IPHONE & ANDROID GEOTAGGING DANGER
Without realizing it, many iPhone, Android, Blackberry and other smartphone users are revealing a lot more to the world then they may realize -and it can be dangerous.
Many smartphone apps use GPS signaling or embedded information in photos uploaded from your phone for “geotagging”. This tagged information from your iPhone or Android or other smartphone can be used or captured to display exactly where a user is when they post pictures, blog, shop online, use online mapping, or utilize many other GPS enhanced services.
So What Exactly is Geotagging?
- Geotagging adds geographical identification to photographs, video, websites and SMS messages or embedded Internet communications. A geotag is a 10-digit world grid coordinate that can be added to almost everything you post on the internet.
- Geotags are automatically (and often invisibly) embedded in Internet app service logons and communications, ut are especially obvious in photos taken with Smartphones. Many people are unaware that the photos they take with their iPhones, Androids or other Smartphones and upload to the Internet have been geotagged.
- Though not automatic, pictures posted to photo sharing sites like Flickr and Picasa can also be tagged with location.
- Digital cameras and Smartphones have had geotagging capabilities for quite some time. JPEG and TIFF, the most common photo formats, have a special space in the file format for EXIF information (called metadata) to capture geographical information of where a photo is taken. It can easily be read by online or offline applications.
- Most modern digital cameras do not automatically add geographical location metadata to pictures, but many do and often this function is enabled by default.
- Even when GPS functions aren’t on a phone or are turned off, locations on uploaded photos can still be tagged manually on most photo sharing sites revealing far more information than many users realize.
Security experts and privacy advocates have recently begun warning about the potential dangers of geotags. Because the location data is often not visible to casual view, many people do not realize they could be compromising their privacy or safety when they post geotagged media online.
CELEBRITY ADAM SAVAGE PERSONAL INFORMATION REVEALED
One of the hosts of the popular MythBusters series on the Science Channel, Adam Savage, posted a picture of his Toyota Land Cruiser using Twitter’s “Twitpic” service with his iPhone in August of 2010. He had no idea how much information he had revealed to potential robbers or other malefactors in that quick and simple action.
• Embedded longitude and latitude embedded in the photo revealed his exact location.
• His caption “Now I’m off to work” implied this address was his home.
• The picture itself revealed the vehicle he drives and owns.
• The time-stamp in the photo file disclosed when he leaves for work.
Interviewed by Kate Murphy in the August 11, 2010 New York Times (http://nyti.ms/917hRh), Adam said that he knew about geotagging, of course, but had neglected to turn off the phone’s GPS. He acknowledged he had not considered how much information could be deduced from the mere action of posting a photo and caption, however. Though he brushed off the incident with his usual wit he has since disabled the GPS function on his iPhone and moved from this residence.
INFORMATION FOR STALKERS OR BURGLARS
Mathew Honan writes in his article in Wired Magazine in 2009 about the “Location-aware” lifestyle. When experimenting with some of the location aware apps he noted that GPS could give away a lot more information than people might realize as he observes in his “experiment” below.
“To test whether I was being paranoid, I ran a little experiment. On a sunny Saturday, I spotted a woman in Golden Gate Park taking a photo with a 3G iPhone. Because iPhones embed geodata into photos that users upload to Flickr or Picasa, iPhone shots can be automatically placed on a map. At home I searched the Flickr map, and score-a shot from today. I clicked through to the user’s photostream and determined it was the woman I had seen earlier. After adjusting the settings so that only her shots appeared on the map, I saw a cluster of images in one location. Clicking on them revealed photos of an apartment interior – a bedroom, a kitchen, a filthy living room. Now I know where she lives.”
Mathew went on further to draw some conclusions about leaving a photo and information about an upcoming trip he was planning on a popular social site. He realized that just by posting this information from his home what might happen.
“Did I really want to tell the world that I was out of town? … anyone who cared to look at my Flickr page could see my computers, my spendy bicycle, and my large flatscreen TV all pinpointed on an online photo map. Hell, with a few clicks you could get driving directions right to my place – and with a few more you could get black gloves and a lock pick delivered to your home.”
COULD SOLDIERS INADVERTENTLY GIVE AWAY MILITARY SECRETS?
Some astonishing repercussions are taking place as a result of our ever more hyper-connected world. It was recently demonstrated by the “Facebook” energized revolution in Tunisia and Egypt. The phenomenon of U.S. soldiers deployed all over the world, many of whom own personal phones with camera and Internet capability, set a new standard of ‘loose lips sinking ships”. While some locations where they are posted may be public many locations are classified, even very sensitive. Soldiers innocuously uploading photos that contain location coordinates could furnish valuable information to enemy forces. Publishing photos of classified locations might be detrimental to a mission and could be serious enough to violate the Uniform Code of Military Justice.
A quick example can be easily found. A simple search for “Afghanistan” on Flickr shows thousands of photos that have been uploaded and location tagged.
WHITE HAT HACKERS AND OTHERS HELP
Some academic researchers and independent Web security analysts, who call themselves “white hat hackers,” are attempting to raise awareness about geotags by releasing studies and giving presentations at technology get-togethers. Their lectures and papers emphasize the extensive presence of geotagged photos and videos on websites like Twitter, YouTube, Flickr and Craigslist. They layout how easily these media can be used to identify someone’s home, friends, family and haunts.
The military has created presentations and printed materials for dissemination to service personnel in the field warning of the dangers of inadvertently supplying information to the enemy by posting uploaded photos.
Some sites like Facebook and Match.com, strip out geotag information from uploaded photos providing some protection. And other sites like Flickr have now taken steps to block access to geotag data on images taken with smartphones unless a user explicitly allows it. But even that can be dangerous if users manually post location and other information without realizing its implications.
HOW CAN I AVOID UPLOADING DANGEROUS INFORMATION?
A solution to the negative potential of online social networking starts by simply realizing the significance of the public information you make available. First, be sure that information you provide in online social settings would be okay if it were public. For instance, imagine how the information would affect your life if it appeared on the front page of your home town newspaper.
It is also an individual responsibility to be aware of an apps functionality when you consent to install it on your Smartphone. Most phones require the app to display which of the phone’s functions the app wants to access at installation. Know how to disable or enable problematic capabilities once installed. Unfortunately, not always an easy task.
“I’d say very few people know about geotag capabilities,” said Peter Eckersley, a staff technologist with the Electronic Frontier Foundation in San Francisco, “and consent is sort of a slippery slope when the only way you can turn off the function on your smartphone is through an invisible menu that no one really knows about.”
Disabling the geotag function in an app often involves drilling down through several layers of menus to find the settings that allow location information to be uploaded or to the GPS disabled. Since changing this functionality can turn off GPS capabilities for all applications, including mapping, it can get complicated. The ICanStalkU.com (a site showing current Twitter ‘tweets’ and the information displayed as a warning) is a resource for step-by-step instructions to disable the photo geotagging function on iPhone, BlackBerry, Android and Palm, and some other devices. If your model isn’t there, contact your wireless phone service company for help.
Digital Camera owners should make it a point to check their user manual for what information photos from the camera contain. If the camera is Internet enabled and GPS functionality built in refer to the manual for how to disable and enable that functionality.