The Privacy BlogThoughts on privacy, security, and other stuff.

May/11

9

Photo Location risk and some good news.

Last week I did an interview on a San Diego news program about issues with many cameras and smart phones in particular embedding very accurate location information in your pictures. If your camera (smart phone or whatever) has GPS, then the EXIF meta data in the picture will contain your location to within about 20 feet. This can be disabled, but is typically on by default.

While this can be useful when you are trying to sort and organize the pictures on your computer, the risk shows up when you start to share the pictures. By combining date and time information in the pictures I can tell if they are recent. If you are on vacation and posting on the road, an attacker can tell that you are away from home and your home probably unguarded. Pictures of your home and family can provide the exact location of your house as well.

The good news is that major sites for sharing pictures like Facebook and Flickr seem to strip out that information from the photos. It is unclear if that is intentional or just a byproduct of how they are processing and displaying the images. In any case, the data is certainly available to the sites themselves.

I strongly encourage everyone to download an EXIF editor to be able to strip this information from pictures before uploading, and to turn off location tracking in their cameras and mobile phone photo applications to prevent the capture of that information in the first place.

· · · · · · ·

5 comments

  • Russ Nelson · May 9, 2011 at 9:57 am

    Note that if you own property, the ownership is public information. Anybody can walk into the County Clerk’s office, look up your name, and get your address, how much your house is worth, how many bedrooms it has, etc.

  • Author comment by lance · May 9, 2011 at 10:04 am

    The key is the connection of the activity to the house. I can drive down the street and see every house from my car. The key risk is in the way an attacker can case your house through pictures and know when you are away. The GPS location of your house helps because I might not know your full name or city from your social network information.

  • Melissa Mena · May 27, 2011 at 11:23 pm

    I love this blog Lance! There are some very Good points that have been brought up. Imagine if an attacker had your name and other personal information since now a days that people are so willing to share so much of their lives using social networks. Its gotten to the point where I had to rethink all the info and pictures I was sharing.

  • Paco Fernández · August 3, 2011 at 10:58 pm

    About that: http://www.whereisthepicture.com

    regardssss

  • Diablo · March 24, 2012 at 7:51 pm

    * The problem with most iPhone’s Camera apps is that you can’t really use them if you have location services disabled. Hope to see some camera apps which doesn’t require Location services turned on. In the mean time, you should certainly follow Mr. Cottrell advice. Some iPhone apps which removes EXIF data are: deGeo, ExifRemover, GeoGone, and I M G. Anyway, when you start the standard camera app of your iPhone, the following message will appear on screen: “Camera” Would like to Use Your Current Location… Photos and videos will be tagged with the Location where they were taken… Don’t allow or click OK to allow it. If you are in a trip you may certainly want to use location services so you can see later where the picture or video were taken, but you may don’t want to use Location services on your pictures if you, or your children, are tacking photos within your home territory to share them on the public Internet – better stay on the safe line. If you use a Mac, there is also a nice little app known as Photo Privacy which can remove Exif, GPS and IPTC from your photos, in batch, even inside your iPhoto library, and create clean copies for your sharing needs.

Leave a Reply

<<

>>