By Adrian | November 22, 2019
I want to talk today about EXIF data and just how much of a double sword it can be depending on your use case. With todays modern technology it seems that every picture you take wants to have its geolocation information added to it if its connected to a GPS somehow, and if your camera just happens to be a mobile phone then this might just be happening. Take the following picture I took as an example:
Here is the EXIF data you can pull from it. It shows you a lot of information, from the device make and model that took that picture, the format of the picture, what settings the device was using, if a flash was used, the exact date and time the picture was taken, the filename and size of the picture and the point im trying to get across….. the exact LOCATION the picture was taken. Its all given up and extracted trivially.
ExifTool Version Number : 11.71 File Name : P_20181206_132135_vHDR_On.jpg Directory : File Size : 3095817 File Modification Date/Time : 2018:12:06 13:21:36+11:00 File Access Date/Time : 2019:11:02 10:42:40+11:00 File Creation Date/Time : 2019:11:02 10:42:40+11:00 File Permissions : 666 File Type : JPEG File Type Extension : JPG MIME Type : image/jpeg Exif Byte Order : MM Image Width : 3928 Image Height : 2208 Compression : 6 Resolution Unit : 2 Make : asus Camera Model Name : ASUS_Z01HDA Software : WW_188.8.131.52_20181102 Modify Date : 2018:12:06 13:21:35 Orientation : 1 Y Cb Cr Positioning : 1 Warning : [minor] Unrecognized MakerNotes ISO : 57 Exposure Program : 0 F Number : 1.7 Exposure Time : 0.0003448275862 Sensing Method : 2 Sub Sec Time Digitized : 316484 Sub Sec Time Original : 316484 Sub Sec Time : 316484 Focal Length : 3.95 Flash : 9 Light Source : 0 Metering Mode : 2 Scene Capture Type : 0 Interoperability Index : R98 Interoperability Version : 0100 Create Date : 2018:12:06 13:21:35 Exposure Compensation : 0 Exif Image Height : 2208 Date/Time Original : 2018:12:06 13:21:35 White Balance : 0 Brightness Value : 0 Exif Image Width : 3928 Exposure Mode : 0 Aperture Value : 1.70000000428569 Components Configuration : 1 2 3 0 Color Space : 1 Scene Type : 1 Exif Version : 0220 Flashpix Version : 0100 GPS Latitude Ref : S GPS Latitude : 36.4860193888889 GPS Longitude Ref : E GPS Longitude : 148.269435166667 GPS Altitude Ref : 0 GPS Altitude : 2086 GPS Processing Method : ASCII GPS Date Stamp : 2018:12:06 X Resolution : 72 Y Resolution : 72 Thumbnail Offset : 13111 Thumbnail Length : 11231 Image Width : 3928 Image Height : 2208 Encoding Process : 0 Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : 2 2 Aperture : 1.7 Image Size : 3928 2208 Megapixels : 8.673024 Shutter Speed : 0.0003448275862 Create Date : 2018:12:06 13:21:35.316484 Date/Time Original : 2018:12:06 13:21:35.316484 Modify Date : 2018:12:06 13:21:35.316484 Thumbnail Image : (Binary data 11231 bytes, use -b option to extract) GPS Altitude : 2086 GPS Latitude : -36.4860193888889 GPS Longitude : 148.269435166667 Focal Length : 3.95 GPS Position : -36.4860193888889 148.269435166667 Light Value : 13.8438728532671
Now this picture, I don’t mind sharing where it was taken, as it was literally in the middle of nowhere in the Kosciuszko National Park in NSW back in 2018. But I should be more concerned if that picture was of my family, in my own backyard or say a picture taken inside my house.
In the wrong hands, picture metadata can be used against you. Say for instance a debt collector or jaded lover might be chasing you. You could be freely giving them your movements.
The good news is that large social media sites (Facebook, Instagram and Twitter) remove this metadata from images you post on their platforms (but you can still tag your actual post with a location). However, you are still giving these providers this data when you upload, and in this data driven world they will be finding some way of analysing, collating and monetising it. But what about some random online image hosting service you might be using? can you trust them to do the same? what about your own personal site you run?
You can download
exiftool.exe from https://www.sno.phy.queensu.ca/~phil/exiftool/ and using it to check your files is easy. This tool has so many command line switches that it can be overwhelming at first.
The quick and easy way to check with
exiftool is to just drag and drop the image file onto the executable in Windows
There are also a wealth of online sites where you can upload a photo to do the same. One such site is https://www.pic2map.com/. It will even plot where the picture was taken on a map. So once again, only use this sort of a service with the trust it deserves.