Is interesting how academia can get away with fraud. Knowingly impersonating someone is fraud, irrelevant if the purpose is monetary or not. As robots have no rights, and a robot impersonating a human is as much of a fraud like a man impersonating a woman. Why then isn't a law that requires an algorithm to identify itself as an algorithm? Why is coming from Academia a free pass to commit fraud without repercusion?
I know that SpyBook, aka Facebook can be abused. I closed my account years ago when they started to ask in my personal email information about other people. My information is my own, and I can share it freely, but they can go to hell if they expect me to give someone else information. Then it hit me that they must be doing the same with everyone else.
As for "consent" for a picture to be shown. Let me put it this way, they can change the flag any time in their database. Even if they do it on purpose, you would have no recourse in court. They can always say that it didn't have the flag. They can even attribute a computer glitch. And if everything fails they can always appeal to their end user agreement. So bottom line, do not post your pictures with them. When you are not the client (aka the one paying) is safe to assume that you are the product.