How much EXIF information is tracked by photo sharing sites?

In article , Mayayana
wrote:

| However, none of that has anything to do with EXIF.
|
| No, but Sandman was questioning how EXIF data might ever possibly be
| a privacy issue.
|
| Correct, and you failed to provide any information about that topic.
|
| The cellphone IDs are one of several examples of
| how 1) small, seemingly insignificant bits of data can be compiled
| to provide information and 2) it's difficult to even imagine all the
| possibilities of privacy issues when it comes to computerized data.
|
| Well, try? Even if it's hard, you could at least try to give us a good
| example on how EXIF data could reveal "intensly personal information".
|
| That's really what the whole issue is about. It's not so much what
| the data is but rather the fact that it's online and can be indexed
| and put into a database, which can then be analyzed in innumerable
| ways.
|
| We know this - you've yet to give a specific example of how EXIF data
| contains "intensly personal information" and how it can be used for
| "nefarious purposes"
|

Who's "we"? You and nospam? If you knew
it -- if you weren't stubbornly avoiding the
recognition of my one, simple point -- then you
wouldn't be arguing about it. For me this is
a discussion. You can agree, disagree, or add
new points. What I'm not going to do is to
engage you in a snarly, pseudo-logical contest
of mutual insult.

both he and i did add new points by refuting everything you said.
you're just going off on another one of your insane paranoid rants
that's full of lies and misinformation.

it's possible for information to be abused (anything can be abused),
but that doesn't mean there's not a good side. you're dismissing all of
the benefits because it *might* be abused. that's bad.

in fact, because you're so concerned with privacy, you *like* what
apple is doing because it *helps* users maintain their privacy. they're
one of the only companies to do that.

apple pay in particular lets people pay with a credit card *and* remain
anonymous to the store. only your credit card company can link you to
the transaction, which they obviously have to do so you can be billed
for it, and only the total amount, not the individual items purchased.

that means that with apple pay, it is now *impossible* to get people's
credit card info to use for unauthorized purchases or to figure out if
someone is pregnant based on what they buy.

unfortunately, your hatred for all new technology will never let you
see that.

Anyone who's actually interested in this issue can
judge my point and my links for themselves, whether
they agree, disagree, or fall somewhere in between.

they will inevitably come to the realization that you're very
misinformed and wearing a whole lot of tin foil.

In article , Mayayana wrote:

| That's really what the whole issue is about. It's not so much what
| the data is but rather the fact that it's online and can be indexed
| and put into a database, which can then be analyzed in innumerable
| ways.
|
| We know this - you've yet to give a specific example of how EXIF data
| contains "intensly personal information" and how it can be used for
| "nefarious purposes"

Who's "we"?

People concerned with privacy and security.

You and nospam? If you knew it -- if you weren't stubbornly avoiding the
recognition of my one, simple point -- then you wouldn't be arguing about
it.

Who's arguing? I am asking you to substantiate your claims. You have failed
to do so many many times now, which means you can't and thus they are empty
invalid claims.

For me this is a discussion. You can agree, disagree, or add new
points. What I'm not going to do is to engage you in a snarly,
pseudo-logical contest of mutual insult.

Who has insulted whom? You entered a thread about EXIF data and you've yet
to post a single on-topic post about EXIF and privacy concerns. All your
"examples" have had exactly nothing to do with EXIF.

Anyone who's actually interested in this issue can judge my point and my
links for themselves, whether they agree, disagree, or fall somewhere in
between.

I am interested in this issue, and I have judged your "point" and found it
void of any substantiation, thus it is invalid.


--
Sandman[.net]

On 2014-11-18 12:27:05 +0000, Warren Oates said:

In article ,
Sandman wrote:

Who has insulted whom? You entered a thread about EXIF data and you've
yet to post a single on-topic post about EXIF and privacy concerns. All
your "examples" have had exactly nothing to do with EXIF.

Exactly. I challenge Mayayana to post the EXIF data from a couple of
random jpegs so we can see the "intensely personal" stuff that's in
there.

I look at a couple-three random images, the most "intensely personal"
stuff I see is the creation date, the name of the camera, the date the
image was modified, and the image processing software I used to modify
it (if I did). To be fair, none of our cameras have GPS hardware, so
there's no location data, but nevertheless ...
Now: we add copyright info to the pictures we actually publish, but we
do that knowingly and I know how to remove it.

