Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

People were up in arms this week about the privacy implications of news that the iPhone gathers location information and stores it in a file on the user’s computer. But experts say that smart-phone owners are unknowingly taking a much bigger risk with information about where they go all day. During a presentation at the computer security conference Source Boston, Ben Jackson of Mayhemic Labs and Larry Pesce, a senior security consultant with NWN, described the way photos taken by many phones are routinely encoded with latitude and longitude tags. When users post those photos online through services such as TwitPic, they often expose much more personal data than they realize.

“It is definitely true that folks don’t [understand] the risk,” says Jackson.

For example, by looking at the location metadata stored with pictures posted through one man’s anonymous Twitter account, the researchers were able to pinpoint his likely home address. From there, by cross-referencing this location with city records, they found his name. Using that information, the researchers went on to find his place of work, his wife’s name, and information about his children.

A few smart phones, such as the BlackBerry, leave the geotagging feature turned off by default. In many devices, however, photos are tagged with this information unless users to go in and disable the feature themselves.

To make people aware of the dangers of this data, Jackson and Pesce launched a site called I Can Stalk U, which searches Twitter for posts that reveal location information and creates a map pinpointing the places where pictures were taken. “We wanted to inform people of what they’re really posting,” Jackson says.

The researchers have struggled to find an effective way to spread this message. Twitter has twice shut them down (though they were able to get themselves reinstated), and many users react with alarm when they see what I Can Stalk U is doing. Jackson and Pesce say they hope they’re educating people, and the site includes information about turning off location features, as well as links to organizations that work to protect user privacy, such as the Electronic Frontier Foundation.

So many pictures with location data get posted every day that when the researchers tried to analyze every picture posted to TwitPic, they couldn’t keep up. Now their site downloads an average of 15 gigabytes of photos per day, scans more than 35,000 tweets, and analyzes more than 20,000 pictures.

7 comments. Share your thoughts »

Credit: I Can Stalk U

Tagged: Communications, privacy, social networks, location services, source boston, metadata

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me