One of my big passions is photography. I’m quite old-school as I mostly use a big DSLR, post-process my shots on the PC and upload some keepers to Flickr. But I’m also using my mobile phone camera more and more. Nothing beats the convenience of snapping a shot and being able to upload in one sweep. Some people, like me, just have a mental barrier to overcome, the technical perfectionism. A shot can be fun and interesting even if you haven’t spent hours tweaking it. I’m working on that…
Sharing photos on the net is fun, but did you know how much a single picture can tell? I’m not talking about the traditional “more than 1000 words” here. I’m talking about metadata. This is invisible data that describes the content and is embedded in the picture file. This is some of the data that a photo can contain:
All this data does really provide a lot of added value. You can automatically have shots sorted by capture time, you can plot photo locations on maps, find all shots taken with a certain camera or lens, and so on. The possibilities are almost endless. But metadata is like all other great things, it can be used and misused. The downside is naturally privacy.
I did a quick test with my Nokia Lumia, which is a Windows Phone -device. It turned out that its camera embeds the date and time, photographic parameters and the GPS-location automatically. But data about the owner is not included. This data is also kept when using all share-options that I currently have available; mail, Flickr, Facebook, SkyDrive and DropBox. There’s no setting anywhere that would control this behavior. In theory, I could reveal my exact location every time I upload a photo.
But this is not the full story. The service that you upload to can also decide how to process metadata. Facebook strips it altogether. This design was probably implemented to save storage space, but has a positive side-effect on privacy. Photographers who are interested in the photo parameters are however not happy. Flickr uses a different strategy. Metadata is extracted and used in the interface. You can decide if you want it to be showed or not. Users can also download smaller picture files without metadata, or the original with all data intact, if you choose to allow it. It’s quite natural that Flickr is more advanced as it is a site focusing on photo sharing.
So what should I do about this?
To summarize. You do not necessary have a privacy problem with metadata in photos you share. It depends on many factors. The device you take photos with, the software you use to process and transmit the shots and finally the site where they are published. And naturally your own privacy expectation, what data are you ready to share? But the most important point is to be on top of this yourself. Don’t leave it to chance. Check what you share and make up your mind if it’s OK or not.
An exercise for you. Download the photo file in this post and check what kind of metadata you can find in it. It’s taken straight from my workflow program on the PC, no data removed.
PS. Also keep this in mind if you feel tempted to cheat about when and where a shot is taken. You are unlikely to get away with it if you have photo-savvy friends.
Photo by Micke-fi @ Flickr
On Tuesday Apple announced its latest iPhone models and a new piece of wearable technology some have been anxiously waiting for -- Apple Watch. TechRadar describes the latest innovation from Cupertino as "An iOS 8-friendly watch that plays nice with your iPhone." And if it works like your iPhone, you can expect that it will free of all mobile malware threats, unless you decide to "jailbreak" it. The latest F-Secure Labs Threat Report clears up one big misconception about iOS malware: It does exist, barely. In the first half of 2014, 295 new families and variants or mobile malware were discovered – 294 on Android and one on iOS. iPhone users can face phishing scams and Wi-Fi hijacking, which is why we created our Freedome VPN, but the threat of getting a bad app on your iOS device is almost non-existent. "Unlike Android, malware on iOS have so far only been effective against jailbroken devices, making the jailbreak tools created by various hacker outfits (and which usually work by exploiting undocumented bugs in the platform) of interest to security researchers," the report explains. The iOS threat that was found earlier this year, Unflod Baby Panda, was designed to listen to outgoing SSL connections in order to steal the device’s Apple ID and password details. Apple ID and passwords have been in the news recently as they may have played a role in a series of hacks of celebrity iCloud accounts that led to the posting of dozens of private photos. Our Mikko Hypponen explained in our latest Threat Report Webinar that many users have been using these accounts for years, mostly to purchase items in the iTunes store, without realizing how much data they were actually protecting. But Unflod Baby Panda is very unlikely to have played any role in the celebrity hacks, as "jailbreaking" a device is still very rare. Few users know about the hack that gives up the protection of the "closed garden" approach of the iOS app store, which has been incredibly successful in keeping malware off the platform, especially compared to the more open Android landscape. The official Play store has seen some infiltration by bad apps, adware and spamware -- as has the iOS app store to a far lesser degree -- but the majority of Android threats come from third-party marketplaces, which is why F-Secure Labs recommends you avoid them. The vast majority of iPhone owners have never had to worry about malware -- and if the Apple Watch employs the some tight restrictions on apps, the device will likely be free of security concerns. However, having a watch with the power of a smartphone attached to your body nearly twenty-four hours a day promises to introduce privacy questions few have ever considered.
