它讓你"變老"了,你的隱私還安全嗎?

FaceApp Lets You 'Age' a Photo by Decades. Does It Also Violate Your Privacy?
它讓你“變老”了，你的隱私還安全嗎？

A developer could not have asked for better publicity.
開發商期待的最好宣傳莫過於此。

This week, two years after being widely panned for a filter that critics described as little more than "digital blackface," FaceApp, a photo-altering smartphone app, found itself at the center of a popular social media challenge.
兩年前，一款名爲FaceApp的修圖移動應用曾因其中一個濾鏡廣受批評，批評者稱其不過是“數字版白人黑臉秀”，而在這一週裏，這款應用卻成了一項廣受歡迎的社交媒體挑戰的焦點。

A range of celebrities had been using the app's age filter to modify photographs of themselves and provide realistic glimpses of what they could look like decades in the future. But then the backlash started.
很多名人都使用這款應用的年齡濾鏡來修改自己的照片，逼真展現出幾十年後的自己。但隨後，反彈開始了。

The app, which was created by Wireless Lab of St. Petersburg, Russia, and was ranking among the top free offerings in both the Apple and Android app stores on Wednesday, was uploading much more data than users realized, one Twitter user contended in a widely shared, since deleted post. "Russians now own all your old photos," The New York Post proclaimed in a headline.
這款應用由俄羅斯聖彼得堡的無線實驗室(Wireless Lab)開發，週三在蘋果和安卓應用商店的免費應用中都名列前茅。一條被大量轉發但之後被刪的推文稱，這款應用上傳的數據比用戶意識到的要多得多。“你的所有老照片都在俄羅斯人手上，”《紐約郵報》(New York Post)的新聞標題宣稱。

On Wednesday afternoon, the Democratic National Committee even sent out an alert, urging staff members on presidential campaigns to delete the app immediately, citing its ties to Russia.
週三下午，民主黨全國委員會(Democratic National Committee)甚至發出警告，敦促總統競選團隊的工作人員立即刪除這款應用，理由是它與俄羅斯有關。

But at least some of those concerns are overblown, according to several security researchers.
但據幾名安全研究人員說，至少其中一些擔憂被誇大了。

"The info sent by the application was only my device model, my device ID and Android version, which is very limited information and is quite common for an application," said Baptiste Robert, a French security researcher who specializes in smartphone apps that abuse user data.
“這款應用程序發送的信息只是我的設備型號、我的設備ID和安卓系統版本，這些信息非常有限，對於應用程序來說很常見，”研究智能手機應用的用戶數據濫用問題的法國安全研究員巴蒂斯特·羅伯(Baptiste Robert)說。

Mr. Robert did find one other piece of data uploaded to FaceApp servers without user consent, though: the photograph that a user wanted to manipulate.
不過，羅伯確實發現了另一類未經用戶同意就上傳到FaceApp服務器的數據：用戶想修改的照片。

The program says that its three age filters — two for younger-looking images, one for older — use "artificial intelligence" to produce plausible alterations to existing photos. Celebrities who have shared such manipulated images of themselves include Drake, Gordon Ramsay, the Jonas Brothers and Dwyane Wade.
該應用稱，它的三個年齡濾鏡——兩個用於讓人物變年輕，一個用於人物變老——使用“人工智能”對現有照片做出逼真的修改。分享這種被修改的照片的名人包括德雷克(Drake)、戈登·拉姆齊(Gordon Ramsay)、喬納斯兄弟(Jonas Brothers)和德維恩·韋德(Dwyane Wade)。

The company did not respond to multiple requests for comment, but it explained how the software works in a lengthy statement published on Wednesday by TechCrunch. When a user of the app selects a photograph to alter, that image — and only that image — is uploaded to FaceApp servers for processing, it said.
該公司沒有迴應多次置評請求，但它在TechCrunch週三發表的一份長篇聲明中解釋了軟件的工作原理。該公司表示，當用戶選擇要修改的照片時，該圖像——而且只有該圖像——會被上傳到FaceApp的服務器上進行處理。

"We might store an uploaded photo in the cloud," the statement read. "The main reason for that is performance and traffic: We want to make sure that the user doesn't upload the photo repeatedly for every edit operation. Most images are deleted from our servers within 48 hours from the upload date."
“我們可能會把上傳的照片存儲在雲端，”聲明中寫道。“主要是出於性能和流量方面的考慮：我們希望確保用戶不會在每次編輯操作時重複上傳照片。大多數圖片會在上傳後48小時內從我們的服務器上刪除。”

FaceApp does not sell or share user data with third parties, the company said, though it reserves the right to share some information as outlined in its privacy policy. According to that agreement, the app uses "third-party analytics tools to help us measure traffic and usage trends."
該公司表示，FaceApp不向第三方出售或共享用戶數據，但它保留分享隱私政策中列出的部分信息的權利。根據協議，該應用程序使用“第三方分析工具來幫助我們測量流量和使用趨勢”。

Even though its research-and-development team is based in Russia, the company said that user data was not transferred there. Photo processing is performed on servers operated by Amazon and Google, FaceApp's founder, Yaroslav Goncharov, told TechCrunch.
儘管研發團隊位於俄羅斯，但該公司表示，用戶數據並未轉移到俄羅斯。FaceApp的創始人雅羅斯拉夫·貢恰羅夫(Yaroslav Goncharov)告訴TechCrunch，照片處理是在亞馬遜和谷歌運營的服務器上完成的。

