The FaceApp Security Issues: Here We Go Again….

Here we go again…

An application that allows you to upload a picture of a face and see it aged is getting public attention for being a security risk. The FaceApp Facebook application is being presented as being extremely dangerous to your personal security. What’s ironic is that a lot of the focus is on the rumor that the application is from a Russian company, and that is why you should be concerned. It is as if the capitalistic exploitation that can occur from American or any other company around the world is less concerning than what the Russians could do.

The reality is that this application should be concerning, but so should every other application you install. While the Russians might exploit your data and information, so might any other company in any other country of the world. In fact, in most cases, the companies don’t have to do anything illegally, because most people give their permission to the companies to use their data. Yes, if you installed that application on your phone or computer and clicked “okay” (or something similar), then you often give permission and rights for your data to be used. Once you’ve given that permission, you’ve opened yourself up.

Facial Recognition

The irony of the FaceApp program is that one of the biggest concerns raised is that of giving away your image. With facial recognition becoming more engrained in security, the issue has been raised that you’ve given the image of your face to the Russians to use going forward.

Should you be concerned?

Absolutely; however, if you are using Facebook, then your concern shouldn’t be with this one Russian company, but with all companies. The reality is, if you’ve posted a public picture of yourself, if you’ve tagged a picture of yourself, if you’ve used your face as the image on your icon for any social media site (Facebook, LinkedIn, Instagram, etc.), then you’ve already given away this key information.

Giving Apps Permission

The reality is, most applications ask for permission to access your photos, phone, contact lists, or other information. If you say ‘yes’ to any of these requests when installing an application, then you’ve given up that information for a company to use. Once you’ve done this once, you have lost most – if not all – of your control of that data. When the original Pokemon Go App was released, it asked for nearly every piece of information on your phone. It wasn’t until after millions of people installed the application that the general public started asking why all the permissions were needed. While Pokemon Go eventually reduced the request for access, for millions, the damage was already done – the permissions had been given.

Tagging Others

While it is your right to give others your personal information, it is not your right to give away other people’s. As such, when you post pictures of others and then tag them, you are giving away that person’s identity as well. Because digital pictures can include location and other information, you might be giving away much more information as well.

If you search the Web for me, you’ll find a ton of information. Due to the jobs I’ve had, there was no way to avoid a digital footprint. If you search for my kids, you’ll find much, much less. In fact, if you find a tagged picture of any of my kids, let me know. With rare exceptions, they shouldn’t exist. Why? For their security.

The FaceApp Scare

The FaceApp scare is real. The Russian piece is silly, but the permissions piece isn’t. With any app, if you give access to anything on your system, then you should expect that it can be exploited. If you don’t want to give a company permission to use your pictures any way they care to use them, then don’t install an app that asks for permission to your folders, files, or pictures. If this is a concern, you are likely to find very few apps you can install.

One Step Further with Websites

If the FaceApp security issue concerns you, then you should also be aware of what websites you use. If you go to a website and use it, then you are agreeing to the permission statement on that website. It is highly unlikely you’ve read the permission statements on a website. If you had, you likely wouldn’t go to many websites anymore. I’ve written on this in the past. For example, the site Angie’s List has (or at least had at one time), a clause in its site usage permissions page that if you posted a negative review, they could fine you. Yes, by using the site, you basically agreed that you would pay a fine if you posted a negative review. Would Angie’s List ever implement this fine? Likely not, but then a Russian site is not likely to do anything with your photos either.

In Conclusion

In conclusion, you should be concerned about he FaceApp; however, you should also be equally concerned with every other app or site you use. Facebook and Google are rumored to be two of the biggest companies that exploit the data you provide. As such, if you are going to be concerned with your security and data, you might want to start by considering what you’ve allowed them to do before you start getting too concerned with a Russian company and your pictures.

Trust Nothing You Hear or See

Technology is to the point where you should not believe anything you hear or see online. Let me be more specific. I could tell you that the following three people are a family. I could tell you this is a picture of a man, woman, and their child. You might believe this, but the reality is, they are not a family

Actually, the reality of the situation goes beyond that. The child is not their child. In fact, that child does not exist. Nor does the man or woman. These picture are not real people. The pictures are all fake. While the pictures look very real, they are not. In fact, these pictures were created by an Artificial Intelligence program.

