In what is referred to in the Intel Community as "Imint", images can be scoured for details to find information people didn't realize they gave away. As a public example, Shia LaBeouf constructed anti-trump performance art consisting of a 24-hour livestream that garnered some decent attention both positive and negative.

Due to some hostility, the livestream was relocated to an unknown location showing only a flag labeled, "He will not divide us". Not long after, despite the video showing only the sky and a flagpole, 4chan users were able to deduce its location using flight patterns and mapping stars. The flag was removed and replaced with a Maga flag instead.

While a video offers more clues than a photo, you'd still be surprised what you can learn from a photo with only a little bit of training. Things like…

A lovely glass heart and also fingerprints!

It's wild how often I find copies of peoples' fingerprints online. Someone selling a coin or button. A farmer showing off a growing berry. Or this artistic photo of a glass heart.

But what's the risk? Would people frame you for crimes with your fingerprint? Probably not. But what about unlocking your phone or laptop? With phone/computer access, it becomes trivial to get into every account you have – email, messages, social page, banks… everything.

Of course, they'd have to be able to translate an online photo into something that can defeat print scanners, but that only requires a 3D printer (or Gummi Bear candies in a pinch)

Are you dating someone really paranoid? Do you have a pissed-off 'ex' who might get access to your phone? Could your family use your phone to get access to your bank accounts and credit? Maybe, maybe not. What is certain is that it's hard to abuse someone's prints when you don't have them.

Whenever you're taking a picture of something in your palm, it's worth taking a second to make sure your fingertips aren't in the shot!

You'd be surprised how frequently people post themselves semi-nude because they didn't check reflections.

Long ago, I checked a work trading board for some furniture and found a decent hutch for a good price. Because I'd learned to scan reflections, I noticed that the woman who sold it to me was in her underwear when she took the photo.

Of course I never said anything (I didn't want to embarrass her), but I have told several thousand people since then!

People are constantly putting themselves in compromising positions by not checking reflections. Like the guy I found on LinkedIn who posted a "motivational talk" while apparently in the passenger seat of a car. Except, if you looked at the reflection in his sunglasses, you could clearly see him holding the wheel with one hand, and the phone in the other.

If I was someone who knew him and didn't like him, I could easily post that to the church board, send it to his family, or share it with the police. It wouldn't be the first time something like that happened:

This is a famous example that I've used for years teaching OPSEC.

I have no sympathy for people who film while driving, but what about people who's various states of undress or nearby toys and medicines might not be things they want people to see? Check your reflections, people.

Hint, check the upper-right

The things people forget to check for in the background can occasionally be hilarious. A selfie where the dog is pooping or drinking out of the toilet or maybe your poor friend who's still in the shower… generally there's no harm done.

But what if you have private medical information visible? Passwords or security information? House keys that can be easily copied (even in a photo at an angle or from up to 200 feet away)? Concerning evidence of hoarding, filth, or other mental care concerns?

Giving away a pre-marriage pregnancy (Photo Credit)

Visible password? That's embarrassing. (Photo Credit)

JK Rowling's profile photo showed an apparent black mold infestation

A key where you can see the ridges can be copied. (Photo Credit)

It gets worse; what if the details people find in your background lead to more serious consequences? This is a scary world where people are judged, ostracized, attacked, or killed for:

Trigger warnings: abuse, violence

• Pregnancy before Marriage
• Not following tradition
• Being the 'wrong' religion
• Being the 'wrong' sexual orientation
• Being the 'wrong' gender
• Dating the 'wrong' people

Keeping yourself and others safe means checking the background. What do you see? Are you "outing" yourself? Someone else? Are you giving away more than you realized? Will the visible details put you or anyone else at extra risk? Check every time before you upload.

Remember in the Accidental Oversharing page when I talked about the risk of sharing your screen or taking screenshots at work without thinking about what's the background? This is why you need PhotoSec skills! For video chat, try splitting the important tabs off to a new browser instance and sharing only that. If uploading screenshots to Tech support, crop out anything that's not strictly relevant.

