PetaPixel

Flickr’s Geofence Feature Not as Secure As One Might Think

Flickr introduced a novel privacy feature yesterday called “geofences”, which lets you hide the location data of photos taken in certain locations from the general public. It seems like a great idea, but blogger Thomas Hawk points out that there’s a pretty big loophole in the system:

Although the geotag information is indeed pulled from the flickr photo page, ANYONE can potentially still get your geolocational data simply by downloading the original sized file and looking into the EXIF data.

This means the geofence feature doesn’t actually wipe the geotag information from the photos you upload, but simply prevents the data from being displayed in an easy-to-view format on the Flickr site. If you make the original versions of your photos available for download, the general public can still access the location data found in those. To close the loophole, simply make it so people can’t download your originals.


 
 
  • http://twitter.com/thomashawk Thomas Hawk

    Thanks for reporting this Michael.  Although it should be noted that flickr will not allow you to close this loophole if you use a Creative Commons license on your photographs.  You can only disable original file downloads if you change your licensing to all right’s reserved. 

    This is unfortunate.  Flickr should allow people who use the Creative Commons license to close this loophole as well.

  • Jh_meniscus

    This is not really a loophole, Flickr isn’t (as they shouldn’t) permanently changing your originals, which as the name implies should be a file you can download back from Flickr in exactly the same state as you uploaded it. Imagine someone who loses data from a hard drive and wants to download their library again. I’d be pissed if I were that person and found my geo data stripped out and if it were a JPEG file, lossy compression (of who knows what level), added to a lossy file. 

    And BTW a blogger trying to sound whistle-blower by regurgitating something that Flickr had a disclaimer and notification about on their GeoFences page since launch is (more than) a little disingenuous. Flickr gave all the pieces necessary to lock down the data from the get go. The fact that files have geo data before Flickr ever hosts them is not their responsibility, it is that of the the photographer to understand the ramifications of the technologies they are using

  • Jh_meniscus

    This is not really a loophole, Flickr isn’t (as they shouldn’t) permanently changing your originals, which as the name implies should be a file you can download back from Flickr in exactly the same state as you uploaded it. Imagine someone who loses data from a hard drive and wants to download their library again. I’d be pissed if I were that person and found my geo data stripped out and if it were a JPEG file, lossy compression (of who knows what level), added to a lossy file. 

    And BTW a blogger trying to sound whistle-blower by regurgitating something that Flickr had a disclaimer and notification about on their GeoFences page since launch is (more than) a little disingenuous. Flickr gave all the pieces necessary to lock down the data from the get go. The fact that files have geo data before Flickr ever hosts them is not their responsibility, it is that of the the photographer to understand the ramifications of the technologies they are using

  • http://twitter.com/thomashawk Thomas Hawk

    The “disclaimer” is easy to miss and is only seen at the time that someone sets up the fence on one of the pages and alot of people have no idea what “EXIF” data even is.

    The blog post by flickr made no mention whatsoever of this risk — even though they were encouraging people to use geofences for two highly sensitive locations, where you live and where your kids go to school.

    It is highly likely that an individual could set up a geofence, not see or forget about the EXIF disclaimer on one of the settings pages (you’re not forced to acknowledge it or anything and it’s up and to the left away from the settings action).  Then two weeks/months, whatever, later upload a photo from their iPhone (which is the number one camera on flickr) which shows their home or school location and think that they are safe when they in fact are not.

    Especially since flickr does in fact remove the geotag from the map on Flickr, in this case many might assume that they can still upload these photos to flickr without realizing how easily anyone can still obtain the geolocation information from the file.

    For people who set up geofences and *then* upload photos geotagged at the EXIF level into these geofences (trust me, many, many people many end up doing this), Flickr has an *absolute* responsibility to warn these people that anyone can easily get their geo information even though they are in a fence — and to warn them beyond some obscure language on a settings page that they may have set up weeks or months earlier and have totally since forgotten.   

    To not do so when someone has specifically set up a fence for the purpose of hiding this information is incredibly irresponsible and maybe even dangerous for some people.

    This is not at all disingenuous.  It is the absolute right thing for flickr to do.

  • jeff

    Though the setting to prevent downloading of photos is itself pretty easy to get around…

    ie. http://labnol.blogspot.com/2007/08/download-flickr-photos-protected-by.html

    Moral of the story – if you put your pictures on a photo sharing site, people may see them that you don’t intend.

  • jeff

    Though the setting to prevent downloading of photos is itself pretty easy to get around…

    ie. http://labnol.blogspot.com/2007/08/download-flickr-photos-protected-by.html

    Moral of the story – if you put your pictures on a photo sharing site, people may see them that you don’t intend.

  • http://twitter.com/604Foodtography 604 Foodtography

    If you put ANYTHING on the web, it’s liable to be downloaded, no matter how well you protect it, right click protect, disable, etc. So, just don’t put it up if you’re that anal about your files. Or, just leave your EXIF data out, duh.

  • Jh_meniscus

    OK, with the additional info that has come to light about the CreativeCommons bug and that I forgot they neglected to mention the disclaimer on the blog post announcing it, just on the set-up page, it is not disingenuous, I’d like to retract that. Flickr could have made that a lot clearer and they didn’t.

    I still do think it’s a little overblown. After all the data getting embedded in the photo file is not Flickr’s fault, it is the camera/phone manufacturers duty to educate their customers on the risks involved. If your car has a manufacturers recall that it might explode and it does so while parked in a garage, do we go after the garage for inadequate security?

    Flickr is in fact trying to protect us from both our cameras and ourselves (not being educated enough to grasp the dangers as well as the benefits of the technology). Something that is not really their responsibility. If you were to do all your geotagging on Flickr’s side, upload an un-embedded file and drag it onto the map within Flickr they geofence would work 100% of the time with no hacks, the weak point is outside their purview. it is a little bit of a harsh criticism to condemn them for helping us privatize data they didn’t embed just because it’s not 100% fool proof out of the gate.

  • Jay

    I’ve been using Jeffrey Friedl’s Lightroom Geotagging plugin to remove geo-data from photos in “sensitive” areas, prior to uploading anywhere, not just Flickr. And looks like I’ll just keep on keeping on.

    While I applaud Flickr for this move, it’s more a half hearted measure at best.