If you are a fan of the Facebook ten-year challenge, you are probably excited about its recent comeback. As more people come to terms with the uncertainty surrounding social media use and privacy, many users are starting to take a more cautious approach to how and what they share. From changing their privacy settings to safeguarding the names and images of their children, a lot of users have become more knowledgeable—and therefore more concerned—about what happens to their content once it is posted. If issues like Facebook’s relationship with Cambridge Analytica taught us anything, it is that someone is always willing to pay for information about us.

For example, the Facebook ten-year challenge that swept through Facebook in the early part of 2019 is back, and it has left a lot of people asking what the social media giant is really doing with the images. If you have not seen it yet, users are encouraging one another to post a photo from 2009 and another one from 2019, presumably in recognition of the end of this decade. What is really behind the Facebook ten-year challenge?

A growing number of people have speculated that it is an attempt by Facebook to educate its facial recognition algorithms in the area of age-progression by looking at a ten-year age difference among users. That does not sit well with some privacy-minded people. There has been a lot of outcry over companies like Facebook, Amazon and others who have produced software that has stronger-than-ever capabilities for recognizing faces in a crowd. Amazon has even sold its software, Rekognition, to law enforcement agencies and has just announced brand-new features.

Even some tech industry insiders have been alarmed by the potential for grabbing up social media posts and using them to develop software that some see as an invasion of privacy. However, the Facebook ten-year challenge has led others to try to put a damper on the runaway conspiracy. After all, doesn’t Facebook already own countless photos of its users? What would be the benefit of having users simply post those same images again? Plenty, according to Wired magazine writer Kate O’Neill. Facebook can much more easily “mine” data when they have a fresh set of content that was taken a precise number of years apart.

In this case, it is not about what social media platforms already have access to or doing their legwork for them. Instead, the cause for alarm is more about what users are willing to post without really thinking through the potential for harm. Whether it is an endless stream of food pictures or the GPS coordinates to our children’s schools, we all need to be more aware of what it is that we are posting and how someone else could use it for their own purposes.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Hacked Disney+ Accounts Are Being Sold Online

Our Holiday Shopping Tips to Keep You Cybersafe

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

If you had told someone even ten years ago that a criminal sitting on the other side of the world could steal their credit card information with a simple email, they might have written you off as a conspiracy theorist. Only a few decades ago, identity theft was not even recognized as a crime, let alone something that the police could actually investigate and prosecute. However, as new technology emerges that makes our lives more convenient and more connected, new virtual reality privacy concerns can also appear.

New Tech, New Concerns

That is the current understanding of innovations like virtual reality and augmented reality. These high-tech, digital forms of media—used for everything from education and business to entertainment—create new virtual reality privacy dangers by placing the user in entirely fabricated situations and locations, usually thanks to special software that interacts with their visual hardware.

Popular games like Pokémon Go, for example, allow the player to walk around in the real world while finding virtual characters in their actual surroundings.

Misuse of Your Personal Information

By giving access to your phone, tablet or computer to another platform in order to participate in these kinds of activities, you are opening yourself up to potential new virtual reality privacy concerns. Any time someone else can access your stored photos, camera and Facebook account or friends list, there is a possibility of them misusing that access.

Even worse, any time a platform is free to use, it is a sure sign that your information is being sold to third-parties. You have no way of knowing who those other companies are or what they plan to do with your information.

Virtual Reality User Permissions 

It is important that companies who utilize these technologies understand the new virtual reality privacy concerns of interacting with consumers in this way. However, it is equally important that users know how their information could be compromised. It is a reminder that we all must be cautious about the latest gadgets and games, and to understand what permissions we are granting when we create an account or allow access to our information. If you cannot verify what a company can do with your connection, it is better to play it safe and avoid interacting.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Adobe Account Information Leaked After Server Left Unsecured

E-Skimming is a New Cybercrime That is Just in Time for the Holidays

Be on the Lookout for 2020 Census Scams

One of the most dangerous forms of cyberattack might be phishing attacks, mostly because they are easy to pull off with any kind of high-tech skill and because too often, they work. In a phishing attack, the criminal sends you some kind of message and pretends to be someone they are not. It might be your boss, a Nigerian prince fleeing the country, your favorite retailer or even a friend. The message might look and sound authentic, but the sender is not.