Sometimes the only thing that stops evil people from acting is not knowing where to find the target of their obsession (or A target of their obsession – a.k.a., a target of opportunity). But what good is caution about reflections and details if the photo itself blabs about your exact location?

Do you notice the 'Show settings' link over there on the right? Try clicking it. What happens?

In this very nice selfie that I found on Flickr, you might notice location information on the right; something often seen on photos uploaded to Flicker or Google or Facebook or whatever. It's not that people are taking the trouble to tag their location; the phone does it for them.

The phone records all the settings for the photo, but also other details it has access to. Maybe your name and sometimes your exact location.

Maybe if you're hiking and want to remember exactly where you saw that cool blue lizard, geo-tagged photos are helpful. If you go missing, the search party might find your last known location by the last cloud-uploaded photo you took. But the rest of the time, what does location information do except put you at risk?

Trigger warning: dark possibilities If you post about solo-night since the spouse and kids are out, if you're a battered spouse on the run whose safety depends on not being found. Or if someone simply finds your lifestyle/religion offensive. In all these scenarios, having photos that are GPS tagged directly to your location is not going to end well.

Often people are safe because finding and harming people is hard, but "helpful" technology trivialize it to the point that the risk becomes higher simply because it's "easy". Especially now that AI tools that help analyze photos for location indicators are becoming more and more proficient.

For example, here's a test I did with GeoSpy.ai

It got it within about 18 miles

Using only a Google Streetview picture at random from the Seattle area, it was able to narrow it to about 18 miles of the actual location – and that's just one photo. What if I had 10 or 100? Some people are very prolific posters and every photo gives bad guys more to work with.

Watch your timing! If you're at a restaurant and taking a picture of your food, if you upload it immediately, people will know where you are for the next 20 to 30 minutes. Maybe post later or the next day instead!

It's easy to say "be careful" without offering any specific advice for actually doing so. But anything that's complicated or takes a lot of effort isn't something we'd actually do in practice. With that in mind, here are some simple tips for improving your risk posture:

1. Crop – Easy – just remove the parts of the photo that have any problematic content. Sure, you can meticulously go through the visible papers on your home office desk; you can check with everyone in the photo at the party before posting. OR, you could just crop out that stuff instead.
2. Shrink – There's rarely a time when it makes sense to upload a giant 20 megapixel photo directly to a social site. Why not shrink it by half or more? Even a photo only 1000 or 1500 pixels wide is plenty large for online sharing while making it next to impossible to see fine details like what's in the reflection of someone's eyes.
3. Disable Geotagging – I mentioned there are some legitimate reasons to geo-tag, but those don't apply to almost anyone. If you want them there for something specific, so be it, but unless that applies to you, disable the "feature" and eliminate the risk entirely.
4. Meta stripping tools/apps – These remove META DATA – the geo-tags, your name, and all that other information that I showed you before. All of it is dumped and gone. I don't have any recommendations because I don't upload near enough to use one of these, but if you're prolific, you might want to "clean" tons of photos all at once and then not worry about it.
5. Screencap hack – On a computer, view the photo at about the size you'd want to see it online, then press WIN+SHIFT+S. This is a quick-capture shortcut that lets you snag a portion of your screen which is auto-saved in your screenshots folder. Then you can upload that screen capture which will be drastically size-reduced (but still large enough and have ZERO meta data attached).
6. Caution and diligence – Check backgrounds, zoom in, check reflections, scour each photo carefully for anything that someone might be able to learn. Make sure you don't have any unique and identifiable features near by like street signs or addresses. If you find something or can't tell for sure, maybe reconsider posting.

Keep in mind this is all about risk. If you're not worried, so be it, but if you're at high risk because of your lifestyle, activism, have some measure of notoriety, or have been directly threatened or bullied, the key is to make sure you don't hand your enemies the weapons they use to bludgeon you with. Be smart, be safe.

In what is referred to in the Intel Community as "Imint", images can be scoured for details to find information people didn't realize they gave away. As a public example, Shia LaBeouf constructed anti-trump performance art consisting of a 24-hour livestream that garnered some decent attention both positive and negative.

