Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Hidden Security Risk of Geotags

Posted by timothy on from the process-of-elimination dept.

pickens writes "The NY Times reports that security experts and privacy advocates have begun warning consumers about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. By looking at geotags of uploaded photos, 'you can easily find out where people live, what kind of things they have in their house and also when they are going to be away,' says one security expert. Because the location data is not visible to the casual viewer, the concern is that many people may not realize it is there; and they could be compromising their privacy, if not their safety, when they post geotagged media online."

16 of 175 comments (clear)

  1. This is why... by Darkness404 · · Score: 5, Insightful

    This is why upload services should simply just strip out the un-needed info of the pictures. The original pictures still have the sometimes useful geolocation data, but your Facebook pictures won't.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:This is why... by fuzzyfuzzyfungus · · Score: 5, Insightful

      After selling it to their advertising partners, of course...

    2. Re:This is why... by Anonymous Coward · · Score: 5, Insightful

      This is why people shouldn't be so casual about publishing every detail of their personal life for the world to see. These micro-celebrity wannabes should wake up and recognize that their lack of privacy makes them easy targets.

    3. Re:This is why... by odies · · Score: 4, Informative

      I always use IrfanView to pre-process my pictures before uploading them anywhere. You need to do that anyway (original pictures are usually huge 4000+ pixels wide and forums usually limit you to less than 1280px). When you're saving the image, it shows check boxes to remove all extra information from the pictures (usually camera model and shooting options and so on). Easy. And yeah, it's an awesome and light image viewer and you can edit images too.

    4. Re:This is why... by Ethanol-fueled · · Score: 4, Interesting

      While I agree with you, some metadata problems are much more subtle and insidious.

      How many of you have ever written "my boss is an idiot" on a word document at work, as a joke, then erased it?

      Better hope your boss isn't savvy.

      Which is why I believe that any Joe-user program which processes documents or media should offer a checkbox and.or dialog explantion offering the user to strip the metadata from saved documents or media. Before any of you say, "stripping is already available", keep in mind how many co-workers don't even know what cookies are.

    5. Re:This is why... by farnsworth · · Score: 4, Interesting

      After selling it to their advertising partners, of course...

      Seems kinda pointless. I already get pretty damned accurate location-specific ads, presumably by just looking at my ip. When I connect to my employer's VPN, I get ads for things in the region that that data center is in...

      Would knowing, say, that the majority of interior shots (probably my home) are on one particular city block vs another really be worth that much more to an advertiser?

      --

      There aint no pancake so thin it doesn't have two sides.

    6. Re:This is why... by betterunixthanunix · · Score: 4, Insightful

      Before any of you say, "stripping is already available", keep in mind how many co-workers don't even know what cookies are.

      You insensitive clod! My coworkers are all CS grad students.

      Seriously though, they don't take any steps to strip metadata, even though it is well within their technical ability to do so, and even though they are generally aware of the risks.

      --
      Palm trees and 8
    7. Re:This is why... by Jah-Wren+Ryel · · Score: 5, Insightful

      Would knowing, say, that the majority of interior shots (probably my home) are on one particular city block vs another really be worth that much more to an advertiser?

      Yes. They can correlate it with property records and figure out who you are, what bank you have your mortgage with, how much you paid for your house, when you bought it, your likely income level, if you are married (more than one name on the mortgage) and that's just from the primary property records search in some states. Start cross-referencing it with other databases and my guess is that you'll have no secrets at all.

      --
      When information is power, privacy is freedom.
  2. Re:I was just wondering about that by fuzzyfuzzyfungus · · Score: 4, Informative

    Might want to take a look at jhead. jhead -purejpg will, as the name suggests, strip everything that isn't actually the image.

  3. The Hidden Danger of Post Marks on Letters by Palestrina · · Score: 5, Insightful

    OMG, letters have post marks and tell what town the sender lives in!

    OMG, caller ID gives my phone number to people that I call!

    OMG, the Registry of Deeds lists my address and how much I paid for the house!

    OMG, the phone book list my name, phone number and address!