Here's a good tool to take up my challenge:

http://www.sno.phy.queensu.ca/~phil/exiftool/

Guy lives not far from me it seems. There's some intensely personal
information in his URL ...

You can use the same tool to remove the data before you "share" your picture.

It seems to me here are several issues in this EXIF paranoia discussion.

Those who are paranoid because of data which might be mined from the
EXIF & metadata, and who should decide to never share images, or strip
all metadata from images they share.

Then there are the less paranoid among us who have no problem providing
camera/lens/exposure information, along with identifying ourselves as
the creator of the image. In that copyright section of the metadata we
might provide various levels of data such as licensing, & contact
information.
Some of us choose to GeoTag our images when we can. So, what? Maybe
some inquiring mind might discover where Yosemite NP, Big Sur, or the
DeWildt Nature Reserve in South Africa are.

Then there is the issue of “Keywords�. I tag my images with keywords,
so I have little trouble finding my shots of a Tyrrell P34 at Laguna
Seca, or Big Creek Bridge in Big Sur. They are there for a purpose,
some folks like to know where a particular shooting location is, and
just what exactly that was you shot.

I am not a pro who might have concerns regarding protecting my work and
protecting myself regarding model & location releases with IPTC & IPTC
Extended data, or imbedding Digimarc data watermarks. All of that is
EXIF & metadata none of that would be “intensely personal information�.

There is only one area of image metadata where there might be some
“intensely personal information�, and that is in the area of
distribution of medical imagery of any type. That has its own special
metadata section under DICOM which contains patient/physician
information. However, those images are not shared/distributed via
Flickr, or Facebook, and are protected under HIPPA Laws.

I know that none of my vehicle, landscape, airshow, sporting event, and
candid shots have any DICOM data entered, so nothing which could be
termed “intensely personal information�. At a minimum, I want folks to
know that the image is my work, regardless of the quality of that
image, and the simplest way of doing that is to add some
creator/copyright and licensing information.

--
Regards,

Savageduck

| It seems to me here are several issues in this EXIF paranoia discussion.
|
| Those who are paranoid because of data which might be mined from the
| EXIF & metadata, and who should decide to never share images, or strip
| all metadata from images they share.
|
| Then there are the less paranoid among us who have no problem providing
| camera/lens/exposure information, along with identifying ourselves as
| the creator of the image. In that copyright section of the metadata we
| might provide various levels of data such as licensing, & contact
| information.

Well put. But all I was getting at was that privacy can be
a real issue. You don't need to label it "paranoia" when people
are concerned with privacy issues.

People who put images online and want to maintain privacy
would do well to remove metadata. Why not? It's easy enough
to do, and it's hard to foresee the ways that data might
otherwise be used. That's all I was saying in the first place.

That has nothing to do with you wanting to post images
with metadata. Concern for privacy and concern with
corporate spying are not in opposition with having a public life.
It's not an either/or situation.

Whenever the privacy issue comes up in any venue there's
always the vehement camp that starts in with accusations of
paranoia and tin foil hats, trying to make *any* privacy concerns
seem silly. They don't want to think about the issue and they
don't really want to know how much they're being tracked. For
one simple reason: to acknowledge it would face them with a
decision that might be inconvenient, especially if they live with
Google, Facebook, GPS on smartphones, etc.
I only mention these things for the sake of people who might
not have thought about it but who may actually be interested in
minimizing their "Google dossier".

A. Beck seems to be posting lots of photos and simply wants
to minimize the trail he's leaving. I don't see anything extreme,
unreasonable, or paranoid about that. It seems like common
sense to me. Though I would question his general logic: Anyone
who is having their social life hosted through corporate
advertising companies such as Facebook and Pinterest is hardly
in a position to be concerned about privacy. The biggest risk
with A. Beck's metadata is the fact that he's linked himself to
it personally by putting it on his own "social network" pages.
Who needs Google spying when they're documenting their
entire life on Facebook anyway?