Instagram has launched a new feature that will try to curb phishing attacks via its platform. One of the more common versions of an attack, at least when it masquerades as an online platform or website, is the claim that you must verify your login credentials in order to secure your account. Another popular twist is to claim that someone has logged into your account from another device, and you need to “click this link” if you were not the one who did it.

Picture of Instagram's new privacy setting on a mobile device

Image courtesy of Instagram

Image courtesy of Instagram

Now, users will be able to press the settings button on their Instagram screens and find a list of emails with what company sent them, along with the date and the reason. If you receive an email in your inbox and it is not in your Instagram app’s settings, then you will know it did not come from the company.

Image courtesy of Instagram

This small step can make a big difference in preventing identity theft and account takeover from phishing attacks. However, it will only work if users think to take a peek and compare the lists of emails. Until other platforms take similar precautionary measures, there are a few helpful hints you can remember to block cybercriminals:

1. Never click a link, open an attachment or download any content from an email unless you are expecting it or have verified it with the sender. Even if it appears to come from someone you know, that person’s email account could have been hacked or copied. Check with the sender before taking any action.

2. Never verify your identity, login credentials, account numbers or any other sensitive data for someone who calls, texts, emails or sends a private message. Many companies have come out and stated they will never ask you for this information.

3. Never comply with strange requests, even if you think you know the sender, without verifying the request verbally. It might be changing account numbers, changing a password on an account, sending funds to a different account or even buying gift cards. If you receive a request that in any way involves money or sensitive information, dial the phone and call the sender first using a phone number you looked up for yourself.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Identity Theft Resource Center Sees Organizational Growth

TikTok Platform Found to Be Full of Scams and Fake Accounts

Advertisement Scams

Facebook says using real names helps them keep the most popular social networking site in the world safer. By confirming identities, Facebook states it can help stop or minimize the risk of scams, phishing, abuse and foreign political influence.

In an effort to protect your identity from threats, Facebook is asking some users to send personal identifying information (PII) to prove users are who they say they are. This can happen for general users as well as advertisers. With obvious concerns for the safety of one’s identity, this blog details what, why and how Facebook uses this information.

What This Means for Users

For the average Facebook user, the company might ask you to provide a form of personal identification if you have lost access to your account, they detect suspicious activity or you need to confirm your Facebook name. Facebook will prompt you for verification when a concern arises on your account.

What Must I send to Facebook?

Facebook asks for PII that either includes your name and birth date or name and photograph. This could be a driver’s license, birth certificate, passport, green card or a tax identification card (view the full list here). If you do not want to send Facebook one of the items listed above for personal identification, you do have the option to send additional documentation like bank statements, credit cards, medical records, military IDs, religious documents or a social welfare card. You must provide two documents from this list, and Facebook still might require photo and birth date documentation.

Why Must I send Personal Information to Facebook?

Facebook claims they ask for personal identification to protect your identity and the overall safety of the network ecosystem. If you submit a complaint that you have been locked out of an account, for example, they want to make sure they grant access back to the right person and not an impostor. Of course, there are less serious incidents when it comes to account safety, like requesting to reset a password through email verification.

Another instance Facebook might ask you for personal identification is when you request to change your Facebook name. Whether you just got married, decided to stop or start going by a nickname or are removing your husband or wife from your joint account, Facebook could ask you to verify your identity first.

Technically Facebook users are supposed to go by their real name, even if this rule was not enforced in the past. For this process, Facebook requires the name on your account and the name on your personal identification to match.

How do I Provide my ID to Facebook?

Facebook asks users to scan or take a photo of their personal documents. Then upload them when prompted while trying to access their account.

Facebook will never ask you for your password or to provide identification in an email, or send you a password as an attachment. Emails sent from scammers posing as Facebook often include notifications about platform engagement, community standards and security warnings. Do not engage with Facebook emails if you are unsure of the content. Log directly into Facebook from a secure browser to check for any notifications regarding your account.

How does Facebook Protect the Information I Send?

Facebook claims to treat user personal information with the proper security standards. Their website says, “After you send us a copy of your ID, it’ll be encrypted and stored securely. Your ID will not be visible to anyone on Facebook.”

Facebook does ask users to allow them to “increase their efforts” by giving permission to store your encrypted personal identification for up to one year, with the hope of preventing fake accounts and imposters. To prevent Facebook from using your photo in this instance, visit your security settings.

