Mining EXIF Data From Camera Phones 175
emeitner notes that folks at the Internet Storm Center wrote scripts that harvested 15,291 images from Twitpic and analyzed the EXIF information. This reader adds, "While mining EXIF data from images is nothing new, how many people would allow this data to leave their cell phone if they knew what it contained? The source code for the scripts is also available from the article." "399 images included the location of the camera at the time the image was taken, and 102 images included the name of the photographer. ... The iPhone is including the most EXIF information among the images we found. ... It not only includes the phone's location, but also accelerometer data showing if the phone was moved at the time the picture was taken and the readout from the [built-]in compass showing in which direction the phone was pointed at the time."
The metadata (Score:4, Insightful)
Re:The metadata (Score:5, Funny)
http://xkcd.com/596/ [xkcd.com]
Re:The metadata (Score:4, Funny)
They give sites way too much latitude. Even if it may reveal their turpitude.
Not enough aptitude and too much ineptitude.
Re: (Score:2)
"Even if it may reveal their turpitude."
This thread is worthless without pics of the pulchritude!
Re: (Score:2)
Someday soon a politician will post what appears to be a benign photo with an embarrassing long/lat location.
Ah... but perhaps they already have, and it's already out there- it's just that no-one has realised it yet.
:-/
In which case, there's nothing they can do about it now.
This is why you should be cautious about what information you release. Even if there's no known exploit for information at the time you give it out; even if you tighten things up once a given danger becomes known... your old information is still out there, and now subject to *newer* information-retrieval techniques.
If it's time-sensitive
Re: (Score:2)
Ah... but perhaps they already have, and it's already out there- it's just that no-one has realised it yet.
400 images have "location of the camera at the time the image was taken" out of 15300. 100 of 15300 have the photographer's name.
You're all getting lathered up over 2.6% and 0.65%????? That's serious overreaction!
Re: (Score:2)
A more important fact in those statistics is:
If your camera releases that data at all, it does so with every picture you take.
It's not "only 2% of my pictures include the photographer's name" (the fallacy of assuming an entered name to be identical to the current holder of the device is a different discussion). It's 2% of the pictures taken were done by such cameras. ... which could be only one prolific photographer, or could be (for that sample) 400 separate cameras.
If you're going to get lathered up (or
Re: (Score:2)
You're all getting lathered up over 2.6% and 0.65%????? That's serious overreaction!
Who was getting lathered up and overreacting? I pointed it out as an interesting possibility, using it as a starting point to discuss a more general (and serious) issue about privacy.
Though as the other reply to your post points out, if *your* camera is doing it to some of your photos, it's likely doing it to *all* of them!
Re: (Score:2)
Re: (Score:2)
The left-rear quarter of a medium-height salt-and-pepper hair white guy who, for all we know,
Photosynth Would Like This (Score:4, Interesting)
Re: (Score:3, Interesting)
Re:Photosynth Would Like This (Score:4, Informative)
Individual apps require you to give them the OK to get location data, but that only applies to shots taken from the app itself and not those that pull from the existing photo library. You can turn location services off entirely, but I can't find an immediately obvious way to revoke privileges from individual apps.
Re: (Score:2)
I can't find a way to do this on an iPhone...do you know how to do this?
Re:Photosynth Would Like This (Score:5, Interesting)
Now you mention it, the information from the iPhone could be useful for correctly placing a photo in an application such as Google Earth. You would know what angle the camera was in, what direction it was pointing and given the fact its a fixed zoom how line everything up. You could then even use a temporal guide to view evolution of the location over time, given multiple photos.
Re:Photosynth Would Like This (Score:4, Interesting)
the information from the iPhone could be useful for correctly placing a photo in an application such as Google Earth.
iPhoto and Aperture are already taking advantage of this enhanced metadata.
Digital cameras can really stuff the metadata in. Exposure etc are all in there usually. Sometimes other things like camera model and firmware rev.
I wonder if any of them are putting in too much information though? As in phone number, phone ESN, email address, etc, things most would not want in their pictures without notice...
Re:too much information (Score:2)
Just noticed that my new point and shoot includes its own serial number in there, which I kinda liked at first, since it might help me locate it should it end up in someone else's hands without my consent!
Though it does make all my snapshots totally traceable.
Re: (Score:2)
Nokia is already working on that [nokia.com], albeit opt-in.
Re: (Score:2)
The iPhone metadata was already known I thought? (Score:2)
Wasn't there a demo during the release of the iPhone 3GS keynote that showed the use of this metadata with a bunch of GPS-aware cameras, including the iPhone and the new version of iPhoto that uses this data to create clickable maps with pushpins for each photo you have taken?
I suppose some people could think it was "magic", since embedded data in an image isn't something that is immediately obvious to a normal user. Perhaps if it was called "Virtual Writing on the back of your Photos".
Re:The iPhone metadata was already known I thought (Score:2)
Re:The iPhone metadata was already known I thought (Score:4, Insightful)
That's a time thing I think - when I fire up the map app on the phone it often takes a little while to update and settle on a GPS fix, probably because the GPS isn't powered on all the time for battery life, and it can take upto 30 seconds to register a satellite (due to the nature of the GPS signal itself), so if you just pop open the photo app and take a shot quickly you might get wildly inaccurate data.
Re: (Score:2)
The GPS is constant, my phone is always 2+ blocks off
Re:The iPhone metadata was already known I thought (Score:4, Informative)
The location data can be very wrong. If you don't have an adequate line of sight to the sky the phone will use cell towers to triangulate. If you can't see enough of them, it will use a wifi database to guess. If you've got a crappy (or no) cell connection but a clear view of the sky it might take a considerable amount of time for the GPS to lock on.
Re: (Score:2)
If you want your iPhone location metadata to be correct, use the Map application to get a precise GPS lock. The location manager will cache that information and provide it any other application that is looking for location information. There is a caveat that you need to use other applications (such as the camera) within a certain time frame and distance moved.
Re: (Score:2)
When I upload to the service, it has an option to include any media which well then include any
Re:The iPhone metadata was already known I thought (Score:4, Insightful)
I suppose some people could think it was "magic", since embedded data in an image isn't something that is immediately obvious to a normal user.
Try saying "metadata" to the average computer user. It's like watching a BSOD on someone's face; And that's exactly the problem here -- devices shipping with privacy-compromising features enabled by default. Joe Average doesn't even know it's possible, let alone that his iPhone is serrepticiously leaking a bunch of personal information everytime he posts a photo he snapped with it to some internet site. I can see it now -- "Hey, check out this cute girl's panties I snapped in class..." Oops. Oh, the bitter irony to be had there -- you're busted violating someone else's privacy because you didn't know your own was being violated by your cell phone. Brilliant.
Re:The iPhone metadata was already known I thought (Score:5, Insightful)
Know your tech. Remember - stupid criminals get caught.
Re: (Score:2)
However I think websites should strip this content when uploaded, or at least offer some kind of warning to users that the content exists (reading exif data is simple, it could easily show them what is in the photo and ask them what they'd like to do..)
Re:The iPhone metadata was already known I thought (Score:4, Informative)
Facebook strips the EXIF data...
and then saves the photo with a filename that includes the Facebook user ID of the person who uploaded it.
Re:The iPhone metadata was already known I thought (Score:5, Insightful)
Given the choice of convenience/cool features or privacy/security, users* will ALWAYS pick convenience/features. 100% of the time. To them, it's not "leaking a bunch of personal information", but enabling that "oh cool, it knows I took these pictures down by the waterfront and stuck them on the map for me" stuff.
* Normal users. Us paranoid slashdotters (and, in general, people that actually understand the necessity and implications of privacy and security) need not apply to that stat.
Re: (Score:2)
One of my uncles used to work in IT in the 80's. He actually disabled Autorun on his first Windows PC.
I agree that privacy/security concerned users are few and far between.
Warrent (Score:4, Funny)
I wonder how many grow ops have been busted by the cops looking through twitpics/myspace photos metadata.
Re: (Score:3, Interesting)
I just checked my most recent Yfrog upload (of something completely innocuous) which I shot and tweeted directly from my iPhone and it looks like every last bit of metadata has been stripped. It doesn't even say what it was shot with.
Don't know how Twitpic and others work, but so far so good.
Scrubbing (Score:5, Informative)
No picture leaves this computer before it has been subjected to "jhead -purejpg". Something else to look out for: Image data beyond the edge of the image after lossless resizing and orphaned preview images embedded in the JPG, showing the full uncropped picture. The latter is dealt with by the "jhead -purejpg" command, the former isn't.
Re: (Score:2)
Image data beyond the edge of the image after lossless resizing
I never heard of that. Could you elaborate or provide a link for further reference?
So? (Score:4, Insightful)
Maybe I need another layer on my tinfoil hat, but after reading the summary (and only the summary, obviously) all I can say is, "So what?"
