huawei, but... they can. Similar for other countries, but I've run out of space :| – Nic Jul 31 '19 at 11:34
  • Separately also possibly worth noting is that, at least under US law, companies are _legally required_ to put their stakeholders before their customers. So, for example, if Google cut back on the capabilities of their ads, they could get sued by stakeholders for breach of fiduciary duty. They're literally legally required to be greedy. (I'm simplifying quite a bit, but only because I don't actually know the legal details.) – Nic Jul 31 '19 at 11:37
  • @NicHartley: With this kind of arguments you either cannot trust any government at all (and likely most companies either) or must white wash their actions (including massacres) in your mind as necessary for your well-being, freedom or other important reasons. – Steffen Ullrich Jul 31 '19 at 11:50
  • My point was more that you should only trust the company as much as you trust its government. China happens to be a very nice example, as they do some unambiguously awful things that even _they_ don't defend (they pretend it didn't happen, or ask why it even matters). If you don't trust China because of those things, you shouldn't trust Chinese companies. Similarly, if you don't trust America because of [insert any CIA activity in the last fifty years], you shouldn't trust American companies, even if they claim independence. – Nic Jul 31 '19 at 21:30
  • I also want to emphasize my second comment again. In at least some countries, companies are, again, _legally required_ to put profits before people, so by literal definition of what a "company" is in that jurisdiction, they don't have your best interests in mind, and that's really important when you're talking about whether to trust a company. – Nic Jul 31 '19 at 21:32
-2

Not more than other cloud processing I would say. Apple revolutionized software distribution by allowing licenced developers from abroad to upload apps to their App Store for global distribution with payment processing by Apple, after initial success with USA based developers (iOS 2 july).

TechCrunch has a reply by the appdevelopment company. Founder Yaroslav Goncharov told them it uses AWS and Google Cloud and no data is sent to Russia, although the R&D resides there. Furthermore the users of the app specifically select each photo for processing and the data is deleted after 48 hours. Users can use the bugreport function with a 'privacy' title to request deletion. Developer is working to improve this process. Another point made is that most of the photos are uploaded anonymously.

bbaassssiiee
  • 363
  • 1
  • 11