I'll be the contrarian and ask why this is surprising? Of course if an application has been granted access to files of type X, the application can access those files and read / parse / write / etc those files and the data contained within them.
As a user, I'd be pretty annoyed if I used Instagram, FB, Camera +, or one of the many other camera or photo editing apps on my phone and they did not have the ability to read and write the location data.
> I'll be the contrarian and ask why this is surprising?
Because users aren't actually all that aware of there being location data attached to their photos. If you told them that an app could stitch together a relatively accurate map of where they'd been in a day based on the photos they took, most users would be surprised.
Given that many social networking apps show you the location in which the photo was taken as an option for geotagging posts, it's clear that the data is there.
I'll grant that users may not make the leap to thinking of building a full-on historical profile without being prompted in that direction...
> Given that many social networking apps show you the location in which the photo was taken as an option for geotagging posts, it's clear that the data is there.
I had literally no idea. None. Probably because I don't upload photos to social networking sites from my phone. So I'd be pretty shocked that Whatsapp could plot my movements despite not having access to location data...
And I think most users would be aware of this yes. But should they be expected to understand that this location data is different to the other location data and isn't secured at all by the "share your location" permission?
There's a map in the albums showing where all the pictures were taken. Also IOS creates memories(machine generated albums) with location names. You'll have to be pretty naive to think it wasn't storing location.
> You'll have to be pretty naive to think it wasn't storing location.
I think you'll have to be pretty naive to assume that users inherently realise that "photos have location attached" automatically leads to "third party app can read location in these photos" and can lead to "build a profile of you based on your photo locations".
It's not that people can't put these things together, it's that they don't ever really think about it. When you download a photo editing app you're thinking about editing a photo, not about the metadata you might be leaking in doing so.
exactly - users don't use logical deduction to work out what information an app is capable of inferring.
If i didn't give the app permission/information, it stands to reason that said app shouldn't be able to infer, or deduce it. If the app is able to do so, then they ought to be legally obligated to disclose this fact.
But those are both Apple apps. I wouldn't expect that, just because I gave access to FB or Twitter to see my photos, that they'd get the location of them too.
Interesting. I would have thought always that yes, if I'm moving an image around, its metadata goes with it unless I've specifically taken steps to strip it. I guess we've all had different introductions to this stuff.
Coincidentally, I have asked some non-technical people exactly this question. All of the people I asked didn't even understand that there was anything other than "my picture" in an image file. I would guess that if you pressed a lay-person to explain how Apple shows a map of where your photos were taken, they would guess that the information was stored separately.
That doesn't really make it evident that letting an app access a photo lets it access the photos location.
You and I both understand that that's metadata in the file, but non-tech users don't know that much -- they might simply have never though about it enough at all.
Stupid? Perhaps in some cases. But are you perhaps expecting to much of a layperson? How are they supposed to know that the "access photos" permissions overrides the "location" permission because the "location" permission doesn't even apply to their photo location data.
Sure, we all know this. But this can't be taken for granted.
Do we expect regular users to appreciate that how the location data is stored as exif data within their photos rather than separately. I wouldn't expect this of most people.
Users are human beings. You can affix a derogatory label to them if you want, but deciding that they're not as smart as your ideal of what humans should be isn't useful to anyone except your ego I guess.
There is no technical reason the OS couldn't stop this by stripping exif/location data from photos if the requesting application doesn't have location permissions.
> There is no technical reason the OS couldn't stop this by stripping exif/location data from photos if the requesting application doesn't have location permissions.
There is: every app that does stuff with photos (e.g. filter software or other processors) will strip the exif data now in the process.
There is no need to strip all EXIF data. Strip just the location since that is an explicit permission needed. you can keep aperture, shutter speed, capture time etc.
Well I'm not in the iOS ecosystem, but I genuinely like the location data to be in my photos, and I go somewhat out of my way to ensure it stays there.
Being able to search my images by location means I can easily find all images from my trip to X, or grab all the pictures I took while at my old house. It's hugely useful and I would be livid if an is update or app update started striping that info.
Simple. Make a setting that defaults to "no, don't share the exif location data with 3rd party apps" but can be changed to "yes, do that" if you want to.
I've spent hours of effort making sure Facebook Apps on my phone never have access to my location. It's something I'm particularly crept out with regard to Facebook specifically.
I've granted them access to my photo library when I'd like to post a picture there, so this means they they can suddenly read all the photos in my library, including their exif data?
If so, what are they chances they are collecting all that exif and uploading it? I'd be genuinely pissed. And if such a practice came to public eyes, wouldn't that bring up enough of an uproar to cause fb some serious harm?
Even if they are not using your exif, they will be trying to identify your locations in the photos based on the presence of other people, landmarks, or other objects. In the same way that Google does.
What I've found works best for keeping access to photos restricted, is clicking on "Share" on the iOS photos app, and then selecting the target app (eg: FB Messenger).
This means that the target app doesn't get access to my entire library -- but I can still share one (or a few) photos through it.
Once you pick a file, I'm fairly certain that the metadata is made available as a JavaScript Blob object containing any relevant metadata (this is how Facebook geotags uploaded photos)
It's obvious to me now, but I hadn't thought of this. So it was a surprise in that regard, and an unpleasant one even though I feel like I am less concerned with privacy than most of HN.
If Adam Savage was caught by surprise (the location of his home was embedded in a photo he shared online) then I would think a lot of other people would be surprised too.
This is probably only something that tech-related people understand (and maybe some specific types of photographers and designers).
The great majority of the population doesn't really know that "photos store location", let alone join the dots to assume that these things are possible.
Wow, I never thought about the privacy implications there. Creepy. I hope apple comes up with a fix for this. Thanks to the creator for bringing this to my attention!
I remember when I uploaded photos in early versions of IOS, there was no location data accessible to me when I looked at the files on our server. Not sure what changed or if we never had access back then.
How did you upload them? Apple strips location data when sent in an mms/iMessage for example. Not sure what all avenues they do this for, but it could be a related cause in your scenario.
I just remember getting the image the standard way either from the library or the last camera photo, then examining the data that got uploaded, and not finding the location data. Then I think I looked at it in the debugger in XCode and there was no location data there either. Our apps at that time had location and photo permission and definitely could see the location information in the IOS photo app for the same photos. Just wrote it off as a quirk.
Clever but its just symptomatic of a complete lack of ethical constraints and an all out assault on users rights and privacy.
Its like going to your doc for a checkup only to discover they have stolen your genetic information and peddling it to advertisers without your consent.
10 years ago spyware had meaning, now everyone seems to be building it and worse completely indifferent to ethical questions around harvesting user data and build intrusive profiles.
It's only a matter of time before there is a huge backlash against this rampant unethical behavior by the industry and its clear we need tough regulation and consequences.
> It's only a matter of time before there is a huge backlash against this rampant unethical behavior by the industry and its clear we need tough regulation and consequences.
Don’t count on it. Outside of the tech community (echo chambered here), people seem to just not care. Otherwise Google and it’s products would not have been so successful; all the click-bait adware nonsense would not have been successful. People are cheap and just don’t want to pay for anything. Regulation could solve this, but Google and Facebook have so much lobbying power in the US, I fear nothing will change for the better, but, indeed, most likely for the worse.
Foursquare buys location data from instagram and then resells it to companies. Then they look at the location data and figure out that people are going to places like an Apple Store and then they take appropriate actions.
When you post a picture in the Instagram and Facebook (and Twitter) mobile apps, they offer to tag the post with the location that's embedded in the picture.
I’ve tried to mitigate this by not giving most apps access to my photo library, especially since I use iCloud Photo Library and it has hundreds of gigabytes of photos. Instead of using a photo picker implemented by the app, I try to use (a) share sheets extensions by going to the Photos app first, or (b) document pickers and then select my photo library as a source of document.
Note the if you choose "Save Image" on a Share sheet in iOS 10, the app is given full access to your Photo Library (you are prompted to allow it though).
Looks like this was restricted to write only access in iOS 11.
This is ingenious! This is still a huge part of why privacy/security is still a long way off across all platforms. The attack vectors are much more nuanced and complex than the simplified permission system we think about
(I then wrote an AppleScript to use this tracking data to tag locations of photos in my iPhoto library, because my camera at the time didn't have a GPS).
Very creative, I like it and it creeps me out a lot! Whenever I am on my computer and I upload something to most places I try to remember to wipe the metadata, never thought of apps pulling this data straight out of the library on my phone. Luckily I don't have many apps with access to photos to begin with.
The proposed solutions are a total sledge hammer approach. How about if you want PHAsset to give you location information, you have to ask for the Location Permission? Problem solved. Devs can use their custom pickers and cameras and can’t spy information they haven’t asked permission for.
Actually, that's not what I said. It's location information, use the Location Permission, not an additional permission. Why should I need to have an extra permission beyond Photo Permission to get information like shutter speed, aperture, and timestamp?
As a user, I'd be pretty annoyed if I used Instagram, FB, Camera +, or one of the many other camera or photo editing apps on my phone and they did not have the ability to read and write the location data.