back to article Leaky-by-design location services show outsourced security won't ever work

We’re leaking location data everywhere, and it's time to fix it by design. An example: if you go on safari in Africa, you'll be asked to turn off your smartphone's location tracking capabilities. The reason is that most people have no idea that every photo they take with their phone embeds location data in the exchangeable …

  1. Anonymous Coward
    Anonymous Coward

    These billion dollar surveillance phones and app companies....

    ... are the retail arm of the NSA. They don't need to spy on the population in person - you are paying for a device to do it for them!

    1. Roland6 Silver badge

      Re: These billion dollar surveillance phones and app companies....

      >... are the retail arm of the NSA.

      It is interesting to reread the thoughts of Edward Snowden on security:

      https://forums.theregister.co.uk/forum/3/2015/11/12/snowden_guide_to_practical_privacy/

      Either Ed, wasn't privy to all that the NSA were up to or they (the NSA) weren't into the collection of this type of metadata.

      I get the feeling that we will see more of these accidential/unintentional leaks of metadata that permit inference about a person and their activities that they didn't intend to make public.

  2. This post has been deleted by its author

  3. Steve Button Silver badge

    You are shitting me?

    "Can’t someone simply wander through those images, stalking you via a breadcrumb trail of EXIF location data? Of course they can."

    Wait, what!? You mean they don't strip the shit out? I had *assumed* they stripped that shit out, and it wasn't available unless you explicitly clicked the "add my location" button. Silly me.

    Are you SURE my location can be simply pulled out of all my images??

    1. Charles 9

      Re: You are shitting me?

      Yes, and now some CAMERAS (as in dedicated devices) come with GPS antennae.

      1. Anonymous Coward
        Anonymous Coward

        Re: some CAMERAS [have] GPS antennae.

        Mine certainly does. And wifi ... and if I accidentally hit one the right (wrong) button on it, it also tries to connect to wifi.

        1. big_D Silver badge

          Re: some CAMERAS [have] GPS antennae.

          Yeah, my new Sony Alpha does that, but I put it in Airplane mode. It also improves battery life / the number of shots I can take dramatically.

      2. VinceH
        Unhappy

        Re: You are shitting me?

        "Yes, and now some CAMERAS (as in dedicated devices) come with GPS antennae."

        As long as you are aware, and know what steps you need to take to address it, this isn't a problem - that certainly applies to me, and I would think you and most El Reg readers.

        The real problem is everyone else - and not just knowing that the location data can be used as described, but actually giving enough of a shit to want something done about it.

        1. baseh

          Re: You are shitting me?

          You and the ElReg readers and knowledgeable people are careful but if you figure by accident in a picture taken by John/Joan Public?

          1. VinceH

            Re: You are shitting me?

            Please see the last paragraph.

      3. Blotto Silver badge

        Re: You are shitting me?

        my Samsung happy snapper from 2010 does gps tagging of photos. I purchased it specifically for that capability.

        i/Photos on the mac will/can strip those gps tags out when exporting to third party apps etc. I think it asks you, certainly the first time, and is something i would do if i uploaded to third parties.

        Not sure about how the iPhone deals with sending messages via emails or imessages though, will need to check, but its not mass uploading to the public internet.

  4. Anonymous Coward
    Anonymous Coward

    Explicit sharing

    The only way around this I can see is *explicit* sharing.

    That is: only share my photos with individual people I have authorised. Only share my Whatsapp presence info with known contacts I have explicitly allowed this for.

    This needs to be enforced both at the server layer, and at the data layer (e.g. each piece of data is GPG-encrypted with the public keys of the people who can see it)

    This doesn't have to be NSA-proof, only Google and Ad-man proof.

    1. Anonymous Coward
      Anonymous Coward

      Re: Explicit sharing

      I think that authorizations are a good start. Only share with known users, and only to limited numbers of them.

