Steve Smith talks about the implications of posting pictures with unsanitized EXIF meta data.
Released: June 29, 2013
Do you have a smart phone, and take pictures with it, and post them online? Do you have a new camera with GPS integrated? Isn't it great knowing exactly where you took those awesome pictures? Did you know anyone who has access to that picture, can, also, potentially figure out where these pictures were taken, when they were, and how?
Today's episode of TQA Weekly is going to bring to light a very important privacy issue that is escaping the conscience arena of our lives. We can identify the location you took the picture by spotting unique features in your pictures, but that requires an intimate knowledge of the location, the EXIF data of a JPEG picture contains all the GPS meta data, time, date, etc... we need to figure out who you are just by reading this data online. If you post a picture online, and the service doesn't remove this meta data from the picture, anyone could save the photo to their hard drive, and view the contained information.
What can be done with this information? Plenty.
Let's start off with employers. If you are claiming to be sick one day, and you post a picture of you at a concert or party that happened that very day, without stripping the EXIF information, you are setting up yourself to be caught.
If you are a suspected of a crime and you take a lot of pictures, these photos could be used to accurately determine what was your position on earth when you took the pictures. And, because these photos usually contain time and date information, you can't claim it came from a different time and date. Furthermore, given enough photos, the government, police, etc... can even start figuring out your routines, habits, friend's places, home, etc... That is not even including the fact that if your camera is, also, your cellphone, it pings the network tower with a keep alive signal that tells the closest towers it is available to receive data or calls.
If you have fans, this information is, also, useful to them because those fans can figure out where to find you, and when. Most fans won't have access to cell network information, but the EXIF contains GPS locations, time and dates, so habits can still be derived from the remaining information.
What can you do to avoid all this? Sanitize the EXIF information from your picture. How do I sanitize the EXIF data you may ask?
There are software solutions that can help you view and edit the EXIF meta data of your pictures. Software solutions such as EXIF Data Viewer available at www.exifdataviewer.com, and its free. Some photo editors like Adobe's Photoshop are, also, able to view EXIF data, and change it. To make sure people can't use your photo's EXIF data against you or for illicit purposes, you should remove any indicators like date, time, and location from your pictures before uploading them to the internet.
I was, also, asked by a David Browne, how do we fix a failing hard drive? The issue with hard drives isn't so much that it is impossible to fix a hard drive, but it is ridiculously expensive, and should be only considered when data of extremely high value is located on the drive. It will cost less just to replace the drive entirely, and as always, make sure to keep current backups of everything important to you. If you have a drive that has failed, you may want to try Spinrite, from the GRC.com.
Next Week, I will be talking about auto uploading photos you take. I will be focusing on social media and cloud drives, and how to minimize the risk of accidental exposure.
Remember to like this episode if you were interested in today's topic, share if you think someone else could benefit from the topic, and subscribe if you want to learn more. For the show notes of this episode and others, for more information on other ways to subscribe to our show, to subscribe to our weekly newsletter, and how to participate by submitting your questions, comments, suggestions, and stories, head over to TQAWeekly.com.
Host : Steve Smith | Music : Jonny Lee Hart | Editor : Steve Smith | Producer : Zed Axis Productions
You may have noticed in the recent days that a vulnerability called Heartbleed has hit the internet and has affected a large number of web-sites.
It should remove all traces of the virus, provided the hard drive has no bad sectors on it. It it does, you the mentioned Spinrite to try to fix the hard drive then run DBAN after, but usually, DBAN can erase the entire drive without issue. I've used it on maximum and let it run almost 16 hours on my friends computer, that is why this episode exists.
Great! I am going to run 'autonuke' on a machine that has polymorphic malware, not sure if it is in the MBR or somewhere else on the machine. Assuming autonuke runs fully without any error, will it remove the malware from the computer with certainty?
Yes, it will wipe all data, including the master boot record on your hard drive. If you are unable to get DBAN to work correctly, consider using Spinrite to fix the drive so DBAN can work, rarely needed, good to have.
Running DBAN and using 'autonuke', will that also completely wipe the Master Boot Record (MBR)?