The private photographs on your phone might not be as private as you think. Earlier this week, the New York Times reported that iOS has a loophole that allows third-party apps who have access to location information to also access (and copy) your entire photo library without any further notification or warning. A couple days later, Android was also found to have a loophole that’s even worse — any app that can access the Internet can copy photos to a remote server! Both companies have acknowledged the privacy flaws and are currently working on fixes for them. Welcome to the scary world of Internet-connected cameras!
Here’s another public service announcement for those of you who travel often (see our warning on zippered bags): the safes in hotel rooms may not be as secure as you think. YouTube user skyrangerpro recently discovered that the safe in his room could be opened with “000000″ regardless of what passcode he chose. This is presumably the “master password” the hotel uses when you’ve forgotten the one you’ve chosen, but the fact that some hotels leave this on factory default settings is cause for concern.
The next time you think about leaving some pricey camera gear in a hotel safe, makes sure all zeros isn’t a working passcode.
Flickr introduced a novel privacy feature yesterday called “geofences”, which lets you hide the location data of photos taken in certain locations from the general public. It seems like a great idea, but blogger Thomas Hawk points out that there’s a pretty big loophole in the system:
Although the geotag information is indeed pulled from the flickr photo page, ANYONE can potentially still get your geolocational data simply by downloading the original sized file and looking into the EXIF data.
This means the geofence feature doesn’t actually wipe the geotag information from the photos you upload, but simply prevents the data from being displayed in an easy-to-view format on the Flickr site. If you make the original versions of your photos available for download, the general public can still access the location data found in those. To close the loophole, simply make it so people can’t download your originals.