On 2014-11-18, Warren Oates wrote:
In article ,
Sandman wrote:

Who has insulted whom? You entered a thread about EXIF data and you've yet
to post a single on-topic post about EXIF and privacy concerns. All your
"examples" have had exactly nothing to do with EXIF.

Exactly. I challenge Mayayana to post the EXIF data from a couple of
random jpegs so we can see the "intensely personal" stuff that's in
there.

I look at a couple-three random images, the most "intensely personal"
stuff I see is the creation date, the name of the camera, the date the
image was modified, and the image processing software I used to modify
it (if I did). To be fair, none of our cameras have GPS hardware, so
there's no location data, but nevertheless ...

The GPS data could certainly be "intensely personal". Say you took a
picture of a beautiful object. It happened to be in your mistresses
flat. The gps coordinates would show you were there, despite your
protestations you never knew her. Similarly for some innocuous photo
taken at a crime scene. Again it would prove you were there. Something
which could destroy your marriage/land you in jail I would certainly
call "intensely personal".



Now: we add copyright info to the pictures we actually publish, but we
do that knowingly and I know how to remove it.

Here's a good tool to take up my challenge:

http://www.sno.phy.queensu.ca/~phil/exiftool/

Guy lives not far from me it seems. There's some intensely personal
information in his URL ...

You can use the same tool to remove the data before you "share" your
picture.

The question was not whether or not it could be removed. The question
was whether or not the data could store "intensely personal"
information, since it is stored automatically unless you take action and
delete it.

In article , William Unruh wrote:

Sandman:
Who has insulted whom? You entered a thread about EXIF data and
you've yet to post a single on-topic post about EXIF and privacy
concerns. All your "examples" have had exactly nothing to do
with EXIF.

Warren Oates:
Exactly. I challenge Mayayana to post the EXIF data from a couple
of random jpegs so we can see the "intensely personal" stuff
that's in there.

I look at a couple-three random images, the most "intensely
personal" stuff I see is the creation date, the name of the
camera, the date the image was modified, and the image processing
software I used to modify it (if I did). To be fair, none of our
cameras have GPS hardware, so there's no location data, but
nevertheless ...

The GPS data could certainly be "intensely personal". Say you took a
picture of a beautiful object. It happened to be in your mistresses
flat. The gps coordinates would show you were there, despite your
protestations you never knew her.

False logic.

That is only "intensively personal" if someone already knwos the photo
belongs to you and know who you are - in which case you as a person is
already a known entity and the added data becomes highly sensitive if the
wrong person (your wife) sees it.

The discussion is about EXIF data as "mined" by social media sites for
"nefarious purposes"

The idea is that EXIF containes "intensly personal" information, and your
example does not show such information, it is only personal if you as a
person is already a known variable.

If *I* were to download that very photo from an anonymous source, and I
don't know anything about you - there is *nothing* personal in that EXIF
data at all. I can see, if it has GPS data, where it was taken which tells
me nothing about you.

Similarly for some innocuous photo taken at a crime scene. Again it would
prove you were there.

No, it would prove that *someone* was there, not that *you* were there.
That's the difference.

Something which could destroy your marriage/land
you in jail I would certainly call "intensely personal".

This is true for many things you do online, you can check in on facebook,
update your status and people can work out that you did so from a place or
at a time where it would compromise something you wanted to keep a secret.

But again, the topic was EXIF being used for supposed "nefarious purposes"
by these social media sites and whether or not there was "intensly
personal" information in the EXIF. There isn't - all your examples hinges
on the fact that one has to know you to begin with for it to be intensly
*sensitive*, not personal.

The question was not whether or not it could be removed. The
question was whether or not the data could store "intensely
personal" information, since it is stored automatically unless you
take action and delete it.

EXIF certainly *can* store intensively personal information, no doubt - but
if it does, the user has put it there themselves, not added automatically
by their software (unless they have it set up, a lot of photo management
apps can have templates of EXIF data added upon import)


--
Sandman[.net]

On 2014-11-18 15:23:45 +0000, "Mayayana" said:

| It seems to me here are several issues in this EXIF paranoia discussion.
|
| Those who are paranoid because of data which might be mined from the
| EXIF & metadata, and who should decide to never share images, or strip
| all metadata from images they share.
|
| Then there are the less paranoid among us who have no problem providing
| camera/lens/exposure information, along with identifying ourselves as
| the creator of the image. In that copyright section of the metadata we
| might provide various levels of data such as licensing, & contact
| information.

