(NEW YORK) — The latest social media trend to be sweeping people’s feeds is sharing virtual avatars generated through the Lensa AI app.
Lensa, which has been around since 2018, lets users upload 10 to 20 photos of their selfies or portraits, and then it creates dozens, even hundreds, of digital images called “Magic Avatars.”
While the pictures could be considered pieces of digital art, those who are worried about personal online privacy have begun raising concerns about data collection.
Cybersecurity expert Andrew Couts is a senior editor of security at Wired and oversees privacy policy, national security and surveillance coverage. He told ABC News’ Good Morning America that it’s almost “impossible” to know what happens to a user’s photos after they are uploaded onto the app.
“It’s impossible to know, without a full audit of the company’s back-end systems, to know how safe or unsafe your pictures may be,” Couts said. “The company does claim to ‘delete’ face data after 24 hours and they seem to have good policies in place for their privacy and security practices.”
According to Lensa’s privacy policy, the uploaded photos are automatically deleted after the AI avatars are generated, and the face data on other parts of the app is automatically deleted within 24 hours after being processed by Lensa.
Prisma Labs, Inc., the developer of Lensa AI, told ABC News in a statement that images users upload are used “solely for the purpose of creating their very own avatars.”
“Users’ images are being leveraged solely for the purpose of creating their very own avatars. The system creates a personalized version of the model for every single user and models never intersect with each other. Both users’ photos and their models are deleted within 24 hrs after the process of creating avatars is complete,” the company said in a statement. “In very simple terms, there is no[t] a ‘one-size-fits-all collective neural network’ trained to reproduce any face, based on aggregated learnings.”
“We are updating our Terms & Conditions to make these more clear to everyone. The much-discussed permission to use the content for development and improving Prisma’s work and its products refers to the users’ consent for us to train the copy of the model on the 10-20 pictures each particular user has uploaded,” the statement continued. “Without this clause, we would have no right to perform this training for each subsequent generation. We are fully GDPR and CCAP compliant. We store the bare minimum of data to enable our services. To reiterate, the user’s photos are deleted from our servers as soon as the avatars are generated. The servers are located in the U.S.”
Couts added that he isn’t too worried about the photos because most of us already have our faces on social media. He said his main concern is data collection that can be potentially lifted from users’ phones.
“The main thing I would be concerned about is the behavioral analytics that they’re collecting,” Couts said. “If I were going to use the app, I would make sure to turn on as restrictive privacy settings as possible.”
He said his advice, no matter what apps are downloaded, is to tighten up personal security through the phone’s settings.
“You can change your privacy settings on your phone to make sure that the app isn’t collecting as much data as it seems to be able to,” he said. “And you can make sure that you’re not sharing images that contain anything more private than just your face.”
Copyright © 2022, ABC Audio. All rights reserved.