It feels good to call out people for being duped by the Russian app, but the individualist framing of privacy is the bigger culprit.
When you’re mad at “the man,” it’s easier to direct your anger at an actual person: parents, bankers, lawyers, and so on. When you’re heartbroken at how systemic inequality leaves people clinging to the edges of society lest they fall off forever, you may donate a few dollars to a homeless person. And when you’re mad about the tightening noose of surveillance capitalism, fastened so snugly around daily life that even our toilets are hackable and walking outside means you risk appearing in a database, you get mad at FaceApp.
The Atlantic reached out for comment to FaceApp, but did not receive a reply by the time of publication.
Think of these callouts as a mantra someone afraid of flying says during takeoff. Calling out users for not worrying about privacy when they use these misleading apps lets naysayers pretend their worrying matters. The United States has yet to regulate big companies on its own turf, let alone Russia, but if more people felt the grip of omnisurveillance, the thinking goes, we might be able to.
This is a silly blame game and a distraction. FaceApp is not just FaceApp’s fault. Data collection is the plumbing of the modern web, and FaceApp is but one of millions of pipes. The app was vetted by Apple’s App Store and even labeled “Editors Choice” in the Google Play store. Google directly receives data from FaceApp, an examination of its trackers show, as does Facebook. In fact, Wired draws a direct line from FaceApp’s terms of service—which grants it “perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable [and] sub-licensable” access to your photos—and Facebook’s, which “grant[s] a non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license.” What are FaceApp’s estimated 80 million users compared with Facebook’s more than 2 billion?
FaceApp’s scale is what’s most dangerous about it. The repercussions go above and beyond even its exploding user base. While 80 million people have said yes to the app, countless more will face consequences if the data are misused. Consider one scenario: A bad actor uses the uploaded photos to summon a bot army pushing misinformation on social media, all with profile photos pulled from FaceApp’s servers. This wouldn’t even require FaceApp to be a malicious actor; it could be hacked.
When you download FaceApp or Meitu, you’re asked a piecemeal series of questions, carefully framed to shift responsibility away from corporate actors and onto the user: Do you consent to having your photo taken? Do you permit access to your device and to your photos? Privacy policies always frame the terms of service as personal consumer choices. Yes, the choice to download and upload is yours, but the ramifications are far-reaching. Data collected for one purpose can always be used for another. Some of the worst misuses of face data come from one bad actor seizing on thousands of people who, as far as they knew, agreed to take on the responsibility themselves.
In May, the news came out that Ever, a photo-album app, used vacation photos and users’ selfies to enhance the computer-vision software used in the Department of Defense’s military drones. Clarifai, a computer-vision start-up, scraped profile pictures from the dating site OKCupid’s apps to build services that infer race and sex from detected faces. It also partnered with the military. Stanford researchers similarly tapped an undisclosed U.S. dating website to see if they could predict people’s sexual orientation from their face. Goncharov, FaceApp’s CEO, told The Washington Post the company “doesn’t sell or share any user data with any third parties,” but again, FaceApp reserves the right to keep the photos forever. From drone targeting to potentially outing unsuspecting strangers, individual decisions can’t account for what happens when data is wielded at scale.
Earlier this year, my colleague Derek Thompson wrote that climate change is a metaphor for privacy. It’s especially fitting here. If enough people individually choose plastic and gas-guzzling cars, we will all be left with warming seas and noxious air. If enough people individually decide that a goofy selfie is worth the risk to their own privacy, we’re all at risk of invasive targeting, omnisurveillance, and so on.
Trying to individually blame each person who uses FaceApp as contributing to this is a bit like going to a landfill and trying to assign each piece of trash to a single household. Privacy, when framed as something a single individual consents to, obscures a bleak fact of life: You can’t always opt out of other people’s choices. The FaceApp backlash exposes the fallacy at the core of climate change, technology, and most of life. We have much less control than we think we do, especially when it comes to how other people behave. FaceApp is everyone’s problem, but its viral use is nobody’s fault.