Slashdot Mirror
Mining EXIF Data From Camera Phones
emeitner notes that folks at the Internet Storm Center wrote scripts that harvested 15,291 images from Twitpic and analyzed the EXIF information. This reader adds, "While mining EXIF data from images is nothing new, how many people would allow this data to leave their cell phone if they knew what it contained? The source code for the scripts is also available from the article." "399 images included the location of the camera at the time the image was taken, and 102 images included the name of the photographer. ... The iPhone is including the most EXIF information among the images we found. ... It not only includes the phone's location, but also accelerometer data showing if the phone was moved at the time the picture was taken and the readout from the [built-]in compass showing in which direction the phone was pointed at the time."
Someday soon a politician will post what appears to be a benign photo with an embarrassing long/lat location.
Photosynth would probably find the information to be extremely useful. Unfortunately, the iPhone camera isn't terribly great (for now), but I can see some of the exif tags coming to more "consumer" cameras (Point and shoot). Almost every online photo service and social networking site could use this information in many ways, such as automatic correlation of pictures and events, concerts, etc.
x86, oh yes, I'm pro.
How hard is it to extract this data, Do you need a special tool or can i see it all in photoshop
I can't be bothered to set the clock on my camera, let alone enter personal data.
Wasn't there a demo during the release of the iPhone 3GS keynote that showed the use of this metadata with a bunch of GPS-aware cameras, including the iPhone and the new version of iPhoto that uses this data to create clickable maps with pushpins for each photo you have taken?
I suppose some people could think it was "magic", since embedded data in an image isn't something that is immediately obvious to a normal user. Perhaps if it was called "Virtual Writing on the back of your Photos".
Now someone will be able to track down the location of my precious kitty cat, Scruffles.
I must never take pictures of him again. /sarcasm
"I don't have to think. I only have to do it. The results are always perfect, but that's old news." - Meat Puppets
I wonder how many grow ops have been busted by the cops looking through twitpics/myspace photos metadata.
No picture leaves this computer before it has been subjected to "jhead -purejpg". Something else to look out for: Image data beyond the edge of the image after lossless resizing and orphaned preview images embedded in the JPG, showing the full uncropped picture. The latter is dealt with by the "jhead -purejpg" command, the former isn't.
Maybe I need another layer on my tinfoil hat, but after reading the summary (and only the summary, obviously) all I can say is, "So what?"
After all, it's not like the pictures somehow snuck onto the interwebs without the users knowledge, the photographs actively put them there. Beyond that, I really don't care if someone knows my name, and where I was standing when I took a picture. In fact knowing where pictures were taken can lead to some really cool mashups of tourist photos and such.
Wake me when exif data routinely contains my passwords, social security number, and credit card number.
Sheldon
There are zillions of images posted on public domain by millions...why should I care if you got to know that "I" took this picture in Tunisia and the camera was pointed to some blasted direction at some freaking angle...
That looks more like a quiche...
Yes - iPhoto features "Places", which tags them in a similar manner to what the article has done. As some have noted, the GPS data can be way wrong on an iPhone. Unlike the 5 blocks some have seen, in more rural states I've seen it be off by more than 20 miles (another city away).
Especially when it means 800815. I'm looking at you, Cat Schwartz!
This is why I shoot film on an old manual camera.
EXIFs can also contain thumbnails that can sometimes reveal more than needed after for example cropping the original.
http://no.spam.ee/~tonu/exif/
It not only includes the phone's location, but also accelerometer data showing if the phone was moved at the time the picture was taken and the readout from the [built-]in compass showing in which direction the phone was pointed at the time.
Not only that, the file exposes an image from the phone's camera. Won't someone think of the children!
Facebook is the new AOL
I suppose some people could think it was "magic", since embedded data in an image isn't something that is immediately obvious to a normal user.
Try saying "metadata" to the average computer user. It's like watching a BSOD on someone's face; And that's exactly the problem here -- devices shipping with privacy-compromising features enabled by default. Joe Average doesn't even know it's possible, let alone that his iPhone is serrepticiously leaking a bunch of personal information everytime he posts a photo he snapped with it to some internet site. I can see it now -- "Hey, check out this cute girl's panties I snapped in class..." Oops. Oh, the bitter irony to be had there -- you're busted violating someone else's privacy because you didn't know your own was being violated by your cell phone. Brilliant.
#fuckbeta #iamslashdot #dicemustdie
That's a time thing I think - when I fire up the map app on the phone it often takes a little while to update and settle on a GPS fix, probably because the GPS isn't powered on all the time for battery life, and it can take upto 30 seconds to register a satellite (due to the nature of the GPS signal itself), so if you just pop open the photo app and take a shot quickly you might get wildly inaccurate data.
The location data can be very wrong. If you don't have an adequate line of sight to the sky the phone will use cell towers to triangulate. If you can't see enough of them, it will use a wifi database to guess. If you've got a crappy (or no) cell connection but a clear view of the sky it might take a considerable amount of time for the GPS to lock on.