After all, it's not like the pictures somehow snuck onto the interwebs without the users knowledge, the photographs actively put them there. Beyond that, I really don't care if someone knows my name, and where I was standing when I took a picture. In fact knowing where pictures were taken can lead to some really cool mashups of tourist photos and such.
Wake me when exif data routinely contains my passwords, social security number, and credit card number.
Sheldon
Re: (Score:2)
Yeah, I'd be pretty concerned if I put up a gallery titled "Niagara Falls - January, 2010" and someone checked the EXIF tags to discover that I was in Niagara Falls in January, 2010...
Re: (Score:2)
What if you're entertaining guests at your house and take a picture. In the background someone sees that you have a nice plasma TV, PS3, xbox 360, etc.... they have the lat / lon of where those goods are.
Re: (Score:2)
Why did I put this picture online?
Re: (Score:2)
In fact knowing where pictures were taken can lead to some really cool mashups of tourist photos and such.
Yes, eventually Street Maps will just be a projection of user-published pictures.
In the meantime, a good picture uploader will include a [x] Strip Identifying Information UI widget next to the 'upload' button, so it's all informed consent.
Re: (Score:2)
Say I was taking pictures of last summer's police beating of a protester. I'd want to post the pictures immediately, not waiting until I get home and have a chance to remove the metadata, but at the same time, I'd want to post them anonymously until I'm sure I won
Re: (Score:2)
After all, it's not like the pictures somehow snuck onto the interwebs without the users knowledge,
The photo didn't, but the info did. Normally your name or at least your address is something you keep away from random strangers on the Internet, but if you post a photo with EXIF data you open that up to everybody. You also link your real name to your pseudonym or in turn allow others to connect different pseudonyms that you might have wanted to keep seperate. If you post photos regularly they can also reconstruct what you are doing all day and especially when. And of course cropping the picture might not
Re: (Score:2)
Normally your name or at least your address is something you keep away from random strangers on the Internet,...
Why? Seriously. When I was a child, and still to this day, anyone who has a phone can be looked up in the phone book. What is the danger of random strangers on the internet knowing your name and address? Most violent crimes (something like 99%) are committed by "friends" or family. Why is everyone so damned paranoid?
By the way, my name is: Gerald E. Butler, I live at 2807 Summit Road, Copley, Ohio 44321.
Re: (Score:2)
I have no mod points, so I must say: Well done, sir.
Re: (Score:2)
Or you could just trip them, and walk away.
I'm all for EXIF (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
I just hope when Morgan Webb takes her top off she doesn't have a bunch of nasty warts.
Yeah, warts is ok by me, it's just those nasty warts that are ... well, nasty.
Re: (Score:2)
BOOBIS?
no problem... (Score:2)
This is why I shoot film on an old manual camera.
Re:no problem... (Score:5, Funny)
This is why I shoot film on an old manual camera.
And then drop off my film to get it processed.
And then wait for it to get processed.
And then scan it with my film scanner.
And then correct it in Photoshop.
And then go to Google Maps and try and remember just where I was when I took the shot.
And then extract the longitude & latitude from the Google Maps URL.
And then convert the longitude & latitude from decimal to radians.
And then tag my photo with appropriate tags.
Privacy for the fail.
Re:no problem... (Score:5, Insightful)
Re: (Score:2)
But ignoring that elephant in the room
(1) If you're not obsessed with the quality, you can have your photos scanned when they're processed, and returned to you on a CD.
(2) The "correct it in Photoshop" forgets that digital photos could often do with a bit of work in Photoshop as well.
(3) I'd be surprised if someone hadn't already invented a tool that used Google maps someh
Re: (Score:2)
Well if you're taking photos with a digital SLR you're probably saving to RAW, and then resaving a post-processed version in another format, so this wouldn't be an issue.
Re:no problem... (Score:5, Insightful)
Most RAW processing software preserves the tags embedded in the RAW file.
Presumably if you're doing RAW processing you're smart enough to know what EXIF is and make a conscious decision about which tags you want in your web-posted JPEG, but you never know.
EXIF and hidden thumbnails (Score:4, Interesting)
EXIFs can also contain thumbnails that can sometimes reveal more than needed after for example cropping the original.
http://no.spam.ee/~tonu/exif/ [no.spam.ee]
Re: (Score:2)
I recall encountering at some point a bug in which windows would not regenerate the thumbnail preview for a jpg. this caused some hilarious results when i became the recipient of an edited (black censor bars editing) photo whos thumbnail was still pristine.
The horror! (Score:4, Insightful)
It not only includes the phone's location, but also accelerometer data showing if the phone was moved at the time the picture was taken and the readout from the [built-]in compass showing in which direction the phone was pointed at the time.
