Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Cellphones Social Networks Your Rights Online

How People Broadcast Their Locations Without Meaning To 106

wjousts writes "Smartphones include geotagging features that many people aren't aware of, MIT's Technology Review reports. And it's not just in the obvious places: 'For example, by looking at the location metadata stored with pictures posted through one man's anonymous Twitter account, the researchers were able to pinpoint his likely home address. From there, by cross-referencing this location with city records, they found his name. Using that information, the researchers went on to find his place of work, his wife's name, and information about his children.'"
This discussion has been archived. No new comments can be posted.

How People Broadcast Their Locations Without Meaning To

Comments Filter:
  • Duh. (Score:5, Insightful)

    by _0xd0ad ( 1974778 ) on Friday April 22, 2011 @11:33AM (#35907466) Journal

    Anyone who's been to 4chan should know this.

    • Re:Duh. (Score:5, Informative)

      by _0xd0ad ( 1974778 ) on Friday April 22, 2011 @11:36AM (#35907482) Journal

      I might as well also point out that 4chan strips the EXIF data from uploaded images for exactly this reason.

      • Re: (Score:3, Informative)

        Not to forget, Facebook strips EXIF too.
        • Re:Duh. (Score:5, Informative)

          by _0xd0ad ( 1974778 ) on Friday April 22, 2011 @11:54AM (#35907664) Journal

          True, although Facebook has always stripped EXIF. 4chan didn't use to strip EXIF.

          Facebook also compresses the images all to shit, too, although they recently made it possible to let people download a higher-quality version.

          • Well...people who care about the quality of their photos often use something like flickr. Not that I don't put my nice photos on facebook too...I just don't expect much and prefer quick loading files that I can flip through as fast as my eye can register that it is another random facebook pic that I don't care about. I would imagine facebook trims all metadata as a way to speed up loading (millions of pictures turns into a lot of metadata considering how much stuff some cameras include)

            Sites like flickr

          • With Facebook always stripping and 4chan not always stripping, we can reasonably conclude without any pictures at all that Facebook works at a strip club.

            By cross referencing the fact that "4chan didn't use to strip", we can also reasonably conclude that Facebook is a gateway to stripping.

            And from there, we can reasonably conclude that Facebook, being the more mature stripper, probably holds the leash attached to the dog collar on 4chan's neck when they strip together on stage.

            MIT's report isn't so impressi

    • Re:Duh. (Score:4, Insightful)

      by wjousts ( 1529427 ) on Friday April 22, 2011 @11:57AM (#35907706)
      Considering the proportion of people that have been on 4chan versus the general population, that's not particularly helpful.
      • Re:Duh. (Score:5, Insightful)

        by _0xd0ad ( 1974778 ) on Friday April 22, 2011 @12:04PM (#35907758) Journal

        Considering the proportion of people that have been on 4chan versus the people who'd publicly admit to it, it might be more helpful than you'd expect.

        • Considering the proportion of people that have been on 4chan versus the people who'd publicly admit to it, it might be more helpful than you'd expect.

          Considering the fact that most of the population doesn't know about "breaking news" related to the computing world(specifically security) until they hear about it on the evening news, and the fact that news outlets can't even spell 4chan, much less know what the hell it is, I'd say the overall level of ignorance pretty much remains the same. Doubt you'd find even 1 person out of 100 that knows what EXIF data is anyway, they're far too busy tweeting about their picture collection and posting it for the worl

          • Doubt you'd find even 1 person out of 100 that knows what EXIF data is anyway, they're far too busy tweeting about their picture collection and posting it for the world to see anyway, they don't have time to be concerned about such trivial things as privacy anymore.

            I think you're being a little unfair there. It's not that they aren't concerned, it's that they don't even know that they don't even know what EXIF is.

            • Doubt you'd find even 1 person out of 100 that knows what EXIF data is anyway, they're far too busy tweeting about their picture collection and posting it for the world to see anyway, they don't have time to be concerned about such trivial things as privacy anymore.

              I think you're being a little unfair there. It's not that they aren't concerned, it's that they don't even know that they don't even know what EXIF is.

