Deepika Padukone also uploading their pictures using the photo editing app.
Within weeks of launch,
Lensa AI has become the most downloaded free photography app in the United States and the sixth most downloaded in India.
As photo apps such as Prisma Labs-owned Lensa AI gain in popularity, cybersecurity experts have, however, turned into a worried lot.
They point to the possible misuse of sensitive personal information such as face identification and iris scans and warn users to exercise extreme caution while uploading their photos on to any such apps, which have of late begun to face greater scrutiny for their privacy policies and security features.
Lensa AI is not alone. Other photo apps like NewProfilePicture and FaceApp too have faced scrutiny for their policies.
“I’m concerned about what they (Lensa AI) do with the images you give the application, the metadata inside those images, and how they might be used in the model that the AI uses to generate these images,” Dominic DiFranzo, assistant professor in the Department of Computer Science and Engineering at Lehigh University, told ET.
Discover the stories of your interest
DiFranzo says Lensa AI is an Artificial Intelligence (AI) solution that builds new images from a large corpus of other images.
“Your images will be a part of that corpus and will affect the types of images generated for other users. That doesn’t mean other users will be able to use/view your photos, but the AI will be trained on your images in some very small way,” he says.
Cybersecurity experts caution users to read a company’s privacy policy before agreeing to the terms of service as one could unwittingly agree to share personal information. A strong password, biometric features or two-factor authentication could also help prevent misuse, they say.
Lensa AI says user content is solely used to operate or improve the app.
The company says it is well within its rights to “reproduce, modify, distribute, create derivative works” of user content without any additional compensation. It defines user content as not only the photographs that a user uploads but also any AI-generated content a user creates by using the app, such as an avatar.
According to its previous policy, uploaded photos or videos could also be used to train its affiliated algorithms and products to perform better, but in its latest update, the company has made clear that no personal data is being used to train other AI products of Prisma Labs.
Lensa AI has also clarified that in case a user uploads a photo or video depicting a friend or anyone else, they must do so only with their consent.
“In case you upload someone else’s content to Lensa and we receive claims, you will indemnify Lensa for such claims (it means that we will ask you to financially compensate us for these claims),” according to its terms and conditions.
Earlier this year, photo app NewProfilePicture gained traction as it allowed users to turn their photos into illustrated portraits with an “AI-driven” update, much like Lensa AI. However, soon after it took the internet by storm, reports began to surface that the service, which utilized facial-recognition technology, was sending users’ photographs and data to Russia.
Another Russia-developed app, FaceApp, was also wildly popular in India in 2019 and had actors and other celebrities going ga-ga over how the app would help them view their transformed selves as they grew older.
Training AI
The key threat to user privacy is if Lensa AI or any other AI photo app does not adhere to their policies that images would only be used for training their AI algorithms, says Kevin Curran, professor of cybersecurity at Ulster University.
If proper authentication is not used for such services, hackers could collect all the stored images, he says, adding that standard encryption techniques are essential to safeguard user images.
“You have to trust ultimately that the company honours its terms. Lensa AI , of course, claims that it does not store any images but simply processes them for users and uses information from each image to train its neural network which is the heart of the AI,” Curran says.
If companies share details with a third party, it provides much leeway for them to profit from Personally Identifiable Information, he says.
Lensa says it collects other data, including information about a user’s mobile device and internet connection, including their IP addresses, the device’s unique device identifier, operating system, and mobile network.
But it has clarified that it does not transfer, share, sell, or otherwise provide a user’s photos, videos or avatars to advertising platforms, analytics providers, data brokers, and information resellers.
