Isn't revealing your location the whole point of taking a picture from your hotel window and sharing it with the world on Twitter? I wouldn't be too surprised if I posted "I'm in Miami, and here's a view from my Hotel window" and someone was able to tell me the Hotel name and which side I was staying on. Infact, I'd be more surprised if someone couldn't!
The techniques used are not particularly ingenious here, especially as most of the photo's seem to depict some obvious landmarks to provide an easy point of reference, especially when given the extra information to focus on a specific location.
This may be a dumb question, what is the value in checking in when leaving? I might not understand the point of foursquare, I thought the check-ins were used so people could meet up with friends who were in the area.
Are there rewards or incentives for checking in or is it for social prestige by being in the right places at the right time? Something else I'm not thinking of?
When you check-in on arrival, that can cause two problems; one, people (whom you don't want to meet) can come to the location to find/meet/stalk/harass you; and two, people know that you're there and not somewhere else (so they know your car/house/office/dog is potentially unguarded).
You can use checkins (especially those of Instagram or Foursquare addicts) to determine someone's pattern; if they always go to Starbucks in the morning for a snack, then go for a run for 30 minutes, then hit the grocery store on the way back, you can figure you probably have 45 minutes to loot their house, search their stuff, etc. before they get back. If you've seen the inside of their house before, you might know that there are spare keys, or a rarely-used door that you can unlock, etc. which gives you more access to the house later, even if your timeframe is limited.
Anyway, checking in as you leave throws off that timetable. People can't come meet you (because you're already gone), and you won't tell people you're out of the house until later, cutting down on their window of opportunity.
But none of the information gained from the reflections were not obtainable in another way. In the first example with this image http://4.bp.blogspot.com/-G-MF-A05uSs/U2CA_n8IKfI/AAAAAAAAAZ... He claims it could be three possible hotels from that area. Yet it can actually only be one because there is only one hotel on that side of the road (you can see the road below). I went from that picture I just posted to the actual location without reading the rest of the blog. I have never stepped foot or even seen a photo of Miami. Those buildings are extremely unique. Once I found those buildings, I moved the view around in Google Maps to get me the EXACT point of reference which could have been two different hotels. but Like I said, only one on the correct side of the street.
On the second example, I was able to locate the picture simply by Google Maps. There aren't many buildings with domes on the top of it that is basically right next to water. It took me 3 minutes. Once I found it, I lined up the shot and found the building. There was only one it could have been. With a quick google search. To find which floor the picture was taken on, all I had to do was find which floor was completely straight in the photo (which means he was leveled with that floor) and then translate that height to the other building (by guessing). I guessed floor 17 which was one off and was the exact same guess as the blogger.
Basically, the blog post makes it seem he uses reflections to find where buildings were. In reality the reflections were not useful to locate the building, only to find interior shots after the location is discovered.
Whilst this could be the case in some photographs, like reading reflected documents or personal information, the ability to see a reflected light and a photo frame which therefore narrows your location down to one of 30-40 identical hotel rooms doesn't seem like personal information to be wary off.
You're far more likely to inadvertently reveal personal information in the background of a photo of your actual hotel room that you are from looking out the window.
I suspect child abusers generally move out of their landmark hotel room before sharing compromising pictures on the internet (and generally hang around in much less high-profile locations, for obvious reasons). Admittedly it would be a lot more forensically useful if the image had accurate metadata showing date taken.
I was hoping for something clever involving algorithms picking up subtle reflections that weren't visible to the naked eye and or algorithms automagically matching photos with other photos taken from similar angles, but this is Google-fu 101. If you tell people which city you're in and post a photo of the centre, people will probably be able to figure out where it was taken from. That applied long before the age of the internet and digital photography.
Granted that posting a pic from your hotel room, with emphasis on outside view doesn't leave a lot to be guessed but the author has done some reasonable sleuthing to be accurate, let's give him credit for that.
Using the reflections as additional information is very interesting. However, I’m not that surprised that views from windows can be relatively easily located. Andrew Sullivan has been running his View From Your Window contest for four years now and people have been guessing the locations of the photos with scary accuracy (as good as in the linked post).
Still, it’s probably more than 15 minutes work even in the best case scenario (and much, much longer in the worst case), can probably not be automated in any meaningful way (but that would be an interesting project, huh!) and is consequently only of interest to dedicated attackers, not general surveillance.
And he doesn't even give a starting city or country. His readers have to narrow down the location using street signs, building types, car types, and other subtle hints. So if you don't want people to find you don't post pictures of where you are.
> So if you don't want people to find you don't post pictures of where you are.
This cannot be said enough.
It's definitely worth educating people to the kinds of things they're exposing when publishing things like vacation photos, but most people shouldn't have a need for that level of information security.
"Finally, do not forget that a reflection could be your enemy."
