I’ve long had a hunch that there were significant privacy implications surrounding sharing of photos via social media – but I’d never given it much thought. So I decided to take a proper look at it. What are the implications of online photo sharing?
There’s a standard attached to JPEGs called EXIF. It’s a universal way of storing metadata about a photo including lens size, exposure, shutter speed, and other data including GPS location. This never used to be a problem with bulky DSLRs because very few cameras actually had GPS cards in them so they never really stored GPS data. Fast forward to the present, smartphones are now the most popular photography devices and due to their multimodal nature they are intrinsically GPS enabled.
Most smartphone operating systems, including iOS and Android, are set up so that every time a photo is taken the precise GPS location is embedded in the EXIF data.
On iOS, you need to opt-in or out of storing GPS location data, but for the entire life of a phone, this only occurs once, the very first time a user opens the camera app. In fact, even when a user upgrades an iPhone, the typical path is to restore the phone from a backup, which bypasses the opt-in/opt-out message.
So what is the problem? Put simply, when a user shares a photo via social media, depending on the social media / sharing platform, they may also be unwittingly sharing the precise location at which the photo was taken. There are a few services out there that do not strip the EXIF data, so it is available for the entire web to see.
In the Wild
The worst offender of this is Flickr. Flickr not only allows you to download the original image, but it preserves all the EXIF data, including the GPS locations. iPhone 6S is now the most popular camera model on Flickr, so there is plenty of vulnerable targets.
Conveniently, Flickr allows you to search by camera model (I chose iPhone 6S) and even search within this set of photos (I chose ‘cats’ – a photo someone is likely to take at their home). Here’s what I found :
Each of these images allowed me to precisely find the location where these photos had been taken.
How accurate is it?
I wanted to check exactly how accurate the GPS tagging in an iPhone is, so I dug through a bunch of photos I’d taken at uni, and thought it would be a nice way to demonstrate just how accurate these GPS EXIF coordintates are.
This photo was taken in the CSE Lyre lab at university. You can see the GPS location is almost pin point accurate. If you’re interested, this is the circuit diagram for a pipelined processor with forwarding and a hazard detection unit.
This photo is off by about 100 m. It should be in the closest gray block to the right in the image. It was taken inside the Quad food centre – I was trying to find the ingredients in my sandwich!
This is pretty much pin point accurate. It was taken outside the cafe attached to the mech building, looking towards the globe lawn.
This is highly inaccurate. This is a photo taken inside the CSE building foyer (there’s a computer history museum). It should be more down and right in the map.
You can see that in most cases, the GPS location data is accurate enough to pin point a photo to a particular house.
So I quickly went around and tested a few services and here are my results :
It’s not hard to imagine a scenario where a pair is communicating via text message and one requests or sends an image. I for one, am guilty of sending cute dog photos to people via SMS or iMessage. In these cases, if the sender has opted-in to GPS EXIF data (which is very common) then they are also providing the receiver with their precise location information. In the evening this typically corresponds with their residence.
Scenario one : Mallory & Alice match on Tinder, get chatting and then exchange phone numbers, and later decide to send each other a photo of their cats. Mallory can use the EXIF GPS data to find where Alice lives.
I was able to look at a similar scenario to that mentioned above that personally happened to me, and the GPS location data was available in all photos that were sent via SMS. That was quite a spooky feeling.
Scenario two : Celebrity Bob posts photos of his dog on Flickr. Chuck, a malicious fan, can then use the EXIF data to find where Bob lives.
How to prevent it
There are a few simple fixes to this problem, and many people who should take responsibility for them!
First off, Flickr should strip EXIF GPS data by default, and allow users an option to maintain it if they wish. This would circumvent the Flickr issue entirely.
Apple could maintain the EXIF data (useful for location tagging) but strip the data when the user attempts to export photos to third party services like email, SMS etc.
Users are able to switch off GPS EXIF data in their privacy settings, but then they are unable to gain the benefit that comes with keeping that data (map visualisations of holiday photos etc).
If a user wants to send a specific image, then they can remove the EXIF data on a desktop computer (and presumably via apps as well), but probably the easiest option for most lay users is to ‘take a screenshot’ of the image. Screen shots on iOS do NOT preserve the GPS data, nor do they store the GPS data of where the screenshot was taken.
These conclusions are fairly obvious, and none of the information revealed here is novel. However I don’t feel like there is a wide understanding of this issue in the general public. I think the sending of images via SMS or iMessages is incredibly common, and I’m not confident that the majority of people sending images in this way are aware of the risks they are exposing themselves to.