There's a new threat to you, your kids and family, your property-- all thanks to an innocuous, ubiquitous, fun little device you probably already own...

Got that new iPhone yet? Or maybe the Verizon Android? Or some other phone that's similar. They're pretty nifty aren't they? A little device you can hold in your hand easily, take with you anywhere, gives great directions with its built-in GPS, and its always there whenever you need a quick snapshot while you're away, or maybe a picture of the kid's birthday party. And its super simple to upload the photos to Facebook, Photobucket, or a dozen other web sites for your family and friends to check out.

 

What could possibly be better?

Turns out that what you probably don't know is that along with that image is recorded information about your camera, the time and date, and the Geo-Spatial coordinates that pinpoint the exact location the picture was taken, and possibly other information that you're not even aware of, depending on your phone, camera and software. Whenever you take a picture, it records this type of information in a little block of data stored with the picture called the 'EXIF' header. (Here's a Wikipedia link with more information)

The EXIF information is there to help capture information about your photo for cataloging purposes, and to optionally allow you to add a caption, perhaps some keywords, and other useful information to assist in its storage and retrieval.

Pretty nifty, right?

Ah, but not so fast... turns out that Grandma and Uncle Eugene may not be the only ones interested in your Facebook photos. Using the EXIF data now recorded along with the image-- you could be giving a thief the precise, exact location of your house, along with a photo showing all of the great and wonderful things that he or she has to gain by going there and stealing them.

 

Or maybe he's not a thief, maybe he's a stalker.

 

Or a sex-offender.

See where I'm going with this?

So, as if we didn't have enough crap already to deal with, now we have EXIF data in our camera-phone pictures to worry about.

 

This is a new 21st century concern that really didn't exist for most people before Apple brought out their iPhone. (Gee thanks, Apple!) And now all of the other manufacturers who are jumping on the bandwagon with their GPS-enabled camera-phones and other GPS-enabled gadgetry. Increasingly people are using their camera-phones for routine picture-taking, and why not? It's there, its handy, it takes reasonable photos and they're easy to share-- so why not?

When these photos get uploaded to Facebook or wherever-- i.e. shared on the Internet-- the EXIF information goes right along with them. Giving anybody who's interested an extra little window on your comings and goings, including the Date, Time-of-Day, and the precise-exact GeoSpatial coordinates (called "GeoTags") of where the photo was taken.

So now, all the 21st century Thief / Stalker / Rapist has to do is browse Facebook, or wherever else pictures are uploaded and shared, and find the pictures that contain what he/she are looking for-- and then look to see if they contain any useful EXIF data that can be exploited. If the image contains GeoTags its a simple matter of entering them into Google Maps, Bing Maps, Yahoo Maps, or wherever to literally get exact directions to that location-- your house, for instance.

 

Very few sites that allow images to be uploaded even permit users to view their EXIF information, much less do anything intelligent with it. Not to mention that it actually does have a useful and legitimate purpose of helping you keep up with when and where you took a picture, and what it is, who its of, etc.

See the problem?

 

Additionally, it is not even necessary that every picture you take and share has EXIF information or GeoTags as long as at least one of them does and the rest can be connected to you somehow. A "dossier", of sorts, can be constructed about you, what you have (what you've seen), where you live, who you know, who your family and friends are, who your kids are, etc. Nor is it even strictly necessary that your camera be GPS-enabled to provide the link. Given the ubiquity of camera-phones these days, all that's required is for somebody to take a picture of you, where you live, your family, friends, kids-- whatever-- and their picture contain GeoTags, and identify elements in the picture. All entirely innocently.

 As I pointed out earlier, this is a new, modern problem whose solution is not immediately apparent at this time. In fact, most people are blissfully unaware that this could even be a problem-- fortunately that also includes the crooks-- for the moment. Its a little like the problem of "Identity Theft" when it first became really possible on a grand scale. So many people signed up for things online and gave out personal information that in many ways, the battle was lost before it even began. This issue promises to be much like that.

For people who have never uploaded pictures online-- especially pictures containing GeoTags, or for people who have never been photographed (a good time to feel lucky for being ugly :-) there is probably some hope. But for everyone else, the damage has already been done. Thanks to the indelible memory of the Internet, those images are probably "out there" forever inexoriably-linked along with their GeoTagged EXIF data.

What can you do about it?

Really the main thing you can do is be aware of the problem. Use software to scrub the EXIF data from photos you post-- particularly the GeoSpatial (GeoTag) information, and become aware when other people are photographing you and ask that they either scrub the EXIF data and/or not post the images online. Beyond that...

...Welcome to the future.

* This post was inspired by a story posted on Slashdot this morning titled: "The Hidden Security Risk of Geotags which points out the new type of risk to you, your family, and your property-- all thanks to your newly-enabled GPS camera.

* All photos belong to whomever they belong to.