How Tech-Savvy Thieves Could 'Cybercase' Your House
Credit: Gerald Friedland and Robin Sommer
Data embedded in a digital photograph of a bicycle, taken with an iPhone 3G, can identify an individual's location to a range of +/- 1 meter.
The photos and videos you upload could reveal a lot about where you are.
Data stored in digital photographs can help criminals locate individuals and plot real-world crimes, a practice two researchers called "cybercasing" in a recently published paper. The site Pleaserobme.com was one of the first to expose the problem by displaying tweets tagged with location information, although it has since stopped the practice.
Location data can be stored in a digital photo or video's metadata, information about the file itself. That data can include, among many other things, the make and model of the device used, the date and time the photo or video was taken, and the geographic coordinates of the device at the time the photo was taken.
In the paper, Gerald Friedland, of the International Computer Science Institute, and Robin Sommer, of Lawrence Berkeley National Laboratory, explain how Craigslist, Twitter and YouTube could be used to locate people and plot crimes.
On Craigslist, location data in uploaded photos could be combined with information from the postings themselves, such as "please call Sunday after 3pm," to help a thief speculate about a user's whereabouts. And while many posters chose not to list home addresses, their photos seemed to reveal that information anyway. To examine how accurate location data can be, Friedland and Sommer used an iPhone 3G to photograph a bike, as one might do to sell it on Craigslist, and found that the location information was accurate to within one meter of the actual spot the photo was taken.
The researchers followed one reality TV show host's Twitter feed and were able to use location data from the photos he uploaded to locate his home, where he walks his dog, his studio and when and where he was on vacation. The researchers also used Picfog, which lets users search photos shared on Twitter by keyword and location, to find one unnamed celebrity's public, but unadvertised, Twitter feed.
On YouTube, the researchers wrote a script to conduct a two-step search. First, they looked for videos in a certain radius: within 60 miles of Berkeley, CA. Then they looked for videos uploaded by those same users over 1,000 miles away that same week, suggesting that the uploaders were on vacation or away on business, possibly leaving their homes unattended. Using the custom script, the researchers were able to conduct the searches in about 15 minutes.
It's all pretty scary, but worry not, Friedland and Sommer offer up some smart suggestions on how to raise awareness of the issue. One idea they propose is giving users the ability to fine-tune the accuracy of the data they attach to content. For example, users could chose to share their location by house, block, city, region or country (see right). "Not only would this give users more control," they write, "but it would also explicitly point out that house-level accuracy is in the cards." Also, services such as YouTube, Twitter and Craigslist could advise users on privacy risks as they upload their content.
Until either of those options are enacted, though, there is an easy solution: devices often come with the location feature enabled, but almost all will let you simply turn the feature off.