Similarly, I was recently told that it only takes about 10 minutes of audio from a person to be able to imitate their voice using AI. So with 10 minutes of someone’s voice, I can have a model of their voice that I could then apply to an AI generated image. In essence, I could have a non-existent person that could call your phone and leave you a message, or that could message you with an account that includes a full profile including a picture.

I could actually go one step further….

If I captured a bit of a person’s voice and combined it with bot technology, I could make an interactive program that could talk and respond using an existing person’s voice. The bot technology could be programmed so that the person could respond without any intervention from the developer.

I could record you or anyone else and then use your voice to say anything I want. The technology exists today.

Pictures of Non-Existent People

You can find pictures of non-existent people at https://thispersondoesnotexist.com/. If you go to this page, you’ll be shown a random picture of a person that does not exist. You can refresh the page to see additional pictures.

This web page generates pictures of people based on a style based generator architecture. To learn more about this, you can see the following video on YouTube:

The take-away from all of this is that as you view things on the internet or on television, you need to be extra diligent to make sure it is real. In a world of advancing technology, artificial intelligence, and programmed bots, it is getting very easy for anyone to generate fake personas.

# # #

Thanks go to my Friday Night Gaming Group for the discussion that led me to look at this closer!

 

 

SDTimes: 10 things that change when a developer gets promoted

Check out one of my newest articles. This was published by SDTimes:

10 things that change when a developer gets promoted

The push to climb the corporate ladder is strong. Depending on what you like to do, it might not be in your best interest to move up! It is important to know what additional tasks are likely to be added to what you are doing as well as to know what tasks you have been doing that you will need to give up.

Tech in HSE Schools: The Feedback Cycle

Technology is tough. Securing technology is even tougher, but when the technology is used by kids, it is important for technology to not only work, but to work in a way that eliminates unnecessary risks.

One of the biggest concerns about is use of technology in schools is around the potential for kids to be exposed to bad things. The other concern that is raised centers on putting expensive technology into the hands of little kids. One of the first questions I asked when the concept of having elementary kids in our schools use computers (iPads), was related to the idea of having 5 and 6 year olds responsible for getting a device to and from school.

Four years later, when the program was ready to roll out to the elementary schools, a new set of parents stepped up and asked the same questions. Fortunately, the school administration listened and made changes that didn’t require the younger kids to bring the devices back and forth to school.

Even looking beyond the youngest kids, technology is tough. It has problems. Most people are not tech-savvy experts that can address electronic issues. Additionally, if you give a kid something, then generally speaking, you can expect at some point it will be broken. That goes for computers such as iPads as well.

So when a school puts 21,000+ devices in place, it is safe to expect there will be issues. The question becomes, how can the issues be reduced or alleviated?

Communication and Open Standards

First is to open up communication so that you get the community helping to identify issues. In our community we have numerous people representing every facet of technology. Those people have insights that can help alleviate problems before they happen as well as insights that can help resolve issues in hours instead of months. The school system has to be ready to asking for help from the community early and often. This would prevent things such as the new projection system in the high school from sitting for well over a year without being used because the technology changed before it was even used. In fact, this is a case where the community had suggested open standards be used, but the decision was made to go with a proprietary solution. (Can we say, “We told you so”?)

As a result of community push-back, one of the efforts put forth by the school administration more recently was to set up Technology Committees to help provide feedback. These committees have started meeting and will continue to meet over the coming months. The initial meetings were less about technology and more focused on teaching methods, so the jury is still out on whether these will truly help open two way communication that will lead to technology improvements. I’m a member of one of these committees, so I’ll be sharing related thoughts in  future posts.

Understanding the Individual Issues

Additionally, it is critical that with that awareness, that there is an understanding of the individual issues happening to each student. If feedback isn’t collected, then how can you know what is truly happening? While many issues are seen within the schools, because technology is being brought home, many issues are not seen. As such, it is critical for the school system to do everything they can to make sure they are aware of what is happening beyond their own walls.

There is no automated means that I’m currently aware of within the school system to report issues that people have with their student computers or the schools technology. There is, however, an independent group that has created a means for collecting feedback. You can access the form for reporting a problem at the following link:

HSE Parents Voice iPad Issue Reporting Tool

This tool has not been available for very long, but it has already started collecting data. I recently talked with the group running the collection app about the data, and am glad to see that they’ve shared the initial results. You can review their initial findings at the following link:

Parents Voice iPad Findings Initial Report

This is just their early results. Because this has been in use at the beginning of the school year, it would be expected that the issues will be higher. The initial findings are indicating that issues and concerns are spread across a variety of areas, so it will be interesting to see what they learn over time. As kids and parents use the devices more, will issues go down or will they increase? Only time will tell.