Everybody probably agree that the net has developed a discussion culture very different from what we are used to in real life. The used adjectives vary form inspiring, free and unrestricted to crazy, sick and shocking. The (apparent) anonymity when discussing on-line leads to more open and frank opinions, which is both good and bad. It becomes especially bad when it turns into libel and hate speech. What do you think about this? Read on and let us know in the poll below. We do have laws to protect us against defamation. But the police still has a very varying ability to deal with crimes on the net. And the global nature of Internet makes investigations harder. Most cases are international, at least here in Europe where we to a large extent rely on US-based services. This is in the headlines right now here in Finland because of a recent case. The original coverage is in Finnish so I will give you a short summary in English. A journalist named Sari Helin blogged about equal rights for sexual minorities, and how children are very natural and doesn’t react anyway if a friend has two mothers, for example. This is a sensitive topic and, hardly surprising, she got a lot of negative feedback. Part of the feedback was clear defamation. Calling her a whore, among other nasty things. She considered it for a while and finally decided to report the case to the police, mainly because of Facebook comments. This is where the really interesting part begins. Recently the prosecutor released the decision about the case. They simply decided to drop it and not even try to investigate. The reason? Facebook is in US and it would be too much work contacting the authorities over there for this rather small crime. A separately interviewed police officer also stated that many of the requests that are sent abroad remain unanswered, probably for the same reason. This reflects the situation in Finland, but I guess there are a lot of other countries where the same could have happened. Is this OK? The resourcing argument is understandable. The authorities have plenty of more severe crimes to deal with. But accepting this means that law and reality drift even further apart. Something is illegal but everybody knows you will get away with the crime. That’s not good. Should we increase resourcing and work hard to make international investigations smoother? That’s really the only way to make the current laws enforceable. The other possible path is to alter our mindset about Internet discussions. If I write something pro-gay on the net, I know there’s a lot of people who dislike it and think bad things about me. Does it really change anything if some of these people write down their thoughts and comment on my writings? No, not really. But most people still feel insulted in cases like this. I think we slowly are getting used to the different discussion climate on the net. We realize that some kinds of writing will get negative feedback. We are prepared for that and can ignore libel without factual content. We value feedback from reputable persons, and anonymous submissions naturally have less significance. Pure emotional venting without factual content can just be ignored and is more shameful for the writer than for the object. Well, we are still far from that mindset, even if we are moving towards it. But which way should we go? Should we work hard to enforce the current law and prosecute anonymous defamers? Or should we adopt our mindset to the new discussion culture? The world is never black & white and there will naturally be development on both these fronts. But in which direction would you steer the development if you could decide? Now you have to pick the one you think is more important. [polldaddy poll=8293148] Looking forward to see what you think. The poll will be open for a while and is closed when we have enough data. Safe surfing, Micke
We all know that there are scammers on the net, actually a lot of them. The common forms of scams are already well known, Nigerian letters and advance payment scams for example. But scammers do develop their methods to fool more people. I recently saw a warning about an interesting variant where the scammers ask for advance payments for travel services. This warning involved booking.com so you should be extra careful if you have used them recently. But the advices I share here are generic and not specific to booking.com anyway. The warning I refer to is in Swedish but I’ll provide the main points here in English. Here’s what happened according to the story. Someone books a trip on-line. Booking information leaks out to scammers somehow. This could be because of a hacking incident at booking.com, a crooked employee or maybe also through a hacked customer mail account. Now the scammers contact the customer. They claim to be the hotel and require advance payment for the stay. This can be quite convincing as they know what hotel has been booked and at what dates. The payment must be a wire transfer, credit cards are not accepted. Sadly, some customers fall for this and do the payment. They never see the money again and still have to pay the full price for the hotel. Here the key differentiator from ordinary scams is that the scammers have info about a valid purchase done by the customer. This enables them to be very convincing and impersonate the hotel (or some other provider of services) in a believable way. Fortunately it is quite easy to defeat this, and many other scam attempts, with some simple rules. Always pay your on-line purchases with a credit card. Period. If this isn’t possible, shop somewhere else instead. The credit card company acts as a buffer between you and the recipient of the payment, and adds a significant amount of security. Never use wire transfers of money. Period. This is the standard method for scammers as it is next to impossible to get transactions reversed. If someone claims that no other method is available, it is a very strong signal that something is wrong. If you have selected to pay by credit card, as you always should do, then it is a strong warning signal if someone tries to deviate from that and ask for money using some other payment method. Remember that it is next to impossible to verify the identity of the other part if someone contacts you. If you get contacted like this and have any kind of doubts, you can always contact the company you bought from to verify if they really have contacted you. The risk with credit cards is that your card number may be shared with several companies, like airline, car rental and the hotel, in the case of travel booking. Each of these may charge your card. Incorrect charges may occur either by mistake or deliberately. Always check your credit card bill carefully and complain about unauthorized charges. This is some extra work, but the customer will usually get unauthorized charges corrected. And a last hint not really related to scammers. Be careful with the grand total of your on-line purchase. Travel bookers are notorious for not showing the real grand total until at a very late stage in the purchase process. It is very easy to make price comparisons on figures that aren’t comparable. If possible, prefer honest sites that show you the real price upfront. Memorize these rules and the likelihood that you will be scammed is very small. The best way to fight scam is to not take the bait. So by being careful you not only save your own money, you also participate in fighting this form of crime as you make it less profitable. If you want to do even more, share the info and help others become aware. If you liked this post, you may also like the story about when I sold my boat. Safe surfing, Micke PS. The story I base this on was seen on Facebook. It is not verified, but I find it to be believable. It doesn’t really matter anyway if the story is true or not. The story is plausible and forms an excellent warning about Internet scams, which unfortunately is a widespread and very real form of crime. Image by Ho John Lee