Chinese mobile app Zao has taken the internet by storm due to its uncanny AI-based face-swapping technology, automagically and quickly painting netizens' fizogs over famous actors in movie and TV clips – but there's a hidden kicker in the code.
Punters have been sharing app-generated video clips of their faces pasted onto the bodies of actors including Leonardo DiCaprio and Marilyn Monroe, to place them in well-known scenes, which sounds sort of fun. However, Baptiste Robert, a French security researcher who goes by the name Elliot Alderson on Twitter, discovered that the software stores the computer-generated clips in a backend cloud, and these can be accessed by anyone online with the right URL even after the video had been deleted in the app, or even if the app itself has been removed by the user.
In other words, once you make a deep-fake clip, it can be viewed by anyone with the correct URL: you seemingly can't delete it.
“It’s dangerous to upload your face to a random app,” Robert told The Register on Tuesday. "Once your photo of your face is uploaded, you lose your rights on it. You have no idea how your face will be used."
Robert uploaded a single photo of himself to generate a video clip depicting his face on the body of Sheldon Cooper, a character in the American sit-"com" The Big Bang Theory. After he deleted the resulting video in the app, he noticed that it was still available online from Zao's backend systems.
Yesterday, thanks to the #ZAO app I created a video with my face on Sheldon Cooper. This morning, I deleted the video in the app (no more available in « My Creation » tab)— Elliot Alderson (@fs0c131y) September 3, 2019
Guess what? #ZAO is not deleting your video. The video is still available online: https://t.co/sQJf7cknOw pic.twitter.com/p3Jw96OjWk
Who will save us from deepfakes? Other AIs? Humans? What about vastly hyperintelligent pandimensional beings?READ MORE
Zao quickly skyrocketed to become the most popular app in China’s iOS app store when it was launched on Friday. Once users have downloaded the app, they also have to hand over personal details, such as their mobile number and their handle for WeChat, a widely used smartphone app in China that acts a social media and payment platform.
A statement posted on the app’s official Weibo account, a well-established Chinese social media platform, stated that any personal data would be deleted if a netizen removed the app from their phone. However, Robert's deep-fake video is still up online for anyone to watch, even though he got rid of the app.
Zao isn’t the only AI app to raise privacy concerns. FaceApp, a Russian smartphone program that generated fake images using a filter that makes users appear much older than they are, appeared to hoard people's submitted selfies. ®
Sponsored: Ransomware has gone nuclear