              Unfair? Nah, not really. Given peoples propensity to post every minute detail of their personal lives on Farcebook and Twitter for the world to see, I'd say there are far more people who simply don't care anymore about privacy.

      • Re:Duh. (Score:4, Informative)

        by Hultis ( 1969080 ) on Friday April 22, 2011 @01:06PM (#35908390)
        You do realize 4chan's Alexa Traffic Rank is 632, right? Compare this to Slashdot, which is ranked 1296. 4chan isn't exactly the well-kept secret some people want to think of it as.
        • I wonder if Slashdot's Alexa rank is lower because Slashdot users tend to not want to have a damn spyware toolbar on their browser :)
    • by mcmonkey ( 96054 )

      While the hidden data in image files is interesting, the real news here is there are people left who don't mean to broadcast their location.

      I suspect these researchers started with a picture of a man standing in front of his house, with the house number visible, and a street sign in the background, and a sign on the house reading "Welcome to the home of John and Jane Smith," while the man wears a "Hi, My Name is John Smith" name tag.

      And there were able to decode the image meta-data to discover they had a pi

      • by bberens ( 965711 )
        Pictures taken on your phones contain GPS information. So most people posting pics online of their kids or whatever are giving away the GPS location. If there's a bunch at exactly the same GPS location you can guess that it's the person's house.
        • by icebike ( 68054 )

          You don't need GPS information to get in trouble.

          Shortly after Gulf II, during the occupation phase there appeared several images of combat missions, including firefights, tank fire, etc, posted on various sites by soldiers who withheld their names. Many of these had full EXIF info, many of them even had the name of the camera owner of a high end DSLR (which I didn't even think an authorized in a war zone). (Canon as I recall).

          Being secretive enough to snap his buddies only from the back, and not give his

      • Re:Duh. (Score:4, Funny)

        by Registered Coward v2 ( 447531 ) on Friday April 22, 2011 @12:30PM (#35908000)

        In other news, I have a picture of someone standing in front of the Eiffel Tower. The image meta-data indicates the person was in Paris at the time.

        You've revealed even more info with your post - you do not work for the USPS. If you did, the meta-data would indicate you are in Las Vegas.

      • In other news, I have a picture of someone standing in front of the Eiffel Tower. The image meta-data indicates the person was in Paris at the time.

        Well, I've seen pictures posted from someone's iPhone taken in their bedroom that contained the GPS coordinates of their house. Unlike the Eiffel Tower, their bedroom wasn't spectacularly distinctive. I'd never have known where they lived if it wasn't for the GPS metadata.

        • You couldn't get a detailed location from that picture (or at least you didn't know -- there actually might be a good deal of information available from things like the angle of the sun/etc.). But you did get a lot of other potentially private information about the layout and contents of the bedroom. The point is that publishing photos to the Internet inherently reduces your privacy, and the possibility of location stamps is only a small part of that. Focusing on EXIF data ignores the larger problem -- we s

        • I've seen pictures posted from someone's iPhone taken in their bedroom that contained the GPS coordinates of their house.

          Given that GPS devices generally don't work indoors (and often don't work under significant foliage), this begs the question of whether associated cameras report (in their EXIF data, or whatever) the last valid GPS location received, or a "rogue value" (e.g. Long 361, Lat 361), or a marine location off the west of Africa (Long 0, Lat 0).

          I'm sure commenters won't read this far, but I'm th

          • Most likely it was the last fix made by the device from somewhere in the vicinity of their front door.

            • somewhere in the vicinity of their front door.

              s/their front door/the last time that the GPS module saw enough sky for long enough to update it's position/

              Which, given that GPS is, as I said, often affected by foliage, being under a roof, to a significant degree even by cloudy/ rainy weather ... could well be a very different location to what gets written into the time-position database. And of course, there is no "right" answer, so pretty much every device's programmer is free to choose how to implement th

              • Considering that they work pretty well in moving vehicles (hence GPS mapping on smartphones), it's a fair bet that it held its fix right up to their front door.

                • OIC : your worldview includes an expectation of seeing sky from your front door. That's an interesting comment in itself.

