Forgot your password?
typodupeerror
Cellphones Privacy

Mining EXIF Data From Camera Phones 175

Posted by kdawson
from the know-where-you-did-it-last-summer dept.
emeitner notes that folks at the Internet Storm Center wrote scripts that harvested 15,291 images from Twitpic and analyzed the EXIF information. This reader adds, "While mining EXIF data from images is nothing new, how many people would allow this data to leave their cell phone if they knew what it contained? The source code for the scripts is also available from the article." "399 images included the location of the camera at the time the image was taken, and 102 images included the name of the photographer. ... The iPhone is including the most EXIF information among the images we found. ... It not only includes the phone's location, but also accelerometer data showing if the phone was moved at the time the picture was taken and the readout from the [built-]in compass showing in which direction the phone was pointed at the time."
This discussion has been archived. No new comments can be posted.

Mining EXIF Data From Camera Phones

Comments Filter:
  • The metadata (Score:4, Insightful)

    by Hmmm2000 (1146723) * on Friday February 12, 2010 @02:11PM (#31115988)
    Someday soon a politician will post what appears to be a benign photo with an embarrassing long/lat location.
    • by toastar (573882) on Friday February 12, 2010 @02:14PM (#31116028)
    • by TheLink (130905) on Friday February 12, 2010 @02:38PM (#31116404) Journal
      Most people have a lassitude attitude with latitude.

      They give sites way too much latitude. Even if it may reveal their turpitude.

      Not enough aptitude and too much ineptitude.
      • by couchslug (175151)

        "Even if it may reveal their turpitude."

        This thread is worthless without pics of the pulchritude!

    • by Dogtanian (588974)

      Someday soon a politician will post what appears to be a benign photo with an embarrassing long/lat location.

      Ah... but perhaps they already have, and it's already out there- it's just that no-one has realised it yet.

      In which case, there's nothing they can do about it now. :-/

      This is why you should be cautious about what information you release. Even if there's no known exploit for information at the time you give it out; even if you tighten things up once a given danger becomes known... your old information is still out there, and now subject to *newer* information-retrieval techniques.

      If it's time-sensitive

      • by Nutria (679911)

        Ah... but perhaps they already have, and it's already out there- it's just that no-one has realised it yet.

        400 images have "location of the camera at the time the image was taken" out of 15300. 100 of 15300 have the photographer's name.

        You're all getting lathered up over 2.6% and 0.65%????? That's serious overreaction!

        • A more important fact in those statistics is:

          If your camera releases that data at all, it does so with every picture you take.

          It's not "only 2% of my pictures include the photographer's name" (the fallacy of assuming an entered name to be identical to the current holder of the device is a different discussion). It's 2% of the pictures taken were done by such cameras. ... which could be only one prolific photographer, or could be (for that sample) 400 separate cameras.

          If you're going to get lathered up (or

        • by Dogtanian (588974)

          You're all getting lathered up over 2.6% and 0.65%????? That's serious overreaction!

          Who was getting lathered up and overreacting? I pointed it out as an interesting possibility, using it as a starting point to discuss a more general (and serious) issue about privacy.

          Though as the other reply to your post points out, if *your* camera is doing it to some of your photos, it's likely doing it to *all* of them!

      • by kent_eh (543303)
        How much more information would it take to identify this guy [google.ca] to his wife? Or to someone who might want to embarrass him for some reason?
        • by Nutria (679911)

          The left-rear quarter of a medium-height salt-and-pepper hair white guy who, for all we know,

          • might already be divorced,
          • own/work at the joint, or
          • be the "old man" of some skank who works there.
  • by QBasicer (781745) on Friday February 12, 2010 @02:16PM (#31116062) Homepage Journal
    Photosynth [wikipedia.org] would probably find the information to be extremely useful. Unfortunately, the iPhone camera isn't terribly great (for now), but I can see some of the exif tags coming to more "consumer" cameras (Point and shoot). Almost every online photo service and social networking site could use this information in many ways, such as automatic correlation of pictures and events, concerts, etc.
    • Re: (Score:3, Interesting)

      by cayenne8 (626475)
      While I'm guessing you can use applications to strip this data...is there anyway (particularly on the iPhone) to keep it from setting this metadata in the first place?!?!
      • by Firehed (942385) on Friday February 12, 2010 @03:17PM (#31116854) Homepage

        Individual apps require you to give them the OK to get location data, but that only applies to shots taken from the app itself and not those that pull from the existing photo library. You can turn location services off entirely, but I can't find an immediately obvious way to revoke privileges from individual apps.

