What Social Networks Protect Your EXIF (And GPS Location) Data From Other Users?

by Joe Mueller on January 29, 2013

Photo metadata has been in the news after the eccentric antivirus tycoon John McAfee inadvertently leaked his position to the world. Apparently, Vice was with the now infamous murder suspect and forgot to scrub his position information before uploading a photo of him to the internet. This fact quickly got picked up by news outlets, like TNW and NPR.  According to McAfee’s own website, the slip up was blamed on a “unseasoned technician at Vice headquarters” who must have forgotten to check the photo for any GPS coordinates recorded in the metadata. Oops!

The fact that photos can contain location-specific metadata should not be news to the world.  A few years back a website called I Can Stalk U, no longer active but still online, attempted to help educate the masses about just how much data we can post about our lives in the pictures we choose to make public on the Internet.  They targeted Twitter and some of the various photo sharing services that inhabit that ecosystem, but the problem was generally recognized as being larger than just Twitter.  The McAfee photo is proof of that.

But what about us normal folks?  Do the social networks and internet sites we frequent most scrub our GPS coordinates out of photos we upload?  Are we accidentally creating  a situation where the Internet can know where we are?

Testing How The Internet Handles Exif Metadata

In our test we uploaded two different photos with position information in them from two different sources, a cell phone and a laptop computer.  The cell phone photo was uploaded directly from my phone (Galaxy Nexus running Android 4.1.1) using the most current app for the service at the time of publishing the article.  The second was uploaded from my computer using the web interface for the site or network.

The reason we made it a two step process was to determine if EXIF data was scrubbed by a site or service based upon the uploading method.

We used a web extension for Google Chrome called EXIF Viewer to check each photo for Exif data after it was uploaded. If you are interested in learning more about how we found the EXIF data, check out our post on how to check a photo for exif location information.

The Photos

Cell Phone Uploaded Photo
Cell Phone Uploaded Photo
Comupter Uploaded Photo
Computer Uploaded Photo

The Sites

Everyone (even your grandmother) has a Facebook account.  It is so wildly popular, a reported 1 Billion people (or .67 Chinas) use the service.  A lot of those users post pictures of their everyday activities, especially the younger ones.  How does Facebook handle EXIF data? In all cases, whether we uploaded from the cell phone app or from the computer, Facebook scrubs all EXIF data from a photo.

You can check for yourself under my example Facebook Profile.

Twitter. The tool that helped bring down regimes in the Arab Spring, keeps millions abreast of  the latest celebrity gossip, and makes banal minutia the topic of constant discussion is wildly popular.  Sharing pictures on Twitter is easy and ubiquitous. Just count the number of pictures in your Twitter feed each day. How does twitter handle EXIF data? Here is a Storified version:

But wait, there is a catch. Twitter used to maintain EXIF data in the strangest of all places, the profile picture! This is only partly a big deal since it looks like they have recently started removing the extra data when a new profile picture gets uploaded, but older photos still retain the data. Just take a look at this profile’s picture: @relleumeoj. It was uploaded sometime in May 2012, so any profile picture uploaded around that time or earlier could be at risk. If you have recently uploaded profile picture you should have all the location information stripped, but we recommend checking just to make sure.

Google+ is a different kind of social site that comes equipped with powerful photo and video sharing tools. Google has gone out of its way to make sharing cell phone photos easy by integrating Instant Upload into their Google+ app. Users who make use of the feature will have their photos securely and automatically uploaded to Google+, making it super easy to share photos with friends and family.

When it comes to EXIF data Google+ is a complex beast, but the tl;dr version is that the GPS coordinates from your photos are safe on Google+.

The longer version has a bit of nuance to it. For starters, Google+ does store your photo’s EXIF data on upload, even your position information. This information is available to anyone who can view the photo. All they need to do is click on the “Photo Details” button on the right of the photo viewing screen.

By default it retains and displays “generic” EXIF data, such as the date it was taken, the name of the file, the camera used, etc. Just take a look for yourself:

The plot thickens because Google+ does allow you to share your location data from your uploaded photos. I have done so in this publicly shared photo album. Right now the controls on location sharing are all-or-nothing on a per-album basis, so be sure you are comfortable sharing the location of every photo in an album before you hit the “Share My Location” button.

LinkedIn is the social network for working folk who want to leverage their social web for a job. You can’t share photos on LinkedIn like you can on other social netwofrks, but you can have a profile picture. Luckily, this network strips all EXIF data from photos uploaded to the site.  Here is my test LinkedIn profile so you can check yourself.

