I recently got back from a very awesome trip to the Amazon where, among other things, I spent a day climbing up some extremely tall trees to check out the canopy. One of the guides, Leionide, who assisted in this little adventure was kind enough to snap some photos of our climb and let me copy them to my thumb-drive when the day was done.
Afterwards I posted one of the photos to Facebook and was surprised to see that after it had posted there was a Facebook description of the photo already written in. It read, “© — Leonide Principe, all right reserved”. Though I was surprised to see that message there I immediately knew what had happened. Leonide must have added some special metadata to the image before he had given it to me. Embed some extra information into the image file itself. I decided to check out what other information was hidden in this file and used http://regex.info/exif.cgi to find out What I found was scores of different bits of information from camera type and shutter speed, to the photographer’s phone number and website (See a screenshot of my results here).
I remembered reading a while back that an Anonymous hacker had been caught due to the timestamp and GPS metadata in a photo he had tweeted, and decided to take a picture with an iPhone to see how that metadata compared to the photo from my Brazilian photographer guide. While the iPhone photo had significantly less peices of data, and nothing about copyright, it did show that I was using an iPhone 5s (with a lot of lens and expousre deatails included), but also gave me the exact latidude and longitude where I had taken the photo. After seeing that the iPhone automatically attached GPS information to every photo that it took I opened up Photoshop to see just what other kind of information a person, or program, could embed into an image file. This time I was really shocked to find just how much information you could embed. A list of some of the more interesting fields I found are below…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Clearly, from fields like “Referring Physician” photo metadata is designed to handle a wide range of uses, which in theory is fine. What is disturbing, is how most people are unaware that when they share photos they potentially share much more information than they may like to divulge. For example, you might disabled all of the location preferences that Facebook gives you, but when you upload a photo to Facebook from your iPhone you’re telling Facebook exactly when and where you took that picture, something I believe a lot of people don’t realize. I know that Facebook removes most that metadata when it posts your image, so other Facebook users cannot see it, but I have no idea what Facebook itself does with that information.
In general I think the public would be well served to understand what information is attached to the photos that they so readily share and learn how to manage that metadata to share only what they want to. One easy way to do this is to scrub (aka delete) the metadata associated with an image before you upload or share that image. Lots of apps allow you to do this with a single click. Below are just a few…
| iOS (iPhone/iPad) | Web App (Website for all platforms) |
| Android | Windows |
| OS X (Mac) |
These applications all give users the ability to share their photos without sharing any extra metadata that may reveal personal details. In an era where photo-sharing has become an everyday activity it has never been more important to understand what exactly we sharing and with whom. Hopefully by better understanding photo metadata we can continue sharing our favorite photos without giving up our privacy.
Notes
After some tinkering I found that Facebook only automatically adds a description to photos from the original photo’s metadata when the photo is part of a Facebook photo album, not when that image it uploaded as part of a Facebook ‘post’.
I imagine Facebook uses it/wants to use it for location based services (read: location based adverti$ing)