      Main concern with large-scale providers will remain that they can start data-mining at any time without our knowledge or explicit consent for that purpose. Even claims about stripping of exif-data are not necessarily meaningful (what if they store them separately with a pic-ID).

      Strong encryption of stored data with keys residing at the user could help, but how are the service-providers going to make any money?

    2. 's water music
      Gimp

      Re: Explicit sharing

      The only way around this I can see is *explicit* sharing.

      I no longer share my explicit photos. Not since the court case.

      That one's ok, since you can't tell that it is me--->

  5. Anonymous Coward
    Anonymous Coward

    Nope, not on Facebook.

    For once, Facebook is NOT a privacy problem here.

    Facebook itself could do such EXIF analysis, but when Facebook publishes images it seems to strip all EXIF data (in the days I still had an FB account I was experimenting with tags using the excellent exiftool, hence me discovering this).

    There's one problem with the way they strip ALL of it: they also wipe the "copyright" tag which is effectively interfering with a copyright notice. That is illegal under US law, but the challenge is proving intent so don't expect any class action lawsuits soon.

    1. Mage Silver badge
      Paris Hilton

      Re: Nope, not on Facebook.

      I'd be very surprised if the Privacy exploiting companies don't analyse data uploaded before they publish it stripped. After all, they don't want their competitors trawling their site capturing all that lovely data.

      1. Anonymous Coward
        Anonymous Coward

        Re: Nope, not on Facebook.

        The fact Facebook strips EXIF is irrelevant, since people trawling for EXIF will look on dedicated photo sites like Instagram and Flickr. Facebook would be less than ideal for trawling because the majority of people (i.e. the vast majority of women, and some men) have their privacy locked down so their photos can only be seen by their friends, and can't be seen by the world at large (or Google's search engine)

        Few people seem to lock down their photos on photo sharing sites, even when they post a lot of pictures of their kids.

        1. Mark 85

          Re: Nope, not on Facebook.

          Facebook would be less than ideal for trawling because the majority of people (i.e. the vast majority of women, and some men) have their privacy locked down so their photos can only be seen by their friends, and can't be seen by the world at large (or Google's search engine)

          Let's amend that to "allegedly" shall we. For all we know (and they wouldn't tell anyone anyway) they harvest the EXIF before posting to your page and then sell it. We already know they sell a pile of user data to various companies without letting you know to whom it's sold.

          The bigger the company, the less transparent they become.

  6. John Smith 19 Gold badge
    Gimp

    FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

    Of course what they do with that location data before they strip it is anyone's guess.

    And OSes that leak this data.

    Accident?

    Google business is knowing your business.

    Whenever Google does something (like Android) the only question is "How does this increase the amount of information that Google can collect about most people who use it?"

    The answer is "Quite a lot."

    1. I ain't Spartacus Gold badge

      Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

      Which is why all sorts of surprising bits of Android won't work if you have background location services turned off. Or at least that used to be the case, back when I had an Android phone. It was clear that Google want to track your location so they can sell you location related ads, but also so they can do real-time traffic status for sat-nav and keep building their database of all the WiFi hotspots on the planet for aGPS.

      Heaven knows what else they do with that stuff - and of course because Google write the OS (and their Play Services is increasingly a giant digital-blob) you've no idea whether it's even possible to fully turn this stuff off anymore.

      1. allthecoolshortnamesweretaken

        Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

        "[...] you've no idea whether it's even possible to fully turn this stuff off anymore."

        Off the top of my head and without any further research on the matter I'll just assume that no, you can't fully turn this stuff off; at least not without a jailbreak.

      2. Steve Graham

        Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

        Android continues to work fine if you delete Play Store, Play Services, Google Services etc. If you don't, yes, they'll definitely be trying to collect location info.

        1. Anonymous Coward
          Anonymous Coward

          Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

          If you remove Play Services, doesn't that make it impossible to perform updates? Trading one problem for another...

