Thank you, Apple Insider, for pointing out this egregious EULA. I don’t use this app, but these sneaky EULAs (MANY have egregious terms) are one of the things about the computer industry that I’ve been trying to get people to understand and pay attention to. They’re generally abusive and they need to be regulated into oblivion to protect society. The first step is people actually paying attention to them.
From the Faceapp developer in response to a question sent to them:
We are receiving a lot of inquiries regarding our privacy policy and therefore, would like to provide a few points that explain the basics:
1. FaceApp performs most of the photo processing in the cloud. We only upload a photo selected by a user for editing. We never transfer any other images from the phone to the cloud.
2. We might store an uploaded photo in the cloud. The main reason for that is performance and traffic: we want to make sure that the user doesn’t upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date.
3. We accept requests from users for removing all their data from our servers. Our support team is currently overloaded, but these requests have our priority. For the fastest processing, we recommend sending the requests from the FaceApp mobile app using “Settings->Support->Report a bug” with the word “privacy” in the subject line. We are working on the better UI for that.
4. All FaceApp features are available without logging in, and you can log in only from the settings screen. As a result, 99% of users don’t log in; therefore, we don’t have access to any data that could identify a person.
5. We don’t sell or share any user data with any third parties.
6. Even though the core R&D team is located in Russia, the user data is not transferred to Russia.
Additionally, we’d like to comment on one of the most common concerns: all pictures from the gallery are uploaded to our servers after a user grants access to the photos (for example, https://twitter.com/joshuanozzi/status/1150961777548701696). We don’t do that. We upload only a photo selected for editing. You can quickly check this with any of network sniffing tools available on the internet.
Did you actually read the article?
This has nothing to do with them uploading pictures; it's do with FaceApp claiming ownership of anything that you run through their dodgy software.
More precisely, it's about FaceApp claiming they can do whatever they want with the content you feed through their service. They took great care to declare that they do not have ownership, but it's a semantic argument that makes no difference in the world outside the courtroom.
WARNING WARNING: This lawyer works extensively in IP licensing, so save yourself 30 seconds and just shut your eyes, now.
WARNING WARNING WARNING: Never ever ever take legal advice from someone on the interweb.
Yes, that's a very broad grant, in itself. But almost every line of that terrible document and connected Privacy Policy is full of things a lawyer would advise a client against agreeing to, and when attacking it a lawyer might skip the details and posit that it's against public policy (that might be the strongest argument, frankly). Especially regarding minors - the policy says that 13+ means that you are saying (by clicking) that you are 13+ and if under 18 a parent or legal guardian is approving when the minor clicks. I mean... that's just asinine to anyone who lives in an objective reality.
So the author isn't wrong that this awful doc says that the end user grants this license to faceapp and everyone faceapp has ever said "hello" to (check out the unholy definition of "affiliate" in the privacy doc!). But just because the end user says faceapp "can" doesn't mean there aren't other regulatory or policy reasons stopping faceapp, facebook, facesmash, or smashmouth. Focusing on the grant of license isn't wrong, but really the entire doc needs a "plain english" laugh track (or drinking game: do a shot every time you feel violated).
Oh, and notice that the user doesn't own the user generated filters; faceapp owns those: You own your original content, but not your "older" self.
In the mental health industry in my country there is a legal concept known as "inability to consent" that causes all sorts of complications for service provision. The legal argument would presumably be that anyone under the age of 18 is functionally equivalent to an adult with severe mental problems (which, depending on your memory of your own teenage years is either really appropriate or really insulting).
My personal opinion is that the legal system world wide is spending far too much effort on the details of arguments and agreements and not enough time considering the bigger picture - can't see the forest for the trees, as the saying goes. If we accept that everyone, including people with limited education and/or mental function, should be held responsible for every minor detail of incredibly lengthy and convoluted contracts stipulated by service providers to general consumers (said details often controversial to legal professionals), I believe we will end up with a society that spends the majority of its time arguing rather than engaging in harmonious and productive endeavours (and yes I am aware of the irony of posting this point in a comments thread).
If your business cannot survive without taking advantage of people, find a better business to be in.
Thank you, Apple Insider, for pointing out this egregious EULA. I don’t use this app, but these sneaky EULAs (MANY have egregious terms) are one of the things about the computer industry that I’ve been trying to get people to understand and pay attention to. They’re generally abusive and they need to be regulated into oblivion to protect society. The first step is people actually paying attention to them.
FWIW their EULA falls short of the clarity the European privacy laws require so look for a GDPR complaint in the near future if the developer doesn't make immediate changes to it. Fines can get expensive.
BTW it might be a matter of semantics but the developer is saying photos are not sent to Russian servers. Instead they are temporarily stored with Amazon Web Services until deleted. Did you know there's actually people at companies paid to craft PR statements that mean one thing but say another, worded so that both things can remain technically true? Fun with words!
Comments
In the mental health industry in my country there is a legal concept known as "inability to consent" that causes all sorts of complications for service provision. The legal argument would presumably be that anyone under the age of 18 is functionally equivalent to an adult with severe mental problems (which, depending on your memory of your own teenage years is either really appropriate or really insulting).
My personal opinion is that the legal system world wide is spending far too much effort on the details of arguments and agreements and not enough time considering the bigger picture - can't see the forest for the trees, as the saying goes. If we accept that everyone, including people with limited education and/or mental function, should be held responsible for every minor detail of incredibly lengthy and convoluted contracts stipulated by service providers to general consumers (said details often controversial to legal professionals), I believe we will end up with a society that spends the majority of its time arguing rather than engaging in harmonious and productive endeavours (and yes I am aware of the irony of posting this point in a comments thread).
If your business cannot survive without taking advantage of people, find a better business to be in.
Never forget!!
BTW it might be a matter of semantics but the developer is saying photos are not sent to Russian servers. Instead they are temporarily stored with Amazon Web Services until deleted. Did you know there's actually people at companies paid to craft PR statements that mean one thing but say another, worded so that both things can remain technically true? Fun with words!