Is MySpace still a thing? Certainly the titan of the social networks has been dethroned by the younger gods and doomed to spend an Internet eternity in digital Tartarus. I wasn’t even sure if it was worth a mention in this list, but according to flawed internet tracking metrics is has more unique visits and more time spent on site than Google+ and Tumblr. Oh my.

What about EXIF data? It strips all of it from cell phone and PC uploaded photos. You can see our test album here. This is good news if you use the service for anything more than listening to free music.

Pinterst is a fun, visual way to share and remember ideas and stories. It is incredibly popular among women and has become the happening place to share everything from cute outfits, to recipes, to funny images. How does it handle EXIF data? If you upload your own photo directly to Pinterest using the website it will keep all EXIF data from the photo. If you use the Android app it will strip the exif data. This includes any location information embedded in the photo.

You can check it out for yourself under my EXIF Data Pinterest Board. It also doesn’t display EXIF data on photos that are hosted on other sites, as this pin demonstrates.

Instagram is kind of a big deal. It sold for, like, a billion dollars and has recently broken up with Twitter. Then, it wanted to sell your photos to third parties, like a boss, but has since backed off because everyone got their panties in a bunch, like a boss. Talk about drama. Its fans are loyal and oft parodied. But how does it handle position information stored in EXIF data?

Our tests showed that Instagram removes all EXIF data from photos uploaded to their service, even if you don’t pass it through any special filters.  Here is our uploaded pic: http://instagram.com/p/TEHHJSkaZK/

Flickr is a fairly popular photo sharing website. It once ruled the roost, and may so once again with all the Instagram backlash over is ToS changes. It has even updated its iOS app to included Instagram-esque features, which you can check out in a recent series of posts on the Flickr Blog.

What type of relationship does Flickr have with EXIF metadata? A complex one. Metadata is really important to some photographers, and because of this Flickr wants to keep that data available to its users. By default, most of the metadata is available to anyone who can see the photo – with the exception of the location information. Location information is saved by Flickr and can be shared on a per-photo basis.

Here is our test album for you to see for yourself. We share the position on two photos and on two we did not.

Tumblr is kind of a big deal. People know Tumblr. With 20 billion blog posts on 50 million blogs it is a fast growing, vibrant platform where users plug-in and share. Its cool to have Tumblr. But what does Tumblr do with a photo’s EXIF data?

It depends on how a user uploads their photos. Users who upload a photo directly from their cell phone will find that the EXIF data magically transports itself into the world of Santa Claus and the Easter Bunny. Photos that are uploaded from a computer, on the other hand, keep their EXIF metadata. Check it out for yourself here.

Blogger is older than the Internet, right? Founded in 1999 by Pyra Labs and taken over by Google in 2003, Blogger is a fast and free way to start a blog for personal or business use. What does it do to location information stored in photos? It strips it.

Here is our test blog. What is interest is how this service handles the pictures. When you upload a photo from your phone it transforms it into a *.png. Photos that are uploaded from a computer retain the *.jpg extension (JPEG file type) but get Picasa metadata.

Many bloggers turn to WordPress. This powerful, flexible, and open CMS has created its own industry of designers, coders, aficionados, and users. The stats for this platform are impressive, leaving the folks at Automattic wishing they have a penny for WordPress pageview. How does it handle photos with location data stored in them?

In our test we found that both self-hosted and WordPress.com sites worked the same way. Photos uploaded from the computer kept position information. Just check out our computer uploaded photo hosted on GPSForToday.com and then the one hosted onWordPress.com. The files can take some work to get to, but anyone “in the know” about WordPress file structure should have no problem finding them.

Strangely, photos uploaded directly to a site from a phone have all the EXIF data stripped out. Again, GPSForToday.com (self-hosted) and WordPress.com act exactly the same. If you want to strip your EXIF data from cell phone photos posted to a WordPress blog you will want to upload them directly from you phone.

Conclusion

Most services seem to have a handle on keeping your information safe, even when you don’t really know what you are doing. This is especially true of photos uploaded directly from a cell phone using the respective app for each of the services. In all cases that we tested, the EXIF data was either completely stripped from the photo or it was hidden from view until a user chose to make it public. Here is a overview, in graphic form, of the data we collected:

social site exif data summary

 

{ 2 comments… read them below or add one }

Leave a Comment

Previous post: