[P.S.A] EXIF Info attached to photo uploads and how i know where your cat lives!
Dangers of EXIF info and providing to much info online
Who is the girl in the photo?... we will get to that i promise.
Summary
One of the more recent default settings that is concerning is recording GPS location's within photographs; in order to do this the device must have a GPS chip built in; so most of the time this information is attached via mobile phones and with phones getting better and better in term's of camera's there are more and more imaged hitting the internet with this sort of data attached. The data is recorded in what is known as Exchangeable image file format (EXIF) and contains a lot of interesting information apart from GPS.
Given we here on Steemit are uploading images constantly i think it's important to share this knowledge as i'm sure this leakage of information is unintentional. i have found a number of images with EXIF info containing GPS co-ordinates of Steemit users and taking the image content and the GPS co-ordinate you can derive some extra information regarding this person which could be undesirable for their personal privacy.
What is EXIF?
Exchangeable image file format (officially Exif, according to JEIDA/JEITA/CIPA specifications) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and other systems handling image and sound files recorded by digital cameras. The specification uses the following existing file formats with the addition of specific metadata tags: JPEG discrete cosine transform (DCT) for compressed image files, TIFF Rev. 6.0 for uncompressed image files, and RIFF WAV for audio files. It is not used in JPEG 2000, PNG, or GIF.
Who is the girl in the photo?
The lady pictured in the summary is the girlfriend of Higinio Ochoa A.K.A W0rmer a member of 'CabinCr3w', an offshoot of hacking group Anonymous; w0rmer unfortunately was charged with hacking into at least four U.S. law enforcement websites; this arrest was only possible due to his girlfriend phone having GPS recording enabled and this information being overlooked on the uploaded image. The image attached to this post is not the original and therefore does not have the EXIF info embedded.
What information is leaked in EXIF?
All sorts of data is leaked in the EXIF metadata attached to original photos some of the more interesting one are:
- Author
- Camera Make - i.e Apple
- Camera Model - i.e iPhone 6 Plus
- Longitude, Latitude and Altitude (estimated accuracy of 7.8 meters)
A Steemian has been on the Singapore Flyer
I had an internal battle in regard to if i should post a real life example. i decided not to post this example even though it does not disclose any personal information. that is unless they live on the Singapore flyer; which i highly doubt. this is obviously a holiday snap and that made me feel more comfortable in discussing it but i will leave the source unknown.
The image i am talking about had attached EXIF info and GPS co-ordinates; this is a setting on the iPhone 6 Plus that was used to take this picture. it can be disabled on the phone or each image can be 'scrubbed' before being uploaded.
Using GPS co-ordinates with google maps
Using the co-ordinate's pictured in the image above we can go to maps.google.com and enter them like we would any other location; this particular example a was quite accurate and even gave us the elevation; The Singapore flyer is 165m high so we can estimate that they were roughly 1/3 of the way up to the top when the picture was taken. the search term i used in google maps was "1 17 22.88, 103 51 49.13"
I Know Where Your Cat Lives
An interesting application of the data leakage describe above is the website http://iknowwhereyourcatlives.com which has scoured Flickr, twitpic, instagram and a few other sites to collect thousands of cat pictures and plot their location on google maps; give it a shot go see the cats in your neighbour hood. They also generated some analytics based of this data and as it turns out the most gps locate-able cats are in USA and New York had the largest percentage by city.
Conclusion / TL;DR
EXIF info can be great but it's probably not the type of information that you want posted on the internet; be aware of this behaviour and check the 'details' tab in the properties of your images before you upload them and be sure to scrub any data that you do not want public.
Be responsible with this information and if you see someone that has accidentally uploaded EXIF data privately tell them about it so that they can correct their behaviour or at least be aware of it.
EXIF shows nothing
depends on the device that creates or edits the image.
Ultimate scrub method: take a screenshot of the picture and post that (cropped) instead of the original.
Still be careful with this method as some application attach author information to screenshots i.e like the snipping tool in windows; it will get rid of the GPS but may leak other info
I see, thanks for pointing that out! But good old PrtScrn + Paint should be fine ;-)
wow, great post indeed. I just checked some of my own pics and they do include more info than I would like them to.
Cheers mate, glad this has helped someone already :)
Creepy
great tip-off. thanks for sharing.
where in iPhone settings would we find the option to turn the GPS tagging for pictures off?
how can we find and "scrub" (remove) the GPS data for a picture while it's still on our phone?
iPhone: goto SETTINGS> Privacy> Location Services> Camera and set to Never or Disabled
Android: within the camera app; click Settings and disable 'Location Tags'
Android: EXIF eraser (i have not used this app so i cannot comment on its effectiveness)
iPhone - CNET Guide
Who leaves their GPS on all the time? I only have it on if I'm using maps.
It baffles me how others have literally everything running on their phone all day because they don't know how to turn it off, and the battery still makes it. But I'm always micromanaging everything on the phone and still I can do only one day with my battery. :(
Great job man. This was a wonderful post.
Cheers Fuzzy :)
Thanks very much steempower. That's really useful information!
Your welcome Benjojo, glad you found it useful :)
Would it be helpful if the Steemit upload detected this and asked you if you wanted to keep or scrub it?
Given uploads are done to 3rd party services Steemit would not have authority to update the image itself; this may change as i believe they are working on a interface to host your images via IPFS in which case there would be an opportunity to check for EXIF data and warn the user before upload.
Yes, they re-assure me they are working on the upload IPFS feature. Also, I work for Steemit too. I think the EXIF data detector is an important feature.
I've actually thought about it a lot since I joined, but as I use another service to strip the EXIF before I upload them here I prevented it fortunately by default. Well, thx anyway!