Due to some hostility, the livestream was relocated to an unknown location showing only a flag labeled, "He will not divide us". Not long after, despite the video showing only the sky and a flagpole, 4chan users were able to deduce its location using flight patterns and mapping stars. The flag was removed and replaced with a Maga flag instead.

While a video offers more clues than a photo, you'd still be surprised what you can learn from a photo with only a little bit of training. Things like...

A lovely glass heart and also fingerprints!

It's wild how often I find copies of peoples' fingerprints online. Someone selling a coin or button. A farmer showing off a growing berry. Or this artistic photo of a glass heart.

But what's the risk? Would people frame you for crimes with your fingerprint? Probably not. But what about unlocking your phone or laptop? With phone/computer access, it becomes trivial to get into every account you have - email, messages, social page, banks... everything.

Of course, they'd have to be able to translate an online photo into something that can defeat print scanners, but that only requires a 3D printer (or Gummi Bear candies in a pinch)

Are you dating someone really paranoid? Do you have a pissed-off 'ex' who might get access to your phone? Could your family use your phone to get access to your bank accounts and credit? Maybe, maybe not. What is certain is that it's hard to abuse someone's prints when you don't have them.

Whenever you're taking a picture of something in your palm, it's worth taking a second to make sure your fingertips aren't in the shot!

You'd be surprised how frequently people post themselves semi-nude because they didn't check reflections.

Long ago, I checked a work trading board for some furniture and found a decent hutch for a good price. Because I'd learned to scan reflections, I noticed that the woman who sold it to me was in her underwear when she took the photo.

Of course I never said anything (I didn't want to embarrass her), but I have told several thousand people since then!

People are constantly putting themselves in compromising positions by not checking reflections. Like the guy I found on LinkedIn who posted a "motivational talk" while apparently in the passenger seat of a car. Except, if you looked at the reflection in his sunglasses, you could clearly see him holding the wheel with one hand, and the phone in the other.

If I was someone who knew him and didn't like him, I could easily post that to the church board, send it to his family, or share it with the police. It wouldn't be the first time something like that happened:

This is a famous example that I've used for years teaching OPSEC.

I have no sympathy for people who film while driving, but what about people who's various states of undress or nearby toys and medicines might not be things they want people to see? Check your reflections, people.

Hint, check the upper-right

The things people forget to check for in the background can occasionally be hilarious. A selfie where the dog is pooping or drinking out of the toilet or maybe your poor friend who's still in the shower... generally there's no harm done.

But what if you have private medical information visible? Passwords or security information? House keys that can be easily copied (even in a photo at an angle or from up to 200 feet away)? Concerning evidence of hoarding, filth, or other mental care concerns?

Giving away a pre-marriage pregnancy (Photo Credit)

Visible password? That's embarrassing. (Photo Credit)

JK Rowling's profile photo showed an apparent black mold infestation

A key where you can see the ridges can be copied. (Photo Credit)

It gets worse; what if the details people find in your background lead to more serious consequences? This is a scary world where people are judged, ostracized, attacked, or killed for:

Trigger warnings: abuse, violence

• Pregnancy before Marriage
• Not following tradition
• Being the 'wrong' religion
• Being the 'wrong' sexual orientation
• Being the 'wrong' gender
• Dating the 'wrong' people

Keeping yourself and others safe means checking the background. What do you see? Are you "outing" yourself? Someone else? Are you giving away more than you realized? Will the visible details put you or anyone else at extra risk? Check every time before you upload.

Remember in the Accidental Oversharing page when I talked about the risk of sharing your screen or taking screenshots at work without thinking about what's the background? This is why you need PhotoSec skills! For video chat, try splitting the important tabs off to a new browser instance and sharing only that. If uploading screenshots to Tech support, crop out anything that's not strictly relevant.

Sometimes the only thing that stops evil people from acting is not knowing where to find the target of their obsession (or A target of their obsession - a.k.a., a target of opportunity). But what good is caution about reflections and details if the photo itself blabs about your exact location?

Do you notice the 'Show settings' link over there on the right? Try clicking it. What happens?

