ZAO Deepfake

Going Viral and Causing Privacy Backlash: The Short Life of ZAO, the Chinese Deepfake App

Ran Yu

posted on September 6, 2019 7:19 amEditor : Chen Du

ZAO, a face-swapping app that lets you upload a picture of yourself and apply it to popular video clips, went viral overnight in China last week, flooding people’s Weibo feed and WeChat Moments with near-identical clips generated by the app. 

Massive amount of users flocking in caused its server to crash constantly. The app’s official account on Weibo announced that it burned through one third of its monthly server resources in just one day. The app uses a strain of technology similar to the notorious Deepfake, which uses machine learning and utilizes massive computing power to apply the face-swap.

Technical difficulties aside, users were more furious towards ZAO when they found out about its user agreement. In the original version of it, the app basically claimed that it owns the right to reuse uploaded images for marketing or other purposes, with no repercussions whatsoever, causing backlash on social networks.

Major state-owned media outlets soon picked up the discussion and reported on the matter. On Wednesday, September 4, China’s Ministry of Industry and Information Technology summoned executives from MOMO, ZAO’s parent and a Nasdaq-listed company, regarding privacy concerns.

As the MIIT is inquiring into Momo, the company pulled ZAO from app stores and claimed that it is conducting internal investigations. 

Section 6.2 of the users agreement stated that the app had “free, irrevocable, permanent, transferable, and relicense-able” rights to all the content users generated. The app not only uses user-uploaded faces in core features, but also to authenticate that users are not uploading pictures of others, especially those of celebrities, likely in order to avoid litigation.

Speaking to Chinese business media 21CBH,  Zhu Wei, associate professor at the China University of Political Science and Law and an expert on communications law, warned that the shear amount of user’s private information ZAO accumulated made it a huge security risk.

In China, where paying with a quick facial recognition is already picking up popularity, “losing one’s face” is no longer a rhetorical concern, but a real, financial risk. Since the app not only owns people’s faces, but also other identifiable data points such as social media account ID, name, phone number and a few others, it would have been extremely easy for bad actors to log onto potential victims’ payment accounts and authenticate purchases.

What’s about the week-long lifespan of ZAO that surprised many people in the tech and internet industry, is that privacy has never been a major thing to worry about for Chinese people. The nation’s close to 1 billion netizens was known for trading privacy for convenience and experience, resulting in the quick growth of a few internet-based services like Alipay and Toutiao.

But not this time, it seems.

Before pulling the app altogether, ZAO deleted the section in question from its user agreement and added a ‘special notice’ that images of users’ faces and videos will only be used to improve the experience of the app on the night of August 31. “All use of user-generated content will strictly abide by relevant laws,” said the notice. 

Zhao Zhanling, a legal researcher at China University of Political Science and Law who specialized in IP cases, said that “Although ZAO deleted the clause, it is still able to acquire users’ portrait rights and their content’s copyright,” adding that it is an unfair agreement and has no legal-binding force.

Meanwhile, people are rushing to app stores to give the app bad reviews after finding out about the privacy fiasco. Aggregated rating on iOS went down to 2 out of 5 as of Sep. 5.

Some also warned that since the app uses popular clips from foreign and domestic movies, TV shows and other social networks, the company might also face a huge fine if the rightful owners of these content launch a class action lawsuit.

WeChat, the dominant instant messaging and social networking app owned by Tencent, had to stop redirecting ZAO links shared within the app, citing numerous reports on the service’s privacy concerns and security risks.