          1. Alumoi Silver badge

            Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

            If you remove Play Services, doesn't that make it impossible to perform updates? Trading one problem for another...

            I'd say that's a bonus. No more upgrades for the sake of upgrading, adding spyware, more ads and such.

      3. Cuddles

        Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

        "Which is why all sorts of surprising bits of Android won't work if you have background location services turned off."

        Could you give an example of something that doesn't work? Because I've had Android phones pretty much since the start, and the only thing I've ever found that didn't work without location services is satnav, which is fair enough really. No doubt some third party apps play might play up if you try to restrict them, but I'm not aware of any part of Android or the basic Google apps that come with it that will even complain, let alone fail to work, if you turn off location services.

        As for whether it's really possible to turn things off, there's a clear difference in battery life when you turn things like GPS and wifi on and off, so it's certainly doing something. Wifi, bluetooth and NFC should be easy to test since they broadcast, and I'm not aware of anyone having found them operating when they're not supposed to (and given the fuss places like aeroplanes make about electronics, it wouldn't really be worth the risk of getting caught). GPS, being passive, would obviously be harder to catch out.

        1. I ain't Spartacus Gold badge

          Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

          Cuddles,

          It were years ago that I used Android, so I may be remembering wrong (or things may have changed). But as I recall, Google maps wouldn't work if you'd disabled background location services. So Google maps itself had satellite access, but they weren't allowing you to use it, because you weren't letting them spy on you first.

          Obviously if everyone did it, there'd have been nobody updating their aGPS list of WiFi hotspots for them, which I guess is the reason they went for that setting.

          As for turning off WiFi, you can. And I assume Google do allow you to turn off stuff. But you may not notice a battery life drop for short uses of the GPS system. Apple certainly had their WiFi location list working in the background on about iOS5 - because it was making a list of WiFi network names and GPS locations + timestamps - and storing it in clear on the phone's storage to be regularly uploaded to Apple's servers when it was on a WiFi network. I assume Google's works similarly - unless they're even less polite and use your cellular data.

      4. Mark 85

        Re: FB strips data so photos effectivlely C M. Zuckerberg for the next 70 years. Accident?

        Indeed it's damn close to real time. We did a road trip and whenever the wife used her phone for navigation info, etc. she got ads for specifically the places we were. Were they relevant? Nope.. hardware stores, department stores, etc. but very little on what she was looking for. She shrugged and said "oh well".. I was rather pissed about the whole sorry thing pulled. Then again, I have a dumb old Nokia for a cell phone so I don't get ads.

  7. Doctor Syntax Silver badge

    "This is a problem of design, or rather, a lack of design thinking with respect to the security and privacy of the individual."

    The real problem here isn't the design. That's simply meeting the requirement. The problem is the individual users who choose to make public so many details of their lives and the requirement is to fulfil that choice. Or maybe the problem is the vendors who sell them on the idea.

    1. allthecoolshortnamesweretaken

      "The problem is the individual users who choose to make public so many details of their lives and the requirement is to fulfil that choice."

      All the average user chooses is the make and model of the smartphone/tablet they get.

      And then they just use the thing on it's default settings.

      1. Doctor Syntax Silver badge

        "All the average user chooses is the make and model of the smartphone/tablet they get."

        All too many of then will only choose something that will let them spill just about everything they see, do or runs through their minds onto the Interwebz. That's the root of it all.

  8. Adam 1

    solution seems easy enough

    Separate out the permissions to view photo from read geotag from image. Any app that lacks the applicable permission gets a modified version of the jpg where the EXIF tag for it has been nulled out. Full permission apps can see the regular file contents. That way your photos app still shows where the picture was taken and the backup app still backs up the full geotag, but some little time wasting app can't without being noteable in the permissions requested.

    1. Peter 26

      Re: solution seems easy enough

      Yep, came here to say this. They just need to update the security model and strip the EXIF info if the app doesn't have permission for. Obviously that last bit is easier said than done when you get to the nitty gritty detail, but I'm pretty sure Apple/Google can figure it out.

