Forgot your password?
typodupeerror
Crime Privacy Security IT

The Hidden Security Risk of Geotags 175

Posted by timothy
from the process-of-elimination dept.
pickens writes "The NY Times reports that security experts and privacy advocates have begun warning consumers about the potential dangers of geotags, which are embedded in photos and videos taken with GPS-equipped smartphones and digital cameras. By looking at geotags of uploaded photos, 'you can easily find out where people live, what kind of things they have in their house and also when they are going to be away,' says one security expert. Because the location data is not visible to the casual viewer, the concern is that many people may not realize it is there; and they could be compromising their privacy, if not their safety, when they post geotagged media online."
This discussion has been archived. No new comments can be posted.

The Hidden Security Risk of Geotags

Comments Filter:
  • This is why... (Score:5, Insightful)

    by Darkness404 (1287218) on Sunday August 15, 2010 @03:01PM (#33257964)
    This is why upload services should simply just strip out the un-needed info of the pictures. The original pictures still have the sometimes useful geolocation data, but your Facebook pictures won't.
  • Re:This is why... (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Sunday August 15, 2010 @03:02PM (#33257986) Journal
    After selling it to their advertising partners, of course...
  • Re:This is why... (Score:5, Insightful)

    by Anonymous Coward on Sunday August 15, 2010 @03:03PM (#33257990)

    This is why people shouldn't be so casual about publishing every detail of their personal life for the world to see. These micro-celebrity wannabes should wake up and recognize that their lack of privacy makes them easy targets.

  • by Palestrina (715471) * on Sunday August 15, 2010 @03:09PM (#33258028) Homepage

    OMG, letters have post marks and tell what town the sender lives in!

    OMG, caller ID gives my phone number to people that I call!

    OMG, the Registry of Deeds lists my address and how much I paid for the house!

    OMG, the phone book list my name, phone number and address!

    We've been dealing with stuff like this for decades, right? I think the danger is more about the contents of your tweets ("I am on vacation") than the metadata ("I live here"). I can probably find your address if I wanted, even without Flickr metadata.

    Of course, metadata can lie as well. Maybe I want to say, "I have a big coin collection" in Twitter and put photos of it all over the place on the web, but with false geotag data to make it look like it came from someone else's home. Because of that risk, even those who do not use Twitter, or the iPhone or Flickr are also at risk. Gee. maybe we should just lock our doors at night.

  • I am amazed (Score:1, Insightful)

    by Anonymous Coward on Sunday August 15, 2010 @03:10PM (#33258040)

    Photos tagged with the location in which the picture was taken can give away information about the location in which the picture was taken. Who would have thought?

  • by mysidia (191772) on Sunday August 15, 2010 @03:26PM (#33258124)

    Presumptively a 'safe' geotag is one that the user has control of.

    The user should have options (A) No geotag [the default], (B) Fuzzy geotag that may reveal what city or state they are in, but not their actual location, (C) Hi-Res Geotags

    Their phone should ask them how detailed the Geotag should be before they take pictures.

    Their graphics software / picture sharing websites should ask what to do with Geotags before uploading.

    e.g. (A) Hide/remove all geotags, (B) Only let friends see GeoTag information, (C) Make all Geotags fuzzy

    With the default being A.

  • Re:This is why... (Score:3, Insightful)

    by bennomatic (691188) on Sunday August 15, 2010 @03:36PM (#33258178) Homepage
    Serious. With a combination of Blippy and FourSquare, you don't even need geotagged pictures. I mean, anyone following your Twitter stream could take advantage of this sequence of events:

    - So-and-so checked into their house at 123 Main Street, Hometown USA! So-and-so is now the mayor of their house!
    - So-and-so bought a new MacBook Pro for $3297 using Blippy at the Apple Store in Winston Niles Rumfoord Shopping Center!
    - So-and-so checked into the Relax'em Spa.
    - So-and-so bought a 1 hour massage and a 2 hours sauna using Blippy for $225.
  • Re:This is why... (Score:5, Insightful)

    by betterunixthanunix (980855) on Sunday August 15, 2010 @03:37PM (#33258180)

    Before any of you say, "stripping is already available", keep in mind how many co-workers don't even know what cookies are.

    You insensitive clod! My coworkers are all CS grad students.

    Seriously though, they don't take any steps to strip metadata, even though it is well within their technical ability to do so, and even though they are generally aware of the risks.

  • by grumbel (592662) <grumbel@gmx.de> on Sunday August 15, 2010 @03:41PM (#33258194) Homepage

    The problem is that it allows correlation. Have two pseudonyms on the net that you use to post pictures? Now suddenly people can easily track you down by your GPS coordinates or better yet, the serial number of your camera or whatever other unique information one can grab from the metadata.

