OPINION: That Cute Cartoon Avatar Might Cost You More Than You Think. Here’s What You Need to Know About AI Face Filters.

The use of Artificial Intelligence (AI) has quietly woven itself into the fabric of our daily lives, from the routes we drive to the playlists we hear, from the emails it finishes for us to the faces it transforms into art.

And perhaps nowhere is this more visible, or more viral, than in the rise of face-to-cartoon tools that invite us to turn our selfies into sketches, paintings, and characters with a single click. 

I spent the last week reading the terms of service, privacy policies, and data retention clauses behind the most popular "face-to-cartoon" tools. What I found shifted how I see every single one of those viral avatars.

Every time we upload a clear, forward-facing photo to a free online filter, we are feeding something precious into a black box: our biometric identity. Unlike a password, you cannot change your face when it leaks. Unlike a credit card, you cannot cancel it and request a new one.

Let’s be fair; the tech is impressive. However, these tools use Generative Adversarial Networks (GANs) or diffusion models to map your facial features onto a stylised template. The most important thing is to know what this technology does.

When you upload a selfie and get back a cartoon version of your face, something behind the scenes must learn what a face is, what a cartoon is, and how to bridge the two. That "something" is either a GAN or a Diffusion Model.

GAN has two components: the Generator and the discriminator. They train together, competing against each other, until the generator is producing results that look authentic.

Instead of competing (as in GANs), diffusion models learn by destroying data and then learning to rebuild it.

Both require training on massive datasets. If your photo is used to train either model, or you haven't explicitly consented, your face becomes part of the machine. The model doesn't store your photo like a JPEG; it internalises your features into statistical patterns. You cannot ask it to "forget" you.

The majority of these free apps require you to grant them a "perpetual, irrevocable, worldwide license" to use your photos (A common misconception among mobile users is that simply installing an app comes without risk.

In reality, installation means you've consented to their terms of service, which often includes permissions to access your data.). This isn't just care mongering (The act of spreading kindness, help, and community support, usually through social media); it’s in the terms of service. I would like us to understand that in this case, you aren’t the customer; you are the training data.

A clear, front-facing selfie is gold dust for identity thieves. Even if the output is a cartoon, the input (your high-resolution photo) is stored somewhere. In an era of AI-generated deepfakes, securing your biometric data is just as important as securing your password and your credit card PIN. Hence, by signing up for these apps, you are giving them access to your biometric data, which they can use forever.

Unlike General Data Protection Regulation-compliant enterprise software, many of these novelty apps make it nearly impossible to permanently delete your data once it's uploaded.

I am not sharing this to make users of these apps abandon the fun completely, NO. But you should practice Digital Hygiene. Meaning you have to opt for On-Device Processing; by that, I mean look for apps that clearly state in their terms and conditions that processing happens locally on your phone. If the app works in Airplane Mode, that is a green flag. If you must use a web tool, slightly edit your photo first.

Crop it, lower the resolution, or add a filter. Don’t feed the algorithm the same pristine photo you use for your passport or your banking identification facial recognition selfie.

As a user, you need to ask yourself: Are you comfortable with this exact photo existing on a server in another country forever? If the answer is no, don’t upload it. Before tapping "Accept," scroll to the section labelled "User Content" or "License." If they claim ownership over modifying or distributing your face, walk away. Because when you share your facial selfies, you are not just sharing a JPEG; you are sharing a mathematical representation of your face (embeddings). Attackers can perform Model Inversion Attacks. Even if the app only stores the AI-generated "embedding" (the numeric faceprint) and deletes the photo, hackers can reverse that embedding to reconstruct a high-fidelity, realistic image of your face that they never had before 

The Bigger Picture is that we are currently living in the "Wild West" era of AI. Regulations and guidelines are coming, but they aren’t here yet. As a community and professionals, we need to shift our mindset. We wouldn't hand a stranger a physical key to our house. We need to stop handing AI startups the keys to our faces. As I have indicated above, unlike a password and a credit card, you cannot change your face when it leaks.

Dr. Munienge Mbodila  is a Manager of Student Tracking and Institutional Research (IRP), Senior Lecturer in Networks and IT Support, member of the ACM Task Force on Ethical and Societal Impacts of GenAI in Higher Computing Education, and an Executive Committee member of SAAIR.