Well put. But all I was getting at was that privacy can be
a real issue. You don't need to label it "paranoia" when people
are concerned with privacy issues.

People who put images online and want to maintain privacy
would do well to remove metadata. Why not? It's easy enough
to do, and it's hard to foresee the ways that data might
otherwise be used. That's all I was saying in the first place.

That has nothing to do with you wanting to post images
with metadata. Concern for privacy and concern with
corporate spying are not in opposition with having a public life.
It's not an either/or situation.

Whenever the privacy issue comes up in any venue there's
always the vehement camp that starts in with accusations of
paranoia and tin foil hats, trying to make *any* privacy concerns
seem silly. They don't want to think about the issue and they
don't really want to know how much they're being tracked. For
one simple reason: to acknowledge it would face them with a
decision that might be inconvenient, especially if they live with
Google, Facebook, GPS on smartphones, etc.
I only mention these things for the sake of people who might
not have thought about it but who may actually be interested in
minimizing their "Google dossier".

A. Beck seems to be posting lots of photos and simply wants
to minimize the trail he's leaving. I don't see anything extreme,
unreasonable, or paranoid about that. It seems like common
sense to me. Though I would question his general logic: Anyone
who is having their social life hosted through corporate
advertising companies such as Facebook and Pinterest is hardly
in a position to be concerned about privacy. The biggest risk
with A. Beck's metadata is the fact that he's linked himself to
it personally by putting it on his own "social network" pages.
Who needs Google spying when they're documenting their
entire life on Facebook anyway?

It seems to me that the real problem lies with sharing your life via
Facebook, Pinterest, Twitter, Instagram. etc. and just how easy they
make sharing images, thereby making one vulnerable to their
exploitation of your media assets. Personally, I have never subscribed
any of those social media sites.

Any public image sharing I do is usually via Dropbox. If I am going to
do any collaborative work, or want to share original RAW files I use
Adobe's Creative Cloud where I have 20GB of storage, and sometimes
Dropbox.
Then there is Skype's "Send files, or photos" feature, which also does
a good job and is pretty secure.

With other Mac, or iDevice users I find that using iMessage is a pretty
simple and secure method of sharing images. I have pretty much stopped
using Google Drive & Picasa.

--
Regards,

Savageduck

On 2014-11-18, Sandman wrote:
In article , William Unruh wrote:

Sandman:
Who has insulted whom? You entered a thread about EXIF data and
you've yet to post a single on-topic post about EXIF and privacy
concerns. All your "examples" have had exactly nothing to do
with EXIF.

Warren Oates:
Exactly. I challenge Mayayana to post the EXIF data from a couple
of random jpegs so we can see the "intensely personal" stuff
that's in there.

I look at a couple-three random images, the most "intensely
personal" stuff I see is the creation date, the name of the
camera, the date the image was modified, and the image processing
software I used to modify it (if I did). To be fair, none of our
cameras have GPS hardware, so there's no location data, but
nevertheless ...

The GPS data could certainly be "intensely personal". Say you took a
picture of a beautiful object. It happened to be in your mistresses
flat. The gps coordinates would show you were there, despite your
protestations you never knew her.

False logic.

That is only "intensively personal" if someone already knwos the photo
belongs to you and know who you are - in which case you as a person is
already a known entity and the added data becomes highly sensitive if the
wrong person (your wife) sees it.

No. The concern was the posting of the EXIF data on public sites. The
data mining was one example of how the data could be misued, not the
only example.
And even for data mining, when most of the pictures turn out to have gps
location of your house, then associating them with you is not exactly
difficult. Then the occurance of your mistresses house associates you
with your mistress.



The discussion is about EXIF data as "mined" by social media sites for
"nefarious purposes"

No, it was not. The discussion is about whether or not EXIF data could
be used for purposes you, as the poster, did not approve of, or harmed
you.


The idea is that EXIF containes "intensly personal" information, and your
example does not show such information, it is only personal if you as a
person is already a known variable.

If *I* were to download that very photo from an anonymous source, and I
don't know anything about you - there is *nothing* personal in that EXIF
data at all. I can see, if it has GPS data, where it was taken which tells
me nothing about you.

