How much EXIF information is tracked by photo sharing sites?

| If I snap a picture of a pink flower in the open-air foyer at the
| AIDS clinic while I'm supposed to be at work, and the EXIF
| information shows almost exactly when & where I was, that's (by it's
| very revealing nature) certainly intensely personal information
| (it's meta-information but intensely revealing nonetheless).
|
| And in this supposed "intensly personal information", where can I read:
|
| 1. It was taken by you
| 2. You are a patient of said clinic
|

It's not that simple. Remember a couple of years ago
there was data stolen from, I think, AOL, about
"anonymizied" members? And a journalist showed how
easy it was to de-anonymize them. The point being
that there is no such thing as anonymous with such
data. Making sense of large amounts of data is what
computers do well. Companies collecting that data know
that. Google doesn't spy on every little thing you do
because they're specifically trying to draw certain
connections. Rather, they make it their business to
collect anything they can, and they also come up
with ways to find connections in that data, with the
general intention of knowing as much as possible about
everyone. Of course they say it's "only" for the purpose
of targetted advertising, but that's beside the point.
They're spying on browsing and reading peoples' email.
Facebook is logging all the bits of data their members
post. A vast amount of spying is being done by irresponsible
corporate entities who only have short-sighted profit
motives in mind. And that data is being stored. And
connections can be made that we can't even imagine.
(I know that because I'm constantly surprised by news
of connections that have been made.) So why not put
a bit of effort into minimizing one's exposure? It really
doesn't take a lot of effort.

On 11/15/14 PDT, 6:37 PM, Lewis wrote:
Okay, so one time? In band camp? John McWilliams was all, like:

Don't be such a petulant little prick.

YOU are the dumbass who crossposted a message for the sole purpose of telling
people in groups you don't read that you'd removed the group you do read,
causing my killfile to no kill the post. So, stop being a bitch. Stop posting
to groups you don't read. Stop ****ting on USENET. If there's a
post/thread/user you don't want to read, killfile it.

You'll get no further replies from me, so feel free to have the last word into
the vast vacuum that is your head.

If there is nothing further from you, then your petulance will be
vomited on others.

In article , Mayayana wrote:

| If I snap a picture of a pink flower in the open-air foyer at the
| AIDS clinic while I'm supposed to be at work, and the EXIF
| information shows almost exactly when & where I was, that's (by it's
| very revealing nature) certainly intensely personal information
| (it's meta-information but intensely revealing nonetheless).
|
| And in this supposed "intensly personal information", where can I read:
|
| 1. It was taken by you
| 2. You are a patient of said clinic

It's not that simple. Remember a couple of years ago
there was data stolen from, I think, AOL, about
"anonymizied" members? And a journalist showed how
easy it was to de-anonymize them. The point being
that there is no such thing as anonymous with such
data.

Neat, what dioes this have to do with EXIF?

Making sense of large amounts of data is what
computers do well.

Cool, what data is there in EXIF to "make sense" of? Please be specific.

Companies collecting that data know that. Google doesn't spy on every
little thing you do because they're specifically trying to draw certain
connections. Rather, they make it their business to collect anything they
can, and they also come up with ways to find connections in that data,
with the general intention of knowing as much as possible about everyone.
Of course they say it's "only" for the purpose of targetted advertising,
but that's beside the point. They're spying on browsing and reading
peoples' email.

Swell, what does this have to do with EXIF?

Facebook is logging all the bits of data their members post.

All the bits, huh? Yeah, it's fortunate that they're not loggin only every
other bit I suppose.

A vast amount of spying is being done by irresponsible corporate entities
who only have short-sighted profit motives in mind.

That's a lot of claims about what is being done, but they're just empty
claims, you can't just say they do X, you have to show them doing X.

And that data is being stored. And connections can be made that we can't
even imagine. (I know that because I'm constantly surprised by news of
connections that have been made.) So why not put a bit of effort into
minimizing one's exposure? It really doesn't take a lot of effort.

Again, what does this have to do with EXIF? Please be specific.