      1. Charles 9

        Re: solution seems easy enough

        And if they have FILE level permission which would let them gat at the data directly?

        1. Anonymous Coward
          Anonymous Coward

          Re: solution seems easy enough

          Provide an API for photos and block apps from being able to directly read the contents of the photos directory. Or create a FUSE-like virtual file system that makes the app think it is getting file level access, but it is actually getting files that have been massaged to blank EXIF data.

          1. Charles 9

            Re: solution seems easy enough

            Photos may not be in the Photos directory, or they can go the long way 'round, and magic numbers can be munged; there are plenty of other tricks. Look, if you REALLY don't want your location known no matter what, get a GPS jammer. Device can't geolocate you without a lock.

    2. Blotto Silver badge

      Re: solution seems easy enough

      the better solution would be to encrypt the private info as its added to the exif. anyone wanting it could send you the encrypted data, you feed it into your device/photo management app and it can then send them the photo with the correct unencrypted exif data.

    3. Anonymous Coward
      Anonymous Coward

      Re: solution seems easy enough

      Separate out the permissions to view photo from read geotag from image. Any app that lacks the applicable permission gets a modified version of the jpg where the EXIF tag for it has been nulled out.

      The problem I can see happening almost immediately is that someone else will want other information blocked, and others want to insert data. It seems there is scope for some sort of an EXIF filter API, but for one problem: Google probably wants that data too so they're not going to make it that easy to control it.

      1. Anonymous Coward
        Anonymous Coward

        Re: solution seems easy enough

        Well Google can still steal that data off your phone when you take the picture, so they shouldn't have an objection to blocking it later since they've already got it!

  9. Outer mongolian custard monster from outer space (honest)

    Im pretty sure most of the exif data on my photo's are from a location called "Created with GIMP".

    I use my phone to take snaps, but I store them offline in my own private location and edit them on a computer before publishing a select few of them because I'm old fashioned like that.

    No instant gratification selfies of my breakfast here.

    1. Anonymous Coward
      Anonymous Coward

      Ah well, that's fixed then. Just need to tell the other few billion internet users to do the same.

      1. Outer mongolian custard monster from outer space (honest)

        No, not in my job description to crusade to fix universal stupid.

    2. John G Imrie

      I use my phone to take snaps

      I hope you don't have auto backup images turned on then.

    3. Mark 85

      You're still taking the snaps with the photo. The data is still being added and/or sent off to Google, etc. They get it possibly before you even see the photo.

  10. iron Silver badge

    "how to use WhatsApp to track the waking and sleeping patterns of almost anyone, anywhere"

    Except me because I don't now nor will I ever have WhatsApp installed on any device. Nor do I use Facebook or any of these other services to post my photos online. Privacy and security is simple, just don't sell your soul to the likes of Zuck.

    1. lglethal Silver badge

      I dont really get why you're so down on Whats app. It's the only Messaging System out there with end to end encryption, and it contains ZERO ads.

      Whats not to like?

      1. Anonymous Coward
        FAIL

        Only messaging system with end to end encryption?

        iMessage was doing it before WhatsApp, and while I'm not up on all the latest messaging apps I find it difficult to believe none of the rest are doing end to end encryption. Isn't Signal a terrorist favorite because of this, among other things?

        Don't you wonder why Facebook paid all that money for WhatsApp and hasn't put any ads on it? I guess you think they are providing it out of charity, and aren't collecting your personal information just like they do with Facebook users? Maybe the ads created especially for you from your personal information simply show up on Facebook, while browsing, etc. instead of on WhatsApp.

      2. I ain't Spartacus Gold badge

        WhatsApp won't work without full access to your addressbook. As I recally Facebook promised not to copy all that data when they bought it, but admitted later that they had anyway. Then changed their "privacy policy"* to admit they were doing it.

        I do have a Facebook account for family stuff, on a throwaway email address. But they've been able to link me to friends because my friends and family have my real email address on their phones - and anyone who uses a Facebook app on their phones has "given FB permission" to hoover up their address book and do data analysis on it. And they've been able to correctly correlate my real email address from friends/family I've voluntarily linked myself with to ones that aren't mutual friends with any of them, but have my real email address on their phone.

        The only way to protect yourself from that level of sinister data collection online would be to have a throwaway email address for every separate friend/family member, or at least friendship group. Even if I didn't have an FB account they'd still have access to photos of me taken by friends/family, the locations those were taken at and my email address.

        *Facebook and Google having privacy policies is a bit like Charles Manson having not-murdering policies...

        1. Anonymous Coward
          Anonymous Coward

          Facebook will get your address book one way or another

          I use Facebook but it has never slurped my address book, thanks to iOS having permissions to prevent it. I know Google finally added the same a couple years ago - after the horse had left the barn since if you ran Facebook on your Android before that its too late for whoever was in it back then!

          Not that their inability to get MY address book really mattered, as every few months I get a banner asking "is <my mobile number> your mobile number?" claiming they want me to add it to help reset my password or whatever. It also regularly shows this one guy I worked with in a gig five years ago as "people you may know" even though we have zero friends in common and live a thousand miles away from each other. How does Facebook know my mobile number and that I know this guy? Because it has slurped many OTHER people's address books, which included my phone number! At least they're nice about it and don't just add my phone number against my will, even though they've probably seen it in a few dozen address books so they can be pretty damn sure its me!

          1. Anonymous Coward
            Anonymous Coward

            Re: Facebook will get your address book one way or another

            Yes, both Facebook and LinkedIn have been rather fanatically abusing that gaping hole in privacy legislation: they are not allowed to grab it from you without permission, but there are no barriers to extracting your data from your friends, nor is there a duty to notify you that they gathered this data.

            That said, I just came across a stunt Google has been pulling for years which I must write them a letter about. Could get very interesting.

            1. Charles 9

              Re: Facebook will get your address book one way or another

              Even if you try to anonymize yourself, they can probably glean enough information to DE-anonymize you in spite of throwaway e-mail addresses and so on. Combine this with information already available to the general public via governments as well as necessarily-given information from ISPs and secrecy on (and perhaps even OFF) the Internet has probably sailed away long ago.

      3. Anonymous Coward
        Anonymous Coward

        It's the only Messaging System out there with end to end encryption

        LOL. You must be new to secure messaging. Some alternatives WITHOUT snooping your address book:

        - Threema

        - Telegram

        - Signal

        - iMessage

        I have all four installed (you can't tell a client to change their favourite, although we refuse to use WhatsApp - they usually then go for Telegram). There are couple more esoteric ones out there too like CryptoCat but they're harder to verify. We mainly use iMessage to start up remote Mac sessions.

        and it contains ZERO ads

        Oh dear. If you get something for free, it simply means you're paying with something else, although I must note that Telegram is a bit of a special case re. operating capital. There's nothing more wonderful than a billionaire happily funding your outfit just to piss someone off :).

  11. Charles 9

    If I were running a safari and was concerned about poachers, I'd fit GPS jammer into all my vehicles. That way, even if a camera has built-in GPS or a poacher insider fitted a secret GPS logger in the vehicle, I'm still covered.

    1. DavCrav

      "If I were running a safari and was concerned about poachers, I'd fit GPS jammer into all my vehicles. That way, even if a camera has built-in GPS or a poacher insider fitted a secret GPS logger in the vehicle, I'm still covered."

      You're worried mainly about poachers as keyboard warriors, not poachers as super-spies, I guess.

      1. Charles 9

        I'm thinking of poachers as well-funded organizations such that they poach anti-poachers, too. For them, little is taboo, and it's not like GPS loggers are super-sized tech. Used to have a Qstarz one about 7 years ago.