If your credit card information and your tax forms (without your name
on the form) were in the exif data, would that be personal information?
You would be OK with that since if they did not know your name, that
information would be useless to them? Is any information to you
"intensely personal"?
Note that it is very possible that your photo DOES contain your name in
the exif information, under a copyright tag for example.

The argument is NOT whether exif information is always intensely
personal. The question is if it can be. If you do not know what is being
published, could it harm you?


But again, the topic was EXIF being used for supposed "nefarious purposes"
by these social media sites and whether or not there was "intensly
personal" information in the EXIF. There isn't - all your examples hinges
on the fact that one has to know you to begin with for it to be intensly
*sensitive*, not personal.

I think that "intesely sensitive" and "intensely personal" can be taken
to be synonymous here.


The question was not whether or not it could be removed. The
question was whether or not the data could store "intensely
personal" information, since it is stored automatically unless you
take action and delete it.

EXIF certainly *can* store intensively personal information, no doubt - but
if it does, the user has put it there themselves, not added automatically
by their software (unless they have it set up, a lot of photo management
apps can have templates of EXIF data added upon import)

I was giving the example of GPS data, which is automatically added by
many modern cameras, being intesely personal, expecially when it is
often trivial for someone to figure out who you are by looking at either
the account under which it was stored, or even looking at the photos
(selfies ARE a common use of photos and are posted).

Yes, one may have to combine data from various sources to make the data
on that one particular photon intensely personal, but that extra data is
often trivial to get. It is the shock of discovering that the police
posted your photo of a mob hit onto a web site to plead for more into,
and that the EXIF information on that photo could make it more likely
that the mob could figure out you took the photo that makes it
"intensely personal".

linux froup x'ed.

On 11/18/14 PDT, 9:00 AM, Warren Oates wrote:
In article ,
William Unruh wrote:

The GPS data could certainly be "intensely personal".

Yeah. Here's my cousin Zeke in front of the Eiffel Tower. I'd better
delete the geo-locating data so no one knows where he really is.

Here's my cousin Zeke's meths lab; I think I'll leave that metadata in
place.

All of your, er, "examples" are extreme film-noir worst-case scenarios.
What's your proposal? Ban metadata? Think about all the metadata in the
chip on your passport. What might Kang and Kodos do with that?

Srsly, though, I don't have any sympathy for anyone trys to post
something "anonymously" who has no idea how to do it properly.

And I like the idea of the murderer/thief/philanderer being stupid
enough to post incriminating evidence..... Priceless!

In article , Mayayana
wrote:


Whenever the privacy issue comes up in any venue there's
always the vehement camp that starts in with accusations of
paranoia and tin foil hats, trying to make *any* privacy concerns
seem silly. They don't want to think about the issue and they
don't really want to know how much they're being tracked. For
one simple reason: to acknowledge it would face them with a
decision that might be inconvenient, especially if they live with
Google, Facebook, GPS on smartphones, etc.

nope.

the tin foil hat accusations come out when people make ludicrous and
unsubstantiated claims that are almost always, full of misinformation.

there's nothing wrong with maintaining privacy. the problem is that
some people claim everyone is out to exploit them when in reality, it's
the users who decide whether or not to use a service and *willingly*
provide information for the service offered.

in other words, it's a consensual agreement, not exploitation.

I only mention these things for the sake of people who might
not have thought about it but who may actually be interested in
minimizing their "Google dossier".

you assume people are morons. some might be, but the vast majority are
smart enough to make their own decisions about what information to
provide.

A. Beck seems to be posting lots of photos and simply wants
to minimize the trail he's leaving. I don't see anything extreme,
unreasonable, or paranoid about that. It seems like common
sense to me. Though I would question his general logic: Anyone
who is having their social life hosted through corporate
advertising companies such as Facebook and Pinterest is hardly
in a position to be concerned about privacy. The biggest risk
with A. Beck's metadata is the fact that he's linked himself to
it personally by putting it on his own "social network" pages.
Who needs Google spying when they're documenting their
entire life on Facebook anyway?

there you go with the tin foil hat nonsense. it's not spying when
someone provides it willingly.