In this very nice selfie that I found on Flickr, you might notice location information on the right; something often seen on photos uploaded to Flicker or Google or Facebook or whatever. It's not that people are taking the trouble to tag their location; the phone does it for them.

The phone records all the settings for the photo, but also other details it has access to. Maybe your name and sometimes your exact location.

Maybe if you're hiking and want to remember exactly where you saw that cool blue lizard, geo-tagged photos are helpful. If you go missing, the search party might find your last known location by the last cloud-uploaded photo you took. But the rest of the time, what does location information do except put you at risk?

Trigger warning: dark possibilities If you post about solo-night since the spouse and kids are out, if you're a battered spouse on the run whose safety depends on not being found. Or if someone simply finds your lifestyle/religion offensive. In all these scenarios, having photos that are GPS tagged directly to your location is not going to end well.

Often people are safe because finding and harming people is hard, but "helpful" technology trivialize it to the point that the risk becomes higher simply because it's "easy". Especially now that AI tools that help analyze photos for location indicators are becoming more and more proficient.

For example, here's a test I did with GeoSpy.ai

It got it within about 18 miles

Using only a Google Streetview picture at random from the Seattle area, it was able to narrow it to about 18 miles of the actual location - and that's just one photo. What if I had 10 or 100? Some people are very prolific posters and every photo gives bad guys more to work with.

Watch your timing! If you're at a restaurant and taking a picture of your food, if you upload it immediately, people will know where you are for the next 20 to 30 minutes. Maybe post later or the next day instead!

It's easy to say "be careful" without offering any specific advice for actually doing so. But anything that's complicated or takes a lot of effort isn't something we'd actually do in practice. With that in mind, here are some simple tips for improving your risk posture:

1. Crop - Easy - just remove the parts of the photo that have any problematic content. Sure, you can meticulously go through the visible papers on your home office desk; you can check with everyone in the photo at the party before posting. OR, you could just crop out that stuff instead.
2. Shrink - There's rarely a time when it makes sense to upload a giant 20 megapixel photo directly to a social site. Why not shrink it by half or more? Even a photo only 1000 or 1500 pixels wide is plenty large for online sharing while making it next to impossible to see fine details like what's in the reflection of someone's eyes.
3. Disable Geotagging - I mentioned there are some legitimate reasons to geo-tag, but those don't apply to almost anyone. If you want them there for something specific, so be it, but unless that applies to you, disable the "feature" and eliminate the risk entirely.
4. Meta stripping tools/apps - These remove META DATA - the geo-tags, your name, and all that other information that I showed you before. All of it is dumped and gone. I don't have any recommendations because I don't upload near enough to use one of these, but if you're prolific, you might want to "clean" tons of photos all at once and then not worry about it.
5. Screencap hack - On a computer, view the photo at about the size you'd want to see it online, then press WIN+SHIFT+S. This is a quick-capture shortcut that lets you snag a portion of your screen which is auto-saved in your screenshots folder. Then you can upload that screen capture which will be drastically size-reduced (but still large enough and have ZERO meta data attached).
6. Caution and diligence - Check backgrounds, zoom in, check reflections, scour each photo carefully for anything that someone might be able to learn. Make sure you don't have any unique and identifiable features near by like street signs or addresses. If you find something or can't tell for sure, maybe reconsider posting.

Keep in mind this is all about risk. If you're not worried, so be it, but if you're at high risk because of your lifestyle, activism, have some measure of notoriety, or have been directly threatened or bullied, the key is to make sure you don't hand your enemies the weapons they use to bludgeon you with. Be smart, be safe.

From the first days I taught Operations Security (OPSEC) for the Inter-Agency OPSEC Support Staff, selling the idea of OPSEC was hard. People saw it as another chore: try to remember your list of critical information and don't talk about it. Yawn…

But the military and Intel Agencies take this very seriously Because seemingly unimportant information that is shared carelessly is dangerous.

Purple Dragon - the original OPSEC program for the USA.

For example, during the Vietnam war, the US military inadvertently leaked their plans to the Viet Cong spy network by having their planes visibly on the runway with the supplies staged nearby.

In a more modern example, reporters in the 90's discovered that they could predict major world-events based on the number of late-night pizza delivered to the Pentagon and other key agencies – a phenomenon now playfully referred to as "the pizza meter".

Basically, by operating in the open with no care for who was watching and what they might learn, US forces suffered data leaks of their own making. But who cares about the government, right? Why should regular people should care?

The crime of disbelief

Do you believe in Zeus and Poseidon? Do you legitimately believe they're real and must be respected and feared? If not, you are a non-believer… just like the rest of us. There are many major religions and branches and we are all non-believers to one or the other… and that shouldn't be anyone's business or concern. But not everyone agrees.

Trigger warning: violence, death

I was raised Christian, but learned early that there are "right kinds" and "wrong kinds". Catholics, Baptists, and others who claim to have the same beliefs, but will still argue and judge each other. It's one reason separation of church and state is so important – even if people could agree on the religion, there's just too much disagreement about details.

A 2017 Netflix Special about an activist murdered for her cause

Luckily, brave people like Madalyn Murray O'Hair advocated against forced prayer and Bible readings in public schools as early as the 60's. Through a lifetime of court cases and advocacy, she made schools a safe place for those of a different denomination, a different religion, or no religion at all.

A 2017 Netflix special details O’Hair’s life, her struggles, her victories, and (ultimately) her kidnapping and brutal murder in 1995. By making an effort to make the USA more respectful and inclusive for people of different beliefs, she, her son, and granddaughter paid the ultimate price.

The crime of being "girly"

The crime of freedom

More than ever these days, it's become vitally important for vulnerable populations and advocates to learn how to speak without drawing undue attention from aggressors OR to be a 'hard target' if you do.

In an ideal USA, bigots and abusers would face scorn, shame, and, most of all, repercussions for their hate. But at the whims of society and politics, they not only might escape any consequence; they may be cheered and applauded. Whatever our ideals, we have to live in reality and that means sometimes being judicious about the amount and kind of attention we draw to ourselves.

Bottom line, whether it's serial killers, child molesters, haters, abusers, creeps, or con artists; strangers or people you know – it's in your best interests to learn about risks and countermeasures so you can make an informed choice about sharing information.

But first a disclaimer!

Why bother?

Commander biographies far too often publicly list family names, ages, sexes, schools and more

When I worked for the Inter-agency OPSEC Support Staff, a co-worker shared the story of a military commander who didn't think they needed an OPSEC program. In his view, "we're careful so all that extra effort is a waste."

To prove the point, my co-worker looked up his public profile online. There he found a bit of background on the commander, his wife, and his kids. It also mentioned his oldest daughter was a student at the nearby University of Maryland.

Minutes later, he'd found the daughter's profile on Facebook where it listed several photos, details of her life, and her class schedule. He grabbed a camera, a buddy, and printout of the schedule and went down to the school.

At the expected time, she came out of the Chem building, crossed the quad, and then sat at a long bench to check her bag. My co-worker sat down on the other end of the bench and did a "V" sign while his buddy took the shot. Later, he tossed the photo down on the commander's desk and said, "THAT is why you need an OPSEC program."

The good news is that the commander didn't take it personally and implemented the program, but not everyone has a team to handle this stuff for them. And even if they did, trying to trying to stay aware of (and defend from) every new type of scam, hack, or trick is impossible. But giving up isn't the answer either. There needs to be a third option and that option is LifeSec.

Like a martial art, LifeSec is a lifestyle. Not a series of steps and processes, but a set of general rules to internalize and make part of your every day life. While this could never be 100%, adjusting your mentality about personal information has a much better chance of protecting you not just from the attacks of today, but whatever new con is waiting right around the corner.

First up, The Risk of Visibility.

AT&T

(Image used under: Creative Commons 2.0 [SRC])

AT&T has an exclusive contract with the Department of Defense and is therefore the "cheapest" provider military families can use to contact loved ones in the Middle East. But using the phone cards is more than just a hassle. Though AT&T advertises a very low rate, the actual charges are far more than nearly any other option available since the calls rarely go through and minutes are charged whether they do or not.

At least one military wife found that spending $3 per minute with her cell-phone was cheaper in the long run.