The Hidden Security Risk of Geotags 175
pickens writes "The NY Times reports that security experts and privacy advocates have begun warning consumers about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. By looking at geotags of uploaded photos, 'you can easily find out where people live, what kind of things they have in their house and also when they are going to be away,' says one security expert. Because the location data is not visible to the casual viewer, the concern is that many people may not realize it is there; and they could be compromising their privacy, if not their safety, when they post geotagged media online."
I was just wondering about that (Score:1, Interesting)
I currently have a small project going to make a program in java that removes (and maybe later, spoofs) the tags in jpegs so they can be posted safely. I'll let your guys know if/when I finish it.
Easy solution (Score:4, Interesting)
Re:The Hidden Danger of Post Marks on Letters (Score:3, Interesting)
iPhones contain the long/lat of the place where the picture was taken. That's a little bit more than "letters have post marks and tell what town the sender lives in!". Don't be naive. Look at the Sherlock Holmes shit that 4chan does *regularly* with things such as EXIF data.
There was a famous thread on there once where a 30 year old guy was professing how much he wanted to sleep with his 16 year old niece's friend. Using nothing but the emblem of her school mascot on the front, 4chan tracked HIM down and had a field day.
Re:This is why... (Score:4, Interesting)
How many of you have ever written "my boss is an idiot" on a word document at work, as a joke, then erased it?
Better hope your boss isn't savvy. [addbalance.com]
Which is why I believe that any Joe-user program which processes documents or media should offer a checkbox and.or dialog explantion offering the user to strip the metadata from saved documents or media. Before any of you say, "stripping is already available", keep in mind how many co-workers don't even know what cookies are.
Re:This is why... (Score:5, Interesting)
After selling it to their advertising partners, of course...
Seems kinda pointless. I already get pretty damned accurate location-specific ads, presumably by just looking at my ip. When I connect to my employer's VPN, I get ads for things in the region that that data center is in...
Would knowing, say, that the majority of interior shots (probably my home) are on one particular city block vs another really be worth that much more to an advertiser?
Re:Pictures can tell the future? (Score:4, Interesting)
You make a good point. If I'm going to break into someone's house, a good time to do it would probably be between 9am and 5pm Monday-Friday. Most thefts are crimes of opportunity, not premeditated Oceans-Eleven style. I could just sit out in front of their house in the morning and wait for them to leave for work. No pictures or geotags needed. With a just a couple of guys, I can clean the place out in about 10-15 minutes. Where I live, assuming someone notices and phones the cops, that is about twice the time needed before dispatch will finally put the call through to officers.
Took the cops more than an hour to show up for a suspicious person sitting in his car one morning doing what appeared to be casing a house in my neighborhood. More recently, took them 30 minutes to show up after a call about a man banging on the neighbor's door, yelling and threatening to kick it in.
The most effective deterrent is one of those 'ADT' type stickers. After that, the dog. If that doesn't work, a double-tap to the center of mass should end things rather abruptly.
Re:The Hidden Danger of Post Marks on Letters (Score:3, Interesting)
To use a register of deeds, wouldn't you need to have an actual address to start with?
In my county in Ohio, I can look up properties by name, address, or just by selecting them from a map. The map also includes aerial photos of sufficient resolution to put Google Earth to shame.
It's all on the Web, and it's free. Google around for your county's auditor, and you'll probably find a very similar system.
Not all services are ignorant (Score:3, Interesting)
It's worth pointing out that not all services are ignorant to this issue. I use flickr and upload geotag information for every picture I take, but, nobody can see it unless they are someone I've accepted as a contact. You can ratchet things up a bit further and use their added friend and family classes for even more restriction. You can also reveal the data on a photo by photo basis if you don't mind it being seen (or actually want it available, like a photoshoot of interesting things in a public place.)
I'm sure other similar photo sharing sites have similar permissions capabilities. I suppose the most likely risk areas are the twitpics and yfrog type upload it and forget it sites.
Re:Help! (Score:2, Interesting)
Last Friday it was on your nightstand, you might want to look there first.
People need to learn to wash their hands first (Score:5, Interesting)
I actually mean that literally. We go on and on about various privacy risks and on and on about how stupid "average people are" when there are some obvious patterns of behavior outside of computing/networking that shed some real light on where the problems originate.
People simply don't understand the world they live in. They don't understand their cars, their food (c'mon diet coke? really? that nutrasweet that slows your metabolism?) or just about anything? They might think they know some things but not really understand them and nor do they really care to. The people get "flu shots" every year not knowing what strains of influenza are actually being covered by this year's flu-shot-du-jour... they just expect "the experts" to know and to do what they are told.
So who are these experts that the masses follow? Whoever claims to be. The dairy council, for example (you know, the guys who make their living selling dairy products?) tell us every year to drink even more milk than last year. And Microsoft, the company who helped to make "computer virus" a household word and cares more about selling the same thing over and over again instead of redesigning an OS that is both easy and secure. And a lot more. The people who have the most to gain by people being stupid are the "experts." And of course, questioning is something that is beaten out of us by the time we get through the first years of public school so there's no chance of a renaissance happening any time soon... at least not without a dark ages preceding it.
The problem is much, much larger than just being aware of meta-data in a picture. And yes, I agree with some here who suggest that "these online services should really have our backs" on this sort of thing, but it's not really in their interests to do so... so why would they?
Masterminds (Score:5, Interesting)
There's a pretty big site dedicated to the growing of marijuana, where the users post pictures of their grow operations from behind the "protection" of proxies. :)
Just for kicks one day I started checking their pictures. About 20 to 25 percent of them were geotagged. Some of those grows had hundreds, if not thousands of plants. So much for hiding behind a proxy.