Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Johannes Ullrich, chief research officer for the SANS Institute, an organization that operates an Internet security service called the Internet Storm Center, confirms that location information is commonly posted with photos online. Aside from the sort of stalking that Jackson and Pesce describe, he says, the practice can also increase risk of theft. Sites that allow users to post items for sale often include photographs, which thieves could use to locate the items.

At a security conference last year, Gerald Friedland and Robin Sommer, researchers at the International Computer Science Institute in Berkeley, California, released a study on “cybercasing“—using online geotagged information to mount real-world attacks. “We found that people really did put the geotags in unintentionally,” says Friedland. For example, he says, they found cases where people had clearly made an effort to keep an account anonymous, only to give away key location information. The problem is especially troubling because today’s Web services offer powerful application programming interfaces that could enable an interested party to rapidly correlate information from multiple services.

Friedland notes that geotags are not all bad—the information can be useful for personalization and other services. However, he says, “there is a responsibility in terms of making it clear what information is being released. People should have a choice.”

“Services should [remove] this information,” Ullrich says. He adds that this is not technically difficult and stands to benefit the sites themselves: stripping photographs of their metadata prevents attackers from using this information to launch exploits on a site’s server. Some sites, such as Facebook, already do it.

Regardless of what sites decide to do, users need to pay attention to their devices’ capabilities, says Alex Levinson, chief technology officer and lead engineer for Katana Forensics, a company that makes an application that can analyze the data stored on iPhones, iPads, and other devices running Apple’s mobile operating system. Levinson has studied the location information stored on these devices and is currently researching how they share that information when users post on a public site. “If you buy a piece of technology, read about it,” he says. “It comes with a manual, and you can understand what the device is doing about location information and how it’s being used. If you don’t like what you find out, return the device.” 

7 comments. Share your thoughts »

Credit: I Can Stalk U

Tagged: Communications, privacy, social networks, location services, metadata, source boston

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me