--
Sandman[.net]

| It's not that simple. Remember a couple of years ago
| there was data stolen from, I think, AOL, about
| "anonymizied" members? And a journalist showed how
| easy it was to de-anonymize them. The point being
| that there is no such thing as anonymous with such
| data.
|
| Neat, what dioes this have to do with EXIF?
|

The point being that small bits of seemingly insignificant
data can be assembled to find new information. The AOL
story is he

http://en.wikipedia.org/wiki/AOL_search_data_scandal

The people at AOL thought their data was "anonymized",
just as you think EXIF data can't reveal anything notable,
yet reporters showed that individuals could be indentified.

http://www.nytimes.com/2006/08/09/te...pagewanted=all


| Making sense of large amounts of data is what
| computers do well.
|
| Cool, what data is there in EXIF to "make sense" of? Please be specific.

Location, date, faces... anything stored. Here's a story
about a site that can locate stolen cameras by searching
for EXIF data in images online that contain unique serial
numbers:

http://petapixel.com/2011/04/27/stol...erial-numbers/

Did you know some cameras store unique IDs in EXIF
data? I didn't. That could make you very trackable.


| A vast amount of spying is being done by irresponsible corporate
entities
| who only have short-sighted profit motives in mind.
|
| That's a lot of claims about what is being done, but they're just empty
| claims, you can't just say they do X, you have to show them doing X.

If you don't want to know it's happening that's up
to you. For anyone who looks at the issue neutrally
it's obvious. Google reads gmail. There's a current
case in California suing them for reading email of people
who email to gmailers. The argument is that those people
never agreed to Google's spying. Google tried to have
the case dismissed based on their position that "anyone
who communicates to gmail customers has no reasonable
expectation of privacy".

Maybe you think gmail spying is harmless. For you,
currently, it might be. What about for artists, gays and
Jews in 1939 Germany? The thing is that spying is growing
out of control, with very little effort to question it. It
amazes me that Google is allowed to rifle through peoples'
correspondence and that so few people care. It would
be different if they were breaking into your home desk, but
rifling through your email is "frictionless". It just doesn't
seem problematic to many people.

You want more specific examples:

There is, of course, the NSA
issue, which is widely documented and even has a Frontline
episode dedicated to how AT&T split their Asian - American
cable in two so that the Feds could have a copy of
*everything*.

Recently, AT&T and Verizon have both been caught attaching
tracking IDs to cellphone requests delivered to websites.

Drugstore chains have been widely accused of selling pharmacy
customer data.

In the US, companies are installing traffic cameras at
intersections to track people by license plate #. A man
was recently caught after kidnapping a woman because
1) a traffic camera had recorded his plate and 2) the
dealer where he bought the car had installed a tracking
device and were therefore able to tell police exactly
where the man was.

Akamai, which carries a large percentage of Web data,
started selling tracking data on individuals in 2008.
http://blogs.wsj.com/digits/2010/11/...ee-technology/

Apple can spy via iPhones:

http://in.reuters.com/article/2014/0...0FV01Q20140726

All sorts of spying is enabled by using GPS:

http://www.businessinsider.com.au/go...rogram-2013-11

In the 2012 election, Microsoft and Yahoo were selling
data to politicians to allow individually targetted ads:

http://nakedsecurity.sophos.com/2012...ing-out-of-it/

In 2012 there was a story about how Target, using data
collected, began sending out coupons for baby items to
women they figured out were pregnant, based on their
purchase history. The story hit the news because a father
of a teenage girl got very upset with Target for sending
her coupons -- before he found out that she was, indeed,
pregnant:

http://www.forbes.com/sites/kashmirh...er-father-did/

Online, the average person is being tracked by numerous
entities. google/Doubleclick, Akamai, Statcounter, Facebook,
Webtrends.... there are numerous companies with ubiquitous
presence that can know most of your online activity unless
you make specific efforts to prevent it.

Then there's all the data putting us at financial risk
unnecessarily. Target, Home Depot... Companies do
credit transactions and then store all the data. They
have no reason to store credit card numbers or personal
details, but an unquestioned attitude has gradually
developed that says one can never have too much data.
It has monetary value. So they store everything. Then
they get hacked and your credit data gets sold online.

I recently had to deal with a company called ClearXChange,
which is a front organization for a group of banks, in order
to receive a bank deposit from Europe. After the transaction
was done I called them up to delete my account. The clerk
was using "delete" and "deactivate" interchageably. So I asked
about it. As I'd feared, I could not delete my personal
information and bank account number from their records. It's
in there permanently. so I had to close my bank account and
open a new one.