                  So, have you ever lived in a building with several hundred other households? Where it could easily be 10 minutes walk (waiting for elevators, etc) between your GPS device (SatNav, whatever) losing sight of the sky and you arriving at your domicile (in the sense that a search warrant would be limited to one such premises).

                  I'm planning on consuming beer next Friday with one of our programm

                  • No, my "worldview" (isn't the right word, but as it's the word you picked, we'll go with it) includes an expectation that when someone posts pictures online showing themselves in their house and the pictures are GPS-tagged with approximately the front yard of a typical residential dwelling place, it's a fair bet that they live there.

      • by jd2112 ( 1535857 )
        The metadata was faked. The picture was taken by the replica in Las Vegas. On the other hand if the USPS had bothered to check metadata it might have saved them some embarrasment.
  • by dtmos ( 447842 ) * on Friday April 22, 2011 @11:38AM (#35907510)

    The lack of interest in personal privacy is probably the 21st Century's social movement that most surprised me. If someone had told me in 1991 that in 20 years people would want to publish their personal photographs to the world, and announce to everyone literate when they would be out of town, I would have said they were nuts: They're obviously risky behaviors in which no thinking person would engage.

    How wrong I was.

    • by 0123456 ( 636235 )

      Surely Microsoft have conclusively proven that most people value convenience far more than security?

      The big problem is that companies add these 'convenience' features with no warning and no easy way to remove them. Having to manually strip exif data from every image is painful, to say the least.

      • by ThatsMyNick ( 2004126 ) on Friday April 22, 2011 @11:46AM (#35907574)
        mogrify -strip *.jpg will do!
        • exiv2 rm *

          * because there might be a mixture of images that I'm due to upload somewhere or other.
          From my camera (CHDK [wikia.com] FTW!) they are all .JPG or .DNG.
      • Surely Microsoft have conclusively proven that most people value convenience far more than security?

        The big problem is that companies add these 'convenience' features with no warning and no easy way to remove them. Having to manually strip exif data from every image is painful, to say the least.

        The big problem is more that most consumers don't realize that they're giving up security when they give up privacy - as with GP's example, telling the world when their house is vacant, and even giving the world their regular out-of-house patterns.

      • I didn't even know this stuff existed. I own nothing with a GPS, especially not a GPS in a phone or camera. Maybe there's a way I could laboriously enter my name into my digital camera but I don't even see the point. I'm so backwards I still don't even see the point of wanting random strangers to see your photos or know what you had for lunch.

        So which is it: the manufacturers are insane for adding this stuff, or the customers are insane for wanting it?

      • by jd ( 1658 )

        It's worse than that. Based on the somewhat heated discussion I had in which I was slammed for stating that privacy and security are an aspect of freedom, I'd have to say that not only do people value convenience far more than security, they regard security as a major liability,

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Most people don't intend to post pics with geo-information tagged in it. Cameras starting adding the data as the "default" option a couple years ago, and no one (except nerds) took notice. So now we have millions of pictures floating around with lat/long data encoded in them. I couldn't believe cameras chose to embed the data automatically -- that's where the real disbelief is. Humans probably would turn it off if they knew it was on.

      • by sglewis100 ( 916818 ) on Friday April 22, 2011 @12:04PM (#35907762)

        Most people don't intend to post pics with geo-information tagged in it. Cameras starting adding the data as the "default" option a couple years ago, and no one (except nerds) took notice. So now we have millions of pictures floating around with lat/long data encoded in them. I couldn't believe cameras chose to embed the data automatically -- that's where the real disbelief is. Humans probably would turn it off if they knew it was on.

        Oh please. People check into FourSquare or Facebook religiously, and tweet that they are leaving for vacation, and then come home and post pictures for the world to see. The problem isn't that they are unaware their location can be tracked. It's that they are proud to broadcast it. Actually problem is the wrong word for me to use... they don't see it as a problem.

        • tweet that they are leaving for vacation

          Isn't relying on people not knowing you're on vacation the real life version of "security through obscurity"? There are similarities at least.

