Exif data is an hidden metadata (data about data) that is automatically added to photos taken by digital cameras and mobile phones. Exif data can pose a serious privacy and security dangers, as illustrated by many stories published in the media, some of them are described in this page.
Exif data often includes generally harmless information such as exposure time, focal length, and flash usage, but also often includes the following potentially privacy and security compromising information:
- Geotag - coordinates of the exact location where the photo was taken. Can allow strangers to learn where you live and hangout, and to identify you. Can be added by a GPS-enabled camera or mobile phone.
- Thumbnail - a small version of the photo, created by cameras for fast viewing of the photo on the camera's screen. Some image manipulation programs do not update this thumbnail. This can cause parts of the photo which were censored to still be visible in the thumbnail.
- Camera and lens unique serial numbers - can allow people to trace two photos to the same photographer, and can help identify the photographer.
- Exact date and time - can allow people to know where you've been at a particular time.
Table of Contents
- Exif data notable privacy and security incidents
- Photo metadata beyond Exif data
- How to avoid Exif data dangers
Exif data notable privacy and security incidents
Cat Schwartz accidentally exposed her breastsIn 2003, American television personality Cat Schwartz posted two cropped photos of herself on her personal blog. The original uncropped photos were still visible in the thumbnails in the Exif data, showing her bared breasts. (Source)
Geotag reveled that John McAfee is hiding in GuatemalaIn December 2012, Vice Magazine published a photo of John McAfee, the founder of McAfee, an anti-virus software company. Geotag inside the Exif data of the photo inadvertently reveled that McAfee is in Guatemala, where he was escaping from Belize authorities, who wanted him for questioning on his neighbor murder case. (Source)
Geotag reveled the home address of Adam SavageIn 2010, host of the popular science TV program “MythBusters”, Adam Savage, posted a photo on Twitter of his auto parked in front of his house. Since the photo contained geotag inside its Exif data, strangers could learn exactly where he lives. (Source)
Geotag led to the destruction of American Apache helicoptersIn 2007, a new fleet of Apache helicopters arrived at an American base in Iraq. Some soldiers took photos of the flightline and uploaded them to the Internet. The enemy found geotags inside the Exif data of the photos, and conducted a mortar attack that destroyed four helicopters. (Source)
Geotag led to the arrest of a hackerIn 2012, there was a series of attack on American government websites by the Anonymous group. The hackers published photos of a women in bikini holding written taunts, not showing her face. The hackers were unaware that the photos contained geotags in their Exif data. The geotags led investigators to that women's house in Australia. Further investigation reveled that the women is a girlfriend of one of the hackers, Higinio O. Ochoa III from Texas. He was arrested, charged, and convicted. (Source)
Photo metadata beyond Exif dataOther than Exif data, photos may contain other types of hidden metadata. Most common are the following:
- IPTC data
- JPEG comment