That's the kind of thing I'm talking about. It's vast. It's
shortsighted. It's completely unnecessary collection and
unnecessary risk, for the most part. But it's done for the
purposes of convenience and greed... and because
beancounters just can't bear to part with data.


| And that data is being stored. And connections can be made that we can't
| even imagine. (I know that because I'm constantly surprised by news of
| connections that have been made.) So why not put a bit of effort into
| minimizing one's exposure? It really doesn't take a lot of effort.
|
| Again, what does this have to do with EXIF? Please be specific.
|

If you don't get it after reading the above then I
can only conclude that you don't want to know. Many
people don't. That's what makes the whole thing work
so well: Most people are too lazy to deal with it.
Companies like Google know that. So they're careful
to keep quiet about it. That allows people who are too
lazy to deal with it to rationalize that the concerns may
all be just fuzzy thinking or "tinfoil hats". Rationalization
is a powerful device. We'll even rationalize away our own
interests in order to save face with ourselves. Deliciously
perverse, don't you think?

In article , Mayayana
wrote:

| Making sense of large amounts of data is what
| computers do well.
|
| Cool, what data is there in EXIF to "make sense" of? Please be specific.

Location, date, faces... anything stored. Here's a story
about a site that can locate stolen cameras by searching
for EXIF data in images online that contain unique serial
numbers:

http://petapixel.com/2011/04/27/stol...s-the-web-for-
serial-numbers/

Did you know some cameras store unique IDs in EXIF
data? I didn't. That could make you very trackable.

not really, and seeing if a stolen camera is being used is a good thing.

there have been stolen number registries for years.

you must be against putting license plates on cars because people can
be tracked, especially if there's a collision.

you must also be against being able to look up a vin to see if a car is
stolen as well as carfax which will give a detailed report on a
vehicle.

| A vast amount of spying is being done by irresponsible corporate
entities
| who only have short-sighted profit motives in mind.
|
| That's a lot of claims about what is being done, but they're just empty
| claims, you can't just say they do X, you have to show them doing X.

If you don't want to know it's happening that's up
to you. For anyone who looks at the issue neutrally
it's obvious. Google reads gmail.

no they don't. they automatically scan for spam and malware, as any isp
does.

there are *not* a bunch of people in a room reading people's email.

There's a current
case in California suing them for reading email of people
who email to gmailers. The argument is that those people
never agreed to Google's spying. Google tried to have
the case dismissed based on their position that "anyone
who communicates to gmail customers has no reasonable
expectation of privacy".

bull****. you're leaving out important facts, as usual.

Maybe you think gmail spying is harmless. For you,
currently, it might be. What about for artists, gays and
Jews in 1939 Germany? The thing is that spying is growing
out of control, with very little effort to question it. It
amazes me that Google is allowed to rifle through peoples'
correspondence and that so few people care. It would
be different if they were breaking into your home desk, but
rifling through your email is "frictionless". It just doesn't
seem problematic to many people.

google doesn't read people's email. period.

email is scanned for spam or malware by computers, which all email
providers do. nobody is reading it.

You want more specific examples:

There is, of course, the NSA
issue, which is widely documented and even has a Frontline
episode dedicated to how AT&T split their Asian - American
cable in two so that the Feds could have a copy of
*everything*.

the nsa doesn't need anyone to split the cable.

Recently, AT&T and Verizon have both been caught attaching
tracking IDs to cellphone requests delivered to websites.

they don't do that anymore.

Drugstore chains have been widely accused of selling pharmacy
customer data.

if they do, it's anonymized.

disclosing people's pharmacy data is a hipaa violation. they'd be in a
*lot* of trouble if they did that.

In the US, companies are installing traffic cameras at
intersections to track people by license plate #. A man
was recently caught after kidnapping a woman because
1) a traffic camera had recorded his plate and 2) the
dealer where he bought the car had installed a tracking
device and were therefore able to tell police exactly
where the man was.

then move to new hampshire, where alpr (automatic license plate
recognition) is banned and kidnappers can elude being caught.

