How to Keep Your Photos (and Their Data) Safe
That's because many digital photos contain a kind of encoded data known as Exchangeable Image File Format (EXIF). This type of data is often used by professional photographers, since it reveals detailed information on when the photo was taken, whether it was shot with a flash, and whether any digital manipulations were applied after the initial shoot. In many cases, EXIF can even determine where a photo was taken, thanks to GPS-generated geotags attached to every shot. And this information often stays with the photo even after a user uploads it to a social network or photo-sharing site.
Ben Jackson, a security analyst and co-founder of the site ICanStalkU.com, told Fox News that an image's geographic DNA may not be immediately evident to most users, but it's remarkably easy for anybody to extract. "We take that data, look at the publicly available photos and then map it to an address -- so we can then tell a person was at a certain location when they posted that photo," Jackson explained. Doing so is so easy, in fact, that Jackson says he could "probably teach a grade schooler to do it."
Smartphones: Where Convenience Meets VulnerabilityThe good news is that most digital cameras don't have the capacity to automatically geotag photos, because they lack the necessary GPS chips. The bad news, however, is that most smartphones do. And, as the quality of smartphone cameras has improved, many users have adopted them as a convenient camera of choice for casual use. Everyday, millions of photos are uploaded to Facebook, thanks to the social network's stable of smartphone apps, while the iPhone 3G remains the most commonly used device for uploading images to Flickr.
Facebook, for its part, says it automatically removes EXIF data from all uploaded photos, in the interest of user privacy. But sites like Picasa, Photobucket and Flickr still support it. Photobucket, in particular, allows users to automatically display the GPS coordinates of every image, should they choose. Neither Picasa nor Flickr offer such a feature, but both offer links to original photo files, where anyone could glean the same geographic information.
"We added EXIF data a few years ago at the request of our users," Photobucket spokesman Rob Newton told CNN. "To date, we have not received any complaints from users who were previously unaware of the GPS tagging feature." Flickr offered a similar defense of its policy. "Having the ability to download the original version of photos on Flickr is an important feature for our members," a company spokeswoman wrote. "However, we help people maintain their privacy by stripping the EXIF data of an image from view on the site and making the default control option to keep this information private."
In some cases, this level of digital vulnerability may very well seem harmless. If, for example, you're posting photos from last summer's vacation in Barcelona, you probably wouldn't care about them being involuntarily geotagged -- because the location is self-evident, and you don't plan on going back to Barcelona anytime soon. But, if you start sharing more quotidian photos on a regular basis, it becomes all too easy for observers to piece together a startlingly personal mosaic of your life.
"We start analyzing for patterns. We can start telling where your house is, where you may work, what your favorite haunts may be, a coffee shop, restaurant, a place that you like to go to, like a club of some sort," Jackson explained. "We can then piece those together and say, 'Hey, look at that. Every Friday night they like to go to this bar over on Main Street.'"
How To Protect YourselfThe easy solution, then, is to disable geotagging on your smartphone. The process varies across devices, but on the iPhone, at least, it's pretty straightforward. If you're running iOS 4.0 or greater, all you have to do is go to your Settings menu, select 'General,' and then check your 'Location Services.' On this menu, you'll find a full list of all apps that are accessing your geographic information, and you can disable any or all of them.
Users running any version of iOS 3 can easily disable location services for all apps, using the same approach, but will not be able to cherry pick apps with the same ease. You can, however, adjust your settings so that the device will prompt you every time an app wants to access your location. Alternatively, you can always run your pics through a photo manipulation service like Photoshop, which can strip your images of EXIF data. For a full, step-by-step run down on how to disable geotagging on the BlackBerry, Palm Pre, and Droid, check out this guide from I Can Stalk U.
This isn't to say that geotagging is an absolute evil. The technology allows us to archive our experiences in unique ways, and to keep a geographic record of our memories. It's important, though, to always be aware of what you're tagging, and, more important, which tagged photos you're sharing online.
Thomas Hawk, a regular Flickr user and former chief executive of photo site Zooomr, says he still uses EXIF data to organize his images, but draws the line when it comes to his personal space. "I don't geotag any pictures to my house," Hawk told CNN. "I think it's a huge concern. I think a lot of people don't realize or recognize what's in all of the EXIF data that they're publishing."