Would Blockchain protect users' data better than FaceApp? Expert response

[ad_2][ad_1]

FaceApp – the mobile application that blew up your Instagram feed with photos of your followers like old people, opposite sex or newborns – has raised many concerns about potential privacy violations for users who upload their photos to be modified. Rumors have circulated that the application could even take pictures of users from their phones and upload them to the FaceApp cloud server without explicit authorization.

We contacted data security and privacy experts from universities, government agencies, start-ups and others to comment on user privacy issues, asking them for their views on concerns associated with traditional applications over decentralized blockchain-based applications ( DApps).

FaceApp uses artificial intelligence and a neural network to modify user images. The only function that made the mobile app suddenly popular last month after its release in 2017 was the feature that allows you to predict how you would look in the future.

Along with a wave of popularity among users, more and more questions have arisen about the security of the application, the fact that it is based in Russia (which apparently scared a New York Times reporter briefly) and on the terms of unclear use of the company. Karissa Bell, Mashable senior technology journalist, he wrote that the app allows you to select photos from your photo gallery, even if you have a general ban set to access them. The accusations that the app was able to "pass the mouse" on all the photos in your gallery were subsequently rejected by FaceApp.

US Senate minority leader Chuck Schumer asked the Federal Trade Commission and the FBI to conduct a FaceApp privacy survey, stressing that "it is not clear how the application of artificial intelligence retain user data or how users can guarantee the deletion of their data after use. "

Justin Brookman, former political director of the Federal Trade Commission Research and Technology Bureau, said: "I would be cautious in uploading sensitive data to this company that does not take privacy very seriously, but also reserves ample privacy. rights to do whatever I want with your photos. "

Meanwhile, FaceApp has denied the sale or sharing of user data with third parties without authorization, adding: “We could store a photo uploaded to the cloud. The main reason is performance and traffic: we want to make sure that the user no longer loads the photo repeatedly for each modification operation. Most images are deleted from our servers within 48 hours of the upload date ".

However, as pointed out in the second paragraph of the fifth section of the terms of use of FaceApp, using this application, provide FaceApp with the absolute freedom to do everything with your image:

"Grant to FaceApp a license in perpetual sub-license, irrevocable, non-exclusive, royalty-free, worldwide, fully paid, transferable to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly execute and view the contents of the user and any name, user name or similarity provided in relation to the contents of the user in all formats and multimedia channels now known or subsequently developed, without compensation for the user . "

A blockchain-based DApp could be much better for user privacy and security?

Oh, surely DApps can be better for privacy and security – if they work and work for more than 50 people at a time!

Security downsizing is a classic dilemma. Privacy vs. security is the other. My question would be: why does the world need another app / DApp? Why are you not building infrastructure and interoperability towards intelligent decentralization, personal agency and transparency?

I imagine that DApps could in an ideal world – but honestly, I don't see useful things working as decentralized as I would like.

Susan Oh, CEO of Muckr.AI and member of the board of Blockchain for Impact at the United Nations General Assembly

Native mobile applications lose a lot of data. Each app on your phone claims the rights to your information when you are in the application and, sometimes, even when you are not using that application, it will still collect data in the background without your consent (this is very common in the software kit development).

The entire app ecosystem is due to a revision. Decentralized applications are a move in the right direction; however, many will not be truly decentralized if there is a party that controls transactions or data. The purpose of decentralization is to distribute transactions and data where no central part owns it. Therefore, in some cases, decentralized applications will become incorrect because the developer or publisher of the app could retain control.

The Facebook Balance is a misnomer with decentralization. Cryptographic payments in this case will be centralized via Facebook and easily tracked. In many ways, this would go against the ideology of cryptocurrencies because every transaction made by one person will be traced since the person will be identified by the developer of the protocol and the currency (in this case, Facebook). The risk is that other app developers pursue a similar model of using the blockchain to register each transaction while verifying the identity in various ways.

Facial recognition is permanent; you can change your social security number, your phone number and even your name. But you can't change face. Combine this with blockchain transactions and you can easily imagine a dystopian level of surveillance. The best blockchain apps will be truly decentralized and not linked to data such as face recognition, social media data, bank data (such as the JPMorgan currency), etc.

Beth Kindig, product evangelist for Intertrust, former Personagraph developer evangelist, specialist in data security and privacy

Many privacy concerns stem from what companies choose to do with the data they collect. The storage of data for a given duration on its servers is a choice made by apps like FaceApp. So a blockchain application would be better for people's privacy to the extent that it's designed to be better, which is a term of value.

Companies can exercise great control over the way they design an application, through its architecture, its default settings, what it communicates in its privacy policies and what it does in practice. The value to a consumer concerned about his privacy would depend on the blockchain application and the type of data collected and processed by it.

Deirdre K. Mulligan, assistant professor at the University of California, Berkeley School of Information, clinical professor of law at Berkeley Law

With the existing centralized way of doing things, someone simply needs to get access to a server and then steal, alter or basically do what they want with the data stored there. Just see the high profile Capital One and Equifax hacks to see it.

Blockchains are built around the principles of decentralization, eliminating the single point of risk of failure (think of Equifax servers) and cutting unnecessary third parties by creating a more direct peer-to-peer network. This also keeps your privacy and control of your data from third-party apps because the data is based on the protocol rather than the application level.

For something like FaceApp, this means that you could temporarily grant access to your photo stored on the blockchain to use its funny filters, but FaceApp wouldn't be able to keep a copy (due to encryption and checking your key private resting with you). Something like this will surely exist in the not so distant future and we will ask ourselves why we have never blindly lost so much control over our personal data to use things like today's social media platforms.

Timothy Paolini, council member, NYU Blockchain

FaceApp and any entity that uses facial recognition should be cause for concern to everyone. The terms of FaceApp state that once the access to their face and name is granted, the company has a permanent license to do what it wants with them. This includes sharing / selling the face and name to unknown third parties. You can always change a password if it is compromised, you can't change your face.

We believe in decentralization as a promising path to guarantee the control of our data to users all over the world. MeWe is recommended by the inventor of the web, Sir Tim Berners-Lee, and we are closely following Tim's current work on the Solid project. Solid decentralizes the Web by offering Web users the freedom to choose where their data resides and who is authorized to access it. We plan to adopt Solid soon.

Mark Weinstein, CEO and founder of MeWe

FaceApp has revealed what infosec experts have known for a long time: videos, images, audio and above all written content are extremely difficult to accurately authenticate as unmodified or produced by a specific individual. In Audius, we focus on the audio: determining which part of a song the point where it is almost impossible comes from.

Technology like FaceApp will lead to the proliferation of more hoaxes and false contents that claim to be generated in an authentic way, aggravating the problems with inaccurate information that we face every day. As a society, we will have to be more skeptical about the authenticity of digital content. The identity of the publisher will become a more important part of this equation in the absence of other signals.

With Audius, for example, you can authenticate that a specific artist has produced a certain content, because the private key of that artist was used to sign the transaction that added the content to the network. Similarly, I believe we will see media like CNN or the New York Times that will begin to authenticate that they actually produced certain content by signing them with a public / private key mechanism.

Roneil Rumburg, CEO and co-founder of Audius.

These quotations have been modified and condensed.

The opinions, thoughts and opinions expressed here are the sole authors and do not necessarily reflect or represent the opinions and opinions of Cointelegraph.

[ad_2]Source link