Akamai, which carries a large percentage of Web data,
started selling tracking data on individuals in 2008.

http://blogs.wsj.com/digits/2010/11/...amais-pixel-fr
ee-technology/

they're doing what already had been done.

Apple can spy via iPhones:

no they can't.

in fact, apple has said they *can't* get at user data even if the
police ask for it, something that has ****ed off the fbi and law
enforcement.

http://in.reuters.com/article/2014/0...dINKBN0FV01Q20
140726

that's about extracting data from a phone where someone has physical
access to the phone or the trusted computer with which it is paired. it
is *not* routine spying.

it also pre-dates ios 8, which eliminates the methods discussed.

All sorts of spying is enabled by using GPS:

http://www.businessinsider.com.au/go...-program-2013-
11

wrong again.

that's via an app the *user* chooses to install and launch *and*
consent for the app to access location data.

if the user does not install it or if they don't use the app or if they
decline to allow it access to location data, then there is no tracking.

in other words, it's *entirely* consensual.

In the 2012 election, Microsoft and Yahoo were selling
data to politicians to allow individually targetted ads:

http://nakedsecurity.sophos.com/2012...re-selling-us-
to-politicians-facebook-and-google-are-keeping-out-of-it/

you do realize that for an ad to appear, someone paid for the space,
right? it's also targeted by zip code or region, not individually.

even the most paranoid tin-foil hat wearers must realize that.

In 2012 there was a story about how Target, using data
collected, began sending out coupons for baby items to
women they figured out were pregnant, based on their
purchase history. The story hit the news because a father
of a teenage girl got very upset with Target for sending
her coupons -- before he found out that she was, indeed,
pregnant:

http://www.forbes.com/sites/kashmirh...gured-out-a-te
en-girl-was-pregnant-before-her-father-did/

that is no longer possible with apple pay.

with apple pay, the store does not get the person's name *or* their
credit card number. it's anonymous and there's nothing to track.

you should be glad apple came out with apple pay.

Online, the average person is being tracked by numerous
entities. google/Doubleclick, Akamai, Statcounter, Facebook,
Webtrends.... there are numerous companies with ubiquitous
presence that can know most of your online activity unless
you make specific efforts to prevent it.

either take those efforts or put on more tin foil.

Then there's all the data putting us at financial risk
unnecessarily. Target, Home Depot... Companies do
credit transactions and then store all the data. They
have no reason to store credit card numbers or personal
details, but an unquestioned attitude has gradually
developed that says one can never have too much data.
It has monetary value. So they store everything. Then
they get hacked and your credit data gets sold online.

that is no longer possible with apple pay.

again, with apple pay, the store does not get personal data, including
names and card numbers.

if the store gets hacked, the bad guys get a bunch of tokens that are
meaningless. there's nothing they can do with that information.

in other words, you are in full support of what apple is doing, so when
will you be buying an iphone?

I recently had to deal with a company called ClearXChange,
which is a front organization for a group of banks, in order
to receive a bank deposit from Europe. After the transaction
was done I called them up to delete my account. The clerk
was using "delete" and "deactivate" interchageably. So I asked
about it. As I'd feared, I could not delete my personal
information and bank account number from their records. It's
in there permanently. so I had to close my bank account and
open a new one.

all companies keep full records and will not delete anything.

That's the kind of thing I'm talking about. It's vast. It's
shortsighted. It's completely unnecessary collection and
unnecessary risk, for the most part. But it's done for the
purposes of convenience and greed... and because
beancounters just can't bear to part with data.

it's nowhere near as nefarious as you portray it to be. most of it is
aggregated and anonymized.

| And that data is being stored. And connections can be made that we can't
| even imagine. (I know that because I'm constantly surprised by news of
| connections that have been made.) So why not put a bit of effort into
| minimizing one's exposure? It really doesn't take a lot of effort.
|
| Again, what does this have to do with EXIF? Please be specific.

If you don't get it after reading the above then I
can only conclude that you don't want to know. Many
people don't. That's what makes the whole thing work
so well: Most people are too lazy to deal with it.
Companies like Google know that. So they're careful
to keep quiet about it. That allows people who are too
lazy to deal with it to rationalize that the concerns may
all be just fuzzy thinking or "tinfoil hats". Rationalization
is a powerful device. We'll even rationalize away our own
interests in order to save face with ourselves. Deliciously
perverse, don't you think?

in other words, it has nothing to do with exif.

