Monthly Archives: August 2010

Enter Joon Maeng. I have no idea who he is, and I don’t follow him on Twitter. But despite that, I can tell you when he took this photo and posted it on TwitPic, he was near the I-105 in Hawthorne, California.

How do I know that?

His smartphone embedded metadata into the photo, and TwitPic uploaded it with the image online. Anyone with a specific kind of software can easily extract that same information – or worse.

I picked Maeng as my example, because his location at the time the photo was taken is relatively safe  to publish forever online – its the side of the highway, and the photo was clearly taken at some sort of event.

However, I could also tell you way more information about a few not-so-lucky folk. One girl that springs to mind is a Justin Bieber fan – she posted a picture of her with her phone, showing off a Bieber sticker on the back of it. She looks young, maybe 13. As soon as she posted that picture, anyone with the right software could tell you where she took the photo – and I don’t mean “in her bedroom”, as evident from the shot – I mean her address.

That’s a real screen shot of the personal information of a tweeter (with the important parts blacked out for privacy by me, of course) as it appeared a few minutes ago on www.icanstalku.com; a website trying to raise awareness about the dangers of posting your photos online without being cautious about the metadata and geo-tags your smartphone may be attaching to the photo.

Here’s how Maeng’s tweet looked on the site:

And here’s how he intended it to look (as it appears on his Twitter page):

The information you see in the screenshot from I Can Stalk U is the metadata that their program pulled out of the photo Maeng posted to Twitter. Not to worry that this personal information (such as Young Miss Bieber’s home address) is going to be available on the site forever – since it’s an  awareness site, the data is only briefly available on the site before the page refreshes and the tweets are replaced with new ones. The personal addresses of twitter users are not available online for longer than a few moments, making it impossible for someone malicious to track them down via I Can Stalk U.

But – anyone who downloads the correct software COULD extract the information from the picture as long as it’s available.

According to this article in The Toronto Star, some sites (such as Facebook) automatically strip the data from the photos when they’re uploaded. Flickr gives users the option to choose whether or not to enable geo-tagging. Some sites don’t offer users that privacy however  - such as Craigslist, and many social networking applications for smart phones. That means all those lonely individuals posting anonymous photos of their, um, privates on craigslist may not be so private if someone was so inclined to grab the metadata of their photos. We’re talking instant address of the girl that posted photos of her hoo-ha online.

Unwittingly leaving these options enabled on your phone (or in rare cases, your camera) can potentially create some very scary situations for social media users, whether you’re vagina-girl on Craigslist or Bieber-fan on Twitter.

So, how do you remain safe?

I Can Stalk U gives really great step-by-step instructions on how to make sure your smart phones aren’t attaching personal information to your picture uploads, depending on which kind of phone you have. The iPhone one is a little complicated, but I am going to be sure to be MUCH more careful before posting photos on Twitter directly from my iPhone.

If you upload from TwitPic.com, there’s a box you can uncheck to ensure the metadata is NOT sent with the photo when you upload it. That option unfortunately isn’t available (yet) when you directly upload from your phone.

There’s also many free applications for both PCs & Macs that can strip the metadata from your photos before you upload them online –  do a quick google search for “remove metadata from photos” and you’ll find tons of tutorials and software available.

I’m going to end with a note on the obvious – if you want to be protected, stop posting so much personal information online!

While I am registered for Foursquare, I haven’t really used it very much – it makes me nervous “checking in” in at venues around my city… helloooooo stalkers! Foursquare (and the matched public Twitter posts) are not only a goldmine for stalkers, but it’s also one for thieves – people literally announce when they are out of their homes. It’s a little too much for me. I might check into a festival or large-scale event here or there – but I would never check into my house (with an address! Come on, people!) or into a bar, grocery store, etc. I can see the social benefits of the application, but still… it gives me the heebiejeebies. I can tell you when half the people on my Twitter list arrive at work daily, when they leave for a vacation, what time they prefer to grocery shop… and so on and so forth.

And, if Foursquare and Facebook’s new “privacy” settings (read as: lack thereof) weren’t bad enough – now, metadata and geo-tags from smart phones are making it even harder to ensure our private information stays private.