In Summary

Technology is a tool to be used to help with teaching. Just like a pencil can have its lead broken, technology also breaks. Just like it is better to buy a standard pencil so you know you’ll be able to find a sharper that works, it is also good to use technology that follows standards. The way you reduce the issues is by understanding what issues have happened in the past. By collecting data and feedback, hopefully our schools will evolve the technology used to what is most practical and appropriate for the learning objectives. Until then, groups like HSE Parents Voice and many of the HSE parents (including myself) will keep providing the feedback to try to make it better.

Live Streaming the HSE School Board Meetings

One of the ways I find that I differ from the other candidates is that I haven’t waited to see if I get elected before trying to address issues that are important. I have been attending board meetings, asking questions, and pushing for change well before my name was filed to run for a school board position.

Simply put, the issues don’t wait for elections.

This year alone, HSE has had a referendum discussed, a roll-out of the iPads in the elementary schools, two bonds approved (totally around $15.5 million above and beyond the referendum and state money), issues with technology, changes to school policies and handbooks, continued loss of good teachers, and a multitude of other topics. In the case of the ten million dollar bond passed earlier this year, I was one of the few people to stand and ask a question about its purpose. Similarly, in this last school board meeting, I was the only candidate that was not an incumbent to raise a question about the spending. I’ve asked the administrators, school tech lead, and board members questions on other topics as well. These range from discussions on why open standard tech wasn’t used to why there was a push to eliminate paper magazine subscriptions in the elementary schools.

On topic I’ve questioned has come up a few times by other candidates. This is the topic of live streaming HSE School Board meetings.

In early July, I created a page on Facebook specifically for streaming the HSE school board meetings. While board meetings are “meetings in public”, out of consideration, I asked Dr. Bourff if I could live stream and record the meetings. I stated that I would take care of the recording, streaming, and any editing with the target media source being a live stream on a Facebook page. There would be no need for any effort by the school board or administration.

The idea of streaming the meetings is not a new one, and one that it was clear Dr. Bourff had already considered. As such, Dr. Bourff was able to provide insights toward the downside of streaming school board meetings.

By filming a meeting, there was a real concern that the level of discussion by members of the board could decrease. With a camera rolling, it would be clear that their questions and words were being caught on film. Statements that were made could be viewed differently than they intended. This could diminish discussions, and thus negatively impact results. For example, a board member might choose to avoid asking for clarification so they wouldn’t seem to lack knowledge on a topic. Because it is critical to keep the discussion free flowing among the board members, having to worry about a rolling camera could be a detriment. Having been to a large number of board meetings as an audience member, there have been a few meetings where the limited knowledge around technology was hard to watch. Had the board members been recorded, it truly could have not reflected the best on a couple of them.

Live streaming also has the potential to cause grandstanding by members of the community. While this sounds easy to control, I have facilitated a number of live online events as well as meet-ups. As such, I understand how grandstanding is actually a very serious concern.

The opposite of grandstanding is also an issue. A number of people have attended board meetings to present on topics that were sensitive, and yet very valid concerns. In a few of these cases, I do believe that the presenters might have avoided making their comments if they knew it was being recorded and streamed live.

There are other issues with streaming as well.

The reality is, school board meetings are held in public. As such, there is nothing that prevents a person from streaming the events now. Live streaming has become so simple that nearly anyone can do it with a smartphone and a Facebook account.

At this time, I have not pushed to stream the board meetings even though they are open to the public. There are two core reasons for this. First is to respect Dr. Bourff’s request to not cause the disruption in the board meetings. Second, and more importantly, not enough people have indicated they care or would watch a live stream. While streaming sounds like a great idea, when Dr. Bourff streamed an event earlier this year related to the referendum, the engagement was also extremely low. Having experience with live chats and streamed events online has often shown the same results.

While there are people that would watch the stream or an on-demand versions of the board meetings, the level of active interest just isn’t there to justify pushing against Dr. Bourff’s statements at this time. I’ve raised the topic, and over time will bring it forward again whether elected or not. I believe that recordings will eventually happen, but until there is real proactive demand by the community with a real commitment to view, I find that my own attention and time are better spent on topics such as spending, academics, and the well-being of our students.