Facebook Stalking Fears: 6 Geotagging Facts

A meme gained steam this week about child stalkers' ability to use GPS-tagged smartphones images posted on social networks. We break down the privacy facts.

Mathew J. Schwartz, Contributor

August 14, 2013

5 Min Read

Are child poachers planning their next attack using your Facebook feed?

That's the breathless smartphone privacy risk warning sounded by NBC affiliate KSHB-TV in Kansas City, Mo., which highlighted how "smartphone picture uploads can reveal the location of your children's home, school, and play areas." While that NBC segment aired in 2010, the video went viral this week, as a meme about how child stalkers might be using Facebook to track kids again picked up steam.

Just what are the privacy implications of using smartphones to take pictures, and sharing those pictures via social networks or other sites? Here are six related privacy facts and tips:

1. NBC's Stalking Report: Scaremongering, Conjecture

First, NBC wasn't reporting on a trend it saw in the real world. Rather, the report was predicated on handing one of the affiliate's own reporters a smartphone and asking her to take snapshots of her child. Reporters then showed those pictures -- and included location information -- to a school cop, who pronounced the finding "frightening." Cue news spin: "Police are concerned."

[ Surveillance techniques are more sophisticated than ever. But how far do they really reach? Read Can The NSA Really Track Turned-Off Cell Phones? ]

By the article's logic, we needn't fear only for the safety of our children thanks to this GPS-spilling smartphone scourge. Photo-happy workers at secret military installations might also accidentally reveal the location of our nuclear stockpile with their smartphones. Likewise, consumers might inadvertently divulge the location of their miracle mechanic, or even their favorite ice cream shop.

2. Facebook Doesn't Spill GPS Data

The NBC reporters said they found numerous pictures posted to Twitter, Facebook and Craigslist, among other sites, which they claimed revealed location information. But that's not the case on most social networks or on eBay, which actively expunge EXIF data. (EXIF is the name of the metadata tags in image files that can include GPS coordinates.)

"We have received a lot of questions about a warning going around concerning geolocation / metadata of photos posted online. Facebook doesn't allow people that download your photos to see this information," read a statement posted on social media watchdog FaceCrooks, which battles social networking scams and other security and privacy problems.

Facebook's help center said that while the social network may show the approximate geographic location where a photo was taken if this feature is enabled and required EXIF data available, it doesn't do so at the maximum accuracy level offered by GPS, which is 66 feet (20 meters).

3. Verify If EXIF Data Shared

Not all sites expunge EXIF data, which means that in some cases the location information attached to an image could be retrieved. "If you post to other social networks or sites online, be sure to check each site to see if the data is made available upon download," said FaceCrooks. For users of photo-enthusiast site Flickr, for example, posting images with EXIF data -- known as geotagging pictures -- is often a desired feature. Other sites, such as Craigslist, simply post images "as is," meaning that people who post pictures of valuable for-sale items might be making themselves a target for crooks.

4. How To Selectively Delete EXIF Data

Before sharing images that have EXIF data attached, people can easily remove that geolocation information. For Windows users, this is as simple as deleting the EXIF information via the file-properties dialog box. For other operating systems, a free tool such as ExifTool will do the job. Some websites also offer the ability to view and remove EXIF data for free.

5. Stronger Smartphone Measures: Disable EXIF Completely

For people who want more control over how their EXIF data may get shared -- or spilled -- one option is to forcibly disable geotagging altogether. To do this in Android, deactivate the "GPS Tag" option in the camera app's Settings page. For iOS, disable Location Services in the General/Privacy settings menu. Alternately, in the Privacy settings page Photo menu, users can toggle which third-party photo apps get access to location information.

For more details and instructions for BlackBerry and Windows Phone devices, GCN offers a useful guide to disabling geotagging on smartphones.

6. Even Hackers Flub EXIF

Confused by EXIF data and having to navigate which services do -- or don't -- expunge location information from images? You're not alone. The intricacies of EXIF have tripped up even hackers and information security experts.

For example, the FBI busted "CabinCr3w" hacker and Anonymous hacktivist Higinio O. Ochoa III, aka "w0rmer," after he posted a photograph of his bikini-clad girlfriend holding handwritten taunts to the bureau. But it's what the photograph wasn't revealing that led to Ochoa's takedown, pleading guilty on hacking charges in June 2012, and subsequent 27-month sentence in federal prison. Namely, the photograph had been snapped with an iPhone, and the feature to automatically add EXIF information, including GPS coordinates, to photographs hadn't been disabled. Furthermore, the EXIF data hadn't been expunged before being posted to Ochoa's "Anonw0rmer" Twitter account for the world to see.

Ochoa wasn't alone in his EXIF-flubbing ways. Notably, eccentric antivirus founder John McAfee, who was fleeing his home in Belize, where he was wanted for questioning in a murder investigation, had his location in Guatemala inadvertently revealed when Vice reporters traveling with him posted a picture of McAfee that included GPS-coordinate-revealing EXIF data. In short order, Guatemalan authorities arrested McAfee, who was ultimately returned to the United States.

About the Author(s)

Mathew J. Schwartz


Mathew Schwartz served as the InformationWeek information security reporter from 2010 until mid-2014.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights