The techniques used are not particularly ingenious here, especially as most of the photo's seem to depict some obvious landmarks to provide an easy point of reference, especially when given the extra information to focus on a specific location.
This is a bit like checking in with Foursquare. If there's a security concern with showing it real-time and net-wide, then you just shouldn't.
Reminded me of this: https://pbs.twimg.com/media/Bm1gMRUCIAA8Y4E.jpg
I'm guessing some people may not be comfortable with that.
Are there rewards or incentives for checking in or is it for social prestige by being in the right places at the right time? Something else I'm not thinking of?
You can use checkins (especially those of Instagram or Foursquare addicts) to determine someone's pattern; if they always go to Starbucks in the morning for a snack, then go for a run for 30 minutes, then hit the grocery store on the way back, you can figure you probably have 45 minutes to loot their house, search their stuff, etc. before they get back. If you've seen the inside of their house before, you might know that there are spare keys, or a rarely-used door that you can unlock, etc. which gives you more access to the house later, even if your timeframe is limited.
Anyway, checking in as you leave throws off that timetable. People can't come meet you (because you're already gone), and you won't tell people you're out of the house until later, cutting down on their window of opportunity.
One could use these (and other) techniques to pinpoint your location from anywhere in the globe, without even setting foot in that location, perhaps not even the country.
Keep in mind that the poster "eyeballed" the floor height. With more work, it is possible that he could have figured out not only the floor, but which window the picture was taken from.
Also, nice call on reflections of safes and notebooks.
On the second example, I was able to locate the picture simply by Google Maps. There aren't many buildings with domes on the top of it that is basically right next to water. It took me 3 minutes. Once I found it, I lined up the shot and found the building. There was only one it could have been. With a quick google search. To find which floor the picture was taken on, all I had to do was find which floor was completely straight in the photo (which means he was leveled with that floor) and then translate that height to the other building (by guessing). I guessed floor 17 which was one off and was the exact same guess as the blogger.
Basically, the blog post makes it seem he uses reflections to find where buildings were. In reality the reflections were not useful to locate the building, only to find interior shots after the location is discovered.
Clear and simple: the reflected images in pictures might disclose information that you wouldn’t be willing to share, such as your location or other personal details."
You're far more likely to inadvertently reveal personal information in the background of a photo of your actual hotel room that you are from looking out the window.
I was hoping for something clever involving algorithms picking up subtle reflections that weren't visible to the naked eye and or algorithms automagically matching photos with other photos taken from similar angles, but this is Google-fu 101. If you tell people which city you're in and post a photo of the centre, people will probably be able to figure out where it was taken from. That applied long before the age of the internet and digital photography.
What is really good here is that he went through all the steps in the deduction. Most people will not take the time or patience to pick the landmarks and do the perspective.
As for the article, I didn't know Google Earth was so extensive and I learned some interesting geologic features of Miami!
Here is the archive: http://dish.andrewsullivan.com/vfyw-contest/
Still, it’s probably more than 15 minutes work even in the best case scenario (and much, much longer in the worst case), can probably not be automated in any meaningful way (but that would be an interesting project, huh!) and is consequently only of interest to dedicated attackers, not general surveillance.
This cannot be said enough.
It's definitely worth educating people to the kinds of things they're exposing when publishing things like vacation photos, but most people shouldn't have a need for that level of information security.
On a tangent - I didn't realize that the google maps 3D rendering has gotten so good over the last couple of years. I wonder how hard it would be to scrape the point data and satellite textures to source a GTA map, I'd love to cruise through actual Vice City with the GTA V engine.
If you haven't checked it out yourselves - breath-taking WebGL view of Miami (Chrome, OSX):
On the iPad you also get more control over viewing angles, I was surprised that you lose that on the desktop.
I refuse to believe some of these are "accidental".
"Please make sure you turn off location and be careful about sharing photos of our rhino on social media, you may give away its location to poachers"
In the olden days we would have had to track the guy who took the picture and have a lengthy private talk with him, risking to expose ourselves in a "lawful" country, but this makes it so much easier...
Interestingly, rather than figuring it out themselves (as the search space was too huge), they crowdsourced it by releasing images with the child photoshopped out.
I assume there are much more creepy techniques to tell where I am when I don't explicitly reveal it.
However, in all seriousness, nice levels of deduction going on here and only slightly creepy tweets :)
3d motion trackers do this. (Blender.org has one. You can solve this same problem using it. Bring in public and street view photos of the area. It's a bit of manual work to put all the images in a movie then go frame by frame and tag features... But you could get much more accurate than the article.)
The power is in having access to large databases of photos of everywhere, and even better if all the photos were taken the same way, like google's street view... and large amounts of computing resources to index and correlate all of the features from all of the images automatically.
I would be surprised if there is not a project in some huge company or lab that can identify features in nearly any public outdoor shot and determine exactly where it was taken. (perhaps for intelligence or forensics)
I believe this paper introduced me to the idea in 2006:
I mean good job on taking the time to actually do it but I doubt this could be done for the vast majority of photos like this.
And if you aren't, there are much easier ways to get info on the room someone is using, like social engineering. Which I'd actually one if the examples the author gave when he simply asked the victim in twitter what floor he/she was on.
I haven't seen criminal scenarios where the bad guy takes a photo if his view or checks in on four square, that doesn't get rounded up fairly quickly.
Using techniques similar to those in photosythn, you can already determine camera location fairly accurately and easier than the manual work done by the article's author.
So if they proceed to do this even after being advised not to; then I have to question if subconsciously they really do want to be caught (it's saddening just how emotionally dependant victims of abuse are on their abusers).
But this is now taking a tangent onto a whole other topic.
Happens less often than you'd hope. Usually such victims require support from others.
"> Anyway the point is there are plenty of situations where you'd want to hide your location but might erroneously think a photo from your window doesn't reveal too much info."
I'm sure there might be some fringe examples, but "plenty"? Nobody has yet suggested even one plausible example so far. And even the examples in the article were from people who didn't care about revealing their location to begin with (eg in the first example, the subject announced he was in Miami as well as taking that picture).
But I'm sure there are some examples of people stupid enough to share a picture of their location and not realise it might reveal their location to other people; I'm rarely surprised by the stupidity of the worst case scenarios. But I also doubt those sorts of people who lack even that level intelligence would be the kind to people who read articles like these. So whichever way I look at it, I can't see anyone's life saved (metaphorically nor literally) by the research conducted by this author (as interesting as it might be to many of us).
Research shows eye-reflections in photos could be used to identify criminals:
Skip ahead to 4:19 for a succinct demo.
Look at that burger - you can see from the menu that this is a vegetarian restaurant - that means that the 'meat' isn't really meat at all but a bean and nut mixture.