

Geotagging poses security risks - dmmalam
http://www.army.mil/article/75165/Geotagging_poses_security_risks

======
dfc
I was looking for more information/sources on the mortar attack. This
DefenseTech article has a little more context in general and an example of
geolocation using cell signals:

[http://defensetech.org/2012/03/15/insurgents-used-cell-
phone...](http://defensetech.org/2012/03/15/insurgents-used-cell-phone-
geotags-to-destroy-ah-64s-in-iraq/)

Unfortunately the only source for the mortar attack is the army.mil article
linked here. Does anyone know more about the attack?

------
greenyoda
" _When a new fleet of helicopters arrived with an aviation unit at a base in
Iraq, some Soldiers took pictures on the flightline, he said. From the photos
that were uploaded to the Internet, the enemy was able to determine the exact
location of the helicopters inside the compound and conduct a mortar attack,
destroying four of the AH-64 Apaches._ "

I'm not sure that geotagging is the real problem here. A picture of a new
helicopter or of the inside of a military base in a war zone is sensitive
operational information that should not be posted to the internet, whether
it's geotagged or not. Enemy intelligence services could probably piece
together lots of valuable information from dozens of seemingly innocuous
photos.

For example, even if the enemy couldn't blow up those helicopters, just
knowing the number of helicopters available at that base, or that the base had
received additional helicopters, could be an advantage in planning an attack.

~~~
chubbard
Well not exactly the same. While you may be able to determine some basic
relative positioning information just from looking at the picture, it's not
the same as having the actual GPS coordinates. While you could do some
perspective math plus relative positioning to known other locations to figure
a rough estimate of an object it would require a fairly expert knowledge to
get to the coordinates for your mortar. With GPS it's much easier for someone
with far less expertise to come up with a position.

Point taken that there is important information you could get from a picture
alone. There's lots of other information they posses that GPS doesn't, and
vice versa.

------
glennon
Not to downplay the real security concerns, but the mortar attack from
geotagged photos almost certainly did not happen.

Here is a March 2012 post from a skeptic about the mortar story:
<http://www.spacerogue.net/wordpress/?m=201203>

It's also worth noting that there are no contemporary 2007 accounts of the
incident. The wikipedia listing of aircraft losses in the Iraq War lists
contemporary sources for every incident except for this four helicopter attack
-- Wikipedia lists the 2012 geotagging source Steve Warren. This is the
Internet though, so I'll email Mr. Warren and see if I can get his citation.

[http://en.wikipedia.org/wiki/List_of_aviation_shootdowns_and...](http://en.wikipedia.org/wiki/List_of_aviation_shootdowns_and_accidents_during_the_Iraq_War#2007)

------
blaines
I think this might be a good argument for anonymity on the internet.

The thing is, if you're traveling in hostile territory, it's probably a good
idea to maintain a low profile. Isn't it taught to be aware of your
surrounding at all times? Basically, reveal your location digitally with the
same consideration you would in meatspace. If you wouldn't launch a flare to
tell people your location, don't broadcast your location digitally.

I think most people in the armed forces understand this, though there are
apparently exceptional cases.

Also it should be noted they launched mortars at grounded helicopters, from
what I can tell no one was killed, and the compound's location was probably
already known. So this could have been inadvertently beneficial to both
parties (mortars weren't launched randomly hitting barracks, killing people
etc).

Edit: Now that I think about it, if I was in charge of soldier security I
would probably increase the noise - use fake accounts, fake locations, with
similar data context. I could even fool the opposing forces into maneuvering
into positions they could be captured peacefully.

------
pbhjpbhj
Surely in a disciplined army only those instructed to do so or given a special
permission are allowed to take photos, nevermind allowing free access to
upload at will and without security oversight.

Do they allow soldiers to send up fireworks whenever they fancy too?

Surely enemey can use triangulation to track mobile phone signals; sniff
images, calls and texts off the air and such?

------
Spearchucker
What's interesting to me is that geotagging is seen as dangerous, and yet it's
the act of making geotagged photographs available online that's the real
issue.

Maybe an enterprising solution is for an Army hacker to create an app that
strips out EXIF data from images, and then facilitates uploads to the user's
site of choice.

~~~
Evbn
To be safer, whitelist, not blacklist. Hr program should analyze a photo, and
emit a new graphical image computed from then original's color data only, and
not pass through any metadata.

~~~
silentOpen
What is the minimum noise intensity/spectrum to remove sensor fingerprint?

------
benjlang
I'm in the Israeli army now, guess I may need to cut down on my foursquare
checkins... (1,000+ so far)

~~~
dewey
i always wondered if there's some kind of social network policy while browsing
all these 'idf' tagged instagram pictures. i guess not.

------
0x0
I think Facebook strips EXIF metadata from uploaded photos, so unless you
deliberately add a location tag, it shouldn't really be possible to retrieve a
location given a photo.

------
abolibibelot
It's what Bruce Schneier calls Security Theater, or movie plot threats, with a
dash of "beware, the enemy is always listening", and self-proclaimed security
experts to hint at vague threats from terrorists.

It's true that there are privacy issues with geotagging, facebook profiles.
But the military and the para-military need their FUD to keep the money
flowing.

~~~
klodolph
Really? It's security theater to disable geotagging?

1\. The first part talks about disabling geotagging _for deployed soldiers in
classified locations,_ and gives an example where geotagging allegedly led to
a morter attack and materiel losses,

2\. The second part talks about disabling geotagging at home if you are
worried about your safety. These are not hypothetical risks: imagine an ex-
boyfriend with a constant stream of your GPS coordinates through social media.

~~~
matthewowen
His comment isn't _wholly_ unjustified. If you take a photograph of
helicopters in a military base, it is plausible (possibly even likely) that
someone familiar with the area could figure out their location purely by
looking at the photo - based on the background content of the photograph.

The point you could make is that if you're worried about people figuring out
where you are, you probably shouldn't publish photos of your location on the
internet.

------
tmcw
> There are a number of location-based social media applications and
> platforms, including Foursquare, Gowalla, SCVNGR, Shopkick, Loopt and Whrrl,
> currently on the market.

Well, Whrrl and Gowalla are no longer, so no.

~~~
Evbn
Wow, someone in .mil remembers Whrrl? They really are always fighting then
last war...

------
sbierwagen
"Army: Water found to be wet"

"The US Army discovers a bear shitting in the woods"

This is incredibly, painfully obvious. Why is it on HN?

~~~
ChuckMcM
I can think of a couple of reasons why this audience might find the article
useful. First, a number of folks here are brainstorming startups and the fact
that GEO information is available in EXIF data and on the phone in general is
an attractive thing. Two, this article includes a documented case of the GPS
data being used against the army (mortar attack) which, if you read HN
regularly, someone says "Don't use GPS data, you could get someone killed."
and then someone will comment 'citation needed' and there will be the whole
silly "Gee don't do that if you don't want" kind of argument. When the real
discussion should be "Your customers might not realize the consequences of
this, you need to be aware of them."

So for those reasons I think its a useful thing for entrepreneurs to keep in
their thought processes.

