One of the major perks of modern smartphones is the built-in camera. When was the last time you actually carried (or bought) a separate camera? I used to love the little Canon Elph cameras because they were small enough to carry around on a belt holster. But it’s gathering dust now because my iPhone arguably takes much better pics and it’s always with me. Like always. It’s really kinda disturbing how attached I am to my iPhone. Anyway, with smartphones and social media apps, we are constantly sharing and posting pictures of … well, everything.
What a lot of people don’t realize, however, is that there’s a lot more information in pictures you send than just what you can see in the image. Digital photos (JPEG, PNG, etc) embed a ton of metadata in each file. Some of this EXIF data is fairly harmless: camera settings, camera make and model, and whether a flash was used. But unless you take steps to prevent it, EXIF data can also specify exactly when and where that picture was taken. Don’t believe me? Try uploading one of your smartphone pics (or a photo someone texted you) to this metadata reader.
Even Pros Make Mistakes
When talking about metadata, my favorite person to pick on is John Mcafee. In case you’re wondering, yes, this is the mastermind behind Mcafee Antivirus. Back in 2012, while living in Belize, Mcafee’s neighbor was shot dead and Mcafee became a “person of interest”. Mcafee was rather paranoid and feared the local police would “kill” him – so he fled and went into hiding.
But being a rather eccentric and egotistical man, he didn’t stay quiet. He blogged about his exploits, thumbing his nose at the authorities. He bragged about wearing disguises to avoid capture. But he also granted some interviews. Vice magazine published a picture of Mcafee on Twitter from their in-person interview… without removing the metadata. The image metadata put him in Guatemala, right over the Belize border. Oops.
Okay, so I will assume and even assert that you are not a criminal on the lam. But that doesn’t mean you shouldn’t care about photo metadata. Photos can reveal where you live, where you vacation, and where your kids play at the park. If you follow that line of thinking a little further, you should start getting the creeps. About creeps.
Now, from what I’ve been able to read, most social media sites like Facebook, Craigslist, Imgur, Instagram, Twitter, or WhatsApp (owned by Facebook) remove metadata from your photos. But, of course, they still have that info. While some claim not to use that data for advertising or sell it to others, I wouldn’t count on that. Policies have loopholes and they can change at any time. And neither snooping employees nor intelligence agencies care about privacy policies.
Scrubbing Your Metadata
Okay, so what do you do? Thankfully, you have several options to avoid geotagging. The simplest and best method is to just not embed the location information in the first place. On your smartphone, find the privacy settings and disable location use by the camera app (and any other app that can use the camera). Look here for Android phones, here for iPhones and iPads.
But you might actually want that metadata for yourself. It can be really cool to have your photo organizer app show you exactly when and where you were when you took that cool vacation photo. Some can show you all the pics you’ve taken at a given location. So if you want to do that, then you’ll need to remove the location info before you share the image. This article will give you several resources for Mac, Windows, Android and iOS.
One more thing… Other files can contain metadata, too. Two common ones are Word files and PDF docs. While they don’t usually contain location, they can contain information about you and your computer. To remove metadata from Microsoft Office files, check here. Removing metadata from PDF files is trickier and will depend on what app you use to view PDF files. This article gives you a handful of options, including a free online tool.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!