... of stripping the EXIF metadata. Just saying.
right...
You have to go out of your way to include location in your pic. You need to be outdoors with most phones to get a clean GPS signal and have the GPS on the phone switched on and the camera set to include GPS data. GPS is still an advanced (and desired!) feature on non-mobile phone cameras that people pay extra money for. It's just that many phones now happen to include both a camera and a GPS so giving the user the option to record the two makes sense. On a decent camera, in all but the top of the line SLRs you still have to get additional hardware to do it.
Pretending this is some sort of major security iisk is asinine.
These posts express my own personal views, not those of my employer
Personally, I enabled the GPS tagging on my phone on purpose. Normally it's off, and the only other interesting thing in the exif tags are the model of the phone. I enjoy having a GPS tag on each pic in case I want to go back and look at exactly where I was when it was taken. I did remember to turn it off before taking a picture of the secret location I buried my treasure of gold doubloons, so I think it should be safe.
Long story short, what could possibly go wrong? I could see how an Iphone user (if this stuff is turned on by default) would be caught off guard by all the extra info in the tag. However, unless you are really oversharing everything else, like "look at this sweet pic of my new 50" tv... too bad I will be on vacation for two weeks starting tomorrow and wont be able to watch it... hope no one realizes the spare key is under the door mat... And my social security card is in the cookie jar next to my birth certificate..." Would an Iphone user really be *that* stupid? Wait, no, don't answer that.
I never publish photos with any EXIF.
There are tons of utilities out there to remove it, I use this: http://www.sentex.net/~mwandel/jhead/
I still have to silence the cell phone camera. It is annoying.
Amazing honesty.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Someone posted a picture of their girlfriend's rear end with a sharpie sticking out of it to a popular anonymous image-sharing web board.
Unfortunately, the image contained EXIF data, including latitude and longitude. It was quick work to come up with a name and address and all sorts of other information...
Good times.
I've actually found it kind of annoying that Facebook strips exif data. I've wanted to pull it out of some of the pics of friends' iPhone photos and creep them out by knowing where they were when they took them. :)
FBI Agent A: Dammit guys, they found out about the EXIF stuff. Now what are we going to do to get data from these pictures?
FBI Agent B: Let's just Photoshop in some crack like we used to.
FBI Agent A: Promote that man!
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
399 images included the location of the camera at the time the image was taken, and 102 images included the name of the photographer. ...
Or, to summarize from the other point of view...
"97.4% of images did not include the location of the camera at the time the image was taken, and 99.3% of images did not include the name of the photographer. ... "
Sorry for being off-topic here, but I was wondering if anybody knows a good OSS EXIF editing library/software.
I tried libexif, but it seems to be rather limited in functionality (you can't add in new comments) and other libraries seem to be read only. It would be really useful to be able to easily edit the EXIF data like location, name of photographer, etc.
The GPS is constant, my phone is always 2+ blocks off
how much I paid for the features, it damn well better be in there.
The real issue at hand is that neither the camera or management software have a system to remove/obfiscate that data and some apparently deliberately hide it from you.
Platform advocacy is like choosing a favorite severely developmentally disabled child.
There's a privacy concern about the digital compass metadata telling someone else what direction you were facing...when they're looking at the picture? Can't you just look at the picture and figure out what direction the photographer was facing?
Rule 1 when doing something stupid and / or illegal:
Know your tech. Remember - stupid criminals get caught.
Faster! Faster! Faster would be better!
I'd say it's more likely that your maps are off then
Really though, most people will benifit from these tags, I think the cameras recording them is great.
However I think websites should strip this content when uploaded, or at least offer some kind of warning to users that the content exists (reading exif data is simple, it could easily show them what is in the photo and ask them what they'd like to do..)
Facebook strips the EXIF data...
and then saves the photo with a filename that includes the Facebook user ID of the person who uploaded it.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
When I upload to the service, it has an option to include any media which well then include any pictures I took with the phone while using the sports tracker (cycling in my case usually). To get it to pick up the photos though, I do have to be running the GPS tagger app in the background (so I can keep my pictures untagged by not actively running the app)
Bottles.
The EXIF data in the moon photographs will surely prove that the moon landings were faked.
... The title pretty much sums it up. Big Brother was made "cool" and the public welcomed it with open arms.
Fifty watts per channel, baby cakes.
Given the choice of convenience/cool features or privacy/security, users* will ALWAYS pick convenience/features. 100% of the time. To them, it's not "leaking a bunch of personal information", but enabling that "oh cool, it knows I took these pictures down by the waterfront and stuck them on the map for me" stuff.
* Normal users. Us paranoid slashdotters (and, in general, people that actually understand the necessity and implications of privacy and security) need not apply to that stat.
How are sites slashdotted when nobody reads TFAs?
Perl-its can use the excellent "Image::EXIF" on CPAN. I'd love to find an equivalent library for Java. Anyone know of one?
Just noticed that my new point and shoot includes its own serial number in there, which I kinda liked at first, since it might help me locate it should it end up in someone else's hands without my consent!