A published Facebook statement emphasizes their concern for user privacy stating,

“We’ll use your ID or official document to confirm your identity. We’ll also use it to help detect and prevent risks such as impersonation or ID theft, which helps to keep you and our Facebook community safe. It will not be shared on your profile, in ads or with other admins of your Pages or ad accounts. After we’ve confirmed your identity, we’ll delete your ID or document within 30 days.”

Community Reaction

One Facebook user posted on the company’s forum on behalf of her father, who could not get into his account after resetting his password saying,

“Now when he goes to log in, he is being asked for a scanned document to verify his identity. Honestly, I think this is ridiculous! He is being asked to submit a picture of his birth certificate, driving license or marriage certificate. I have never been asked for anything like this in all my time on Facebook and I think it is ridiculous to ask people to do this. No wonder there is so much identity fraud!!”

This post, from 2013, is not an isolated incident and addresses the exact concerns of the Identity Theft Resource Center. When you share your PII with companies or individuals, you increase your risk of identity fraud and theft.

Some users reported after providing the required personal identification documents, they were still not granted access to their accounts. Other users are at a loss for how to help their child access his or her account without exposing them to dangers. Out of concern for privacy when creating an account, some users did not use their real birthday or name and now do not have proper personal identification documentation. Those users will be forced to change the provided information to what matches their legal records.

In response to a forum complaint, a member of Facebook’s Help Team provided the following statement:

“This usually happens when we detect suspicious activity or security threats to your account. We take your security very seriously, so before we can provide you with any information about this account or give you access to it, we need to make sure it belongs to you.”

ITRC’s Response

Before providing your PII to Facebook, or any other company, you need to assess the risk involved. By sharing your confidential legal documentation for storage on a third-party website, no matter for how long, your risk for identity theft and fraud increases. As we know too well, secured servers are still susceptible to data breaches and cyber attacks. We urge users to evaluate how important using Facebook is to them, the value it provides and the risk they are willing to take to continue using the social platform.

Need help? Watch our privacy videos or chat with an advisor today!

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

What Does The Facebook Settlement Mean for Consumers?

Facebook Clear History Privacy Feature to Launch This Year

Change in Facebook Privacy Policy Ordered By the FTC

It is no secret that public Wi-Fi connections can leave you vulnerable to hacking and identity theft. However, the old wisdom of avoiding common sources of free public Wi-Fi connections is not enough. These threats are not limited to places like coffee shops, hotels, airports or even your doctor’s office. These days, more and more businesses are drawing customers with this kind of perk, and hackers have taken notice.

Passwords are also important. Some businesses reserve their free public Wi-Fi for their own customers, and as such, a password is required in order to connect. Other companies, though, do not bother with the hassle of maintaining, distributing and changing their passwords. Their guest connections are left wide open. That means your device could attempt to connect even without you taking steps to do so.

Here are a few more places where available public Wi-Fi connections might not be safe:

Retail shops

More and more businesses, especially those that encourage their customers to browse, offer free public Wi-Fi in-store. This is great for families with children, spouses or friends who need to wait on someone and even customers who want to download in-store specials and coupons. Remember, though, that connecting once intentionally can trigger that same connection any time you are near that store in the future, depending on the settings in your device.


Checking Facebook or catching up on emails while waiting in the school pickup line is a great way to multi-task, but it can also leave you at risk if you are able to connect over the school’s public Wi-Fi. Schools have long been a hot target for hackers due to the high volume of stored data, especially on younger students who have a clean credit report.

Jury lounge

Some courts have launched free public Wi-Fi in the jury duty lounge as a way to thank citizens for their service while also helping members of the jury pool be productive while they wait for their turn to serve. The connection in the jury lounge is password-protected but will be in use by a wide variety of people (including hackers).

Entertainment venues

Swimming pools, bowling alleys and arcades are providing free public Wi-Fi connections for their guests, especially parents who must wait with their kids. It is a way to make the day more enjoyable for everyone, but it can also mean hackers targeting families who are using portable devices to connect, take pictures and send updates to social media.

Common areas

Just because there are more places where your public Wi-Fi connection could lead to a hacker, that does not mean criminals have given up on their old haunts. Do not let your guard down in more common places like coffee shops and airports, and make sure your device settings prevent you from connecting automatically.