        • by cayenne8 (626475)
          "You can turn location services off entirely"

          I can't find a way to do this on an iPhone...do you know how to do this?

    • by Midnight Thunder (17205) on Friday February 12, 2010 @02:20PM (#31116122) Homepage Journal

      Now you mention it, the information from the iPhone could be useful for correctly placing a photo in an application such as Google Earth. You would know what angle the camera was in, what direction it was pointing and given the fact its a fixed zoom how line everything up. You could then even use a temporal guide to view evolution of the location over time, given multiple photos.

      • by v1 (525388) on Friday February 12, 2010 @02:56PM (#31116624) Homepage Journal

        the information from the iPhone could be useful for correctly placing a photo in an application such as Google Earth.

        iPhoto and Aperture are already taking advantage of this enhanced metadata.

        Digital cameras can really stuff the metadata in. Exposure etc are all in there usually. Sometimes other things like camera model and firmware rev.

        I wonder if any of them are putting in too much information though? As in phone number, phone ESN, email address, etc, things most would not want in their pictures without notice...

        • Just noticed that my new point and shoot includes its own serial number in there, which I kinda liked at first, since it might help me locate it should it end up in someone else's hands without my consent!

          Though it does make all my snapshots totally traceable.

    • by Sockatume (732728)

      Nokia is already working on that [nokia.com], albeit opt-in.

    • by SEWilco (27983)
      Aren't all the online photo services and social networking sites already using EXIF data? I think they're only hindered by the people who aren't inserting latitude/longitude info.
  • Wasn't there a demo during the release of the iPhone 3GS keynote that showed the use of this metadata with a bunch of GPS-aware cameras, including the iPhone and the new version of iPhoto that uses this data to create clickable maps with pushpins for each photo you have taken?

    I suppose some people could think it was "magic", since embedded data in an image isn't something that is immediately obvious to a normal user. Perhaps if it was called "Virtual Writing on the back of your Photos".

    • Yes - iPhoto features "Places", which tags them in a similar manner to what the article has done. As some have noted, the GPS data can be way wrong on an iPhone. Unlike the 5 blocks some have seen, in more rural states I've seen it be off by more than 20 miles (another city away).
      • by jo_ham (604554) <joham999&gmail,com> on Friday February 12, 2010 @02:36PM (#31116364)

        That's a time thing I think - when I fire up the map app on the phone it often takes a little while to update and settle on a GPS fix, probably because the GPS isn't powered on all the time for battery life, and it can take upto 30 seconds to register a satellite (due to the nature of the GPS signal itself), so if you just pop open the photo app and take a shot quickly you might get wildly inaccurate data.

      • by ceoyoyo (59147) on Friday February 12, 2010 @02:37PM (#31116380)

        The location data can be very wrong. If you don't have an adequate line of sight to the sky the phone will use cell towers to triangulate. If you can't see enough of them, it will use a wifi database to guess. If you've got a crappy (or no) cell connection but a clear view of the sky it might take a considerable amount of time for the GPS to lock on.

        • by furball (2853)

          If you want your iPhone location metadata to be correct, use the Map application to get a precise GPS lock. The location manager will cache that information and provide it any other application that is looking for location information. There is a caveat that you need to use other applications (such as the camera) within a certain time frame and distance moved.

      • I have nokia sports tracker on my phone (its great...I wish nokia pushed more stuff like this in the US instead of being provider lapdogs and disabling all useful features). It has an export to web function where you can see my route taken as well as stats like speed and elevation change...nice google maps overlays and charts of various things (apparently some phones even support bluetooth heartrate monitors).

        When I upload to the service, it has an option to include any media which well then include any

    • by girlintraining (1395911) on Friday February 12, 2010 @02:35PM (#31116356)

      I suppose some people could think it was "magic", since embedded data in an image isn't something that is immediately obvious to a normal user.

      Try saying "metadata" to the average computer user. It's like watching a BSOD on someone's face; And that's exactly the problem here -- devices shipping with privacy-compromising features enabled by default. Joe Average doesn't even know it's possible, let alone that his iPhone is serrepticiously leaking a bunch of personal information everytime he posts a photo he snapped with it to some internet site. I can see it now -- "Hey, check out this cute girl's panties I snapped in class..." Oops. Oh, the bitter irony to be had there -- you're busted violating someone else's privacy because you didn't know your own was being violated by your cell phone. Brilliant.

