Share with your network!
Even if you are not a celebrity, you should be concerned about the metadata that may be included in the photos you share on the Internet, deliberately or inadvertently. JPEG photos contain a header known as EXIF information. This may include the data and time the photo was taken, the make and model of camera, the exposure, aperture, and focal length of the lens, and for cameras and smartphones with a GPS, the exact location of the camera when the picture was taken. We’ve just seen an example of how this data can potentially be used maliciously.
A second wave of stolen celebrity photos hit the Internet over the weekend, including further photographs of actress Jennifer Lawrence, and gymnast McKayla Maroney. Most of the people sharing these photos refused to touch the pictures of Maroney, due to reports that she was under eighteen when she took the photos. If this is correct, and if they were sexually explicit, this would make them child pornography under US law, as well as the violation of privacy, morality and copyright that distributing any of the stolen photos is. However, the new photographs of Maroney were being reposted on an underground forum on the anonymous Tor network. One hacker went further than that, and used metadata in the photos to deduce and publish Maroney’s home address.
At least one of the pictures of Maroney contained latitude and longitude in the EXIF information. This was used along with Google Maps to determine the street address of Maroney’s home. The hacker then went to Zillow, and found a realtor’s listing from the last time the home had been on the market. This still had a virtual walk through of the house. He posted both links to the forum. Another poster put up a comparison of the interior architecture in the realtor’s photos and Maroney’s selfies to prove that it was the right address.
This did not get the best reception on the forum – even on the dark web there are limits to what is acceptable. Comments included:
Guys, I get wanting the pics, but creeping on the EXIF data - don;t you think that is too far?
Now some f**s gonna go and stalk her there or creep into her house…
idiots, who cares where she lives? this is about pics
You guys need to f**k off with this stalking shit. This is for leaks, not for your internet detecitve b******t.However, as I said, it’s not just celebrities that should be concerned about disclosing their exact location every time they post a picture to the Internet. The good news is that some web sites will remove this data. Facebook strips this information before publishing your photos (though they may be preserving it for internal use). Flickr, however, gives you the option of making this information generally available. It also allows searching from photos taken near a particular lat/lon. It might be possible for a cybercriminal to write a bot that tracks the Flickr users in a particular neighborhood to see when they go on vacation, and flags their home as a candidate for robbery. To hide your location data in Flickr, go to the Settings page on your Flickr account, click on the Privacy and Permissions tab, and set Hide your EXIF data to Yes. As we’ve seen, even pictures intended to be private can be compromised. To maintain your personal privacy and safety as much as possible in this event you may wish to use a metadata removal tool on all your photos. Examples are Batch Purifier Lite for the PC or ImageOptim for the Mac.