本期 Business 板块这篇题为《Chinese netizens get privacy-conscious》文章报道了最近在中国爆红的一款换脸软件 ZAO (逢脸造戏) 因为侵犯用户隐私引发的争议。
ZAO 最初的隐私条款中规定公司拥有在“全球范围内完全免费、不可撤销、永久、可转授权和可再许可的权利，包括但不限于可以对用户内容进行全部或部分的修改与编辑。”这些条款被细致的网友曝光后，ZAO 在网络上受到了人们的强烈批评，在苹果商店的评分只有 2.2 分 (满分五分)。此外微信也以“安全风险”为由屏蔽了 ZAO 的分享链接。
长久以来，中国网民的大量精确个人信息被国内 APP 厂商大量收集。上个月由一家中国网络安全智库发布的报告称，下载量最多的 1,000 款 APP 中，平均每款 APP 向用户收集 20 种数据，包括通话记录和视频权限。ZAO 之所以让人们的格外紧张，是因为它是一种新的 "deepfake" (注一)，它使用 AI 技术将已有的图像和影片叠加至目标图像或影片上，比如在一段短视频中把自己的脸换成明星的脸。
人脸认证技术在中国正在被广泛使用，如超市、门禁、火车站甚至是刷脸取钱。9 月 1 日，支付宝站出来向公众解释像 ZAO 这样的换脸软件“无法突破刷脸支付这样的金融级安全防护”。政府也在 9 月 4 日约谈了开发 ZAO 换脸软件的“陌陌”公司，要求其自查整改。
注一: Deepfake，是英文 “deep learning”（深度学习）和 “fake”（伪造）的混成词，专指用基于人工智能的人体图像合成技术。此技术可将已有的图像和影片叠加至目标图像或影片上。
Deepfake 亦可用来制作虚假的名人性爱影片和报复性色情媒体。带色情成份的 Deepfake 作品于 2017 年间在互联网上流出，特别是在 Reddit 上。这些 Deepfake 作品现已被 Reddit、Twitter 和 Pornhub 等网站禁止发布。Deepfake 也可以用以制造假新闻及恶意恶作剧。
Chinese netizens get privacy-conscious
Chinese netizens get privacy-conscious
A backlash against a popular app’s data-grubbing terms of service is the latest example of growing concerns about misuse of personal information
On the night of August 30th, soon after zao—an app whose name means “to make”—was launched, it proved so wildly popular that its servers crashed repeatedly. Almost as rapidly, a sudden backlash from its many fans nearly unmade it. Technology-news outlets and meticulous netizens who had combed through the terms of its user agreement found that by signing up, users had granted zao “completely free”, “irrevocable” and “perpetual” rights to all content they uploaded to its platform.
Furious comments flooded Apple’s app store in China, where zao is now rated a measly two stars out of five. (This did not stop it from becoming China’s most-downloaded free app in the store.) WeChat, a dominant Chinese app—always eager to stick it to a potential rival—blocked zao links from being shared on its messaging service citing “security risks”. zao swiftly removed the offending clause. On September 3rd it apologised to users and pledged to protect their personal data “in every possible way”.
China’s freewheeling internet users hand plenty of precious information over to the country’s data-grubbing apps. A report published last month by a Chinese cyber-security think-tank found that 1,000 of the country’s most-downloaded mobile applications hoover up an average of 20 types of data from each user. These often include call logs and videos of no obvious relevance to the apps themselves. And the notion of digital privacy seems almost quaint in the face of the vast data-gathering apparatus of an authoritarian state that regards public consent as optional at best.
So why did zao hit a nerve? One reason is that it appears to belong to a new crop of apps that generate “deepfakes”, computational creations that use artificial intelligence to doctor video footage. One form involves pasting a face onto someone else’s body—in zao’s tantalising offering, your kisser can be stitched onto the svelte silhouette of an actor or actress in a hit film or television drama.
Until recently such fakery had required hundreds of images to conjure a convincing clip. But deepfake technology has rapidly improved. zao’s winning claim is that, as its slogan promises, it takes “just one photo for you to star in all the world’s shows”. But for the best result, zao requires precise facial mapping, which users can feed into the app by following prompts to blink and move their mouths about.
When zao’s grasping terms of service came to light, many users were alarmed at the idea of these biometric data being misused. Facial verification is being widely tested in China: to pay in supermarkets, glide through the gates at railway stations and even withdraw cash. On September 1st Alipay, a big payment app, assured users that “images created through face-swapping apps, no matter how realistic, cannot trick our system”. The government, too, has taken note. On September 4th it summoned Momo, a Chinese dating-app giant with ties to zao, to explain itself and launched an inquiry into the company’s data-safety issues”.
The state’s reaction continues its clampdown that began in January on non-consensual harvesting of personal information (by private firms, that is). Citizens are increasingly anxious about online fraud. More than four-fifths of respondents to a survey last year by the China Consumers’ Association said they had suffered from data theft. In an unusual case in May, a man from Jiangxi province sued Tencent, the internet giant behind WeChat, for sharing his personal data across its many services without his approval. The court ruled in the plaintiff’s favour—and ordered Tencent to stop the practice.■
This article appeared in the Business section of the print edition under the headline "About face"