WeChat blocks deepfake app Zao amid data collection concerns

2 min read
Zao on Apple’s China App Store. (Image Credit: TechNode)

WeChat opted on Monday to block content shared from Zao, the new deepfake app that lets users swap their faces with celebrities in movie and TV clips, amid an online backlash over possible excessive data collection.

Why it matters: As data breaches become more prevalent in China, mobile internet users are becoming increasingly wary of possible privacy protection issues when using apps.

Details: Zao, developed by a majority-owned unit of dating platform Momo, stormed to the top of free mobile app rankings after its August 31 release. On Monday, Tencent’s WeChat blocked links shared from Zao citing security risks after many users reported the app.

  • Zao is similar in functionality to open-source deepfake face-swapping technology but requires only one headshot to create content.
  • The app quickly went viral. Its servers hit maximum capacity on the launch date and new users were asked to try the service at a later date.
  • The platform requires users to complete facial verification, which involves opening their mouths or lifting their heads on camera, if they want to share content.
  • The user agreement allowed Zao “completely free, irrevocable, perpetual, transferrable, and re-licensable rights” to edit and distribute content uploaded and created on the platform, as well as full copyright and ownership.
  • Following widespread user backlash, the clause was removed from the user agreement on Sunday.
  • The agreement seeks to distance Zao from potential copyright infringements related to movie and video clips, stating that users need to acquire authorization from copyright holders themselves before using the content.
  • Zao’s facial data collection also raised questions about whether the security of mobile payment platforms could be compromised in a leak. Alipay clarified on Weibo that it is impossible for face-swapping tools to deceive its payment apps regardless of their level of sophistication.
  • “Even if in the extremely rare case that an account is stolen, insurance companies will cover lost funds in full,” the company said.

Context: Momo’s lax protection of user privacy came under fire last December when a Weibo user spotted a package for sale on the dark web containing the phone numbers and account passwords of 30 million Momo users.

  • The set was priced at RMB 200 (around $30) and contained data collected three years ago, according to the listing.
  • In a statement to TechNode at the time, Momo said that it was impossible to log in with the leaked data because attempts via different devices would trigger text message verification.

This story was updated to include revisions to Zao’s user agreement.