Though it does make all my snapshots totally traceable.
Someone should make a software that removes EXIF metadata. That strips it from an image.
$ stripexif img_5643.jpg
You mean to tell me that a photograph of something is capable telling me where that thing is?!
I sure hope that if I take a picture of the Empire State Building no one would be able to determine where I was where I took it.....
"If it ain't broke, it doesn't have enough features yet"
How good is the accelerometer and digital compass? Is it good enough to be able to do some blur / shake reduction of the image? Or how about improved panorama auto-stitching? This could actually be interesting... Maybe I need to break down and get an iphone, or wait for a camera enabled ipod.
This one went around recently:
http://www.buzzfeed.com/akdobbins/someones-doing-coke-at-the-white-house
I think the consensus was it was probably faked (which is a useful point about metadata in itself!). But it shows the kind of problems that metadata could cause.
i just bought an iphone 3gs yesterday... the location metadata was not enabled by default as you claim.
in fact every time the phone wants to attach the data it prompts the user.
The iPhone actually uses Google Maps, FYI. 3rd Party GPS applications come with their own maps, however.
I've been looking at EXIF data in photos for years. It can work in to prove people are lying or at least maybe not being completely truthful with a specific forum post. Like someone claims they just took a photo of an accident scene or some a product and the EXIF data has references to a completely different person or a date a few years ago etc... I use a viewer app in Windows called XNView to modify or sanitize my pictures EXIF data in batches before I upload to places like photobucket or Google. Irvanview does it as well but I like XNView better.
If you want to view EXIF data, Windows can see it be default with properties as can the default Gnome viewer "EYE of Gnome".
Just 'cause you're paranoid doesn't mean that somebody isn't out to get you. :o]
What digital cameras (not .*phones) add exif location metadata information to the pictures?
I have a simple Canon PowerShot SX100IS.
errera hunamum ets
If metadata is such a concern, one simple command with ExifTool http://www.sno.phy.queensu.ca/~phil/exiftool/ can recursively delete all exif info in your whole image collection. And no, I will not post it can be just as destructive as rm -rf /
One of my uncles used to work in IT in the 80's. He actually disabled Autorun on his first Windows PC.
I agree that privacy/security concerned users are few and far between.
If you want your iPhone location metadata to be correct, use the Map application to get a precise GPS lock. The location manager will cache that information and provide it any other application that is looking for location information. There is a caveat that you need to use other applications (such as the camera) within a certain time frame and distance moved.
Some particularly non-techie types that enjoy taking and sharing pictures of under-18 folks have been known to save and distribute such pictures with EXIF data. Sometimes including GPS information or camera serial number data.
The camera serial number is useful if the owner registers the camera with the manufacturer. The serial number can be used to look up the registration.
The GPS information is of pretty obvious value, assuming the pictures are taken at home. Put that information into a GPS device and it will guide you right there.
Either way, the result is a visit from Officer Friendly and the charge is distributing child porn.
So what you're saying is basically that, although it does make all your snapshots totally traceable, at least it does make all your snapshots totally traceable?
Hmm. Good point. I think.
And I'm certain they take care to toss all that metadata. Or not.
A properly written app will be able to do this too. The way CoreLocation is set up, you register to receive position updates from it, then it sends them to you asynchronously. The first one may not be particularly accurate. The second is usually more so, and so on.
You see that graphically on the maps app when it shows a big blue circle, then a smaller one, then a pin. Some other apps show the position accuracy estimate as it gets refined. A lot of them just grab the first message from CoreLocation and call it a day though.
I don't think warnings are the way to go. In many cases of typical user warnings look scary; the website is scary. Better to use one without scary things...
One that hath name thou can not otter
Nokia is almost nonexistant in the US also because many years ago they refused the demand of US carriers to totally castrate their phones.
Besides, Nokia Sports Tracker...isn't a part of Nokia for some time now.
One that hath name thou can not otter
Why this is not obvious to you is a mystery that shall remind unsolved.
It is exactly the same.
The people that could use this data for nefarious purposes need only the remaining 2% or 3% of pictures with additional metadata.
Your point is well taken, but software, sites and processes that make data public should know about issues like this in order to ensure they check privacy of their users and clients.
...how does hiding in the shadows help any of this. Doesn't anyone believe in standing up and being counted for their beliefs? Especially when those beliefs are rationality and reality? What, do we just let those who insist on living in a fantasy world win? If so, then all is lost anyway.
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
Even today, I posted my EXIF rant on /.
I didn't know about some of those things - like photographer name and compass direction. I was thinking geotagging on GPS phones. So you upload your pics to Flickr or a photo storage site for phones, cops get a warrant to search the server which, of course, doesn't use per-user crypto. The cops run a simple off the shelf harvest tool to identify faces...
Now they know everyone who has been on anyone's photo on the server, where they were, at what times, with who, who their friends' friends are, where they habitually go, times and places of people who happened to be caught in the pics accidentally, etc.