Not only that, the file exposes an image from the phone's camera. Won't someone think of the children!
There is always the alternative... (Score:2)
... of stripping [fileguru.com] the EXIF metadata. Just saying.
If you're surprised you're a fool (Score:2)
You have to go out of your way to include location in your pic. You need to be outdoors with most phones to get a clean GPS signal and have the GPS on the phone switched on and the camera set to include GPS data. GPS is still an advanced (and desired!) feature on non-mobile phone cameras that people pay extra money for. It's just that many phones now happen to include both a camera and a GPS so giving the user the option to record the two makes sense. On a decent camera, in all but the top of the line SLRs
Re: (Score:2)
The risk isn't from SLRs or compact cameras, it's from the people who emit a steady stream of blurry, compromising pictures from their cell phone cameras directly onto thing like Twitter. Now, they probably don't really care about privacy anyway, but it's worth noting.
Re: (Score:2)
Re: (Score:2)
Well if you're dumb enough to take those pics, and you're dumb enough to forward them, and you're dumb enough to do that without stripping the EXIF, you deserve what you get.
Does the Iphone turn all that on by default? (Score:2)
Personally, I enabled the GPS tagging on my phone on purpose. Normally it's off, and the only other interesting thing in the exif tags are the model of the phone. I enjoy having a GPS tag on each pic in case I want to go back and look at exactly where I was when it was taken. I did remember to turn it off before taking a picture of the secret location I buried my treasure of gold doubloons, so I think it should be safe.
Long story short, what could possibly go wrong? I could see how an Iphone user (if th
Re: (Score:2)
Of course, how else would it be considered user friendly?
I never publish with EXIF (Score:2)
I never publish photos with any EXIF.
There are tons of utilities out there to remove it, I use this: http://www.sentex.net/~mwandel/jhead/ [sentex.net]
I still have to silence the cell phone camera. It is annoying.
"Twitpic"? (Score:3, Funny)
Amazing honesty.
Sharpie in the pooper! (Score:5, Interesting)
Someone posted a picture of their girlfriend's rear end with a sharpie sticking out of it to a popular anonymous image-sharing web board.
Unfortunately, the image contained EXIF data, including latitude and longitude. It was quick work to come up with a name and address and all sorts of other information...
Good times.
Re: (Score:2)
I wouldn't know about that, I have Verizon Wireless.
Re: (Score:2)
As disappoint in myself I am to admit it, I've seen a few threads that went that way.
"Hey look, I'm a camwhore with bathroom mirror nudie pix!"
"Hey, look, I found your lat/lon in the EXIF data"
"Hey, look, I found your house on Google Maps at this link. RAEDZ!"
Re: (Score:2, Funny)
The real disappointment happens when the 'houseguests' show up at the exact L/L location and realize it's about five houses off, and they bang on the door to the house of some fat slob who shows up at the door with his bath robe half open.
Re: (Score:2)
Yes, and then it's only a short matter of time before the picture gets mailed to your parents, faxed and e-mailed to your school, ...
One should probably consider those outcomes anyway when posting pictures of yourself that even you would be embarrassed for people to see. (Not you personally, but you know, that 'you'.)
In fact, you shouldn't put up a picture of anything you don't want people to see. That is sort of the entire point of a picture after all.
Re: (Score:2)
Someone posted a picture of their girlfriend's rear end with a sharpie sticking out of it to a popular anonymous image-sharing web board.
Could she write stuff with it, or did she have it in, um... the wrong way round to do that?
Facebook strips exif (Score:2, Interesting)
I've actually found it kind of annoying that Facebook strips exif data. I've wanted to pull it out of some of the pics of friends' iPhone photos and creep them out by knowing where they were when they took them. :)
Re: (Score:2)
Facebook doesn't have the original image data: images uploaded via its Java applet are already scaled down, in multiple sizes (all the sizes FB uses them), possibly reencoding everything to jpeg with low quality. It's a way to offload the scaling work to clients (storage is cheaper than CPU).
Conspiracy! (Score:2)
FBI Agent A: Dammit guys, they found out about the EXIF stuff. Now what are we going to do to get data from these pictures?
FBI Agent B: Let's just Photoshop in some crack like we used to.
FBI Agent A: Promote that man!
More fun with Math (Score:5, Informative)
399 images included the location of the camera at the time the image was taken, and 102 images included the name of the photographer. ...
Or, to summarize from the other point of view...
