The Popular Software That May Put Your Pictures In The Hands Of Third Parties

By Jennifer Hollohan | Published

virtual try-on software chinese cameras zlibrary cyberattack airports meta malware apple privacy internet browser

Consumers have turned to online shopping for years. However, the pandemic sent the world of online retailers into overdrive and created a need for things like a virtual dressing room. That’s why the news of something called virtual try-on software was so welcome by retailers.

Virtual try-on software lets you do just that, see how things like sunglasses and clothing look on you. With this innovative program, you no longer have to drive to a store and spend time in a dressing room. Now, you can simply upload a photo of yourself and impose images of clothing and accessories over your virtual image. 

This software has gotten adopted by many retailers so far, including Walmart. However, the retail giant does not call its program virtual try-on software. Instead, you will see it listed under a Be Your Own Model feature.

And approximately twelve online retailers use a software program called Fittingbox, including Gunnar Optical. It is a virtual try-on software that prides itself on its privacy policy. “FITTINGBOX does not store, collect, disclose or process your image, or any biometric information in connection with your image.”

“FITTINGBOX will not sell, distribute, lease or otherwise disclose or store your personal data or your image,” the policy continues. However, it turns out that this is not the case. Consumer Affairs researchers decided to try out the virtual try-on software on the Gunnar Optical website.

What they found may come as shocking news. Its team noticed that data was getting sent to external servers. “When they used an image decoder to see what the image was, they discovered that it was a picture of one of the researcher’s face.”

So, despite Fittingbox’s claim of user data protection and privacy, it does the opposite. User images and data are getting sent to outside servers for an unknown purpose. Fittingbox did not respond to Consumer Affairs’ request for an explanation. 

However, the more concerning factor is that although the company is violating its own privacy policy, it is not violating any laws. Since biometric data privacy issues have only recently made their way onto anyone’s radar, there are few consumer protections. Currently, Illinois has the toughest law on the books

It recently passed the Biometric Information Privacy Act (BIPA). However, even this act does not have clear parameters in place. So at the moment, consumers are largely on their own.

There is not much hackers can do with your biometric images if they get ahold of them. But that may change thanks to rapidly advancing technology. The chief operating officer at the Identity Theft Resource Center, James Lee, spoke with Consumer Affairs about the potential risks.

Lee said, “…the stolen image would have to match the biometric parameters of a control image, such as a passport or driver’s license photo on file.” But that does not change the fact that virtual try-on software stores and possibly shares your image. And if hackers breach those systems, your biometric data will end up in a database somewhere. 

That may ultimately prove to be bad news. So privacy experts caution users about sharing their biometric data. And that caution includes private and government institutions alike.