Yes, it's THAT book!

Drop your email here to stay informed of the status of my "tell most" book about the National Security Agency:

--OR--

Read a little about the book here:

Employees are allies, not the adversary

--OR--

Check out the Kickstarter here (click)
How can I help you?
Contact Jeremy
Recommendations

Here's something that


I, Jeremy Duffy, actually recommend and think is worth checking out.
No web-bugs, no bs, just a legit recommmendation that I have personally evaluated before allowing it to be listed here:

Think something's here that shouldn't be? contact me!

PhotoSec – 4 Things You Should Always Check For Before Uploading Photos

#1 - Fingerprints
A lovely glass heart and also fingerprints!

It's wild how often I find copies of peoples' fingerprints online. Someone selling a coin or button. A farmer showing off a growing berry. Or this artistic photo of a glass heart.

But what's the risk? Would people frame you for crimes with your fingerprint? Probably not. But what about unlocking your phone or laptop? With phone/computer access, it becomes trivial to get into every account you have - email, messages, social page, banks... everything.

Of course, they'd have to be able to translate an online photo into something that can defeat print scanners, but that only requires a 3D printer (or Gummi Bear candies in a pinch)

Are you dating someone really paranoid? Do you have a pissed-off 'ex' who might get access to your phone? Could your family use your phone to get access to your bank accounts and credit? Maybe, maybe not. What is certain is that it's hard to abuse someone's prints when you don't have them.

Whenever you're taking a picture of something in your palm, it's worth taking a second to make sure your fingertips aren't in the shot!

#2 Reflections
You'd be surprised how frequently people post themselves semi-nude because they didn't check reflections.

Long ago, I checked a work trading board for some furniture and found a decent hutch for a good price. Because I'd learned to scan reflections, I noticed that the woman who sold it to me was in her underwear when she took the photo.

Of course I never said anything (I didn't want to embarrass her), but I have told several thousand people since then!

People are constantly putting themselves in compromising positions by not checking reflections. Like the guy I found on LinkedIn who posted a "motivational talk" while apparently in the passenger seat of a car. Except, if you looked at the reflection in his sunglasses, you could clearly see him holding the wheel with one hand, and the phone in the other.

If I was someone who knew him and didn't like him, I could easily post that to the church board, send it to his family, or share it with the police. It wouldn't be the first time something like that happened:

This is a famous example that I've used for years teaching OPSEC.
I have no sympathy for people who film while driving, but what about people who's various states of undress or nearby toys and medicines might not be things they want people to see? Check your reflections, people.
#3 Background details
Hint, check the upper-right

The things people forget to check for in the background can occasionally be hilarious. A selfie where the dog is pooping or drinking out of the toilet or maybe your poor friend who's still in the shower... generally there's no harm done.

But what if you have private medical information visible? Passwords or security information? House keys that can be easily copied (even in a photo at an angle or from up to 200 feet away)? Concerning evidence of hoarding, filth, or other mental care concerns?


Giving away a pre-marriage pregnancy (Photo Credit)
Visible password? That's embarrassing. (Photo Credit)
JK Rowling's profile photo showed an apparent black mold infestation
A key where you can see the ridges can be copied. (Photo Credit)

It gets worse; what if the details people find in your background lead to more serious consequences? This is a scary world where people are judged, ostracized, attacked, or killed for:

Trigger warnings: abuse, violence

Keeping yourself and others safe means checking the background. What do you see? Are you "outing" yourself? Someone else? Are you giving away more than you realized? Will the visible details put you or anyone else at extra risk? Check every time before you upload.


#4 Location

Trigger Warning: Stalking, Assault

Hibiki Sato was one of many fans of pop-idol Ena Matsuoka, but he was obssessed. He studied her online photos to find her. Which way did the sun fall in the window of her apartment? What kind of window-dressings did she use? What features were visible outside?

He finally got his chance when he noticed, in a high-resolution selfie she took on her commute home, a sign for a train station in the reflection of her eye. It was enough for him to stake-out the station, wait until she showed, then follow her home. She survived, but some aren't so lucky.

Idol hunted from an eyeball reflection

Sometimes the only thing that stops evil people from acting is not knowing where to find the target of their obsession (or A target of their obsession - a.k.a., a target of opportunity). But what good is caution about reflections and details if the photo itself blabs about your exact location?

Do you notice the 'Show settings' link over there on the right? Try clicking it. What happens?

In this very nice selfie that I found on Flickr, you might notice location information on the right; something often seen on photos uploaded to Flicker or Google or Facebook or whatever. It's not that people are taking the trouble to tag their location; the phone does it for them.

The phone records all the settings for the photo, but also other details it has access to. Maybe your name and sometimes your exact location.

Maybe if you're hiking and want to remember exactly where you saw that cool blue lizard, geo-tagged photos are helpful. If you go missing, the search party might find your last known location by the last cloud-uploaded photo you took.

