

Stolen Camera Finder: uses serial numbers embedded in photo metadata - kunle
http://www.stolencamerafinder.com/?fb_action_ids=10152131501276072&fb_action_types=og.likes&fb_source=other_multiline&action_object_map=%5B10150166584836182%5D&action_type_map=%5B%22og.likes%22%5D&action_ref_map=%5B%5D

======
brc
The URL used for this post has a lot of referal tracking data in it that looks
to my untrained eye as though it was copied from facebook. That will mess with
their stats if it becomes popular on HN.

~~~
mattburns
hehe, yeah, they've copied the link in some strange way. It goes direct to my
servers (not through facebook) but appends a bunch of url parameters that mean
nothing to me! Matt (creator of
[http://www.stolencamerafinder.com](http://www.stolencamerafinder.com))

------
tripwireinc
Another one is CameraTrace
[http://www.cameratrace.com](http://www.cameratrace.com) bigger database and
documented recoveries, used by law enforcement

~~~
mattburns
I'm not sure where you got the idea they have a bigger database. I wrote
stolencamerafinder and I don't know who has the biggest database! I recommend
you try both. You can do a free search on both and see which gives you better
results ;)

------
pacificmint
I like it. One suggestion: Maybe when it can't read the EXIF data it should
say something other than "fail".

I realize there is a more descriptive text underneath, but "fail" seems like
it's a meme, not an error message.

~~~
mattburns
Thanks, you're right, I should really make that page look a bit better. ;)

------
waterlesscloud
You know, Facebook/Twitter/Instagram have access to the metadata. And
location. And facial recognition.

Seems like there's a simple ML classifier here to id phones with a sudden
ownership change...

These companies could provide value back to their users for all the data
they're hoovering up.

~~~
nl
And if they implemented that, you know it would be called a privacy violation:
"Why are you posting pics using my boyfriend's camera?"

Note that this really is the case for 99% of "privacy violations". Eg, that
"FB is reading SMS messages" thing the other day was really a user-friendly
feature to enable automatic 2-factor auth on your phone. But because it was
seen as a privacy problem because it _potentially is_.

~~~
blueskin_
...yet they didn't even put a list of requested permissions with rationale for
each one like some developers do.

------
herf
We recovered an actual stolen camera this way. But it really only worked
because the buyer used Flickr, and otherwise this kind of metadata is pretty
hidden.

~~~
tombrossman
I post photos online and take the time to put my contact info in the EXIF
metadata, and sometimes hear back from people who like the images. This is
great and I release many of the photos with a public domain 'CC0' license so
copyright isn't a big concern, plus I get to see some of my images used on
Wikipedia.

What troubles me is how many services (looking at you, Facebook & Twitter)
automatically strip _all_ EXIF data from images, thus preventing others from
being able to email me.

What's worse is the UK's new 'orphaned works' law [1] which basically lets
others re-use your images for free and without attribution if they can't find
the original photographer. Effectively this means that Facebook, Twitter, and
others are making it easier to steal copyrighted images by providing lots of
plausible deniability. I understand about stripping the GPS coordinates from
images taken with a smartphone for example, but do not see why all data must
be stripped by default.

In your case and mine, EXIF metadata is desirable and stripping everything
seems like a really crude tool. Hopefully a better standard approach will come
about as people get more switched on to metadata (thanks Snowden) and how it
can help or hurt users.

[1][https://www.openrightsgroup.org/blog/2013/orphan-works-
the-n...](https://www.openrightsgroup.org/blog/2013/orphan-works-the-new-law-
in-the-uk)

~~~
parksy
I still think EXIF should be stripped by default on social sharing sites but
there should definitely be an opt-in feature for informed users to invoke
rationally.

------
TuxLyn
This can now be easily defeated by programs like this >
[http://goo.gl/wvBljq](http://goo.gl/wvBljq) or this
[http://goo.gl/0ZwURC](http://goo.gl/0ZwURC) Also, possible by using linux
package 'libimage-exiftool-perl' and command such as 'exiftool -all= *.jpg'
Now you can post your pictures on facbook without any metadata ^_^

~~~
mattburns
True, but thieves want to sell stolen property, not use it. If the current
owner doesn't know it's stolen they wont wipe exif and then we can track it.
Hopefully leading to the thief. If we can reduce the motivation to steal the
in the first place even better :)

------
jurjenh
What about other options? Dead/underperforming pixels seem to be a good
fingerprint as well I believe.

Would be a whole different level of identification, but would lead to multiple
ways to detect photos taken by the same camera.

~~~
qq66
Most images uploaded to the Web are not at full resolution -- it would be hard
to fingerprint individual pixels.

------
jonah
OTOH, it's a good reminder of the privacy implications of digital images. By
default all the photos you take are associated with each other and generally
fairly easily connected to you.

------
jagermo
On a related note, this sub-page [0] shows you, which camera models embedd
their info into pictures taken. Just, you know, if you take pictures of
sensible stuff or don't want to be connected to photos taken.

[0]
[http://www.stolencamerafinder.com/listmodels](http://www.stolencamerafinder.com/listmodels)

------
ToastyMallows
Related question: Can anyone find a program that just lets me view EXIF data
for a file that isn't some shady freeware? Preferably open source?

------
dpacmittal
I wish smartphone makers started embedding serial information in the EXIF too.

------
CompleteMoron
kudos this is an awesome tool!

Maybe personal data forensics is the next big market

