Exif Data and Privacy ConcernsPosted by Sreenath Sasikumar on Friday, July 13th, 2012
Even when social networks weren’t so popular, privacy of Internet users was always a matter of concern. Today, with the growing significance of social networks in our lives, security and privacy concerns are more important than ever.
Most users are unaware of the impact online chat, posts in forums/social networks or photo sharing could have on them. Anything we post on the Internet can be used against us by a stalker or fraudster. Our actions may come back to haunt us somewhere down the line.
Many years ago, with a sentence that read “I am a teacher in a Government school”, my friend obtained all the details of the girl he met on Yahoo chat. He checked her fake email id profile to get her real name and location, which she had carelessly updated. He went on to do a wiki search on the Government schools in that location, followed by a simple Google hack which revealed a document containing the list of Government school teachers in that locality. To his surprise, it contained more details than he expected – contact address, email id, guardian’s name, mobile number and much more.
However, today a picture is all you need to trace a person back to their exact location with amazing accuracy. Every picture you take with your mobile or digital camera contains EXIF (Exchangeable Image File Format) data.
The EXIF data reveals that the picture was taken two years ago with a SONY DSLR-A230 camera without flash. The details provide insights into the camera settings that were used. For photographers who wish to turn pro, this information could be a great learning tool.
There is another detail that misses the eye – one that is not found in all the images. Check out this link to view the EXIF data.
Yes, one image can reveal your coordinates to any stranger or stalker. But why doesn’t the GPS detail show up in all images? The GPS information is visible only if it is enabled on your mobile phone or camera. Nowadays most smartphones and high-end cameras are equipped with a GPS.
The power of social networks, together with EXIF data, could present a serious security threat to netizens. For instance, a stalker can easily track down an individual using the information retrieved from a picture posted on a social networking site. It could be a gym, restaurant or a golf club that the person frequents. This becomes simpler with Google Maps close at hand.
Hackers can write a simple PHP script to download photos and check for GPS coordinates. Based on the result, they gather information with Mozilla add-ons such as “DevSearch” and simple Google hacks. Once the target is located, they get access to personal information through phishing techniques, phone/chat impersonation or carefully engineered attacks.
So, how can we avoid being tracked?
The best way to stay anonymous is to be invisible on the Internet, which is practically impossible given the relevance of social networks in our lives. I have listed some of the “don’ts” below:
- Do not enable GPS while you click your photos.
- Do not post private data in any of the social networks/online chat/forums.
- Do not upload photos that reveal your personal space.
Well, some social networks, such as Facebook, scrape away the EXIF data when you upload pictures. However, some social sites don’t. It’s always safer to remove all the EXIF data before you post your pictures online (unless you want to retain the data for commercial purposes).
How do I remove the EXIF data? I have listed some techniques below:
- On a Mac, you could use “SmallImage”, a freeware.
- On a Windows machine, the easiest way is to open your image in MS-Paint, copy it again to a new image and save.
- You can make a similar move using Adobe Photoshop by choosing “None” against the “Metadata” field that appears while saving the file for “Web and Devices”.
- On a Linux machine, it can be done by opening your image in GIMP and saving it again without using the ‘advanced save’ options.
Believe it or not, but you are constantly tracked every time you log on to the Internet.
Google tracks your searches and even goes through your emails. Some browsers are well known for information leakage. With every new add-on/extension/plugin added to your browser, you are unwittingly distributing your data to a bigger circle of strangers. Every site you visit and software you install could potentially track you in ways you might not imagine.
With social networks such as Twitter, Facebook and Google Plus, you could be tracked by almost anyone watching your realtime updates. With the mobile application installation, the risks become even larger rendering your phone messages, contact details and personal information vulnerable.
As the old adage goes, “Prevention is better than cure”. You may not get a second chance, as the damage would already have been done by the time you realize it. So let’s make sure we stay safe, post safe, and draw clear boundaries to what can be posted online and what should not.
Contact us to find out how to secure your business from hackers, who can ruin your financials and spoil your reputation.