          • Yes, but so is not having your SSN tattooed on your forehead.

          • There's a difference between telling your neighbors "We'll be out of town over the weekend, could you keep an eye on our house for us" and telling the entire Internet "We're leaving our house vacant this weekend and, by the way, here's a geotagged photo of our kids playing in the backyard." Just because Security Through Obscurity doesn't work in some instances doesn't mean it is a bad idea in all instances. Similarly, just because openness is a good idea in some instances, doesn't mean it is a good idea i

            • If there are a statistically significant number of numskulls, security-wise, doesn't that ironically make it somewhat "safe"?

              If there are lots of "targets" any one poster's odds of being hit is less.

              I suspect burglary is largely a crime of convenience and there is not a lot of high tech "casing the joint" kind of work going on.

              Personally, I don't post any clues about my life, but I am just trying to be objective here.
        • Oh please. People check into FourSquare or Facebook religiously, and tweet that they are leaving for vacation, and then come home and post pictures for the world to see.

          There's a difference between data people choose to share and data they share without knowing they are doing so. Guess which one GP is concerned about.

          • I wasn't concerned with one poster. I was replying to a post that mentioned "most people", not "me specifically".
          • by dtmos ( 447842 ) *

            Actually, I'm concerned about both, since I consider them to be the same issue. A thoughtful person minimizes the amount of his personal data he makes public not only for the reasons he knows about, but also because he can reasonably expect that making his data public may be to his detriment in ways of which he is unaware: He knows that he is not omniscient, and that technology advances over time, so that things impractical or uneconomic today may be both trivial and profitable (if only to a criminal) tom

      • I like having the geo-location metadata embedded in my photos. Services like Facebook and Twitter really should sanitize photos by removing most, if not all, of the EXIF data by default, though.
        • Or at least provide a checkbox on the upload page that lets you turn the EXIF data on and off.

          Personally, I kind of like having EXIF data on *some* of the photos I post -- for example, if I take a morning cruise around the mountains where I live on my motorcycle, I don't see the problem with posting a photo to Picassa with EXIF data of where I was at. In fact, sometimes, that's kind of the point: "here's something nifty I found, and here's where it's at so you can find it, too!" On Picassa, I
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      And yet, those very risky actions become fairly safe, based on the sheer number of people doing it. As they mention in the article, the sheer volume of information available makes it impossible to keep up with everyone. If someone wants to pick out one person from the stream, they face a very difficult tactic. It becomes Zebra security--having identified a target, there is nothing that gives that target much security. But as long as you are in the herd, it's likely not cost effective to try and pick som

      • by PPH ( 736903 )

        But as long as you are in the herd, it's likely not cost effective to try and pick someone off.

        Until someone develops some AI to mine all this data for the weakest members of that herd. That's how lions hunt. They don't go looking for one particular zebra. They just spot the one who stands out as being just a bit slower than the rest. Child molesters work in much the same manner. They have developed something akin to a sixth sense that enables them to pick out the vulnerable individuals (one that will freeze rather than scream and aim a kick at the nuts). I predict the development of neural net apps

      • That's not quite the way it works. You end up on a list -- everyone inevitably does, unless you live "underground" -- a research company searches databases for your info, which leads them to more info...
      • And yet, those very risky actions become fairly safe, based on the sheer number of people doing it.

        "Safe" in the same sense that statistically speaking nobody wins the lottery. Yet people still play...

        • by icebike ( 68054 )

          And yet, those very risky actions become fairly safe, based on the sheer number of people doing it.

          "Safe" in the same sense that statistically speaking nobody wins the lottery. Yet people still play...

          Also safe in the sense that not everyone is interesting, especially to the would-be stalkers.

          But the good looking woman who posts pics from around her home HAD BETTER be aware of
          geotagging defaults of her cell phone.

          Not everyone needing to take these precautions knows about this issue. And the techno-ditz who got an iphone from daddy
          is probably most at risk.