  • Warrent (Score:4, Funny)

    by toastar (573882) on Friday February 12, 2010 @02:19PM (#31116114)

    I wonder how many grow ops have been busted by the cops looking through twitpics/myspace photos metadata.

    • Re: (Score:3, Interesting)

      by StreetStealth (980200)

      I just checked my most recent Yfrog upload (of something completely innocuous) which I shot and tweeted directly from my iPhone and it looks like every last bit of metadata has been stripped. It doesn't even say what it was shot with.

      Don't know how Twitpic and others work, but so far so good.

  • Scrubbing (Score:5, Informative)

    by Anonymous Coward on Friday February 12, 2010 @02:20PM (#31116126)

    No picture leaves this computer before it has been subjected to "jhead -purejpg". Something else to look out for: Image data beyond the edge of the image after lossless resizing and orphaned preview images embedded in the JPG, showing the full uncropped picture. The latter is dealt with by the "jhead -purejpg" command, the former isn't.

    • Image data beyond the edge of the image after lossless resizing

      I never heard of that. Could you elaborate or provide a link for further reference?

  • So? (Score:4, Insightful)

    by stokessd (89903) on Friday February 12, 2010 @02:20PM (#31116136) Homepage

    Maybe I need another layer on my tinfoil hat, but after reading the summary (and only the summary, obviously) all I can say is, "So what?"

    After all, it's not like the pictures somehow snuck onto the interwebs without the users knowledge, the photographs actively put them there. Beyond that, I really don't care if someone knows my name, and where I was standing when I took a picture. In fact knowing where pictures were taken can lead to some really cool mashups of tourist photos and such.

    Wake me when exif data routinely contains my passwords, social security number, and credit card number.

    Sheldon

    • by BobNET (119675)

      Yeah, I'd be pretty concerned if I put up a gallery titled "Niagara Falls - January, 2010" and someone checked the EXIF tags to discover that I was in Niagara Falls in January, 2010...

      • by FunkyELF (609131)

        What if you're entertaining guests at your house and take a picture. In the background someone sees that you have a nice plasma TV, PS3, xbox 360, etc.... they have the lat / lon of where those goods are.

    • In fact knowing where pictures were taken can lead to some really cool mashups of tourist photos and such.

      Yes, eventually Street Maps will just be a projection of user-published pictures.

      In the meantime, a good picture uploader will include a [x] Strip Identifying Information UI widget next to the 'upload' button, so it's all informed consent.

    • by Carnildo (712617)

      After all, it's not like the pictures somehow snuck onto the interwebs without the users knowledge, the photographs actively put them there. Beyond that, I really don't care if someone knows my name, and where I was standing when I took a picture.

      Say I was taking pictures of last summer's police beating of a protester. I'd want to post the pictures immediately, not waiting until I get home and have a chance to remove the metadata, but at the same time, I'd want to post them anonymously until I'm sure I won

    • by grumbel (592662)

      After all, it's not like the pictures somehow snuck onto the interwebs without the users knowledge,

      The photo didn't, but the info did. Normally your name or at least your address is something you keep away from random strangers on the Internet, but if you post a photo with EXIF data you open that up to everybody. You also link your real name to your pseudonym or in turn allow others to connect different pseudonyms that you might have wanted to keep seperate. If you post photos regularly they can also reconstruct what you are doing all day and especially when. And of course cropping the picture might not

      • by gbutler69 (910166)

        Normally your name or at least your address is something you keep away from random strangers on the Internet,...

        Why? Seriously. When I was a child, and still to this day, anyone who has a phone can be looked up in the phone book. What is the danger of random strangers on the internet knowing your name and address? Most violent crimes (something like 99%) are committed by "friends" or family. Why is everyone so damned paranoid?

        By the way, my name is: Gerald E. Butler, I live at 2807 Summit Road, Copley, Ohio 44321.

        • By the way, my name is: Gerald E. Butler, I live at 2807 Summit Road, Copley, Ohio 44321.

          I have no mod points, so I must say: Well done, sir.

  • by raddan (519638) * on Friday February 12, 2010 @02:25PM (#31116216)
    Especially when it means 800815. I'm looking at you, Cat Schwartz [wikipedia.org]!
    • by elrous0 (869638) *
      Damn, you beat me to the reference. Sad though, the fantasy is always a lot better than the reality. I just hope when Morgan Webb takes her top off she doesn't have a bunch of nasty warts.
      • by Obfuscant (592200)
        Damn, you both beat me to the reference.

