Privacy Precautions in Web Development - Part 2

In my last blog post, I introduced you to the nature of privacy issues in Web Development and touched on the subject of WHOIS data and anonymous domain registration. I will be following a similar theme in this post, but from a whole different angle: Images.

Digital images have caused almost as many problems as they have solved, not the least of which are privacy and security related. Images get distributed so frequently and rapidly that they have become a dangerously fast way to spread both good and bad information for an infinite number of purposes. Like most vectors for attack, images can present security risks in a number of ways and occur in anything from photos that were meant to remain private to stolen blueprints.

Today, I am going to be exploring another potentially dangerous feature that's included in modern digital images known as EXIF. Almost every electronic device that handles images today uses EXIF to store miscellaneous information about them including chronological data such as date and time, the camera used and it's settings, thumbnails, descriptions, copyrights, and finally, geolocation data. This is the big one because when combined with chronological information geolocation data can directly pinpoint an individuals location.

This may seem unrelated to web development, but it's closer to the subject then it appears on the surface. When you upload images to a website such as Facebook it puts them through a specific "cleaning" process. This includes cropping, resizing and removing or removing data such as Geolocation tags, for your privacy. An increasing number of image hosting sites are doing the same kind of thing. But what about your website, if you host images directly on your website, are you cleaning them first? Do you allow users to upload images publicly without prior approval? These are questions web developers must ask themselves if privacy and security are attributes they want for their website.

As with the WHOIS data in the last post, there is numerous vectors for attack that arise from EXIF geotagging being used without the knowledge of the end-user, the most obvious scenario being that an attacker could locate the publisher via geotags. But how can this form of tracking be prevented?

The safest way is to stop the problem at it's root, your phone. If you have geotags attached to your images, they almost definitely came from a smartphone. Most smartphone's have this ability set to default so you can very easily be tagging your images and remain completely oblivious. All good smartphone's should also have an option to disable geotagging, however, it may be referred to slightly more cryptically. One example of a euphemised name for geotagging is "Location Services" on the iPhone.

If you would rather deal with Exif data on your computer, there's a number of options you could take. If you use Photoshop a lot for images, there's a free script available called ExifStrip for Photoshop, written by John Price, which removes EXIF data from images and is compatible with both Mac and Windows. Another free alternative is Exif Eraser, a small tool that batch-removes the EXIF data from all the images in a particular directory, unfortunately it's only compatible with windows. As for Linux, there's a good tutorial about removing EXIF data in Ubuntu here.

If you choose to make use of geotags, your best bet would be to ensure that the images are only released in a controlled environment and distributed to trusted friends, family or colleagues. You never know when a geotagged image might come back to bite you, so use this feature wisely, if at all.