On 2014-11-16 22:46:50 +0000, nospam said:

In article , Mayayana
wrote:

Recently, AT&T and Verizon have both been caught attaching
tracking IDs to cellphone requests delivered to websites.

they don't do that anymore.

Well AT&T doesn't, but Verizon has yet to follow suit.
http://www.sfgate.com/business/technology/article/AT-T-stops-adding-Web-tracking-codes-on-cellphones-5893290.php
or
http://tinyurl.com/n49d2of

However,

none of that has anything to do with EXIF.

--
Regards,

Savageduck

| However,
| none of that has anything to do with EXIF.
|

No, but Sandman was questioning how EXIF
data might ever possibly be a privacy issue.
The cellphone IDs are one of several examples
of how 1) small, seemingly insignificant bits of
data can be compiled to provide information
and 2) it's difficult to even imagine all the
possibilities of privacy issues when it comes to
computerized data.

That's really what the whole issue is about.
It's not so much what the data is but rather
the fact that it's online and can be indexed
and put into a database, which can then be
analyzed in innumerable ways.

In article , Mayayana wrote:

| It's not that simple. Remember a couple of years ago there was data
| stolen from, I think, AOL, about "anonymizied" members? And a
| journalist showed how easy it was to de-anonymize them. The point
| being that there is no such thing as anonymous with such data.
|
| Neat, what dioes this have to do with EXIF?

The point being that small bits of seemingly insignificant data can be
assembled to find new information. The AOL story is he

http://en.wikipedia.org/wiki/AOL_search_data_scandal

I am aware of this already - you have to explain how a similar case could
be built around EXIF data for this to be relevant.

| Making sense of large amounts of data is what
| computers do well.
|
| Cool, what data is there in EXIF to "make sense" of? Please be specific.

Location, date, faces... anything stored.

"Faces" aren't in EXIF, whatever you mean by that. Also, location and date
is not personal information.

Here's a story about a site that can locate stolen cameras by searching
for EXIF data in images online that contain unique serial numbers:

Indeed - what they can't find is any personal information of the current or
former owner, however, so not relevant to the current discussion.

Did you know some cameras store unique IDs in EXIF
data? I didn't. That could make you very trackable.

Again: *how*? So you have a camera serial number in EXIF - how does that
give YOU any information about ME? Again, please be very specific.

| That's a lot of claims about what is being done, but they're just empty
| claims, you can't just say they do X, you have to show them doing X.

If you don't want to know it's happening that's up to you.

I do want to know what is happening, the problem is that you're not
providing any information that it is happening, only empty unsubstantiated
claims that it is happening.

For anyone who looks at the issue neutrally it's obvious.

I look at these issues a lot, seeing how internet security is part of my
work. There is a lot of handwaving going on and very little hard facts.
Much like your posts.

Google reads gmail. There's a current case in California suing them for
reading email of people who email to gmailers. The argument is that those
people never agreed to Google's spying. Google tried to have the case
dismissed based on their position that "anyone who communicates to gmail
customers has no reasonable expectation of privacy".

I know all this - and it still have nothing to do with either EXIF nor your
earlier claim about what was happening:

"A vast amount of spying is being done by irresponsible corporate
entities who only have short-sighted profit motives in mind."

Claims that need to be supported:

1. "A vast amount"
- list of companies that amount to "vast"

2. "Spying"
- Support for the notion that every company in the above vast list keeps
watch on someone secretly.

3. "Short-sighted profit motives in mind"
- Support for every company on that vast list that is keeping secret
watch on someone is doing so for short-sighted profit motives.

Maybe you think gmail spying is harmless. For you, currently, it might
be. What about for artists, gays and Jews in 1939 Germany?

I didn't know Gmail was used by artists, gays and Jews in 1939. Also, the
court case in California concerns automatic scanning of all emails, not
directed "spying" on particular recipients. The case is that Google scans
your email and uses keyword matching to provide ads. Only a complete
nutcase would cry "spying!" at that.

The thing is that spying is growing out of control, with very little
effort to question it. It amazes me that Google is allowed to rifle
through peoples' correspondence and that so few people care.

