FaceApp’s Russian Ties Spur Fears of Online Photo Privacy

FaceApp's viral images come with a policy offering little data privacy, a company based in Russia, and 80 million users'

The Russian startup FaceApp has swept the internet this week, offering a feature that gives users an aged-up, AI-powered look at their future selves.

But it has spurred backlash as well, thanks to three troubling facts: FaceApp’s policy offers little data privacy, the company is based in Russia, and it captures its users’ photos in the cloud.

The writer of one tweet that kickstarted the uproar has already apologized for a misleading claim that the app harvested your details without explicit permission. The app doesn’t upload every single photo on users’ phones; Just the ones that they select and allow.

The backlash might not be entirely justified, but it definitely says a lot about how public opinion on photos has evolved.

Poor Data Privacy Isn’t Unique to FaceApp

FaceApp’s privacy policy has drawn ire, thanks to a lawyerese-packed terms of service page that grants the application a lot of power over your likeness:

While FaceApp might technically be able to use the 80 million faces they’ve collected for billboards, they probably won’t. The bigger question is, why aren’t we mad about how terrible all terms of service agreements are, particularly in your favorite apps like Facebook, Twitter, Instagram, and Snapchat?

For example, Facebook’s terms of service explain that it won’t sell your data… but it will create a user profile based on the data, and might be able to sell that. Furthermore, you can’t stop it from collecting your data by changing your privacy or ad settings. And the platform can collect information about you even when you’re not actively using it. And other people can grant Facebook access to your data. And it can access your GPS location. Yikes.

Here’s a snippet from the Twitter ToS, which explains that everything you add to the platform is theirs to do whatever they want with:

“By submitting, posting or displaying Content on or through the Services, you grant us a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute such Content in any and all media or distribution methods (now known or later developed).”

Plenty of other tech companies have equally wide-ranging agreements, as Tech.co has covered before. You can avoid FaceApp and maybe even Twitter, but it’s tough to fully avoid Facebook, making it arguably the bigger threat to your data privacy.

Are Russian Companies a Threat?

This line of reasoning makes sense. The Russian government did indeed interfere in the 2016 US election with the goal of sowing political discord, and doesn’t seem to have a reason to stop.

This isn’t even the first time a Russian tech company has gone under the cybersecurity microscope in recent months. Kaspersky made the news last month when Russia’s telecommunications regulations agency blocked every other top VPN providers for refusing to link their servers to the government system. Kaspersky’s Russian VPN service will now be censored by the Russian government, somewhat undercutting the general point of a VPN service.

The issue isn’t unique to Russia, either. The China-based Huawei has been banned from US government agencies due to fears of spying. In all cases, there might not be explicit evidence that Kaspersky, Huawei, or FaceApp are compromised, but just a suspicion is reason enough for most privacy-conscious users to avoid them.

Uploading Photos to the Cloud

Faced with the claim that they are uploading photos, FaceApp has officially responded to state that they don’t keep the images longer than 48 hours.

“Most of the photo processing happens in the cloud,” FaceApp founder Yaroslav Goncahrov said in a statement, and “the user data is not transferred to Russia.


“We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.”

Granted, there’s no way to fully confirm this is factual.

But, even if FaceApp does store your images indefinitely, this is yet another privacy incursion that massive tech companies have already been doing for years. Facebook has access to billions of users’ images, with databases stretching back a decade, and, as previously mentioned, Twitter can do whatever it wants will all images uploaded to its service.

The uproar over FaceApp isn’t unwarranted. But the lack of a widespread exodus from Facebook and Twitter suggests that our fully justified and steadily growing fears of who is accessing our online images still haven’t hit critical mass.

It’s possible that, by the time they do, we’ll all actually look as old as our FaceApp selfies.

Read more tech news from Tech.co

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals