Your Online Pics Are Broadcasting Your Location; GeoTags.

geotag

When you post your pics online, you could be sharing more than you know.  Most pics taken via our cell phones contain embedded location info that is easily readable by would-be criminals who can then use that data to track you.

How Do Your Pics Get GeoTagged?

When you take a picture with your smartphone or digital camera, it’s typically saved as a JPEG to your device. That image file gets embedded with Exchangeable Image File Format (EXIF) data, which includes the time, date, and GPS location where your photo was taken. That photo’s GPS location is called a geotag.

The Dangers of GeoTagging

Once a geotagged photo in uploaded online, or attached to an email, the geotag becomes available to anyone with access to your online pics or email messages.

How can this place you in danger from a stalker or other would-be criminal? Envision the below scenarios:

1. You are selling an item online.

You want to sell your TV so you take a picture with your iPhone 6 and upload it to your Craigslist posting.  A potential buyer contacts you and in the email exchange, in an effort to show more of the item, perhaps you even send along additional pics. If your pics were geotagged, the interested buyer can now identify the location from which you took the photo – usually your home.   The “buyer” may ask if you have additional home appliances, electronic devices, etc. to sell.  He could be digitally casing your home – with your active cooperation.

2. You are dating online.

1 out of every 4 marriages now originates from online dating sites such as Match, Our Time, Christian Singles, JDate, etc.   In your initial posts, to err on the side of safety, you hide your full name, contact information, and where you live. But all of these sites request a personal pic.  You take a selfie and post away.  Now, whether you like it or not, you have given a potential stalker your exact location.

Young Blonde Woman Takes Selfie On Vacation

3. You’re traveling.

It’s almost impossible to not upload and post those envy-evoking beautiful vacay pics of the Bahamas.   While you are Instagramming away your gorgeous sunset shots, bear in mind that you have just alerted one of your wacky followers that you are thousands of miles from home.

4.  Your valuables.

It’s natural to want to post pics of your new car, shiny Rolex and other bling.  Why not post a complete itemized list of your valuables since the criminal already have the address from your geo-tagged brag pics? Trolling social media for just such pics is the new work-from-home gig for today’s thieves.

Although Facebook strips geotags from your uploaded photos, it does show a map of photos you tag. (Just look under “Places” on your profile.)  Even the dumbest criminal can figure out that the 35 pics of your bling are probably taken from the same location and, you may even inadvertently let them know where you stash your family jewels.

5. You have a stalker.

If your online profiles are public, any stranger can figure out your routine. We are creatures of habit – a definite advantage for the online stalker who can track when and where you post, whether you are at work, where you live, where you hang out, and when you’re not home.  Imagine a stalker (or sex offender)  tracking your family pics of your kids in your backyard, at school, at a nearby park, etc.

How To Remove Geotags From New Photos

Now that you realize the very real danger of allowing geotags to remain in your pics, here’s how you remove the geotags before you take the photos:

For an iPhone 5 or 6:

  1. From your iPhone’s home screen, tap the “Settings” icon.
  2. Scroll down until you see the “Privacy” tab, and tap “Location Services.”
  3. Look for the “Camera” tab. Open it, and you’ll see ALLOW LOCATION ACCESS. Click “Never.”

For an iPhone 4:

  1. Hit the “Settings” icon from the home screen.
  2. Find the “Privacy” tab, and tap “Location Services.”
  3. After tapping the “Camera” setting, switch the tab from “ON” to “OFF.”

For an Android:

  1. Find the camera app.
  2. Tap the “Settings” icon on in the app.
  3. Find the Location or GPS tag, and turn it off.

How To Remove Geotags From Photos You’ve Already Taken

If you’ve never disabled location services on your phone’s camera, you have photos in your library that are still geotagged.

To remove geotags from stored pics: use these apps:  deGeo or ViewExif for an iPhone or iPad, Exif Eraser for an Android, or Pixelgarde for an Android or Apple device. Pixelgarde allows you to strip geotagged photos in bulk.

 

Do Social Sites Allow GeoTags?

Fortunately, no. Instagram, Facebook, Twitter,  Pinterest, eBay and IMgur automatically remove geotag data from your photos when you upload them.   Of the online dating sites, Match.com, PlentyofFish, and OKCupid also strip your pics’ location data.

However,  Tumblr, Picasa, Photobucket, Dropbox, and Google+ do not remove geotags from uploaded images. Flickr gives you the option to do it.

Craigslist doesn’t provide a definitive answer on its website. Neither does Tinder.