On a tangent - I didn't realize that the google maps 3D rendering has gotten so good over the last couple of years. I wonder how hard it would be to scrape the point data and satellite textures to source a GTA map, I'd love to cruise through actual Vice City with the GTA V engine.
If you haven't checked it out yourselves - breath-taking WebGL view of Miami (Chrome, OSX):
Trying to find the source of that image - Google lists it on a few tumblrs going back to 2010 (tumblr apparently started in 2007, who knew) - except when you go to the oldest of them it's only just been posted, today, not 2010. Google never seem to have been able to do dates reliably.
Thanks dude. That bush to the right is a rare plant that only grows in a 600 sq miles radius in a known part of Africa. The recon guys are already there and they said they've found the only manufacturer of plastic signs around that area that uses that font as the default one. Now they are "talking" to him about his customers. Once we have certain coordinates, we'll send them to our team of guys with guns on the ground and to the extraction and cargo transport teams. I can already feel the sweet smell of freshly powdered rhino horn :)
In the olden days we would have had to track the guy who took the picture and have a lengthy private talk with him, risking to expose ourselves in a "lawful" country, but this makes it so much easier...
I was going to say the same thing. This has little to do with hotels or reflections. Any picture at all with a skyline in it, given a good enough 3D map and some software (maybe the NSA has some already?), should be enough to pinpoint you pretty closely, depending on the nearness of the skyline and the quality of the picture.
So, 99.9% of the information was gathered based on the actual photo, and .1% of it confirmed with reflections. Impressive. Hmm, this picture of a landmark came from the building near the landmark. How did you get that with just reflections?!?
With a set of photos of the same static scene, it's possible to figure out the camera position, angle, and focal length of every camera, sometimes to millimeter accuracy.
You just have to correlate the same features in each frame, then solve it.
3d motion trackers do this. (Blender.org has one. You can solve this same problem using it. Bring in public and street view photos of the area. It's a bit of manual work to put all the images in a movie then go frame by frame and tag features... But you could get much more accurate than the article.)
The power is in having access to large databases of photos of everywhere, and even better if all the photos were taken the same way, like google's street view... and large amounts of computing resources to index and correlate all of the features from all of the images automatically.
I would be surprised if there is not a project in some huge company or lab that can identify features in nearly any public outdoor shot and determine exactly where it was taken. (perhaps for intelligence or forensics)
As a countermeasure, the article notes turning off lights and so forth. Seems the author hasn't heard of polarized lenses. Others note that it's not a real security concern, no, but using a FLD lens will result in better photos when shooting through glass! Use it!
This only seems useful if it is automated and extremely fast. If you are law enforcement there are faster ways to do this. Like just calling in the city the "bad" guy last checked in at.
And if you aren't, there are much easier ways to get info on the room someone is using, like social engineering. Which I'd actually one if the examples the author gave when he simply asked the victim in twitter what floor he/she was on.
I haven't seen criminal scenarios where the bad guy takes a photo if his view or checks in on four square, that doesn't get rounded up fairly quickly.
There may come a time when indoor pictures could reveal your location as well. If you were to create a database of lots and lots of architectural plans, you could conceivably use computer vision algorithms for determining dimensions of a room as a few more known bits of entropy for identifying an indoor location.
When you're put into protection (including from abusive spouses), the first thing the agencies involved do is tell you not to contact friends nor relatives. Posting a picture of their accommodation on social media would be the stupidest thing they could do - reflection or not.
So if they proceed to do this even after being advised not to; then I have to question if subconsciously they really do want to be caught (it's saddening just how emotionally dependant victims of abuse are on their abusers).
But this is now taking a tangent onto a whole other topic.
What if they just ran away on their own? Anyway the point is there are plenty of situations where you'd want to hide your location but might erroneously think a photo from your window doesn't reveal too much info.
Happens less often than you'd hope. Usually such victims require support from others.
"> Anyway the point is there are plenty of situations where you'd want to hide your location but might erroneously think a photo from your window doesn't reveal too much info."
I'm sure there might be some fringe examples, but "plenty"? Nobody has yet suggested even one plausible example so far. And even the examples in the article were from people who didn't care about revealing their location to begin with (eg in the first example, the subject announced he was in Miami as well as taking that picture).
But I'm sure there are some examples of people stupid enough to share a picture of their location and not realise it might reveal their location to other people; I'm rarely surprised by the stupidity of the worst case scenarios. But I also doubt those sorts of people who lack even that level intelligence would be the kind to people who read articles like these. So whichever way I look at it, I can't see anyone's life saved (metaphorically nor literally) by the research conducted by this author (as interesting as it might be to many of us).
You might reveal your location but the person spying on you would have to be a stalker and a total creep, who basically have no life and nothing interesting to do. That's more scary than taking pictures with reflections IMO