Consider using a VPN

A virtual private network is a digital tool that keeps outsiders, such as hackers, identity thieves, spammers and even advertisers from seeing your online activity. VPN is an installed piece of software on your laptop or desktop that is either stand-alone or bundled with your antivirus or security software.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Yahoo Breach Settlement Proposed for $117.5 Million

10,000 Breaches Later: The Benchmark Breaches That Created Systemic Change 

Robocalls and What to do About Them 


Thanks to a new settlement valued at $170 million, child privacy on the internet just got a little bit safer. The Federal Trade Commission (FTC) just announced the largest-ever settlement of a privacy claim against Google’s YouTube for illegally collecting data on children and using it to target young viewers with advertising. This is the largest agreement of its kind since the Children’s Online Privacy Protection Act (COPPA) was enacted in 1998.

YouTube’s stance on the child privacy matter was that the increase in the number of shared devices among family households and the availability of child-friendly content on its site means more kids might be viewing videos online. However, that does not mean the company is able to determine whether or not the viewer is a minor. If the video played on a screen, regardless of the age that content was tailored for, it may or may not have been viewed by a child.

The FTC stated that YouTube strategically positioned itself with toymakers and other companies to promote advertising on videos that target children, which violates the COPPA law.

As a result of the settlement, not only will Google pay the fine, they will also begin to take steps to prevent targeted advertising and data collection on content that is deemed to be for children. The FTC intends to conduct ongoing “sweeps” of YouTube content to ensure that this happens.

Not everyone with a say in the matter agrees with the YouTube child privacy settlement. There are some lawmakers and FTC officials who feel like this punishment is just slap on the wrist, and that there are no guarantees Google and YouTube will take appropriate action.

For many parents, targeted advertising might not seem like a major issue. After all, there are ads for children’s products and services scattered through the cable television programs that children watch. The difference here is in the intent. While YouTube may have taken steps to ensure that the ads were child-appropriate, they did so in violation of the law. That means other content could contain targeted ads aimed at children while not being kid-friendly if YouTube is not enabling stronger controls and protocols to prevent it.

For its part, YouTube’s statement on the child privacy settlement still encourages parents to limit their young children’s streaming time its kid-friendly dedicated app.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

10,000 Breaches Later: Three Major Data Breaches Consumers Should Know About

Things to Consider When Using VPN

Should You Consider Credit Monitoring Services as Part of a Breach?

If you are one of the millions of consumers who use a voice-activated assistant in your home or through your smartphone, your personal data and activity may become more secure due to new data privacy regulations like the European Union’s GDPR and recent privacy-related legislation. Virtual assistants and chatbot tools will now have to tighten up their security to protect your information.

Siri, Alexa and Google Home are just a handful of the artificial intelligence tools that interact with live people every day. We rely on these devices for everything from looking up a phone number or a favorite song to controlling the utilities that power our homes. Because of that, they are fertile ground for hackers who are looking for private information or who seek to get a picture of our day-to-day activities. The amount of use they get is another reason AI data privacy is so important.

Even if you do not own or use a voice-activated virtual assistant, you have probably interacted with a chatbot online. You may not even know it. These tools use artificial intelligence to provide customer support for businesses. You may have visited a retailer’s website and found a “live chat” button to click or had a pop-up box open with the words, “Hi! How can I help you today?” on the screen. While some businesses still use human customer service reps to provide support, a growing number of companies are already relying on computers to carry on the conversation and solve any problems.

Some experts are already at work helping developers create privacy-compliant AI tools that still have enough room to be useful. If your virtual assistant cannot store your shopping or search history, for example, how will it help you find that great brand of coffee you tried? How will it know what songs or movies to recommend when you tell it to play something “upbeat?” This kind of data collection is what makes AI-driven tools useful and easy to operate, rather than forcing human users to repeat themselves with every interaction.

The first step for developers is to draft a clear policy on what information is collected from users. From there, it is important to store it securely for data privacy. Some states are already requiring chatbots to disclose that they are not actual people and to request permission to record or save the chat conversation. It is a good idea for businesses in every state to start working in that direction since these data privacy laws are already being put in place. On a more personal note, it is important that companies develop AI tools that incorporate the ability to respond accordingly if a minor initiates the interaction. This can prevent a toddler from renting a movie on Amazon or a teenager from asking for critical medical advice from a robot.

