One picture can tell more than you think

BoatOne of my big passions is photography. I’m quite old-school as I mostly use a big DSLR, post-process my shots on the PC and upload some keepers to Flickr. But I’m also using my mobile phone camera more and more. Nothing beats the convenience of snapping a shot and being able to upload in one sweep. Some people, like me, just have a mental barrier to overcome, the technical perfectionism. A shot can be fun and interesting even if you haven’t spent hours tweaking it. I’m working on that…

Sharing photos on the net is fun, but did you know how much a single picture can tell? I’m not talking about the traditional “more than 1000 words” here. I’m talking about metadata. This is invisible data that describes the content and is embedded in the picture file. This is some of the data that a photo can contain:

  • Date and time when the picture is taken
  • Photographic parameters like lens, aperture and exposure time
  • Geographical position from a GPS-device
  • Information about the device that took the picture, brand, model, serial number, etc.
  • Name and contact information of the device’s owner
  • Information about the photo’s copyright owner and rights to use the photo
  • A lot of other info that professionals and serious amateurs can use to manage large photo collections.

All this data does really provide a lot of added value. You can automatically have shots sorted by capture time, you can plot photo locations on maps, find all shots taken with a certain camera or lens, and so on. The possibilities are almost endless. But metadata is like all other great things, it can be used and misused. The downside is naturally privacy.

I did a quick test with my Nokia Lumia, which is a Windows Phone -device. It turned out that its camera embeds the date and time, photographic parameters and the GPS-location automatically. But data about the owner is not included. This data is also kept when using all share-options that I currently have available; mail, Flickr, Facebook, SkyDrive and DropBox. There’s no setting anywhere that would control this behavior. In theory, I could reveal my exact location every time I upload a photo.

But this is not the full story. The service that you upload to can also decide how to process metadata. Facebook strips it altogether. This design was probably implemented to save storage space, but has a positive side-effect on privacy. Photographers who are interested in the photo parameters are however not happy. Flickr uses a different strategy. Metadata is extracted and used in the interface. You can decide if you want it to be showed or not. Users can also download smaller picture files without metadata, or the original with all data intact, if you choose to allow it. It’s quite natural that Flickr is more advanced as it is a site focusing on photo sharing.

So what should I do about this?

  • What data you share depend on many factors, so you really have to find out yourself. Go to the site where your pictures are shared. Download a picture of yours and examine its metadata. This can be done by opening the file’s properties or with some special tool. Photo editing software usually let you examine and manipulate the metadata. Opanda IExif is a free tool for Windows. Think about what data you can see and if you think it is a privacy problem.
  • If you share photos from your mobile device, there may not be much you can do to manage metadata. Look for settings controlling metadata in the camera program and all apps used when sharing. You may also look for alternative apps with better controls. If nothing else helps, you may have to accept the situation, restrict your sharing or disable the GPS if position info is your concern.
  • Old-school folks who share through a computer have much more options. Most workflow programs have options that control what metadata you embed in the final files. There’s also many tools available that can strip metadata from files before you upload. I already mentioned one above.

To summarize. You do not necessary have a privacy problem with metadata in photos you share. It depends on many factors. The device you take photos with, the software you use to process and transmit the shots and finally the site where they are published. And naturally your own privacy expectation, what data are you ready to share? But the most important point is to be on top of this yourself. Don’t leave it to chance. Check what you share and make up your mind if it’s OK or not.

An exercise for you. Download the photo file in this post and check what kind of metadata you can find in it. It’s taken straight from my workflow program on the PC, no data removed.

Safe surfing,
Micke

PS. Also keep this in mind if you feel tempted to cheat about when and where a shot is taken. You are unlikely to get away with it if you have photo-savvy friends.

