Slashdot Mirror
The Hidden Security Risk of Geotags
pickens writes "The NY Times reports that security experts and privacy advocates have begun warning consumers about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. By looking at geotags of uploaded photos, 'you can easily find out where people live, what kind of things they have in their house and also when they are going to be away,' says one security expert. Because the location data is not visible to the casual viewer, the concern is that many people may not realize it is there; and they could be compromising their privacy, if not their safety, when they post geotagged media online."
This is why upload services should simply just strip out the un-needed info of the pictures. The original pictures still have the sometimes useful geolocation data, but your Facebook pictures won't.
Taxation is legalized theft, no more, no less.
I currently have a small project going to make a program in java that removes (and maybe later, spoofs) the tags in jpegs so they can be posted safely. I'll let your guys know if/when I finish it.
Even if I create a pdf now, I have to wonder what sort of hidden meta data crap it contains.
Can anyone recommend a good program for Windows and Linux that can strip out EXIF information and leave just the JPEG data?
And the GPS really, really sucks on most blackberries.
No GPS = no geotag
And since it's a blackberry, your company can turn off geotagging entirely from their blackberry enterprise server.
OMG, letters have post marks and tell what town the sender lives in!
OMG, caller ID gives my phone number to people that I call!
OMG, the Registry of Deeds lists my address and how much I paid for the house!
OMG, the phone book list my name, phone number and address!
We've been dealing with stuff like this for decades, right? I think the danger is more about the contents of your tweets ("I am on vacation") than the metadata ("I live here"). I can probably find your address if I wanted, even without Flickr metadata.
Of course, metadata can lie as well. Maybe I want to say, "I have a big coin collection" in Twitter and put photos of it all over the place on the web, but with false geotag data to make it look like it came from someone else's home. Because of that risk, even those who do not use Twitter, or the iPhone or Flickr are also at risk. Gee. maybe we should just lock our doors at night.
http://www.sentex.net/~mwandel/jhead is a nice Exif Jpeg camera setting parser and thumbnail remover. Try it and get scared. Geotags are new, but the problem has been there for years. The "hidden" parts of images give away camera model, camera time, camera serial number and that is just the tip of the iceberg. Always open and save images in some editor such as GIMP before uploading them to the Internet(s). This is a good idea anwyay as viewers will generally be more happy if you crop the picture, perhaps adjust the color balance etc.
9/11: Never forget it was a false-flag operation
Photos tagged with the location in which the picture was taken can give away information about the location in which the picture was taken. Who would have thought?
Until I can run any sort of outside photo against a database of photos and find its location. Indoor photos are trickier, but even a view out of a window may be enough to find the location.
Help, they can see me going into my house!
They will know where i live..
WHERE IS MY TIN FOIL HAT?!?!
You can use the "-strip" command-line option with ImageMagick's "convert" utility to strip out all the metadata from an image prior to uploading it.
The Lumber Cartel, local 42 (Canadian branch)
British Columbia, Canada
Burglary tends to be an opportunist crime. The criminal only has to walk round a wealthy area to know that most people in the houses have a large amount of valuable equipment in their houses. People should be aware of posting when they are not going to be at home but photos with geotags only convey historical data "This person was abroad on this date" and does not give away times in the future when they are going to be away.
Don't post media on unprotected pages. No big loss behind this step. Friends and family can handle a simple user/password combination - we've been doing this for years. Trust me, the rest of the world doesn't really want to see your pictures of the kids at their friend Joey's birthday party.
OP states "By looking at geotags of uploaded photos, 'you can easily find out where people live, what kind of things they have in their house and also when they are going to be away,'..." How can uploaded photos tell someone when I am going to be away? Can pictures now show us what we'll be seeing and where at some point in time in the future? Neat... So, what setting do I use for my DSLR to get it to show me where I'll be going and when I'll be away? I want to see what's ahead of me.... Maybe it can show that I am currently away but how can it show when I'm going to be... anything? Oh, now I get it... I should take a picture of my airline tickets or hotel booking and post those on line... Yeah, that's how they'll know....
Presumptively a 'safe' geotag is one that the user has control of.
The user should have options (A) No geotag [the default], (B) Fuzzy geotag that may reveal what city or state they are in, but not their actual location, (C) Hi-Res Geotags
Their phone should ask them how detailed the Geotag should be before they take pictures.
Their graphics software / picture sharing websites should ask what to do with Geotags before uploading.
e.g. (A) Hide/remove all geotags, (B) Only let friends see GeoTag information, (C) Make all Geotags fuzzy
With the default being A.
I think the core thing that needs to be solved in general is that of "invisible data". Most software makes it not exactly easy to see what exactly is stored in a file, instead it just provides you a stripped down view with most of the metadata hidden. This doesn't just happen with image files, but also Word documents, PDFs and plenty of other things.
Still, it is a pain to have to do & think about. Gimp has an exif option, I have not used it.
This is why upload services should simply just strip out the un-needed info of the pictures.
Why is it up to the upload service? Right now people have 100% control over their information and can strip whatever data they like. You might argue the upload service could provide a tool to help them do it more easily by setting preferences (which they could alter on a per upload basis). However I don't want a provider determining what information I can or can't attach to the photos. What if I'm actually trying to put together a map with photos attached. For instance I went to a lot of trouble to combine information from camera and GPS into geotags for my 2007 Honeymoon. The information a thief might gleam from this is to say the least minimal as it was a one off and I wouldn't appreciate my work being undone.
These posts express my own personal views, not those of my employer
It's worth pointing out that not all services are ignorant to this issue. I use flickr and upload geotag information for every picture I take, but, nobody can see it unless they are someone I've accepted as a contact. You can ratchet things up a bit further and use their added friend and family classes for even more restriction. You can also reveal the data on a photo by photo basis if you don't mind it being seen (or actually want it available, like a photoshoot of interesting things in a public place.)
I'm sure other similar photo sharing sites have similar permissions capabilities. I suppose the most likely risk areas are the twitpics and yfrog type upload it and forget it sites.
I read the script, and I think it would help my character's motivation if he was on fire. -Bender
Potential security issues aside, geotags have always concerned me with the potential for unintended consequences. As someone with a passion for both native orchids and other rare life forms, along with history, I'm always concerned how an innocent snapshot by someone using geotagging might provide detailed location data to a poacher or pothunter. I've already seen a few plant populations decimated by a mere Flickr post, and I know I've seen geotags for the same species at other locations. I think it is a feature that should be disabled by default and used only with caution.
This is pretty obvious. Without even going into detail, once you know what "geotags" are, the first thing that comes to mind is "oh crap. this could be a big problem."
I actually mean that literally. We go on and on about various privacy risks and on and on about how stupid "average people are" when there are some obvious patterns of behavior outside of computing/networking that shed some real light on where the problems originate.
People simply don't understand the world they live in. They don't understand their cars, their food (c'mon diet coke? really? that nutrasweet that slows your metabolism?) or just about anything? They might think they know some things but not really understand them and nor do they really care to. The people get "flu shots" every year not knowing what strains of influenza are actually being covered by this year's flu-shot-du-jour... they just expect "the experts" to know and to do what they are told.
So who are these experts that the masses follow? Whoever claims to be. The dairy council, for example (you know, the guys who make their living selling dairy products?) tell us every year to drink even more milk than last year. And Microsoft, the company who helped to make "computer virus" a household word and cares more about selling the same thing over and over again instead of redesigning an OS that is both easy and secure. And a lot more. The people who have the most to gain by people being stupid are the "experts." And of course, questioning is something that is beaten out of us by the time we get through the first years of public school so there's no chance of a renaissance happening any time soon... at least not without a dark ages preceding it.
The problem is much, much larger than just being aware of meta-data in a picture. And yes, I agree with some here who suggest that "these online services should really have our backs" on this sort of thing, but it's not really in their interests to do so... so why would they?
...if not their safety, when they post online.
So don't do it. Someone may find out that you exist.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
For those who have forgotten, Google is trying to do location based analysis without the geotags - you send them a picture of a place, they tell you where it is (well, what it is for right now). No geotagging necessary.
Of course, Picasa is kind enough to mark each geotagged picture with a google map pin in the preview window - so you at least know which pics have the metadata in the tags.
Is it just my observation, or are there way too many stupid people in the world?
Why not just have a camera setting that says "Do not record geotag data within 1 minute of my selected location(s)"? Seems that would be the easiest fix. No extra processing needed.
Photos tagged with the location in which the picture was taken can give away information about the location in which the picture was taken. Who would have thought?
I understand you're trying to point out a tautology, but a lot of end users aren't even aware that photos taken with a camera phone are "tagged with the location in which the picture was taken".
Because if you are uploading something to Facebook the geolocation info is not going to be any benefit to you, if you resize the pictures and the like, stripping the geolocation is just another step that doesn't harm the uploader. Now, I'd be against stripping geolocation data over something like e-mail, but over something like Facebook or something like Tinypic the geolocation information is not going to be beneficial. If your trying to put together a map with your photos, then use the originals, don't use the resized Facebook pictures.
Taxation is legalized theft, no more, no less.
Right now people have 100% control over their information and can strip whatever data they like.
You make a lot of assumptions about the average person's intelligence regarding technology.* You're certainly correct that it's their responsibility, but if it isn't so hard to remove that data, why can't the upload service do it anyway? Think of it as offering extra service to one's customers.
*One might argue this period could be moved two words to the left.
photos with geotags only convey historical data "This person was abroad on this date" and does not give away times in the future when they are going to be away.
If the photo was taken today or yesterday, it's likely that the family is still on vacation. If the photo was taken 52 or 53 weeks ago, it's an educated guess that the family may be taking another vacation in the same or a similar place.
How can uploaded photos tell someone when I am going to be away?
It's not out of the question. See my other comment.
Gimp has an exif option, I have not used it.
But if you take a photo for Wikimedia Commons and strip the Exif, and your photography skill looks professional, some regular might assume that you are fraudulently claiming copyright ownership of some other photographer's all-rights-reserved images. Preserving your camera's Exif data tends to shift the burden of proof to whoever is calling bullshit.
You are right about blocking CID, but there is little (domestic us) likelyhood you can really hide your number
http://en.wikipedia.org/wiki/Automatic_Number_Identification
ANI is unrelated to caller ID. A caller's telephone number and line type are captured by ANI service even if caller ID blocking is activated. The destination telephone company switching office can relay the originating telephone number to ANI delivery services subscribers. Toll-free Inward WATS number subscribers and large companies normally have access to ANI information, either instantly via installed equipment, or from a monthly billing statement. Residential Subscribers can obtain access to ANI information through third party companies that charge for the service.[4]
every day http://en.wikipedia.org/wiki/Special:Random
You will know where the self-shot picture was taken. http://dissention.wordpress.com/2010/05/23/iphone-gps-exif-data-extraction-and-extrapolation/
It seems that quite a few geotags on the porn I download are at my house. The time stamps are when I'm at work.
Have gnu, will travel.
*It's average, not bad at all, grouping around quite nice value, by definition.
One that hath name thou can not otter
The real problem is that people are uploading their private photos to public places in the first place. It's already an invitation to crime, stalking, and government and business interference in private affairs. Why have people abandoned one of our most cherished rights so easily?
Sure, if you must upload pictures of you getting drunk or your new gadget at least strip the tags, but how about only sharing it with your friends using a more private method instead?
This is a hidden risk I'm the same way that McDonalds' super hot coffee was a "hidden risk".
The phones already all ask you if it's ok to use the GPS in the camera. If you use software like picasa or iPhoto, it also clearly shows you that the location is in there.
What exactly would they propose for the solution? Reminding me about it before I take each photo? If people don't know about this, it's because they ignore stuff on the computer, instead of reading it. If that's the case, they are a lost cause.
[*] Separate purchase of time machine required for viewing geotags on photographs from the future.
I saw a guy on 4chan's /b channel trying to show off his girlfriend. He had a couple of cropped nude pictures of her, which he posted saying "Hey what do you think of my girlfriend?" "So", goes the crowd, "Irving, California, huh." He'd left the geotags in, and the coords pointed to exactly where he took the photo. One guy said he lives in the area and he'd be posting a few printouts around town. Fortunately the mods deleted the thread fairly quickly, but... He turned his trusting girlfriend into an internet whore, and then told the world where she lives.
I hope he's now single.
it helps the fakers make their images look real too.
for example, there were those supposedly fake (nudes) images of the (George) Bush twins les-ing it up together.
Supposedly fake, but the images had correct geographics location of a barn on the bush ranch.
The same thing could be used to forge location info for use in divorce proceedings, etc etc. etc.
So I read this comment and head off to look into whether my thumbnails are including unneeded information, next thing I know I have polaroid style thumbnails. What the hell, man ?!
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
There's a pretty big site dedicated to the growing of marijuana, where the users post pictures of their grow operations from behind the "protection" of proxies. :)
Just for kicks one day I started checking their pictures. About 20 to 25 percent of them were geotagged. Some of those grows had hundreds, if not thousands of plants. So much for hiding behind a proxy.
In other news: Water is wet!
Right now people have 100% control over their information and can strip whatever data they like.
You make a lot of assumptions about the average person's intelligence regarding technology.* You're certainly correct that it's their responsibility, but if it isn't so hard to remove that data, why can't the upload service do it anyway? Think of it as offering extra service to one's customers.
*One might argue this period could be moved two words to the left.
Yes and lets remove the tips from sharp tools too, so people can't hurt themselves. If the problem is that people are not knowledgeable enough to use the technology there's no good substitute for education. Certainly breaking things to idiot proof them isn't a good idea.
These posts express my own personal views, not those of my employer
Faking some of the EXIF information may break some neat technologies like Microsoft's Photosynth. I also find a story about images and privacy interesting especially in the context of Google's Street View, not to mention the proliferation of cameras "I" don't own but can capture information about me all the same. e.g cell phone cameras, compact video cameras, security cameras.
Interesting article in bringing to attention unintentional leaks from cameras, and other devices under your control. However it doesn't address unintentional leaks from devices under someone else control concerning you as the subject. For example if I'm in a public space any number of cameras and video devices can record information about me. From the nearly ubiquitous security cameras, to the same cell-phone cameras nearly all phones have (even the cheap phones) with their EXIF date. How about the next Youtube video recording any number of unwilling victims? What's a paranoid person to do?
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
What do you take pictures more of?
- Places you DON'T live, like vacation spots or nightlife
- Your house?
Where does your GPS work better?
- Outside
- Inside
This article is glossing over some pretty basic details on why this is not a problem. I don't take pictures of my own house, and if I did, the GPS would not work anyway. All anyone snopping on Flickr can figure out from my geo tags is I have been to Vegas and Spain, and guess what, THEY CAN FIGURE THAT OUT LOOKING AT THE DAMN PHOTO ANYWAY.
How is this anything to worry about when I can take a virtual stroll down your street any time I want? Heck, Google has been doing this on a grander scale for years and now people are worried about minutia?
Are you James Bond on a secret spy mission? Are you a pedo on the prowl? Are you a mafia hitman? Or are you just egocentric and paranoid?
No one gives a shit. You're an ant on the ass of an elephant. The elephant doesn't know you exist, much less care about where you went for vacation.
You're so vain you probably think this post is about you. Don't you?
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
Come on. "These are pictures form Italy, that I took on april 1st, with mi new friends that work for the CIA... bla bla"
I think that there is even more info to dig form the comments of posted photos than form the EXIF info.
There is the security risk. Geotags are completely irrelevant in this context.
This is why when I take pictures in and around my home that are going to be uploaded to my Flickr or Facebook, I deliberately geocode them... with the coordinates of my hometown police department.
I figure it's close enough (less than a mile away) for the casual user, but would result in hilarity if thusly misused.
The Digital Sorceress
Good geotagging software will let you set a privacy location and radius. It will strip out (or refuse to insert) geotags on images taken close to that location. That way you can still publish your photos knowing that anything within X miles of your house is not located.) Unfortunately, and this is the real problem, these smart phones don't ask, and consumers don't understand that they should expect and use this.
I usually don't put geotags on pictures taken around home. When visiting family in other areas, I make sure the geotag is marginally wrong: usually set to the center a nearby town rather than the exact location.
It sounds like a lot of work to be removing data from everything you're trying to upload. Maybe a browser plugin could help the lazy people be more safe.
and all sorts of hilarity ensued.
Especially if the EXIF data in the uploaded image was modified just so.
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.