My colleague Cameron Camp drew my attention recently to a security and privacy issue that I hadn’t given much thought to, though it kind of follows on from a pair of blogs Randy Abrams posted recently at ESET:
Any photographer with a moderately recent kit and a reasonable knowledge of digital processing is likely to be aware that common image files often contain storage areas (which may or may not be used) for metadata which can include geolocational data. The Exchangeable image file format (Exif) supports the addition of metadata tags to (some) JPEG, TIFF and RIFF WAV file formats, including tags for location information – such as GPSLatitudeRef, GPSLongitudeRef, GPSLatitude, GPSLongitude, and GPSAltitude – that offer very precise positioning information.
A camera with a GPS (global positioning system) facility can store that information in the Exif header of each photograph taken, if the facility is enabled, along with other information, such as a timestamp, that can be useful when the photograph is processed later. Photo-sharing sites, like Flickr, allow the uploading of such geocoded pictures, of course.
Most of my cameras don’t have this facility at all, and the one that does is very specific in its instructions for enabling/disabling it, presumably because most airlines don’t want that function enabled when you’re in an airplane. Most smartphones are cameras, too, of course, but many airlines don’t let you turn on your phone at all in flight, or restrict use to flight mode. On the ground, however, not only may they have GPS, but they may also offer direct uploading to services like Flickr and Photobucket.
And that’s where it starts to get uncomfortable. NBC Action News posted a video back in November 2010 about the way in which smartphones embed GPS info into photographs, showing how children can be tracked via smartphone pictures. Or, of course, photos from GPS-equipped cameras have the same potential, but those are a lot rarer. The gist of the video is that you can harvest information about someone’s location at the time a picture was taken that you can build on to establish a bigger picture of their movements and activities.
Of course, there are more obvious ways of using over-exposed location data criminally, such as those services that tell burglars that you’re in a Starbucks 2,000 miles from home.
I Can Stalk U tells us that it is “raising awareness about inadvertent information sharing,” which it does by publishing information in this format (details obfuscated: I’m not out of sympathy with their aims, but stalking isn’t one of my vices):
ICanStalkU was able to stalk xxxx at https://maps.google.com/?q=xx.xx, xx.xx
1 minute ago · Map Location · View Tweet · View Picture · Reply to SteFontana
But it also includes a more comprehensive explanation of metadata and geotagging than I’ve given you here, and explains how to disable it, if you think it might be a problem for you, on several popular phone models. The only model I was in a position to check was the BlackBerry. The instructions for finding the option were correct, but on mine, the camera geotagging option is disabled by default anyway. Your mileage may vary, of course.
It would be easy to exaggerate the risks, of course. For instance, if you’re careful about configuring your privacy settings on services, like Facebook, and photo-sharing sites, geotagging may not cause you any concerns at all. But it is certainly something to think about, and I can understand why someone with young children who is in the habit of using a smartphone to access such services might be shocked at the potential for harm. And the link with Randy’s blogs? Well, as he says:
“You are forcing your child to trust you with their information, it is your duty to be a responsible steward of that information.”
But don’t assume exaggeration until you’ve checked out Creepy. This “geolocation information aggregator” seems to have an impressive approach to automated stalking. According to Thinq, if you have a username for Twitter or Flickr, Creepy can use the service APIs “to download every photo or tweet they’ve ever published, analyzing each for that critical piece of information: the user’s location at the time.”