    2. Tree
      Pirate

      Location

      To find it, you have to search for "location", but it can be turned off in <settings>. Then it is not supposed to detect or record it. You can just use Google or GPS only. On the other hand, the cell towers know when you are near them.

      Do not ever use FACEBUTT or you will have no privacy.

  12. Anonymous Coward
    Anonymous Coward

    Why can't I buy a mobile with open source linux on it?

    Whatever happened to http://www.techradar.com/reviews/phones/mobile-phones/ubuntu-phone-1139670/review ?

    Is someone closing these projects down? I wonder who that could be?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why can't I buy a mobile with open source linux on it?

      Where you see conspiracy, I see a lack of demand for it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Where you see conspiracy, I see a lack of demand for it.

        But I want there to be a conspiracy too!

        1. Anonymous Coward
          Anonymous Coward

          Re: Where you see conspiracy, I see a lack of demand for it.

          I think many people would be quite keen to have an alternative to iOS (nice, but far too expensive for the majority of people) and Android (Google spyware), but Windows Phone clearly wasn't the alternative that anyone was looking for at all.

          Unfortunately, while at least Windows Phones were available for purchase in the shops (and hence were at least reasonably visible), the same can't be said for Sailfish OS or Ubuntu Phone or Firefox OS (or even Web OS): you had to be reasonably nerdy to even know that they existed and also willing to take the risk of purchasing from obscure websites. If they had at least even been available via Amazon (and had got some publicity/advertising), they might have got a few curiosity sales.

          However, while I do wish that any or all of these would have developed some sort of market niche, they were all, unfortunately, too little, too late. They needed to have an at least reasonably mature OS (and at least some decent app support) by the end of 2012 (the point at which the petrol-fuelled Symbian conflagration was too far gone for anything to be saveable), otherwise iOS and Android were just too far ahead by then for anyone else to really be able to catch up.

          1. Roland6 Silver badge

            Re: Where you see conspiracy, I see a lack of demand for it.

            >Ubuntu Phone

            Was this ever offered for sale?

            I remember seeing various incarnations demonstrated by Canonical either in-person or reviews by various tech publications, but I don't remember ever seeing an announcement that the phone was available to buy...

          2. Anonymous Coward
            Anonymous Coward

            Third alternative

            That would imply that 'low price' + 'privacy' was a large enough market segment for someone to make money filling it. Obviously 'low price' will always be a winning market segment, but no one makes any money selling low priced phones (except Google - and that's because of the hidden cost of your privacy) There's a reason why the two companies who sell substantially all the high end smartphones are the only ones to consistently make money selling smartphones.

            Unfortunately not very many people care about privacy. Apple markets on it, but not all that much. If it was important to a lot of people, they'd be doing a modern spin on the Mac vs PC ads but with iPhone vs Android that talked about how Google is selling you out. Not nearly enough people care about that for such an ad to make sense, most people would simply be puzzled by it. So instead we get iPhone ads showing off the camera, despite how little difference further improvement in the camera makes for most people (who like me, could take shitty pictures with a $50,000 DSLR)

  13. nikos

    geotags embedded in pictures are not all doom and gloom. There are programs like DeskRule that allow you to find pictures shot at a particular part of the world, which is handy if you are trying to find that picture in Tanzania you shot back in 2007 :)

  14. frank ly

    re. Poachers

    I wonder if anyone will think about taking pictures of some elephants with large tusks and then falsifying the location data before posting them? Then, the poachers might go to a welcoming reception hosted by heavily armed rangers. It's a thought, I'm not suggesting that this should be done by anyone.

    1. Anonymous Coward
      Anonymous Coward

      Re: re. Poachers

      Besides, the poachers tend to be heavily armed, too. Seeing an ambush coming may convince them into a pitched battle since they have nothing to lose and much to gain by taking out the anti-poachers (fewer to bug them later). Some of these hunters are even equipped to take on helicopters.

      1. Anonymous Coward
        Anonymous Coward

        Re: since they have nothing to lose

        Zombie poachers? Or just bullet proof?

        1. Charles 9

          Re: since they have nothing to lose

          No, just a simple realization they won't be getting out alive unless they win. That's how desperate the rangers are at this point. The poachers have already demonstrated a no-holds-barred attitude to their activities. I wouldn't put it past them to fake a surrender only to slip a suicide bomber amongst the rangers.

  15. roger 8

    what about the photos taken of someone elses wife/ sheep ( depending on nationality ) and posted. location of 3rd parties bedroom/kitchen, garage, show will be geotagged

  16. Anonymous Coward
    Anonymous Coward

    People younger than 40 don't care; in fact people younger than 30 actively welcome the constant and intrusive sharing. Mind you, they'll all have severe depression and mental illness by 50: humans just aren't wired up to be that open with so many other people all the time. See also: old prostitutes (both men and women).

    1. Cynical Observer
      Stop

      Except, that's not the case.

      I'll admit, I was of a similar opinion, that the only people who locked down FB etc where those who had a close relationship with some hoary old IT bod. However, when I went looking for supporting evidence, it turn out to be not the case.

      5 Myths About Teens and Technology Every Parent Should Ignore

      The Truth about Teens and Privacy

      Apparently, not only do today's youth get the concept of privacy, it is in fact a multilayered, multi faceted part of their on-line existence.

      I recall one former work colleagues surprise when he found out that his teen age son had about a dozen FB accounts - all active for very different connections.

  17. Anonymous Coward
    Anonymous Coward

    Data we generate is ours

    Data the individual generates, data that is the individual, is the property of the individual, that is a basic right that cannot be signed away in agreements.

    To have those that rule over us recognize and enforce such rights is the trick. Pretty difficult in an age when "our" governments are busy selling us, our future, our Nations and our economies to local and international Elites.

    1. Charles 9

      Re: Data we generate is ours

      "Data the individual generates, data that is the individual, is the property of the individual, that is a basic right that cannot be signed away in agreements."

      Not so fast. Data that is generated with the assistance of others can belong to the other. That's why stuff made on company time and company property belongs to the company (thus in a dispute between a developer and a publisher, the publisher trumps).

  18. chivo243 Silver badge

    what ever happened

    To not looking over the stall in the personal? Can't private data stay private?

    Too many people aren't up to speed with the new gadget they bought, nor do they care to be...

  19. John Sanders
    Meh

    >>>> We urgently need a reset, rethink, and redesign, grounding this process inside an ethics and

    >>>> methodology of individual privacy, integrity and security.

    Not gonna happen.

    We need a reset and rethink of so many things in modern IT...

    1. Charles 9

      So basically you're saying we need a complete reset of IT altogether, back to the Stone Age, if you will, only it will likely end up more of the same since it's hard to do big things without a benefactor, and once you have a benefactor, he can lay claim to anything you do or make.

  20. fishman

    Posting photos

    I never post original photos to the web - they are always downsized, cropped, and stripped of EXIF data. Why post a multi megabyte image when a downsized one that fits most screens will do? And if there is ever any question of ownership of the image, only I have the high resolution, uncropped versions.

  21. HellDeskJockey

    So what. If you were to location track my phone you would have found out the "TOP SECRET" information that my girlfriend and I went out for dinner last night.

    However you could have easily found out the same information because; I used my credit card, we are known to the waitstaff, her older children greeted us when we returned to her house.

    If I were to be doing something that required it I would take measures including no smart phones. But for my normal life I really don't care.

  22. missingegg

    It's a matter of incentives

    Companies, whether app vendors, cloud service providers, OS makers, or device manufacturers will never put constant ongoing attention into user privacy and security until they have a strong incentive to do so. The situation in the USA is particularly bad, but AFAIK it isn't that much better anywhere else.

