On August 4, 2006, AOL published a text file containing 20 million searches done by 650,000 users over a 3-month period for research purposes. Although the company anonymized the data by showing the users as numerical IDs, people soon realized that many people searched for personally identifiable information (e.g. their names), allowing real names to be put to unique IDs, thus revealing the search history of that individual. After the media caught wind of this, the whole thing was known as the AOL search data scandal.
A few months ago, we reported on a new website called the Stolen Camera Finder. It’s an image search engine that relies on that fact that camera serial numbers are often baked into the EXIF data of photos — a fact that most camera users probably don’t know. By providing a camera’s serial number, the website attempts to find all the other images on the Internet taken with the same camera, thereby helping you find your stolen camera.
If you think about it, there are major similarities between this serial number search engine and the AOL scandal — namely the fact that anonymized IDs (unique IDs vs. serial numbers) can be easily linked to real identities. Even more so than search queries, photographs often contain information that can help identify the person behind them (a Facebook profile picture, for example).
What’s interesting is that there doesn’t appear to be any backlash over the fact that serial numbers can be easily searched for now. Virtually all of the articles covering the Stolen Camera Finder focused on how useful it is for finding stolen cameras, rather than how big of a privacy concern it poses for people who might not want all of the photographs taken by their cameras to be tied to their name.
Perhaps if this became a bigger deal, camera makers would offer the option to keep this kind of information from being stored in the EXIF data of photos. What do you think?