    We've been dealing with stuff like this for decades, right? I think the danger is more about the contents of your tweets ("I am on vacation") than the metadata ("I live here"). I can probably find your address if I wanted, even without Flickr metadata.

    Of course, metadata can lie as well. Maybe I want to say, "I have a big coin collection" in Twitter and put photos of it all over the place on the web, but with false geotag data to make it look like it came from someone else's home. Because of that risk, even those who do not use Twitter, or the iPhone or Flickr are also at risk. Gee. maybe we should just lock our doors at night.

    1. Re:The Hidden Danger of Post Marks on Letters by PopeRatzo · · Score: 4, Insightful

      OMG, letters have post marks and tell what town the sender lives in!

      You believe that having a creep know the town you live in is the same as the creep knowing your GPS coordinates?

      No, we haven't been "dealing with stuff like this for decades", because until recently corporations have not had the capacity to have such persistent and precise data about you that they could monetize.

      That picture of your 8 year old daughters that you put on the Internet has data that somebody will sell to the highest bidder, and I doubt they're going to make sure the highest bidder isn't a registered sex offender. I'm usually very suspicious of these kind of "consider the children" appeals, but the personal minutiae that is being commoditized by businesses has reached a point where it's going to be very hard to roll back.

      You've got one of the biggest corporations in the world collecting very private information, selling it to the highest bidder and then getting into bed with the most repressive regimes on Earth and at the same time forming "strategic alliances" with other huge corporations to subvert the effective net "neutrality":that has been in place since the beginning. And Palestrina thinks that's the same as having your name and number voluntarily listed in the phone book. And his rationalization is that it's OK because if you know what you're doing you can falsify your metadata. Don't you see the problem here?

      --
      You are welcome on my lawn.
  4. Help! by TyFoN · · Score: 4, Funny

    Help, they can see me going into my house!
    They will know where i live..
    WHERE IS MY TIN FOIL HAT?!?!

  5. Re:I was just wondering about that by betterunixthanunix · · Score: 4, Informative

    Or, you can just use ImageMagick:

    $ mogrify -strip image.jpg

    --
    Palm trees and 8
  6. Re:ImageMagick and remove metadata by MechaStreisand · · Score: 5, Informative

    Yup, and it recompresses the image when you do so. See suggestions here for ways of stripping it without recompressing.

    --
    Disclaimer: IANAL. This post is, however, legal advice, and creates an attorney-client relationship.
  7. People need to learn to wash their hands first by erroneus · · Score: 4, Interesting

    I actually mean that literally. We go on and on about various privacy risks and on and on about how stupid "average people are" when there are some obvious patterns of behavior outside of computing/networking that shed some real light on where the problems originate.

    People simply don't understand the world they live in. They don't understand their cars, their food (c'mon diet coke? really? that nutrasweet that slows your metabolism?) or just about anything? They might think they know some things but not really understand them and nor do they really care to. The people get "flu shots" every year not knowing what strains of influenza are actually being covered by this year's flu-shot-du-jour... they just expect "the experts" to know and to do what they are told.

    So who are these experts that the masses follow? Whoever claims to be. The dairy council, for example (you know, the guys who make their living selling dairy products?) tell us every year to drink even more milk than last year. And Microsoft, the company who helped to make "computer virus" a household word and cares more about selling the same thing over and over again instead of redesigning an OS that is both easy and secure. And a lot more. The people who have the most to gain by people being stupid are the "experts." And of course, questioning is something that is beaten out of us by the time we get through the first years of public school so there's no chance of a renaissance happening any time soon... at least not without a dark ages preceding it.

    The problem is much, much larger than just being aware of meta-data in a picture. And yes, I agree with some here who suggest that "these online services should really have our backs" on this sort of thing, but it's not really in their interests to do so... so why would they?

  8. Masterminds by Cruciform · · Score: 5, Interesting

    There's a pretty big site dedicated to the growing of marijuana, where the users post pictures of their grow operations from behind the "protection" of proxies.
    Just for kicks one day I started checking their pictures. About 20 to 25 percent of them were geotagged. Some of those grows had hundreds, if not thousands of plants. So much for hiding behind a proxy. :)