The most important step is to remember that technology and innovation are fluid. There is no such thing as a one-and-done law or regulation where privacy and tech intersect. Any data privacy policies or upgrades, especially where AI and chatbots are concerned, must be revisited frequently to ensure they are still complying with the law and protecting the public.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

Shutterbugs Beware! DSLR Ransomware Attack Targets Digital Cameras 


In 2012, Facebook was sued by the Federal Trade Commission (FTC) for misleading consumers about their privacy. One example of their misleading promises was the extent to which they shared user information. Mobile applications used by one consumer were allowed to access the information of that consumer’s friends even though the friends did not grant permission. The 2012 settlement from the FTC required Facebook to tighten its privacy policies and put penalties in place for misleading statements to consumers.

Facebook violated the FTC’s orders by allowing third-party companies access to consumer information they did not want to be shared. This scandal came into the limelight in 2018, with investigations looking back at least four years to determine wrong-doing by the social media company. Facebook and the FTC announced last week that a settlement had been reached of $5 billion, the largest in history for this type of offense. The settlement is not only monetary fines, but also requires a change in Facebook’s privacy policy to comply with new standards.

Some of these standards include creating a system of checks and balances within the company to ensure consumer privacy is being properly handled, and removing CEO Mark Zuckerberg from complete control over privacy decisions. They also outline specific rules Facebook, Inc. must abide by when it comes to consumer privacy.

More Control Over Third-Party Apps

The FTC is requiring Facebook to exercise more control over applications granted access to their platforms. App developers who want to integrate with Facebook must certify compliance with Facebook’s policies and justify the need for consumer data. The social media giant must regulate the acceptance of their policies and stop creators from accessing the platform who do not meet the standards.

Prohibited to Sell Phone Numbers

The settlement ruled that Facebook is not allowed to use or sell user-provided phone numbers for advertising. This pertains to phone numbers given to Facebook for security reasons, like getting texted a code when you are logging in to a new device for two-factor authentication. This does not mean advertisers are prohibited from collecting your contact information in other ways. For example, if you fill out a form on Facebook where a company asks for your phone number and you provide it willingly, that company is entitled to use your phone number as in accordance with Facebook and their privacy policies.

Restrict Facial Recognition Technology

You have probably noticed facial recognition technology when uploading photos to Facebook. The platform often auto-suggests friends for you to tag in the pictures. The FTC is requiring Facebook to provide clear notice, absent of misleading messaging, to consumers and obtain consent from users when it uses facial recognition software.

Implement a Data Security Program

While the FTC does not go into very much detail about this requirement, Facebook will be forced to maintain a “comprehensive data security program.” Meaning it will not only have limits on how they can use and sell consumer information, but they will also be held to a high standard to protect user-information from outside sources.

Encrypt User Passwords

Facebook notified the public earlier this year of misuse of stored user passwords. The passwords for some users were stored as plain text for anyone in the company to access easily. Part of the FTC settlement requires Facebook to encrypt passwords and regularly check whether they are stored in plain text.

Limit Asked Information

According to the FTC press release, “Facebook is prohibited from asking for email passwords to other services when consumers sign up for its services.” Meaning Facebook cannot require users to disclose information about other platforms they might be a part of, even if owned by Facebook, Inc.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Privacy Settlement Shows New Industry Trend

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?

The Federal Trade Commission (FTC) announced July 24, 2019, that they have reached a settlement with Facebook, Inc. The social media giant received the largest fine in history for violating consumer privacy and were ordered to pay $5 billion – roughly 20 times the last largest fine of this kind. This comes less two years after Cambridge Analytica was found using millions of Facebook users’ data that brought the companies privacy practices into the limelight.

As part of the Facebook settlement, the FTC has ordered the company to make changes to their current standards of privacy. The changes will start at the board level – and will trickle down through their executive ranks – including increases in transparency and holding individuals within the organization accountable.

What Does This Mean for Social Media Users?

Just within the United States and Canada, 185 million people use Facebook on a daily basis. This enormous number represents just how integrated the company is in the daily lives of citizens and does not even account for the other Facebook, Inc. entities, like Instagram and WhatsApp.

Social media users should expect to see more updates and changes to privacy policies on Facebook, Inc. applications. Similarly to the last time Facebook updated their privacy policy, other social media companies – like Twitter and Snapchat – are likely to proactively update their standards as well. This means users will probably be receiving emails and in-app notifications of updated privacy policies. It also means they might have more control over the information they choose to make available to Facebook and third-party partners. Identity Theft Resource Center always encourages users to read privacy policies in order to know exactly what companies can do with your data. We also highly recommend reviewing your current privacy settings on all online accounts to make sure you are comfortable with the information shared.