Photo by Micke-fi @ Flickr

More posts from this topic

Father lecturing son in bedroom

F2P can cost parents thousands of Euros – read this to avoid it

This is really an old problem, but it’s in the headlines again. Pokémon Go is yet another example of a “free” game with a business model based on in-app purchases. These games are also known as F2P, standing for free-to-play. You can start playing, and get hooked, for free. But soon you run into a situation where you can’t proceed without buying virtual stuff in the game. The stuff you buy is virtual but the payment is very real money. This is no doubt a profitable model. Pokémon Go went straight to the top and for example Finland-based Supercell, maker of Clash of Clans, has constantly reported nice profits. This can naturally cause trouble for addicted adults, but the real problems arise when kids get hooked. There are numerous public stories about kids making purchases for hundreds or even thousands of Euros, often without even understanding how much they have spent. And the sinister part is that this can go on for a while until you get the credit card bill, and it’s too late. Your chances to get a refund are somewhere between slim and none. But how can this happen? Let’s take a look at the most common scenarios. Your kid has set up the new device and created the needed account with Apple or Google. Everything is fine until he or she needs an app that isn’t free. You enter your credit card on the kid’s device and make the purchase, but you don’t pay any attention to the security settings. This may give your kid carte blanche to buy anything he or she likes, and you pay the bill. You have entered your credit card but set up the kid’s store account so that a password only you know is required for every purchase. But there are some convenient settings that allow purchases without a password within a limited time window after the password has been entered. Kids learn very quickly to utilize this opportunity. Let’s assume the same setup as in the previous point, but with the correct security settings. Now the password is needed for every purchase. But the store account is still owned by the kid and the password can be reset. The password reset link will be sent to the kid’s mail or phone number. It’s carte blanche again with the new password. Ok, you create an account you own for the kids phone. It’s tied to your mail and phone number, so the password reset trick shouldn’t work anymore. You put down your phone and head for the toilet. Your kid has been waiting for the opportunity and initiates the password reset request. Your phone is there on the table wide open, with the reset link in the mail. You can figure out the rest yourself. And of course the simple alternative. You think the store password on your kid’s device is secret. But in reality it is either too easy to guess or someone has been looking over your shoulder. So there’s many things that can go wrong, but what can we do to avoid it? There are many ways to fight this problem, but this is in my opinion the best approach: Let the kid set up the store account on the device and set own passwords. Just like an adult would use a phone, except that there’s no payment method registered. Never enter your credit card number on the kid’s device. On Android, get familiar with Google Play Family. This feature enables you to purchase stuff for your kid on your own device. On iPhone, send apps or money as gifts. There may be applications that bypass the store and handle credit card transactions directly. This can typically be handled with vouchers or other prepaid payment methods instead. The application usually guides the users and list all supported methods. Let’s also take a look at the hard way. Follow these instructions if you for some reasons must have your credit card registered as a payment method on the kid’s device. Make sure the store is protected with a good password that only you know. Make sure the kid isn’t watching too closely when you enter it. Make sure the store is set up to require the password every time a purchase is made. Make sure the store account is attached to an e-mail only you have access to. Make sure the e-mail password is decent and not known to your kid. Make sure your phone’s security settings are decent. Use a PIN or password your kid doesn’t know and make sure it locks automatically quickly enough. Even better, do not have the e-mail of your kids store account on your phone. Access it through web mail when needed. So this is after all a quite complex issue. There are many variations and other ways to deal with the problem. Did I miss some simple and clever way? Write a comment if you think I did. And finally. Yes, there’s also many ways to lock the kids out of the store completely. This does no doubt solve some problems, but I don’t think it’s a good idea. They will after all live their lives in a world where digital devices and services are as natural as breathing. They deserve the opportunity to start practicing for that right now. Let them browse the store and discover all the fun stuff. And be part of the group and use all the same apps as their friends. Let them have fun with the phone and learn, even if they will learn some things the hard way. Don’t ruin it for them.     Safe surfing, Micke  

August 16, 2016
BY 
groupmeeting

Why You May Want to Disable Location Services for Facebook

When news broke that Facebook was at least temporarily using users physical location to suggest real world connections, a strategy that has been employed by the NSA, the backlash was sharp.  It wasn't difficult to imagine scenarios when identities could be inadvertently and uncomfortably revealed through group therapy, 12-step meetings or secretive political movements. The world's most popular social network quickly said it would not continue what it called a small-scale test nor roll the feature on a wider scale in the future. But Facebook is still using your location data for other purposes, Fusion's Kashmir Hill reports: We do know that Facebook is using smartphone location for other things, such as tracking which stores you go to and geotargeting you with ads, but the social network now says it’s not using smartphone location to identify people you’ve been physically proximate to. Hill notes that using location to match users up, thus acting as a tool to reveal the identity of nearby strangers, might violate Facebook's agreement with the Federal Trade Commission . So you should expect that your location -- like everything you do on Facebook -- is being used to turn you into a better product for its advertisers. That's the cost of using a "free" site but you can limit your exposure a bit by turning off location services for Facebook on your phone. Here's very simple instructions for turning off location services on your Facebook and Facebook Messenger apps on your Android of iOS device. Do you mind if Facebook uses your location to suggest new friends? Let us know in the comments. [Image by Lwp Kommunikáció | Flickr]

June 30, 2016
Juhannus

How To Prepare Yourself and Your Phone For Juhannus

In Finland, there is this thing called juhannus. A few years ago, our former colleague Hetta described it like this: Well, Midsummer – or juhannus – as it is called in Finnish, is one of the most important public holidays in our calendar. It is celebrated, as you probably guessed, close to the dates of the Summer Solstice, when day is at its longest in the northern hemisphere. Finland being so far up north, the sun doesn’t set on juhannus at all. Considering that in the winter we get the never ending night, it’s no surprise we celebrate the sun not setting. So what do Finns do to celebrate juhannus? I already told you we flock to our summer cottages, but what then? We decorate the cottage with birch branches to celebrate the summer, we stock up on new potatoes which are just now in season and strawberries as well. We fire up the barbecue and eat grilled sausages to our hearts content. We burn bonfires that rival with the unsetting sun. And we get drunk. If that isn't vivid enough, this video may help: [protected-iframe id="f18649f0b62adf8eb1ec638fa5066050-10874323-9129869" info="https://www.facebook.com/plugins/video.php?href=https%3A%2F%2Fwww.facebook.com%2Fsuomifinland100%2Fvideos%2F1278272918868972%2F&show_text=0&width=560" width="560" height="315" frameborder="0" style="border: none; overflow: hidden;" scrolling="no"] And because the celebration is just so... celebratory, it's easy to lose your phone. So here are a few ways to prepare yourself for a party that lasts all night. 1. Don't use 5683 as your passcode. That spells love and it's also one of the first passcodes anyone trying to crack into your phone will try. So use something much more creative -- and use a 6-digit code if you can on your iPhone. You can also encrypt your Android. 2. Write down your IMEI number. If you lose your phone, you're going to need this so make sure you have it written down somewhere safe. 3. Back your content up. This makes your life a lot easier if your party goes too well and it's pretty simple on any iOS device. Just make sure you're using a strong, unique password for your iCloud account. Unfortunately on an Android phone, you'll have to use a third-party app. 4. Maybe just leave it home. Enjoy being with your friends and assume that they'll get the pictures you need to refresh your memory. And while you're out you can give your phone a quick internal "clean" with our free Boost app. [Image by Janne Hellsten | Flickr]

June 22, 2016