Tempted to play with that Chinese Zao app for deep-fake frolics? Don't bother if you want to keep your privacy

Surpising no one, software will keep vids of your face forever

Chinese mobile app Zao has taken the internet by storm due to its uncanny AI-based face-swapping technology, automagically and quickly painting netizens' fizogs over famous actors in movie and TV clips – but there's a hidden kicker in the code.

Punters have been sharing app-generated video clips of their faces pasted onto the bodies of actors including Leonardo DiCaprio and Marilyn Monroe, to place them in well-known scenes, which sounds sort of fun. However, Baptiste Robert, a French security researcher who goes by the name Elliot Alderson on Twitter, discovered that the software stores the computer-generated clips in a backend cloud, and these can be accessed by anyone online with the right URL even after the video had been deleted in the app, or even if the app itself has been removed by the user.

In other words, once you make a deep-fake clip, it can be viewed by anyone with the correct URL: you seemingly can't delete it.

“It’s dangerous to upload your face to a random app,” Robert told The Register on Tuesday. "Once your photo of your face is uploaded, you lose your rights on it. You have no idea how your face will be used."

Robert uploaded a single photo of himself to generate a video clip depicting his face on the body of Sheldon Cooper, a character in the American sit-"com" The Big Bang Theory. After he deleted the resulting video in the app, he noticed that it was still available online from Zao's backend systems.


Who will save us from deepfakes? Other AIs? Humans? What about vastly hyperintelligent pandimensional beings?


Zao quickly skyrocketed to become the most popular app in China’s iOS app store when it was launched on Friday. Once users have downloaded the app, they also have to hand over personal details, such as their mobile number and their handle for WeChat, a widely used smartphone app in China that acts a social media and payment platform.

A statement posted on the app’s official Weibo account, a well-established Chinese social media platform, stated that any personal data would be deleted if a netizen removed the app from their phone. However, Robert's deep-fake video is still up online for anyone to watch, even though he got rid of the app.

And that’s not all. A quick translation of Zao’s privacy policy reveals more concerning practices. It explicitly states that personal information will be collected without consent if the data is relevant to issues of national security, the public interest, and ongoing criminal investigations. By using the app, punters agree to hand over their device information, location, and online browsing activity, too.

Zao isn’t the only AI app to raise privacy concerns. FaceApp, a Russian smartphone program that generated fake images using a filter that makes users appear much older than they are, appeared to hoard people's submitted selfies. ®

Biting the hand that feeds IT © 1998–2021