When these changes are expected to roll out is unknown, as Facebook’s settlement with the FTC is a 20-year plan. Likely, initial changes will likely start to happen within the coming weeks and continue to be updated on a regular basis. Users may not see immediate changes to their how they are able to interact with the platform or its sister properties, Instagram and WhatsApp.

What Does This Mean for Facebook?

On Facebook’s website, the company says this decision has come after months of negotiations with the FTC. The statement also says the settlement will require a “fundamental shift” in Facebook’s approach at every level of the company in terms of privacy and that they hope to be a “model for the industry.”

Requirements of the Facebook settlement include establishing an independent privacy committee, removing CEO Mark Zuckerberg from complete control over decisions that affect user privacy. Compliance officers will be appointed throughout the company that will report to the FTC quarterly regarding the new privacy standards being upheld. Also, third-party assessors will be evaluating Facebook and identifying any issues.

Additionally, Facebook will be required to document cases when data of 500 users or more is compromised and notify the FTC within 30 days of the discovery.

On top of the $5 billion fine from the FTC, Facebook will pay an additional $100 million to the Securities and Exchange Commission (SEC). This fine came after it was discovered Facebook made misleading claims about the misuse of user data. The SEC’s statement said Facebook acted as though the situation were merely hypothetical when they knew the data had in fact been misused. The $100 million fine is the highest penalty to be paid because of this type of lack of disclosure according to the SEC.

If you are a victim of identity theft in need of assistance, you can receive free remediation services from ITRC. Call one of our expert advisors toll-free at 888.400.5530 or LiveChat with us. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Facebook Rolls Out Privacy Updates – Here’s How To Check Your Settings

New Tool Helps Consumers Make Sense of Data Breaches

What Does the Equifax Settlement Mean for its Data Breach Victims?

The internet may be abuzz once again with users sharing images from their FaceApp filters, but security experts are treading carefully. The AI-powered photo editing app, which provides fun filters to enhance your pictures of your face, became a viral sensation when it launched in 2017.

When it first became popular, FaceApp had a fairly convincing filter that would change the gender appearance of the person in the photo. Now, it is once again sweeping social media for its old-age filter. Everyone from school kids to celebrities are sharing pictures of how they are going to look when they are nearly 80-years-old.

However, it is not exactly harmless fun. The terms and conditions for this Russian-owned app have alarmed some security experts and privacy attorneys. The app developer being outside the U.S. is not why it is problematic. In fact, their servers where the photos are stored are located in the U.S., Ireland, Singapore and Australia, and are hosted by U.S. companies like Amazon and Google.

What has raised red flags for experts is where the photos are stored. Rather than applying the filter to the image in the phone the way a colorizing filter might happen, the user must submit the photo to FaceApp’s servers in order for the filters to be applied. Those photos are then kept on the server, and the terms and conditions state that FaceApp can do nearly whatever they want to with the photos once the user submits them.

Reactions have ranged from “no big deal, lots of companies have users’ photos” to “this just proves they are developing facial recognition software to spy on us!” What are we actually supposed to believe and what are we supposed to do about it?

The first answer is simple: nothing. If you are not concerned with your photo being used by a third-party company, then carry on. There were initial concerns that uploading one photo actually gave access to your entire camera roll in your phone to FaceApp, but that does not appear to be the case.

If you are someone who values your privacy in these matters, then this might be one of those apps that is not for you. If you do not want your children using this app, or their friends uploading your child’s picture, then you need to have a talk with your kids about digital safety and security. If you are worried about the future of facial recognition software being used in harmful ways, then you might not want to add your picture to the database of more than 150 million users’ photos that FaceApp has already collected.

The biggest issue with this news is not what FaceApp could be doing with it. Rather, how users have become very quick to download and use the latest fun app without really paying attention to the terms and conditions. If you do not know what permission you have given an app, how will you know if the app does something you are not comfortable with?

Remember that it takes money to build a platform or an app. If someone is letting you use it for free, you should proceed with caution. They are getting paid somehow, and in many cases, their income is from the user data they sell. If you are not having to pay to use it, either advertising dollars or your information are probably providing that revenue. Again, it might be harmless data that you do not mind sharing, but if you did not understand the terms and conditions, you could find out its information or purposes you are not comfortable with.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Is Deepfake the Next Step in Cybercrime?

Things to Consider When Using VPN

New Tool Helps Consumers Make Sense of Data Breaches