    Short of legislation that gives end users clear rights to monetary damages without the need to demonstrate financial harm, companies will continue to sacrifice privacy and security for other goals where they have clear incentives. I promise you, the moment that companies are exposed to risk of damages at a scale that threatens the profitability of their enterprise, we'll see an abrupt change in attitudes.

    The problem, of course, if how to write such legislation that gives clarity to both companies and end-users what privacy and security is expected. Privacy actually seems a little easier to tackle to me, but certainly isn't easy in any absolute sense.

    1. Doctor Syntax Silver badge

      Re: It's a matter of incentives

      "The problem, of course, if how to write such legislation that gives clarity to both companies and end-users what privacy and security is expected."

      It's been written and it's on its way to becoming law in the EU. It's the GDPR.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's a matter of incentives

        And you may start seeing unintended consequences, such as possible "walling" of business within and without the EU as companies consider the price for participation. For many businesses, that level of control may not be worth a billion potential customers when there are many billion more out there.

  23. Anonymous Coward
    Anonymous Coward

    Uhmmm...

    ...doesn't all that apply only if you have the GPS location service of the camera/phone permitted to be ON in the first place?

    Simply disabling that (which surely is an option on most devices?) seems a more acceptable solution than skipping whole apps (which is often difficult because of the "all or nothing" permissions model). Also, good for the battery.

    Or can location via GSM tower position (which can of course never be avoided or blocked) also land in the EXIF data?

    Yours, Dislocated.

  24. rob miller

    poachers and EXIF?

    I live in Tanzania. I have been on lots of safaris. Phone and wifi coverage generally poor, and rare for interesting animals/sightings to be where they were the day before - even so we always check. A better technique to get this info would be to listen to open radio conversations between game vehicle drivers, and requires much less skill and technology.

    1. Anonymous Coward
      Anonymous Coward

      Re: poachers and EXIF?

      Are you sure they're open and not using encrypted channels? Wouldn't be able to tell from the radios themselves since they'd have the keys in them. Can't rely on the signals themselves since they could be used on the roll with nothing in sight. At least with a GPS trail, one can locate tracks and follow them onward instead of roving blind and risk getting picked out by the rangers, especially if they're using helicopters.

  25. sloshnmosh

    Fun folders to view as ROOT in Android..

    /data/system/recent_tasks

    /data/system/recent_images

    (I have read there are similar folders in iPhones.)

    The "recent_tasks" folder contains just that, every single task you do on your device with timestamps.

    The "recent_images" folder contains actual images (internal screenshots) of the tasks as they go to background and can contain sensitive data.

    One of which was of my last contact from a call I had made complete with phone number.

    2 Android phones I tested contained a folder called DROPBOX which contained error logs.

    (Dropbox was not installed on these devices as a user app.)

    Be advised that the "recent_images" folder is not present in ALL devices but was present in 3 of 4 different manufacturers I've seen.

  26. Robert D Bank

    DEFAULTS

    Every manufacturers settings for photos should include a mandatory meta-data tag with the creators choice of encrypted password set on the device creating the image whether meta-data is available to viewers of the image regardless of the viewing technology. So it should be by conscious CHOICE that any meta-data is shareable or not, with 'not' being the default, hardcoded as an industry standard, so it cannot be accessed unless the creator has tagged it as shareable. It must, if necessary be supported by legislation with harsh penalties for non-compliance. This 'choice' tag MUST be carried over by any copy technology so that if the meta-data share flag is missing the default is non-shareable. If the creator is doing the copy then they know the password and can again make the choice on sharing for the copy.

    1. Charles 9

      Re: DEFAULTS

      You forget about the stupid user. They'll want access to the data, quickly, easily, and WITHOUT the use of passwords they easily forget.

      1. Robert D Bank

        Re: DEFAULTS

        bugger, very true. Needs a button or something simple so it can be an instant choice when downloading, Bluetooth sharing or whatever. I give up. Beyond me.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like