Are your photos revealing your location when you post them on the Internet?

by: Gary SimsSeptember 27, 2013

smartphone gps hackDid you know that photos taken on smartphones, including Android devices, can include location information about where the photo was taken? It seems that many people don’t realize this and although it can be a useful feature there is also a dangerous side to this seemingly innocent data.

At the end of last year, John McAfee – the founder of McAfee, the well known anti-virus and security company, went on the run from his home in Belize because a neighbor of his had been shot and he feared that he would be wrongly accused. While on the run, reporters from Vice magazine went with McAfee as he fled to Guatemala. In a teaser post for the planned exclusive interview with McAfee, the Vice reporters uploaded a photo showing John together with the editor-in-chief Rocco Castoro. But, they forgot that photos can carry location data. In this instance the photo showed that McAfee was standing by a swimming pool in a house near Lake Izabal. The result was that the fugitive was arrested for illegally entering Guatemala. Eventually McAfee was deported back to the USA.

john-mcafee-in-Guatemala-plus-mapAlthough this all sounds like something out of a Tom Clancy novel, it is important to remember that smartphones have the ability to include extra information, known as Exchangeable image file format (EXIF) data, into photos. Some of the data is quite benign, things like a flag to mark if the flash fired, or what metering mode was used. But it can also include a GeoTag – geographic location.

Often this GeoTag is added to the photos by default and if Android’s location services are enabled the GeoTag will be derived, surprisingly accurately, from cell tower information or Wi-Fi signals – even when the GPS isn’t activated.

The darker side to this is the danger it poses to children. As a parent I stringently avoid posting pictures of my kids on sites like Twitter, Facebook or G+. You might think I am a bit odd, but there are lots of nasty people out there and before the Internet age I didn’t post pictures of my kids in the town square for all to see and I sure ain’t going to post them on the Internet. If you do post pictures make sure your photos don’t contain any location data. I don’t want to sound extremist, but the last thing you need is for a troubled person taking a liking to a photo of your kid and then waiting for them outside their school. How does he know where the school is? Because of the Christmas play photos you posted on the Internet!

It also seems that the NSA has a healthy interest in your photos. According to a 2008 presentation which was recently released by Edward Snowden, the NSA’s XKeyscore program planned (at the time) to capture and analyze EXIF data. Since that was five years ago it is very likely that the NSA is already doing it.

As for social networks, thankfully sites like Twitter actually remove the EXIF data when you upload a photo from a smartphone. Facebook chooses not to display the location EXIF data – but probably still has a copy of the information on its servers.

If you don’t want GeoTags in your photos you can disable them within the settings menu of the camera app.

  • Dusan

    Got nothing to hide, so it’s all good :)

    • wbarahona


    • Cole Raney

      That is a horrible reason to be ok with spying.

      • Dusan

        This article has nothing to do with spying. It’s just a reminder that pictures can reveal location.

  • question

    Does g+ remove exif data when uploading or sharing from phone/drive?

  • G+ strips the location data when an image is uploaded. It will show the location of the image (if you allow it) in G+ but the actual files only contains camera EXIF data if downloaded.

    • choosh

      So…can’t someone just download it?

      • Yeah, you can download the image direct from G+ but the location data had already been removed

        • joser116

          “files only contains camera EXIF data if downloaded.”

  • Grman Rodriguez

    Who cares? I’m getting tired of this security posts they are getting to extremist. I don’t mean to sound rude but come onn what are the chances of a pedophile hacker with his eyes on you? You might as well not go out, I mean a pedophile could pass by your house and know where your kids live. And unless I’m missing out on another extremely unlikely situation, what’s the problem if people know where I took my photos? I’m not an immigrant, I’m not a drug dealer, I’m just living my life as a normal boring human being and who cares who has my normal boring info?

  • Simon Belmont

    90% of the time, GPS location has been turned off by default on the devices I’ve purchased. I do usually check that setting before taking my first picture, though.

    To be honest, most services strip out GPS coordinates, anyway, unless you allow it. Just my two cents.