        I just hope when Morgan Webb takes her top off she doesn't have a bunch of nasty warts.

        Yeah, warts is ok by me, it's just those nasty warts that are ... well, nasty.

    • by mewsenews (251487)

      Especially when it means 800815

      BOOBIS?

  • This is why I shoot film on an old manual camera.

    • by Civil_Disobedient (261825) on Friday February 12, 2010 @02:35PM (#31116348)

      This is why I shoot film on an old manual camera.

      And then drop off my film to get it processed.
      And then wait for it to get processed.
      And then scan it with my film scanner.
      And then correct it in Photoshop.
      And then go to Google Maps and try and remember just where I was when I took the shot.
      And then extract the longitude & latitude from the Google Maps URL.
      And then convert the longitude & latitude from decimal to radians.
      And then tag my photo with appropriate tags.

      Privacy for the fail.

      • Re:no problem... (Score:5, Insightful)

        by PhxBlue (562201) on Friday February 12, 2010 @03:00PM (#31116668) Homepage Journal
        And, as you sort of pointed out, it's not even privacy unless the photographer develops his own film.
      • by Dogtanian (588974)
        That assumes that he *wants* to put that info back into the majority of his photos, of course.

        But ignoring that elephant in the room :-) there are a few other things:-

        (1) If you're not obsessed with the quality, you can have your photos scanned when they're processed, and returned to you on a CD.

        (2) The "correct it in Photoshop" forgets that digital photos could often do with a bit of work in Photoshop as well.

        (3) I'd be surprised if someone hadn't already invented a tool that used Google maps someh
    • by imunfair (877689)

      Well if you're taking photos with a digital SLR you're probably saving to RAW, and then resaving a post-processed version in another format, so this wouldn't be an issue.

      • Re:no problem... (Score:5, Insightful)

        by ceoyoyo (59147) on Friday February 12, 2010 @02:40PM (#31116430)

        Most RAW processing software preserves the tags embedded in the RAW file.

        Presumably if you're doing RAW processing you're smart enough to know what EXIF is and make a conscious decision about which tags you want in your web-posted JPEG, but you never know.

  • by Anonymous Coward on Friday February 12, 2010 @02:33PM (#31116322)

    EXIFs can also contain thumbnails that can sometimes reveal more than needed after for example cropping the original.
    http://no.spam.ee/~tonu/exif/ [no.spam.ee]

    • I recall encountering at some point a bug in which windows would not regenerate the thumbnail preview for a jpg. this caused some hilarious results when i became the recipient of an edited (black censor bars editing) photo whos thumbnail was still pristine.

  • The horror! (Score:4, Insightful)

    by paimin (656338) on Friday February 12, 2010 @02:34PM (#31116332)

    It not only includes the phone's location, but also accelerometer data showing if the phone was moved at the time the picture was taken and the readout from the [built-]in compass showing in which direction the phone was pointed at the time.

    Not only that, the file exposes an image from the phone's camera. Won't someone think of the children!

  • ... of stripping [fileguru.com] the EXIF metadata. Just saying.

  • You have to go out of your way to include location in your pic. You need to be outdoors with most phones to get a clean GPS signal and have the GPS on the phone switched on and the camera set to include GPS data. GPS is still an advanced (and desired!) feature on non-mobile phone cameras that people pay extra money for. It's just that many phones now happen to include both a camera and a GPS so giving the user the option to record the two makes sense. On a decent camera, in all but the top of the line SLRs

    • by ceoyoyo (59147)

      The risk isn't from SLRs or compact cameras, it's from the people who emit a steady stream of blurry, compromising pictures from their cell phone cameras directly onto thing like Twitter. Now, they probably don't really care about privacy anyway, but it's worth noting.

    • by KC7JHO (919247)
      Yep those pictures of that chick you took with your cell phone and then forwarded to everyone at your school? Yep those pictures have your name saved to the EXIF data and is easily readable on any computer some one wants to upload them to. In fact I bet "There is an App for that!"
      • by syousef (465911)

        Well if you're dumb enough to take those pics, and you're dumb enough to forward them, and you're dumb enough to do that without stripping the EXIF, you deserve what you get.

  • Personally, I enabled the GPS tagging on my phone on purpose. Normally it's off, and the only other interesting thing in the exif tags are the model of the phone. I enjoy having a GPS tag on each pic in case I want to go back and look at exactly where I was when it was taken. I did remember to turn it off before taking a picture of the secret location I buried my treasure of gold doubloons, so I think it should be safe.

