While GPS tagged photos are handy for always knowing where you took a photo, location data embedded in photos does have unsettling privacy and security implications. Should you be worried about the risk of people tracking you down via photos you post online?
Dear How-To Geek,
You guys need to help me out. My mom forwarded me this news clip which (I presume) another one of her friends with equally over-protective grandmotherly traits forwarded to her. Essentially it’s a clip from an NBC news segment highlighting how easy it is to extract the location from a photo. My mom is freaking out insisting that I’m putting my kids at risk because I put photos of them on Facebook and some abductor is going to come climb in their window.
Is this news clip just scare mongering to get people to watch the 10 o’clock news or is it something I actually need to be worried about? I’d really like to calm my mom down (and more sure I’m not actually posting my personal data like that all over the web).
Sorta Paranoid Now
Before we delve into the technical side of your issue, we feel compelled to address the social side. Yes, everyone is worried that something bad is going to happen to their kids (or grandkids), but realistically speaking, even if every photo we all posted online had our full home address printed right on the front like a watermark, the probability of anything bad happening to any of us (including our kids) is still nearly zero. The world just isn’t full of hordes of awful people we frequently allow ourselves to believe it is.
Even though the news does a good job making us feel like we live in a terrifying world filled with kid snatchers and stalkers, the actual crime stats paint a different story. Violent crime has been falling in the United States for decades and of the 800,000 or so missing children reported every year in the U.S., the vast majority of them are either teenage runaways or children taken by parents engaged in custody battles; only around 100 of them are your stereotypical stranger-snatches-child scenario.
That means stranger abductions account for only 0.000125% of all the under-18 missing persons cases in the U.S. and, based on Census data indicating approximately 74 million people aged birth-18 in the U.S., it means stranger abductions affect roughly 0.00000135% of the children. Yet no news producer has ever boosted their evening news rating by leading with “Tonight at 10, we’ll talk about how the chance of your child being abducted by a stranger is one hundred-thousandth of a percent higher than them getting struck by lightning!”
Now, while we hope you take the above information to heart, we still understand that it’s good security practice to not put our personal information all over the web and to control who has access to the information we share; social side addressed, let’s look at the technical side of things and how you can control the flow of information.
Photos have EXIF (Exchangeable Image File Format) data. EXIF data is simply a standardized meta data set of non-visual data attached to photos; in analog terms think of it like the blank back of a photograph where you can write down information about the photo like the date, time, what camera you took the photo with, etc.
This data is, 99% of the time, extremely handy stuff. Thanks to the EXIF data, your photo organizer app (like Picasa or Lightroom) can tell you useful information about your photos such as shutter speed, focal length, whether or not the flash fired, etc. This information can be enormously useful if you’re learning photography and want to review what settings you used when taking specific photos.
It’s also the same data that allows for neat tricks like searching Flickr based on which camera took the photo and seeing what the most popular models are (as seen in the chart above). Professional photographers love EXIF data because it makes managing large photo collections significantly easier.
Some cameras and smart phones, but not all, can embed location data inside the EXIF. This is the 1% of the time where some people find the whole embedded EXIF data thing to be problematic. Sure it’s fun if you’re a professional photographer or serious hobbyist and you want to actively geotag your photos to appear on something like Flickr’s world map, but for most people the idea that the exact location (within 30 feet or so) where their photos were taken is linked to the photo is a little unsettling.
Here is where it pays to be aware of the capabilities of the equipment you’re shooting your photos with and to utilize tools to ensure that what your equipment is saying is happening, is actually happening.
The first step is to determine whether or not the camera you’re shooting with even embeds location data. Most stand-alone digital cameras, even expensive DSLRs, do not. GPS-tagging is still a new enough and novel enough technology that the cameras that feature it advertise it heavily. Nikon, for example, didn’t introduce a DSLR with built-in GPS tagging until October of 2013. DSLRs with geotagging remain so rare that most professionals who want it simply buy a small add-on device for their camera to provide it. GPS tagging is slightly more common in point-and-shoot cameras, but still fairly rare. We recommend looking up the specific model camera you own and confirming whether or not it has GPS-tagging and how to disable it, if so.
