New Profile Pic App: Innocent Photo Fun, or a Privacy Risk? - CNET

1 month ago 31

Maybe you've seen immoderate of your Facebook friends upgrading their illustration pictures to look similar fancy illustrations of themselves. They're apt utilizing a escaped app called NewProfilePic Picture Editor, the latest societal media craze. And portion the caller images whitethorn look glamorous, utilizing the app whitethorn beryllium a atrocious thought -- but possibly not for the crushed immoderate say. Let's look astatine the facts.

What is NewProfile Pic?

NewProfilePic is an app you tin get for iOS oregon Android. It does beauteous overmuch what it says -- makes your illustration representation look similar a painting, utilizing artificial intelligence. People connected assorted societal platforms are having amusive tinkering not lone with their ain photos, but images of celebrated radical and pets.

So what's the controversy?

On Wednesday, the UK tabloid The Daily Mail published a story with the unnerving headline, "Is Russia aft YOUR idiosyncratic data? Experts pass net users not to download latest online craze New Profile Pic that hoovers up your details." ("Hoovers" arsenic successful "vacuums," for those not up connected British slang.)

The Daily Mail quotes a information adept who says "this app is apt a mode of capturing people's faces successful precocious solution and I would question immoderate app wanting this magnitude of data, particularly 1 which is mostly unheard of."

Wait, what's the Russia connection?

Once the app became popular, radical began digging into the company's history. It turns retired the NewProfilePic domain was primitively registered successful Moscow. Given the warfare successful Ukraine and the past of hackers moving successful Russia, conscionable the notation of Russia's superior sets disconnected suspicions for immoderate would-be app users.

But the institution isn't located successful Moscow, though it does person an bureau successful Russia.

"We are a [British Virgin Islands] institution with improvement offices successful Russia, Ukraine, and Belarus," a typical for PhotoLab, the institution down the app, told me. "All idiosyncratic photos are hosted and processed connected the Amazon AWS and Microsoft Azure servers, which are located extracurricular the Russian Federation. ... It is the information that the domain was registered to the Moscow address. It is the erstwhile Moscow code of the laminitis of the company. He does not unrecorded successful the Russian Federation now."

But these are analyzable times.

"We recognize that owed to the existent events successful Ukraine, immoderate transportation to Russia could rise suspicions," the typical said. "That's wherefore we privation to stock the position connected this issue connected our founder's Instagram."

In that Instagram post, institution laminitis Victor Sazhin says helium was calved successful Moscow, moved to Ukraine arsenic a child, and is against the warfare launched by Russia against Ukraine.

Company laminitis speaks

Sazhin told maine via email that helium felt the Daily Mail communicative hyped up anti-Russia hysteria.

"I haven't been wholly amazed [by the antagonistic reaction]," helium said. "Recently erstwhile our different app, Photo Lab, was No. 1 successful Ukraine, erstwhile radical were utilizing it to make patriotic avatars with a beauteous effect we created, immoderate Facebook [conspiracy theorists] started a akin story. And a fewer years agone erstwhile we archetypal got viral successful Bangladesh and India, determination was different 'story'... but tying america to the CIA."

He praised the probe done by, however. The urban-legends tract wrote an article aft the Daily Mail communicative was published successful which it concluded NewProfilePic is not particularly invasive, noting that, "the assertion that this app is stealing information for the Kremlin is besides unsupported by evidence."

"That [Snopes] reappraisal is broad and I astir apt can't adhd thing to it," Sazhin told me. "The app is safe, the photos are processed connected Amazon and Azure servers, and we are not KGB."

Shades of FaceApp successful 2019

I spoke to cybersecurity writer and writer Bob Sullivan astir the app.

"This feels precisely similar the FaceApp situation, with 1 important difference: the satellite is astatine warfare with Russia now," helium told me. 

Back successful 2019, a akin app, FaceApp, was each the rage -- you could usage it to property a photograph of yourself oregon change it successful different originative ways. It was besides based successful Russia, and the FBI investigated the app.

War changes everything

"Many Russians are large developers," Sullivan told me. "Many Russians who learned to programme determination and present unrecorded overseas tally precise palmy companies. The satellite needs Russian programmers."

Sullivan understands that Russia's penetration of Ukraine, and Russia's autocratic president, Vladimir Putin, permission galore suspicious of apps related to Russia successful immoderate way.

"People person to recognize that adjacent if a idiosyncratic oregon institution has each bully volition of not sharing information with a government, they tin beryllium compelled to bash truthful anyway," Sullivan said. 

The PhotoLab spokesperson told me, "We did not and bash not program to person immoderate affiliation with immoderate governmental organizations of immoderate country."

You're giving distant your photos

Russia aside, is it astute to manus implicit a photograph of yourself to an app you cognize small about?

"I truly deliberation radical are brainsick to usage this app oregon thing similar it," Sullivan said. 

Artificial quality researchers, helium says, are "desperate" to get ample datasets they tin provender into a machine to cleanable their algorithm.

"You person nary mode of knowing wherever these images of you mightiness extremity up successful the future," Sullivan said. "For that crushed alone, don't bash it."

The institution typical pointed maine to their privateness policy, which states, "The photos are sent to the servers done the encrypted connection. We usage Secure Socket Layer exertion to support the privateness and integrity of the transmission process."

The argumentation goes connected to say, "For non-registered users and users who don't stock their results wrong the Services, the archetypal photos and results are automatically removed from our servers by 2 weeks aft the past interaction. For registered users who stock their results wrong the Services that supply peculiar societal web features, the shared contented volition beryllium stored connected the servers and shown wrong the Services unless a idiosyncratic either removes the images themselves oregon requests specified a removal by contacting our enactment team."

Permissions and favored photos

But what if you've already utilized the app? And are you harmless if you don't usage photos of your ain face, but, say, of your feline oregon horse?

"The app astir apt has an ongoing mode of feeding accusation astir you backmost to its owner, truthful I would delete it immediately," Sullivan said. "Same for the feline theory. I don't cognize what they are doing with non-picture data. But each portion of info you stock ends up successful the horrible ad-tech ecosystem, with inferences drawn that would daze you."

The app's requested permissions are akin to those of different mainstream apps. 

"I bash hold this app doesn't inquire for much than galore apps .... which doesn't marque it right, but that's not suspicious connected its own," Sullivan said.

It's the blistery caller app

The app is popular. On Friday, it was the apical escaped app connected the Apple app store.

"Without immoderate doubt, we are blessed that users bask our NewProfilePic and ToonMe apps truthful much," the typical told me. (ToonMe is simply a akin app from the institution that turns photos into cartoons.) "And for definite we are going to bash our champion to make adjacent much stunning effects and marque adjacent much users happy."

Company laminitis Sazhin echoed that.

"It seems we yet recovered the look with NewProfilePic," helium told me. "It looks similar a speedy occurrence (and it benignant of is -- this viral question started lone past Saturday, 1 time aft we released a caller acceptable of effects successful NewProfilePic), but it was really years of work."

Support your section artists

Even if a institution has ne'er had a Moscow address, users should deliberation doubly earlier agreeing to manus implicit idiosyncratic photographs to an app you cognize thing about, adjacent for an elegant illustration pic, Sullivan says.

"When you stock intimate information similar your look with an app similar this, you person nary mode of knowing wherever that information volition extremity up," Sullivan warned.  "If you truly privation a chill representation of yourself, prosecute a section artist!"

Read Entire Article