          I geotag all my travel photos. I sometimes whip out my cell and take the same shot I just took with my DSLR just so that
          I can manually geotag the high

  • by 93 Escort Wagon ( 326346 ) on Friday April 22, 2011 @11:42AM (#35907546)

    For example, by looking at the location metadata stored with pictures posted through one man's anonymous Twitter account, the researchers were able to pinpoint his likely home address. From there, by cross-referencing this location with city records, they found his name. Using that information, the researchers went on to find his place of work, his wife's name, and information about his children.

    They may be calling themselves "researchers", but it's pretty obvious they're just a bunch of really creepy dudes.

    • They may be calling themselves "researchers", but it's pretty obvious they're just a bunch of really creepy dudes.

      How did they know the anonymous feed was a man? They were probably hoping it was a chick, and got pissed that it wasn't and started stalking the guy.

    • by Anonymous Coward

      They may be calling themselves "researchers", but it's pretty obvious they're just a bunch of really creepy dudes.

      I didn't know there was a difference.

    • by Nehmo ( 757404 )
      The non-identifying "researchers", the non-specific "city records", and the rest of the vagueness ending with the scary "information about his children" all mean this really didn't happen. It was just a plausible set of occurrences the author made up for the article. There are a number of steps in the described process that aren't sure. It's not always easy to find someone's employer from their name, for example.
      • Um, are you unaware that you can look up the city records for any address and find out who owns the deed to the property? Google and/or the White Pages are useful tools too.

      • Did you even bother to read TFA?

        During a presentation at the computer security conference Source Boston, Ben Jackson of Mayhemic Labs and Larry Pesce, a senior security consultant with NWN, described the way photos taken by many phones are routinely encoded with latitude and longitude tags.

        Emphasis mine. So there goes your "non-identifying" researchers.

        To make people aware of the dangers of this data, Jackson and Pesce launched a site called I Can Stalk U [icanstalku.com], which searches Twitter for posts that reveal locati

  • Although they claimed complete anonymity (and they were probably right since they were just measuring waves and not recording them), our local news-radio station was going on and on about how they were tracking traffic near Obama to check for non-disclosed road closures by tracking cell-phones--specifically finding areas where cellphones in roads suddenly stop and cluster.
    • by icebike ( 68054 )

      Google maps with the traffic layer turned on.
      Its in every smartphone, and its pretty accurate, with no discernible delay. You can watch concert and ball game induced traffic slugs in nearly real time.

      But road closures can not be distinguished from mere lack of traffic, and most of the time president induced closures are designed to route around rather than hold people captive for long periods.

      What really sucks is when they shut down an entire airport and sometimes an entire cities just so that the presiden

  • My G2 hasn't been geotagging my photos. Unfortunately for the gal I've been chatting with from Craigslist, hers does :D
  • I think educating people about this is good, but it should also be clear that this isn't the default on all platforms. The iPhone for example specifically asks when a user uses the camera if they want to allow the camera program access to the users location. In iOS 4, this was expanded to also provide information right on the prompt about why this info was requested. On or off is presented equally. It's the users choice to geotag photos on the iPhone, and that choice can be changed at any time. From what I understand, other platforms are similar.

    iPhoto on the Mac will also default to stripping location data before exporting the photos anywhere. This includes both publishing the photos online, or exporting them to a folder outside the iPhoto data store.

  • At some point in the future photosynth-style image matching could be combined with streetview images to locate a photograph without the need for GPS info.

    Simlarly, I expect 'search by face' to become more of an issue than being tagged in a Facebook photo.

  • The real questions are:
      How much can we trust the various "Off" switches for the multiple "Location Services" on our mobile devices?
     
        How much responsibility do companies have to make sure their devices' default settings don't "invite" crime and invasion of privacy?
     
    Who checks to keep these businesses honest?

  • ... at least in Android. You have to explicitly turn it on if you want to do it. So this story is mostly FUD IMO, unless it is iPhone only, in which case it should specifically say "iPhone" instead of "Smartphones"

  • Smartphones include geotagging features that many people aren't aware of,

    In other news ... people who buy complex devices and DON'T Read The Friendly Manual, From Cover To Cover, Twice ... get bitten in their shiny metal asses. Big fucking deal.

You can be replaced by this computer.

Working...