Are your photos revealing your location when you post them on the Internet?
Did you know that photos taken on smartphones, including Android devices, can include location information about where the photo was taken? It seems that many people don’t realize this and although it can be a useful feature there is also a dangerous side to this seemingly innocent data.
At the end of last year, John McAfee – the founder of McAfee, the well known anti-virus and security company, went on the run from his home in Belize because a neighbor of his had been shot and he feared that he would be wrongly accused. While on the run, reporters from Vice magazine went with McAfee as he fled to Guatemala. In a teaser post for the planned exclusive interview with McAfee, the Vice reporters uploaded a photo showing John together with the editor-in-chief Rocco Castoro. But, they forgot that photos can carry location data. In this instance the photo showed that McAfee was standing by a swimming pool in a house near Lake Izabal. The result was that the fugitive was arrested for illegally entering Guatemala. Eventually McAfee was deported back to the USA.
Although this all sounds like something out of a Tom Clancy novel, it is important to remember that smartphones have the ability to include extra information, known as Exchangeable image file format (EXIF) data, into photos. Some of the data is quite benign, things like a flag to mark if the flash fired, or what metering mode was used. But it can also include a GeoTag – geographic location.
Often this GeoTag is added to the photos by default and if Android’s location services are enabled the GeoTag will be derived, surprisingly accurately, from cell tower information or Wi-Fi signals – even when the GPS isn’t activated.
The darker side to this is the danger it poses to children. As a parent I stringently avoid posting pictures of my kids on sites like Twitter, Facebook or G+. You might think I am a bit odd, but there are lots of nasty people out there and before the Internet age I didn’t post pictures of my kids in the town square for all to see and I sure ain’t going to post them on the Internet. If you do post pictures make sure your photos don’t contain any location data. I don’t want to sound extremist, but the last thing you need is for a troubled person taking a liking to a photo of your kid and then waiting for them outside their school. How does he know where the school is? Because of the Christmas play photos you posted on the Internet!
It also seems that the NSA has a healthy interest in your photos. According to a 2008 presentation which was recently released by Edward Snowden, the NSA’s XKeyscore program planned (at the time) to capture and analyze EXIF data. Since that was five years ago it is very likely that the NSA is already doing it.
As for social networks, thankfully sites like Twitter actually remove the EXIF data when you upload a photo from a smartphone. Facebook chooses not to display the location EXIF data – but probably still has a copy of the information on its servers.
If you don’t want GeoTags in your photos you can disable them within the settings menu of the camera app.