It doesn't amaze me at all that Google is having an automated scanning
process that doesn't "rifle through" anything, but analyzes the emails for
spam filtering and possibly even for advertising. It's what Google makes
their money doing. Only a complete moron would be astonished by this.

Also, this has nothing to do with EXIF. You seem to be employing the "argue
with quantity instead of quality" approach here.

You want more specific examples:

I'm actually still waiting for even one example, but what you need to
provide is a "vast amount"

There is, of course, the NSA issue, which is widely documented and even
has a Frontline episode dedicated to how AT&T split their Asian -
American cable in two so that the Feds could have a copy of *everything*.

Still not example of the three points above.

Recently, AT&T and Verizon have both been caught attaching
tracking IDs to cellphone requests delivered to websites.

Also not an example of the three points above

Drugstore chains have been widely accused of selling pharmacy
customer data.

"Widely accused" is not an example of the three points above.

etc etc... same for all your "examples"

snip lots of claims that have nothing to do with the claim or with EXIF

| And that data is being stored. And connections can be made that we can't
| even imagine. (I know that because I'm constantly surprised by news of
| connections that have been made.) So why not put a bit of effort into
| minimizing one's exposure? It really doesn't take a lot of effort.
|
| Again, what does this have to do with EXIF? Please be specific.

If you don't get it after reading the above then I
can only conclude that you don't want to know.

I do want to know, which is why I asked you to be specific. You couldn't be
specific so you're blaiming me instead.

Many people don't. That's what makes the whole thing work so well: Most
people are too lazy to deal with it. Companies like Google know that. So
they're careful to keep quiet about it. That allows people who are too
lazy to deal with it to rationalize that the concerns may all be just
fuzzy thinking or "tinfoil hats". Rationalization is a powerful device.
We'll even rationalize away our own interests in order to save face with
ourselves. Deliciously perverse, don't you think?

Not at all - and I'm still waiting for that specific explanation about how
this relates to EXIF, don't be afraid to be technical, I can handle it.

--
Sandman[.net]

In article , Mayayana wrote:

However, none of that has anything to do with EXIF.

No, but Sandman was questioning how EXIF data might ever possibly be
a privacy issue.

Correct, and you failed to provide any information about that topic.

The cellphone IDs are one of several examples of
how 1) small, seemingly insignificant bits of data can be compiled
to provide information and 2) it's difficult to even imagine all the
possibilities of privacy issues when it comes to computerized data.

Well, try? Even if it's hard, you could at least try to give us a good
example on how EXIF data could reveal "intensly personal information".

That's really what the whole issue is about. It's not so much what
the data is but rather the fact that it's online and can be indexed
and put into a database, which can then be analyzed in innumerable
ways.

We know this - you've yet to give a specific example of how EXIF data
contains "intensly personal information" and how it can be used for
"nefarious purposes"


--
Sandman[.net]

| However, none of that has anything to do with EXIF.
|
| No, but Sandman was questioning how EXIF data might ever possibly be
| a privacy issue.
|
| Correct, and you failed to provide any information about that topic.
|
| The cellphone IDs are one of several examples of
| how 1) small, seemingly insignificant bits of data can be compiled
| to provide information and 2) it's difficult to even imagine all the
| possibilities of privacy issues when it comes to computerized data.
|
| Well, try? Even if it's hard, you could at least try to give us a good
| example on how EXIF data could reveal "intensly personal information".
|
| That's really what the whole issue is about. It's not so much what
| the data is but rather the fact that it's online and can be indexed
| and put into a database, which can then be analyzed in innumerable
| ways.
|
| We know this - you've yet to give a specific example of how EXIF data
| contains "intensly personal information" and how it can be used for
| "nefarious purposes"
|

Who's "we"? You and nospam? If you knew
it -- if you weren't stubbornly avoiding the
recognition of my one, simple point -- then you
wouldn't be arguing about it. For me this is
a discussion. You can agree, disagree, or add
new points. What I'm not going to do is to
engage you in a snarly, pseudo-logical contest
of mutual insult.

Anyone who's actually interested in this issue can
judge my point and my links for themselves, whether
they agree, disagree, or fall somewhere in between.