    Long story short, what could possibly go wrong? I could see how an Iphone user (if th

  • I never publish photos with any EXIF.
    There are tons of utilities out there to remove it, I use this: http://www.sentex.net/~mwandel/jhead/ [sentex.net]

    I still have to silence the cell phone camera. It is annoying.

  • "Twitpic"? (Score:3, Funny)

    by John Hasler (414242) on Friday February 12, 2010 @02:43PM (#31116462) Homepage

    Amazing honesty.

  • by AdamTrace (255409) on Friday February 12, 2010 @02:43PM (#31116464)

    Someone posted a picture of their girlfriend's rear end with a sharpie sticking out of it to a popular anonymous image-sharing web board.

    Unfortunately, the image contained EXIF data, including latitude and longitude. It was quick work to come up with a name and address and all sorts of other information...

    Good times.

    • I wouldn't know about that, I have Verizon Wireless.

    • As disappoint in myself I am to admit it, I've seen a few threads that went that way.

      "Hey look, I'm a camwhore with bathroom mirror nudie pix!"

      "Hey, look, I found your lat/lon in the EXIF data"

      "Hey, look, I found your house on Google Maps at this link. RAEDZ!"

      • Re: (Score:2, Funny)

        by Anonymous Coward

        The real disappointment happens when the 'houseguests' show up at the exact L/L location and realize it's about five houses off, and they bang on the door to the house of some fat slob who shows up at the door with his bath robe half open.

    • by Dogtanian (588974)

      Someone posted a picture of their girlfriend's rear end with a sharpie sticking out of it to a popular anonymous image-sharing web board.

      Could she write stuff with it, or did she have it in, um... the wrong way round to do that?

  • Facebook strips exif (Score:2, Interesting)

    by Leebert (1694) *

    I've actually found it kind of annoying that Facebook strips exif data. I've wanted to pull it out of some of the pics of friends' iPhone photos and creep them out by knowing where they were when they took them. :)

    • by ianezz (31449)

      Facebook strips exif

      Facebook doesn't have the original image data: images uploaded via its Java applet are already scaled down, in multiple sizes (all the sizes FB uses them), possibly reencoding everything to jpeg with low quality. It's a way to offload the scaling work to clients (storage is cheaper than CPU).

  • FBI Agent A: Dammit guys, they found out about the EXIF stuff. Now what are we going to do to get data from these pictures?

    FBI Agent B: Let's just Photoshop in some crack like we used to.

    FBI Agent A: Promote that man!

  • More fun with Math (Score:5, Informative)

    by Snowgen (586732) on Friday February 12, 2010 @02:47PM (#31116504) Homepage

    399 images included the location of the camera at the time the image was taken, and 102 images included the name of the photographer. ...

    Or, to summarize from the other point of view...

    "97.4% of images did not include the location of the camera at the time the image was taken, and 99.3% of images did not include the name of the photographer. ... "

  • by TejWC (758299) on Friday February 12, 2010 @02:48PM (#31116506)

    Sorry for being off-topic here, but I was wondering if anybody knows a good OSS EXIF editing library/software.

    I tried libexif, but it seems to be rather limited in functionality (you can't add in new comments) and other libraries seem to be read only. It would be really useful to be able to easily edit the EXIF data like location, name of photographer, etc.

    • Re: (Score:3, Informative)

      by ianezz (31449)
      Exiftool [queensu.ca]. Perl, but with standalone packages for platforms where Perl is not available by default.
  • how much I paid for the features, it damn well better be in there.

    The real issue at hand is that neither the camera or management software have a system to remove/obfiscate that data and some apparently deliberately hide it from you.

  • ... The title pretty much sums it up. Big Brother was made "cool" and the public welcomed it with open arms.

  • Accelerometer (Score:2, Interesting)

    by kcitren (72383)
    How good is the accelerometer and digital compass? Is it good enough to be able to do some blur / shake reduction of the image? Or how about improved panorama auto-stitching? This could actually be interesting... Maybe I need to break down and get an iphone, or wait for a camera enabled ipod.
  • Some particularly non-techie types that enjoy taking and sharing pictures of under-18 folks have been known to save and distribute such pictures with EXIF data. Sometimes including GPS information or camera serial number data.

    The camera serial number is useful if the owner registers the camera with the manufacturer. The serial number can be used to look up the registration.

    The GPS information is of pretty obvious value, assuming the pictures are taken at home. Put that information into a GPS device and i

"How do I love thee? My accumulator overflows."

Working...