Do Texts And Emails Show Geotags?

Yes. When you attach a photo to an email, that photo’s EXIF data is also included. SMS messages don’t typically retain this data, but iMessages can.

How can access your geotag info?

There are several ways, and some of them are more useful and prettier than others. It all depends on the computer you’re using. Just remember that a determined stalker will take all of the time in the world to break obtain and breakdown the geotag data in his desired target’s pics. But for the rest of us, here are a few ways to get the GPS information from your photos.

On a Mac

If you’re using a Mac, you can access your GPS information by simply right clicking on the photo file you want to view and then picking “get info.”

This will bring up a box showing all of the EXIF data attached to that particular image file.

On a PC

It’s a little different on a PC, but it’s pretty much the same thing. Right click on your image, and then pick “properties.” From there, a similar window should pop up showing all the EXIF data, including the location of the picture you just took.

Bottom line: Pay attention to what you are posting and don’t leave your security – and that of your family-  in the hands of a third party.

BNI Operatives: Situationally aware.

As always, stay safe.

Tactical Trainer, Christian Swann, on NSA-resistant Communication Encryption.

(This week, we bring you an informative article on protecting sensitive client data from our friend and one-woman whirlwind of accomplishments, Christian Swann (featured below): Christian is a writer, mom, edged and blunt tool instructor for law enforcement and the military, and a risk mitigation security and vulnerability assessment specialist.

christianswann

Be vigilant about protecting sensitive  client data with these tools.

 I wrote an article not long ago about protecting our personal and sensitive important information. As some of you are well aware, once your data is out there, it’s out there. From the first click of the “check out now” button, you are being traced, watched and analyzed. From how much you spend, where you shop, to your favorite products to your prime shopping time – you’re being tracked. But that’s just one aspect of this passive monitoring.   Big Brother (e.g. and fact, as we now all know,  the NSA) has the capability and may not only watching but also listening, recording and even transcribing your confidential client conversations.

What about when it’s not only your information that is being tracked, but your clients’ confidential information is at risk of also being recorded? As a risk and security director of a multi-million dollar company, it is one of the toughest questions and concerns I have. I’m in constant contact with high-profile clients and sensitive data.

The good news for lawyers, corporations and medical professionals, concerned about maintaining their duty of confidentiality is that there are tools and safeguards now to help them.

Legal and risk management specialists, such as myself, need to be very aware of the possibility (or now, probability) of  their communications being intercepted by empowered governmental agencies.  Given the ever-changing, nebulous status of agency data collection laws, legal professionals have to deal with the ambiguity of this usage of collected data –  while contending with the secretive nature of intelligence agency operations, as well as the U.S. Foreign Intelligence Surveillance Court that oversees surveillance warrants.

Lawyers –  and anyone for that matter – should assume all of their conversations are subject to covert surveillance an should  take steps to protect confidential information.

I can’t stress enough that all pertinent emails, electronic messages and communications should be encrypted. There is no shortage of available encryption hardware and software, and I highly recommend using an encryption service such as ZixCorp or the open-sourced TrueCrypt: (Warning: this is an open source method and may not be as stable as desired.) Platform-specific devices are also available, such as, Apple’s FileVault.

“One can also purchase self-encrypting hard drives such as the Seagate Secure and already-encrypted flash drives – e.g.,  IronKey from Imation Corp.  and encryption software such as Symantec Whole Disk Encryption and Sophos Ltd.’s Safeguard“, says Lina Maini of Beacon Network Investigations, LLC.

As for passwords, I recommend a more secure method of authentication, such as security tokens or USB tokens.

Perhaps apparently, I’m a big fan of firewalls, and encrypting everything networked – from email to any and all telecomm technology apps.   I’ve also become a huge fan of the company Silent Circle. One of my favorite features of Silent Circle’s service is the ability to program burn settings.  I.e., one I’ve  sent any type of message: email, text, audio, it is then encrypted and will burn itself at the pre-set time. I’ve chosen.

Many people forget that one a voice message, text or email  has bent sent, that data  has to go through a provider, e.g.,  Apple, and is then is transferred back to the end-user, therefore leaving data footprints that can be copied.

For professionals that mainly communicate via phone, relief from eavesdropping is on its way. This month: Spanish smartphone company GeeksPhone and software company Silent Circle launch Blackphone, an encrypted smartphone that protects phone calls, text messages, emails and Internet browsing. Using VPN technology, Blackphone promises to be an NSA-resistant phone.I’m looking forward to ours arriving soon.