Users who have accessed social networks in recent days have certainly come across artistic photos of friends in different settings and styles, created by Artificial Intelligence. The creations are from the Lensa App, launched in 2018, but which has only now become popular among users, especially Brazilians, in Instagram and Twitter posts.

In just a few days, the Lensa App became the most downloaded application in Brazil, with more than 10 million installations on Android alone. How the application works is very simple, after downloading, just select 10 to 20 photos of your own face and make payment according to the total number of photos desired. From then on, technology does the rest of the work, delivering editions that take users to other worlds, adding props and colors, which, when put together, explain why Lensa became such a rage

Between the desire to keep up with friends, the curiosity to see how Artificial Intelligence will work on one's own photos or even a certain anxiety about being out of fashion at the moment, there is little room to observe carefully. In this case, security issues can be left behind, with users ignoring the idea that, to create edits, Lensa needs to process users' appearance, as well as collect some personal data.

Fabio Assolini, senior security analyst at Kaspersky in Brazil, points out that the use of photos of people to train Artificial Intelligence should become more common every day and is not a dangerous activity in itself. However, users need to consider issues related to security and privacy, especially regarding transparency and the responsibility of companies in the storage, processing and use of personal data.

At first, there seems to be no reason to worry about using the Lensa app, unlike many other facial editing apps that have emerged in recent years. Articles also show less tracking and information collection than other solutions used, such as social networks and editing applications. The terms of use are very clear on the issue of use and storage of users' images, as well as easy access, even though it often falls within the “legalese” required of documents of this type and is only available in English.

Prisma Labs, the company responsible for the application, is based in the United States, a country with strong rules regarding data protection. If the name is familiar to you, it's because you remember the application with the same title, which went viral in 2016 also with artistic edits on photos sent by users – the company has Russian origins, but after the separation between its original founders and receipt of different investment rounds, established its base in the United States.

According to the terms of use of the Lensa App, images sent by users are deleted within a period of 24 hours after sending, while all processing is carried out anonymously, without identifying the original user. Photos can also be uploaded to Google or Amazon clouds, likely where the AI architecture that underpins the app lives. The procedure is also carried out anonymously, with the data also being deleted after a maximum of one day.

In app stores, the contract and app details also indicate indications of other information collection during its use. Lensa does not require registration to be used, while payments for image edits are managed by Google and Apple. The only authorization requested on iOS is tracking in other apps. On Android, requests are limited to using the camera and accessing photo storage. Also, during the processing time and creation of the artwork, the user can ask the solution to notify when everything is ready, which requests permission for notifications.

In automatic collection, Lensa obtains information about the device used such as the brand, model and hardware information, as well as connection IP and cookies. The indication is the possible sharing of data and user tracking with partners linked to advertising or use to notify users, perform support tasks, update or monitor and fix bugs.

These are common elements in much of the software used on Android and iOS, while the application terms themselves show a detailed arrangement of all possibilities related to the use of user data. Prisma also clarifies that it will not process data beyond the stated purposes, while explicit consent will be requested in the event of changes to the articles or the need for additional collection.

However, a term linked to the ownership of Lensa's creations may catch the attention of some users. While the articles clarify that users can use, edit, share or use the image for any purpose, they also send Prisma Labas the right to create derivative works based on the results of editing the images, without requiring authorization or execution. of payments.

This means that, at some point, the company can run a marketing campaign using images created by Lensa users, for example, using the edits for paid campaigns or new projects. Users are still responsible for the content sent to the platform and must be the holder of the rights to use the original images, without Prisma Labs having any jurisdiction over the material produced.

For those who have already created their avatars with Lensa, but do not agree with the transfer of their copyright to the company, they can contact us via email at [email protected] and request that everything be deleted, either personal data and the images created. This is a right guaranteed by the General Data Protection Law, or LGPD, and which must be provided to Brazilian users even by the internationally based company.

There is also an issue regarding the difficulty of AIs dealing with different traits, maintaining the Eurocentric vision, becoming known as algorithmic racism. In the case of the Lensa app, the criticism appears and is also being shared across networks, while users report their features being modified in the edits, such as skin being lightened, a thinner nose and eyes with a different proportion to their natural ones.

There are those who say on social media that the risks of using software linked to Artificial Intelligence extend beyond the data itself. These photos are supposedly being used to train AIs for other purposes, something that doesn't make much sense. After all, why would a company depend on sending images of people, in a paid solution, when there are several free and paid face packs available on the internet? They are aimed precisely at improving technology and are made up of public data scraped from the internet – including, several times, the complainants' own avatars, published on the networks.

Still, it's not like using the applications is smooth in all cases. The analysis of terms of use, mainly linked to data collection and processing, is extremely important not only for image apps, but for all types of software downloaded to a computer or cell phone. You will be surprised by articles cited in documents like this, linked to social networks or email services, several times, with much more tracking than photo solutions.

Kaspersky issued a warning specifically about them, pointing out the rich ones, mainly linked to facial biometrics. Hosting facial images indefinitely on third-party servers can pose risks of fraud and scams if these structures are not well protected and suffer cyber attacks, with the information obtained being used for malicious purposes.

Paying attention to the permissions requested during the download, as well as information requested during registration, also helps to understand whether the application is going beyond the necessary limits. As pointed out by the security company, installation should always be done through app stores or official websites, while the user should always check the developer and avoid software that has few downloads, negative reviews or shady developers. 

Keeping operating systems up to date helps close known loopholes, while the presence of antivirus and other security software protects the user against common threats. If in doubt, avoid using the application or providing data until you are sure of what you are doing.