The moment is special: Your kid just learned how to ride a bike without training wheels. So you fire up your iPhone’s camera, snap a photograph, upload the image to TwitPic, and share the evidence of your child’s triumph via Twitter.
When you post the picture, a subset of the 75 million Twitter users will know the exact location of you and your child. Digital photos automatically store a wealth of information–known as EXIF data–produced by the camera. Most of the data is harmless, but as Mayhemic Labs’ Ben Jackson noted at the Next HOPE security conference in New York last July, about 3 percent of all photos posted on Twitter contain location data, and that figure is growing. Anyone on the Web who can read the data knows where the photographer was standing. And arguably this is a gross invasion of personal privacy.
EXIF Data and Geotagging
Created by the Japan Electronic Industries Development Association (JEIDA), the Exchangeable Image File format (EXIF) specification adds metadata to common JPG and TIFF image files. Along with a thumbnail image of the photo, EXIF data stores details about aperture, shutter speed, focal length, metering mode, and ISO settings, some of which can help a printer do a better job of color-matching the final printed image. There’s also room for other information, such as the camera’s make, model, and registration number, and in some cases, location data.
Geotagging is the process of storing latitude and longitude data inside an image’s EXIF data. This information mates the image with a photographer’s specific geographic location, which mapping services such as Google Earth can then chart.
For older digital cameras, adding location data to an image requires complicated peripherals: You must attach a cable to the camera to communicate with a GPS receiver, such as a stand-alone navigation device or a mobile phone. But many newer digital cameras and mobile phone cameras have built-in GPS receivers. The geotagging features in these newer devices are integrated and seamless, and your EXIF files may store latitude, longitude, time (in the form of Coordinated Universal Time or UTC readings), and and even altitude data (which can be helpful for reconstructing a family vacation on a map). With the explosion of smartphones today, Jackson is seeing an increasing number of geotagged images posted to the Web.
To highlight geotagging-related privacy issues, Jackson and Larry Pesce, a colleague, adopted the Twitter username ICanStalkU to respond to tweeters who posted geotagged images. Twitter shut down the account but let Jackson back in after he argued for the need to educate users. He has also started a Web site called ICanStalkU.com to get his message out.
ICanStalkU uses a Perl script to scrape some 20,000 images each day off of MobyPicture, SexyPeek, Twitter, and Yfrog. The site then reposts the pictures with messages like “I am currently nearby…” and supplies the street address, latitude and longitude data, city, and state (if these are known). Each ICanStalkU entry also shows the location mapped on Google, the original tweet, and the original photo.
Another site, PleaseRobMe.com (now shut down), used data from Foursquare and Twitter to emphasize the abundance of personal data being posted online. The researchers behind the project–Frank Groeneveld, Barry Borsboom, and Boy van Amstel–say that they’re reviewing feedback they’ve already received before continuing with the project.
In his New HOPE security conference presentation, Jackson detailed how he found personal details about a man in a photo. Using accompanying geotagging data, Jackson located the man’s house on Google Earth. Then he found a name associated with the house where the photo was taken, leading him to a Facebook account that yielded a birth date, marriage status, and friends. A second username listed on the Facebook page led to a second Twitter account, and so forth. The point here is that once you start pulling on the thread of information contained in a geotagged image, a single photo can reveal a whole trove of personal data–far more than you might think.
Some people say they don’t mind sharing their real-time location data with total strangers. But others dislike the idea that strangers can know where they are at any given time. Fortunately, smartphones and cameras let you turn off the photo geotagging feature.
On an iPhone, you can block geotagging by disabling all geolocation apps, such as Foursquare. To do so, go to Settings, General, and toggle the Location Services settings to Off. In iOS 4, you can disable location services for specific apps (off for the Camera app, but on for Yelp, for instance). If you don’t use iOS 4, instead of turning off Location Services for the entire phone, you can reset the Location Warnings. Go to Settings, tap Reset, and select Reset Location Warnings. Start the camera, and answer No to the ‘Ask on first use…’ question. You can then allow or disallow individual apps the next time you open them.
On Android phones, turning off GPS will break all location-based apps on the phone. Instead, start the Camera application, and under Location and Security in the menu on the left side, disable GPS. To check your work, open the Camera app and pull out the left side menu. ‘Store Location’ should be disabled.
For the RIM Blackberry, disabling the feature within the camera is easy. Press the Menu key, select Disable GPS, and select Yes to confirm the change.