Mail app

The NewProfilePic App: Innocent Photo Pleasure or Privacy Risk?

Maybe you’ve seen some of your Facebook friends update their profile pictures to look like fancy illustrations of themselves. They’re probably using a free app called NewProfilePic Picture Editor, the latest social media craze. And while the new images might look glamorous, using the app might be a bad idea – but maybe not for the reason some say. Let’s look at the facts.

What is NewProfile Pic?

NewProfilePic is an app you can get for iOS or Android. It pretty much does what it says – makes your profile picture look like a painting, using artificial intelligence. People on various social platforms are having fun tinkering not only with their own photos, but also with images of famous people and pets.

So what is the controversy?

On Wednesday, the British tabloid The Daily Mail published an article with the disturbing title: “Is Russia looking for YOUR personal data? Experts are warning internet users not to download the latest online craze New Profile Picture that sifts through your details. (“Hoovers” as in “vacuums”, for those unfamiliar with British slang.)

The Daily Mail quotes a security expert as saying “this app is probably a way to capture people’s faces in high resolution and I would question any app that wants that amount of data, especially one that is largely unknown.”

Wait, what’s the Russian connection?

Once the app became popular, people started digging into the company’s history. It turns out that the NewProfilePic domain was originally registered in Moscow. Given the war in Ukraine and the history of hackers working in Russia, the mere mention of the Russian capital raises suspicion among some potential app users.

But the company is not located in Moscow, although it has an office in Russia.

“We are a [British Virgin Islands] company with development offices in Russia, Ukraine and Belarus,” a representative from PhotoLab, the company behind the app, told me. “All user photos are hosted and processed on Amazon AWS and Microsoft Azure servers, which are located outside of Russia. Federation. … It is the truth that the domain was registered at the Moscow address. This is the former Moscow address of the company founder. He doesn’t live in the Russian Federation now.”

But these are complicated times.

“We understand that due to current events in Ukraine, any link with Russia could arouse suspicion,” the representative said. “That’s why we want to share the position on this issue on our founder’s Instagram.”

In this Instagram post, company founder Victor Sazhin says he was born in Moscow, moved to Ukraine as a child and is against Russia’s war against Ukraine .

Company Founder Speaks

Sazhin told me via email that he felt the Daily Mail story was fueling anti-Russian hysteria.

“I was not completely surprised [by the negative reaction]”, he said. “Recently, when our other application, Photo Lab, was #1 in Ukraine, when people used it to create patriotic avatars with a beautiful effect that we created, some Facebook [conspiracy theorists] started a similar story. And a few years ago when we went viral in Bangladesh and India, there was another ‘story’…but one that tied us to the CIA.”

He, however, praised the research done by The urban legends site wrote an article after the Daily Mail article was published in which it concluded that NewProfilePic was not particularly intrusive, noting that “the claim that this app steals data for the Kremlin does not is also not supported by evidence”.

“That [Snopes] The review is complete and I probably can’t add anything to it,” Sazhin told me. “The app is safe, the photos are processed on Amazon and Azure servers, and we’re not KGB.”

Shades of FaceApp in 2019

I spoke to cybersecurity journalist and author Bob Sullivan about the app.

“It’s exactly like the FaceApp situation, with one important difference: the world is at war with Russia now,” he told me.

In 2019, a similar application, FaceApp was all the rage – you can use it to age a photo of yourself or edit it creatively. He was also based in Russia, and the The FBI investigated the app.

war changes everything

“A lot of Russians are great developers,” Sullivan told me. “Many Russians who learned to program there and now live abroad run very successful businesses. The world needs Russian programmers.”

Sullivan understands that Russia’s invasion of Ukraine and Russia’s autocratic President, Vladimir Putin, leaves a lot of mistrust in Russia-related apps in any way.

“People need to understand that even if a person or a company has the good intention not to share data with a government, they may be compelled to do so anyway,” Sullivan said.

PhotoLab’s spokesperson told me, “We do not have and do not plan to have any affiliation with any government organizations of any country.”

You offer your photos

Russia aside, is it a good idea to entrust a photo of yourself to an app you don’t know much about?

“I really think people are crazy using this app or something,” Sullivan said.

Artificial intelligence researchers, he says, are “desperate” to acquire large datasets that they can feed into a computer to perfect their algorithm.

“You have no way of knowing where these images of you might end up in the future,” Sullivan said. “For that reason alone, don’t.”

The company representative pointed me to their privacy policy, which states, “Photos are sent to the servers over the encrypted connection. We use Secure Socket Layer technology to protect the confidentiality and integrity of the transmission process.”

The policy goes on to say, “For unregistered users and users who do not share their results within the Services, original photos and results are automatically deleted from our servers two weeks after the last interaction. For users registrants who share their results in the Services that provide special social networking features, the shared content will be stored on the servers and displayed in the Services, unless a user removes the images themselves or requests such removal by contacting our team assistance.”

Authorizations and photos of animals

But what if you’ve used the app before? And are you safe if you don’t use photos of your own face, but of, say, your cat or your horse?

“The app probably has a continuous way of passing information about you to its owner, so I would remove it immediately,” Sullivan said. “Same with the chat theory. I don’t know what they do with data other than images. But every bit of information you share ends up in the horrible ad tech ecosystem, with inferences drawn which would shock you.”

The permissions requested by the app are similar to other consumer apps.

“I agree that this app doesn’t ask for more than many apps…which doesn’t make it right, but that’s not suspicious per se,” Sullivan said.

This is the brand new app

The app is popular. Friday was the best free app on the Apple App Store.

“Without a doubt, we are happy that users like our NewProfilePic and ToonMe apps so much,” the rep told me. (ToonMe is a similar app from the company that turns photos into cartoons.) “And of course, we’ll do our best to create even more stunning effects and make even more users happy.”

Company founder Sazhin echoed this.

“It looks like we’ve finally found the recipe with NewProfilePic,” he told me. “It looks like a quick hit (and it kind of is – this viral wave only started last Saturday, a day after a new set of effects was released in NewProfilePic), but it was actually years of work.”

Support your local artists

Even if a company has never had a Moscow address, users should think twice before agreeing to hand over personal photos to an app you know nothing about, even for a slick profile picture, Sullivan says .

“When you share intimate data like your face with an app like this, you have no way of knowing where that data will end up,” Sullivan warned. “If you really want a cool portrait of yourself, hire a local artist!”