The internet and the security community is up in arms and shocked, shocked to see that a web developer is collecting data that you share with them and processing that data in the cloud. In this case, the app is FaceApp, an application developed by an entity in Russia that takes photos you upload and uses an algorithm in the cloud to “age” these pictures to show what you would look like if you were—well, if you were as old as me.
In response to the criticism, FaceApp now contains the warning, “Cloud Photo Processing: Each photo you select for editing will be uploaded to our servers for imaging processing and face transformation.” So now, you click first and the same exact thing happens.
Security is another issue. Anytime you access a file, transfer it, process it, store it and re-transfer it, there are opportunities for abuse. So the fact that the processing is “in the cloud” could be an issue. Or not. We will see if people are dissuaded from using FaceApp and aging themselves ‘cause they are aging in the cloud.
The real problem here is that, at least in the United States, your privacy and security are not dictated by some standard of reasonableness, but primarily (except for certain defined data) by contract. In Europe and other places, there are standards for data collection, storage, processing and use—data must be collected for a “lawful purpose” and used that way.
There are many problems with the contract model, not the least of which is the fact that most people can’t read, can’t understand and can’t negotiate these agreements. They just want to use the site, the app or the data. As Ellen Barkin’s Beth Schreiber said in Diner, “Shrevie, who cares about what’s on the flip side about the record?” They just want to listen to the music.
Years ago spyware developers got wise to this and started putting Software License Agreements in their spyware, getting unwitting downloaders to agree to the installation of malicious code and to the collection of data. The contract model would permit such a bargain.
In the end, whether your face is processed on the cloud, in the air, on a server or on a device, the processing should be secure, and the use of your pictures and data should be reasonable, irrespective of what the fine print says. Some rights are too precious to be signed away with a click.