Trigger warning: dark possibilities But if you post while on vacation and thieves can see you're not home (and can check older photos for the location of your home). Or your stalker noticed you posted about being home alone for the evening (along with the exactly location where to find you). Or you're a battered spouse on the run whose safety depends on not being found. Or if someone simply finds your lifestyle/religion offensive and now they know where to go to take out their frustrations...

Often people are safe because finding and harming people is hard, but "helpful" technology trivialize it to the point that the risk becomes higher simply because it's "easy". Especially now that AI tools that help analyze photos for location indicators are becoming more and more proficient.

For example, here's a test I did with GeoSpy.ai

It got it within about 18 miles

Using only a Google Streetview picture at random from the Seattle area, it was able to narrow it to about 18 miles of the actual location - and that's just one photo. What if I had 10 or 100? Some people are very prolific posters and every photo gives bad guys more to work with.

Watch your timing! If you're at a restaurant and taking a picture of your food, if you upload it immediately, people will know where you are for the next 20 to 30 minutes. Maybe post later or the next day instead!
I'm scared. Now what?

It's easy to say "be careful" without offering any specific advice for actually doing so. But anything that's complicated or takes a lot of effort isn't something we'd actually do in practice. With that in mind, here are some simple tips for improving your risk posture:

  1. Crop - Easy - just remove the parts of the photo that have any problematic content. Sure, you can meticulously go through the visible papers on your home office desk; you can check with everyone in the photo at the party before posting. OR, you could just crop out that stuff instead.
  2. Shrink - There's rarely a time when it makes sense to upload a giant 20 megapixel photo directly to a social site. Why not shrink it by half or more? Even a photo only 1000 or 1500 pixels wide is plenty large for online sharing while making it next to impossible to see fine details like what's in the reflection of someone's eyes.
  3. Disable Geotagging - I mentioned there are some legitimate reasons to geo-tag, but those don't apply to almost anyone. If you want them there for something specific, so be it, but unless that applies to you, disable the "feature" and eliminate the risk entirely.
  4. Meta stripping tools/apps - These remove META DATA - the geo-tags, your name, and all that other information that I showed you before. All of it is dumped and gone. I don't have any recommendations because I don't upload near enough to use one of these, but if you're prolific, you might want to "clean" tons of photos all at once and then not worry about it.
  5. Screencap hack - On a computer, view the photo at about the size you'd want to see it online, then press WIN+SHIFT+S. This is a quick-capture shortcut that lets you snag a portion of your screen which is auto-saved in your screenshots folder. Then you can upload that screen capture which will be drastically size-reduced (but still large enough and have ZERO meta data attached).
  6. Caution and diligence - Check backgrounds, zoom in, check reflections, scour each photo carefully for anything that someone might be able to learn. Make sure you don't have any unique and identifiable features near by like street signs or addresses. If you find something or can't tell for sure, maybe reconsider posting.
Keep in mind this is all about risk. If you're not worried, so be it, but if you're at high risk because of your lifestyle, activism, have some measure of notoriety, or have been directly threatened or bullied, the key is to make sure you don't hand your enemies the weapons they use to bludgeon you with. Be smart, be safe.

Share This

Have a Comment or Question?

Loading...

If you want to learn more about my professional background, click here to learn more.

Check out one of my guides/tutorials:

computer security Tutorial
|INDEX|next: Spyware Scanners

Security Software

Make sure you have a up-to-date Anti-Virus Program to protect you against bad websites or files.
Sometimes spyware gets in your computer and the anti-virus won't stop it. Use a spyware scanner to find and remove spyware and adware.
Use a software firewall to detect bad code on your computer when it tries to connect to the Internet.
Always keep your system up to date with security patches or none of the rest of your security software will matter.
Use an encryption tool to protect your important data when storing or transmitting it.
Switch to Firefox for your web browsing and you'll be better protected from Internet threats.

Safe Computing Practices

Don't get tricked by fake alerts or clever webpages into downloading viruses or spyware!

... or check out any of my other guides and tutorials by clicking here!

Anti-Virus

A virus can come from files, e-mails, web pages, or even devices you plug in (like thumbdrives or printers) and destroy your files or your computer once they get in. An anti-virus is software designed to detect and prevent that from happening.

[Click for full description]

Spyware Scanners

Learn how to detect and remove spyware and adware using a free scanning tool.

[Click for full description]

Software Firewall

Learn what a firewall is and why you want one on your computer.

[Click for full description]

Operating System Updates

Make sure to keep your operating system up-to-date with security patches or else none of the rest of your security software will be able to protect you.

[Click for full description]

File Encryption

Learn how to protect your important files on your computer or when transmitting them with free tools for file encryption.

[Click for full description]

Mozilla Firefox - Internet Browser

There are many browser choices out there. Read why I think Firefox is one of the best.

[Click for full description]

Fake Alerts

Maybe you've done everything right and you're computer is sufficiently fortress-like, but then you or someone in your family falls for a simple scam that tricks them into directly installing the bad guy's virus! Learn how to spot and ignore fakes!

[Click for full description]