In a letter on Wednesday, Senator Chuck Schumer, Democrat of New York, asked both the F.B.I. and the Federal Trade Commission to investigate the app, citing "serious concerns" about security, data retention and transparency.
在週三的一封信中，紐約州民主黨參議員查克·舒默(Chuck Schumer)要求聯邦調查局和聯邦貿易委員會(Federal Trade Commission)對這款應用進行調查，理由是安全、數據保存和透明度方面的“嚴重關切”。

"It would be deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States," he wrote.
“如果美國公民的敏感個人信息被提供給一個頻頻對美國發起網絡攻擊的敵對外國勢力，那將是非常令人不安的，”他寫道。

But Ivan Rodriguez, a software engineer at Google who in his free time investigates suspicious iOS apps, including FaceApp, said he found little cause for concern. Like Mr. Robert, he found that the app collected little identifiable data beyond the photos users chose to alter.
但谷歌的軟件工程師伊萬·羅德里格斯(Ivan Rodriguez)說，他發現沒什麼值得擔心的。羅德里格斯在業餘時間調查可疑的iOS應用程序，包括FaceApp。和羅伯一樣，他發現除了用戶選擇修改的照片，該應用程序收集的可識別數據很少。

"I don't understand where these 'fears' come from, other than the parent company being based in Russia," he said in a Twitter exchange. "I mean, I definitely don't have the resources the F.B.I. or even the F.T.C. have, but so far I haven't found anything that's alarming or that shows this app trying to hide functionality that can be harmful."
“除了總部設在俄羅斯的母公司，我不明白這些‘擔憂’來自哪裏，”他在Twitter上說。“我的意思是，我肯定沒有聯邦調查局甚至聯邦貿易委員會擁有的資源，但到目前爲止，我沒有發現任何令人擔憂的東西，也沒有發現這個應用試圖隱藏可能有害的功能。”

Like many other applications, FaceApp uses services provided to developers by Facebook and Google, known as Application Programming Interfaces, according to Mr. Robert. And although he was disappointed by the rapid spread of misinformation about what the program collected, he said, he was pleased by the impulse behind it.
羅伯說，和其他許多應用程序一樣，FaceApp使用Facebook和谷歌爲開發者提供的服務，也就是所謂的應用程序編程接口。他說，儘管他對有關該程序收集信息的不實說法迅速傳播感到失望，但他對其背後的推動力感到高興。

"I'm quite happy, to be honest, because people are starting to be interested by this kind of question," Mr. Robert said, "and they start to understand that, O.K., maybe there are some privacy concerns."
“說實話，我很高興，因爲人們開始對這類問題感興趣，”羅伯特說，“他們開始明白了，好吧，可能還有一些隱私問題。”

Still, he noted, such concerns often take a back seat to novelty. "The cool factor is working a lot," he said.
不過，他指出，在新鮮的體驗面前，這種擔憂往往會退後。“酷的因素髮揮了很大作用，”他說。

Mr. Robert and two other researchers who investigated the issue all said they had found no evidence on Apple or Android phones that FaceApp was secretly uploading entire photo galleries. But each voiced concern that the app, like many others, failed to alert users that their data was being uploaded to remote servers.
羅伯和另外兩名調查此事的研究人員都表示，他們沒有在蘋果或安卓手機上發現任何證據，表明FaceApp正在祕密上傳整個相冊。但他們都表示擔心，與其他許多應用程序一樣，這款應用程序未能提醒用戶，他們的數據正在上傳到遠程服務器。

"If they don't take privacy seriously, how seriously do they take security?" asked Will Strafach, the founder and chief executive of Guardian Firewall, a tool coming soon for iOS that aims to give users more control over their data. "If they don't take security seriously, what's the risk of either an insider threat or their company being breached?"
“如果他們不把隱私當回事，又怎麼會把安全當回事呢?”衛士防火牆(Guardian Firewall)的創始人兼首席執行官威爾·斯特拉法奇(Will Strafach)問，他的這款即將登陸iOS的工具可以讓用戶對自己的數據有更多控制。“如果他們不認真對待安全問題，公司遭到內部威脅或被攻破的風險有多大？”

Others online raised concerns about FaceApp's privacy policy and terms and conditions, citing, among other things, a clause that grants FaceApp extensive rights to user photographs. But Jeremy Gillula, tech projects director at the Electronic Frontier Foundation, a noNPRofit civil liberties group, said it was similar to those of other apps.
其他人則對FaceApp的隱私政策和條款提出了擔憂，主要是其中一條讓FaceApp獲取了對用戶照片的廣泛權利。但非營利性公民自由組織電子前沿基金會(Electronic Frontier Foundation)的技術項目總監傑里米·吉盧拉(Jeremy Gillula)表示，它與其他應用的情況類似。

"We always have concerns," he said. "The fact that a lot of apps and services usually contain this catchall clause that says you grant us worldwide license to reproduce, modify, adapt, create derivative works from, distribute, publicly perform and display your user content always seems a little over the top to me."
“我們一直有顧慮，”他說。“在我看來，很多應用程序和服務通常都含有這項籠統的條款，即：您授予我們在全球範圍內複製、修改、改編、創建衍生作品、分發、公開表演和展示用戶內容的許可，我總覺得這有點過分。”