  • by PopeRatzo (965947) * on Sunday August 15, 2010 @03:50PM (#33258232) Homepage Journal

    OMG, letters have post marks and tell what town the sender lives in!

    You believe that having a creep know the town you live in is the same as the creep knowing your GPS coordinates?

    No, we haven't been "dealing with stuff like this for decades", because until recently corporations have not had the capacity to have such persistent and precise data about you that they could monetize.

    That picture of your 8 year old daughters that you put on the Internet has data that somebody will sell to the highest bidder, and I doubt they're going to make sure the highest bidder isn't a registered sex offender. I'm usually very suspicious of these kind of "consider the children" appeals, but the personal minutiae that is being commoditized by businesses has reached a point where it's going to be very hard to roll back.

    You've got one of the biggest corporations in the world collecting very private information, selling it to the highest bidder and then getting into bed with the most repressive regimes on Earth and at the same time forming "strategic alliances" with other huge corporations to subvert the effective net "neutrality":that has been in place since the beginning. And Palestrina thinks that's the same as having your name and number voluntarily listed in the phone book. And his rationalization is that it's OK because if you know what you're doing you can falsify your metadata. Don't you see the problem here?

  • Re:This is why... (Score:2, Insightful)

    by BatGnat (1568391) on Sunday August 15, 2010 @03:51PM (#33258234)

    What crap, Why should it be the Hosting sites responsibility?

    You sent them the file. It is your file. If you dont want geotags in the file, then clean the file first.

  • Re:This is why... (Score:4, Insightful)

    by fuzzyfuzzyfungus (1223518) on Sunday August 15, 2010 @03:56PM (#33258260) Journal
    Depending on how economically striated the city is, possibly, possibly not.

    I'd assume that they are more interested in pictures taken out and about. Where do you vacation, dine out, meet up with friends, etc?

    As you say, IP geolocation does a pretty decent job for wired connections(I don't know whether wireless carriers will sell out customer locations, and, if so, what the price is); but people take a lot of photos, possibly the majority, away from their primary wired ISP.
  • Re:This is why... (Score:5, Insightful)

    by Jah-Wren Ryel (80510) on Sunday August 15, 2010 @03:59PM (#33258280)

    Would knowing, say, that the majority of interior shots (probably my home) are on one particular city block vs another really be worth that much more to an advertiser?

    Yes. They can correlate it with property records and figure out who you are, what bank you have your mortgage with, how much you paid for your house, when you bought it, your likely income level, if you are married (more than one name on the mortgage) and that's just from the primary property records search in some states. Start cross-referencing it with other databases and my guess is that you'll have no secrets at all.

  • by jo7hs2 (884069) on Sunday August 15, 2010 @04:09PM (#33258326) Homepage
    Potential security issues aside, geotags have always concerned me with the potential for unintended consequences. As someone with a passion for both native orchids and other rare life forms, along with history, I'm always concerned how an innocent snapshot by someone using geotagging might provide detailed location data to a poacher or pothunter. I've already seen a few plant populations decimated by a mere Flickr post, and I know I've seen geotags for the same species at other locations. I think it is a feature that should be disabled by default and used only with caution.
  • by magnusrex1280 (1075361) on Sunday August 15, 2010 @04:19PM (#33258372)
    This is pretty obvious. Without even going into detail, once you know what "geotags" are, the first thing that comes to mind is "oh crap. this could be a big problem."
  • by Anonymous Coward on Sunday August 15, 2010 @04:25PM (#33258396)

    “You‘ve got one of the biggest corporations in the world collecting very private information, selling it to the highest bidder...”

    Care to back the “selling it to the highest bidder” part up? You seem quite sure of yourself, so let’s see the evidence.

  • by supradave (623574) <supradave AT yahoo DOT com> on Sunday August 15, 2010 @04:41PM (#33258484)

    Why not just have a camera setting that says "Do not record geotag data within 1 minute of my selected location(s)"? Seems that would be the easiest fix. No extra processing needed.

  • Gimp has an exif option, I have not used it.

    But if you take a photo for Wikimedia Commons and strip the Exif, and your photography skill looks professional, some regular might assume that you are fraudulently claiming copyright ownership of some other photographer's all-rights-reserved images. Preserving your camera's Exif data tends to shift the burden of proof to whoever is calling bullshit.

  • Re:This is why... (Score:3, Insightful)

    by Trailer Trash (60756) on Sunday August 15, 2010 @05:47PM (#33258910) Homepage

    I was recently alerted to a web site where people can post pics of themselves - with the url implying naked pics. There were women there with iphone pics that had enough exif info to get their street address. I would venture to guess that when they put their pics there they didn't think it would be possible to determine who they were or where they live.

Never say you know a man until you have divided an inheritance with him.

Working...