"97.4% of images did not include the location of the camera at the time the image was taken, and 99.3% of images did not include the name of the photographer. ... "
Off-Topic: Good EXIF editing library? (Score:4, Interesting)
Sorry for being off-topic here, but I was wondering if anybody knows a good OSS EXIF editing library/software.
I tried libexif, but it seems to be rather limited in functionality (you can't add in new comments) and other libraries seem to be read only. It would be really useful to be able to easily edit the EXIF data like location, name of photographer, etc.
Re: (Score:3, Informative)
Considering (Score:2)
how much I paid for the features, it damn well better be in there.
The real issue at hand is that neither the camera or management software have a system to remove/obfiscate that data and some apparently deliberately hide it from you.
"Big Brother" made cool... (Score:2)
... The title pretty much sums it up. Big Brother was made "cool" and the public welcomed it with open arms.
Accelerometer (Score:2, Interesting)
Interesting use of EXIF data (Score:2)
Some particularly non-techie types that enjoy taking and sharing pictures of under-18 folks have been known to save and distribute such pictures with EXIF data. Sometimes including GPS information or camera serial number data.
The camera serial number is useful if the owner registers the camera with the manufacturer. The serial number can be used to look up the registration.
The GPS information is of pretty obvious value, assuming the pictures are taken at home. Put that information into a GPS device and i
Re:meh (Score:5, Insightful)
I can't be bothered to set the clock on my camera, let alone enter personal data.
Not a problem on CELL PHONE cameras!
Re: (Score:2)
Re:dumb question (Score:5, Interesting)
Exif is even viewable on OSX and Windows by just looking at the file's properties.
Most artists actually *rely* on EXIF (and carefully protect it) to establish things like Copyright - not to mention keeping track of settings. :)
If my phone *didn't* tag my photos with my name I'd be a bit miffed
Re:dumb question (Score:5, Insightful)
If my phone *didn't* tag my photos with my name I'd be a bit miffed :)
Generally yes. Unless you want to anonymously submit a photo, and you had no idea this information was stored inside the picture.
Re: (Score:2)
If it's a service that exists for that kind of thing (Wikileaks?), they should know well enough to strip that data out themselves.
Not that I'd want to rely on someone else. You'd be astonished at the number of websites that don't even hash or encrypt passwords.
Re:dumb question (Score:4, Insightful)
Re: (Score:2)
Actually both of you are making a good point.
Re: (Score:2)
If you plan on submitting something anonymous, you should know what you're doing. Even if you go low-tech, there are things like handwriting analysis, printers that either intentionally or unintentionally code a unique signature in images, private investigators, cell phone tower data and satellites that could track you down. It's also up to the one publishing the information to make sure all data that could potentially identify their source has been stripped.
Re: (Score:2)
Nobody *relies* on it by itself - it's just one of many tools to try to prevent copyright infringement.
The problem is that photos/images must be seen to be useful, and if they can be seen, they can be stolen :)
I post my stuff with no EXIF data except the copyright, plus a watermark (non-visible) plus a watermark (visible), plus reduced color/size, plus digital compression with loss (JPG/PNG at about 85%) - therefore in *theory* I can point to my original uncropped image with EXIF at higher color, free of co
Re: (Score:3, Informative)
How hard is it to extract this data, Do you need a special tool or can i see it all in photoshop
It's not hard at all. On Vista and 7, right-click on the file, select properties, and go to "details." It might work on XP as well.
Depending on your folder view, all you might have to do is select the file.
Re: (Score:2, Interesting)
For most of my photos, this works:
cat image_name.jpg | strings | more
Re: (Score:2)
For most of my photos, this works:
cat image_name.jpg | strings | more
Of course, "strings" takes files as an argument, so
"strings image_name.jpg | less"
Would do just as fine. You know. Less is more. Doubly so in this case.
Re: (Score:2, Informative)
You should be able to look at the most interesting details in most up to date image software.
The buzzsaw is ExifTool:
http://www.sno.phy.queensu.ca/~phil/exiftool/ [queensu.ca]
Re: (Score:3, Funny)
If "Scruffles" is the name of your favorite male cat-dresser/entertainer at the local strip joint, and you're a politician, someone will be able to A) see the name of the person who took the photo (you!), and B) see where you were when you took it.
So much for anonymously uploading your photos to furryfun.com.
Re:Oh Noes!!! (Score:4, Insightful)
If you're a politician, you're screwed the minute you set foot in a strip joint. It's not like the people inside have signed non disclosure agreements.
Re: (Score:2)
If you're a politician, you're screwed the minute you set foot in a strip joint.
Aww man, those VIP's always get special treatment!