Smartphones are, however, a completely different story. One of the big selling points for modern smartphones is the built in GPS. That’s how your phone can give you accurate directions, tell you there is a Starbucks around the corner, and otherwise provide location-aware services. As such, it’s very common for photos taken with a smartphone to have embedded GPS-data because the phones all ship with GPS chips right in them. Just because the phone has a GPS chip doesn’t mean you have to allow it to tag your photos.
If you’re sporting an iOS device, it’s easy to not only turn off geotagging, but to limit which application can access location data on an application-by-application basis.
In iOS 7, navigate to Settings -> Privacy -> Location Services. There you’ll find a general Location Services toggle (which we recommend leaving on, as so many features of the iPhone/iPad rely on location), and then below it, as seen in the screenshot above, individual toggles for individual apps. If you toggle “Camera” off, then the camera will no longer have access to the location data and won’t embed it in the EXIF data of the photos.
For Android, there are two ways to approach the issue. You can go into the camera app itself and disable geotagging. The exact route to the setting varies based on the version of Android and the camera you have, but it’s typically (from within the camera app) Settings/Menu -> Location Icon (tap the icon to toggle the location services on or off):
The alternative method is similar to disabling Location Services on iOS. You can go into your phone’s general Settings -> Location Access and turn off “Access to my location”. Unfortunately, unlike iOS, in Android it’s an all or nothing setting. Given how useful GPS data is for other applications (like Google Maps), we’d recommend sticking with toggling the geotagging from within the camera app.
It’s all well and good to adjust the settings in your camera or phone, but how can you be sure that your photos are actually free of GPS/location data? Smart geeks trust but verify. The easiest way to check without having to install any special software, is to simply check the properties of the photo on your computer. We took two photos, one with geotagging turned on and with with geotagging turned off, to demonstrate.
Here is what the geotagged photo looks like when the file properties are examined in Windows:
Here’s a photo taken moments later with the same camera, with geotagging toggled off:
The entire GPS data chunk is missing; the EXIF report jumps right from advanced camera data to basic file information.
Most photo organizers like Windows Live Photo Gallery, Picasa, Lightroom, even lightweight apps like Infranview (with a free plugin) will read EXIF metadata.
If you’ve successfully turned off geotagging for future photos, you still have (assuming geotagging was previously enabled for your camera) all the old ones to deal with. If you plan on uploading or sharing older geotagged photos, it’s wise to strip the information out of them before sharing them.
You may have noticed, in the previous section, that the file property box in Windows has a little “Remove Properties and Personal Information” link at the bottom of the interface. If you’re planning on uploading photos, you can highlight all the photos you intend to upload, right click, select Properties, and then bulk strip the data using that “Remove Properties” link in the detailed file view.
You’ll be prompted with the following window:
Here you can opt to completely strip the files of their EXIF data; this first option will make a copy of the files with all the EXIF data removed. You can also keep the original files and selectively remove the metadata (this option permanently removes the selected data from the files with no backup copy). If you want to take advantage of the EXIF data reading in an application or online service, but you don’t want to share your location, you can select this option and strip out only the GPS data.
Unfortunately there is no built-in easy EXIF data stripper in OSX or Linux. That said, ExifTool is a free cross-platform tool for Windows, OS X, and Linux that can batch process photos and modify/remove their EXIF data.
If all your geotagged photos are on your mobile device and you don’t want to put them all on your computer to work with them, there’s an additional option. PixelGarde is a free application available for both Windows and OS X as well as Android and iOS devices. Using the application it’s easy to strip EXIF data in bulk right from your device.
Ultimately, while the actual risk of harm befalling yourself or your family as a result of EXIF data is pretty small (especially if you’re only posting photos to social networks where you’re communicating with friends and family), it certainly doesn’t hurt to strip the data. It’s easy to turn the feature off in your camera or phone, it’s easy to remove it after the fact, and unless you’re a photographer who needs or wants to geotag photos for precision logging and display, most of us are content to stick with using our memories to recall the the photos were in fact taken in our own backyard.
Have a pressing tech question? Shoot us an email at firstname.lastname@example.org and we’ll do our best to answer it.