In what is referred to in the Intel Community as "Imint", images can be scoured for details to find information people didn't realize they gave away. As a public example, Shia LaBeouf constructed anti-trump performance art consisting of a 24-hour livestream that garnered some decent attention both positive and negative.

Due to some hostility, the livestream was relocated to an unknown location showing only a flag labeled, "He will not divide us". Not long after, despite the video showing only the sky and a flagpole, 4chan users were able to deduce its location using flight patterns and mapping stars. The flag was removed and replaced with a Maga flag instead.

While a video offers more clues than a photo, you'd still be surprised what you can learn from a photo with only a little bit of training. Things like…

A lovely glass heart and also fingerprints!

It's wild how often I find copies of peoples' fingerprints online. Someone selling a coin or button. A farmer showing off a growing berry. Or this artistic photo of a glass heart.

But what's the risk? Would people frame you for crimes with your fingerprint? Probably not. But what about unlocking your phone or laptop? With phone/computer access, it becomes trivial to get into every account you have – email, messages, social page, banks… everything.

Of course, they'd have to be able to translate an online photo into something that can defeat print scanners, but that only requires a 3D printer (or Gummi Bear candies in a pinch)

Are you dating someone really paranoid? Do you have a pissed-off 'ex' who might get access to your phone? Could your family use your phone to get access to your bank accounts and credit? Maybe, maybe not. What is certain is that it's hard to abuse someone's prints when you don't have them.

Whenever you're taking a picture of something in your palm, it's worth taking a second to make sure your fingertips aren't in the shot!

You'd be surprised how frequently people post themselves semi-nude because they didn't check reflections.

Long ago, I checked a work trading board for some furniture and found a decent hutch for a good price. Because I'd learned to scan reflections, I noticed that the woman who sold it to me was in her underwear when she took the photo.

Of course I never said anything (I didn't want to embarrass her), but I have told several thousand people since then!

People are constantly putting themselves in compromising positions by not checking reflections. Like the guy I found on LinkedIn who posted a "motivational talk" while apparently in the passenger seat of a car. Except, if you looked at the reflection in his sunglasses, you could clearly see him holding the wheel with one hand, and the phone in the other.

If I was someone who knew him and didn't like him, I could easily post that to the church board, send it to his family, or share it with the police. It wouldn't be the first time something like that happened:

This is a famous example that I've used for years teaching OPSEC.

I have no sympathy for people who film while driving, but what about people who's various states of undress or nearby toys and medicines might not be things they want people to see? Check your reflections, people.

Hint, check the upper-right

The things people forget to check for in the background can occasionally be hilarious. A selfie where the dog is pooping or drinking out of the toilet or maybe your poor friend who's still in the shower… generally there's no harm done.

But what if you have private medical information visible? Passwords or security information? House keys that can be easily copied (even in a photo at an angle or from up to 200 feet away)? Concerning evidence of hoarding, filth, or other mental care concerns?

Giving away a pre-marriage pregnancy (Photo Credit)

Visible password? That's embarrassing. (Photo Credit)

JK Rowling's profile photo showed an apparent black mold infestation

A key where you can see the ridges can be copied. (Photo Credit)

It gets worse; what if the details people find in your background lead to more serious consequences? This is a scary world where people are judged, ostracized, attacked, or killed for:

Trigger warnings: abuse, violence

• Pregnancy before Marriage
• Not following tradition
• Being the 'wrong' religion
• Being the 'wrong' sexual orientation
• Being the 'wrong' gender
• Dating the 'wrong' people

Keeping yourself and others safe means checking the background. What do you see? Are you "outing" yourself? Someone else? Are you giving away more than you realized? Will the visible details put you or anyone else at extra risk? Check every time before you upload.

Remember in the Accidental Oversharing page when I talked about the risk of sharing your screen or taking screenshots at work without thinking about what's the background? This is why you need PhotoSec skills! For video chat, try splitting the important tabs off to a new browser instance and sharing only that. If uploading screenshots to Tech support, crop out anything that's not strictly relevant.

Sometimes the only thing that stops evil people from acting is not knowing where to find the target of their obsession (or A target of their obsession – a.k.a., a target of opportunity). But what good is caution about reflections and details if the photo itself blabs about your exact location?

Do you notice the 'Show settings' link over there on the right? Try clicking it. What happens?

In this very nice selfie that I found on Flickr, you might notice location information on the right; something often seen on photos uploaded to Flicker or Google or Facebook or whatever. It's not that people are taking the trouble to tag their location; the phone does it for them.

The phone records all the settings for the photo, but also other details it has access to. Maybe your name and sometimes your exact location.

Maybe if you're hiking and want to remember exactly where you saw that cool blue lizard, geo-tagged photos are helpful. If you go missing, the search party might find your last known location by the last cloud-uploaded photo you took. But the rest of the time, what does location information do except put you at risk?

Trigger warning: dark possibilities If you post about solo-night since the spouse and kids are out, if you're a battered spouse on the run whose safety depends on not being found. Or if someone simply finds your lifestyle/religion offensive. In all these scenarios, having photos that are GPS tagged directly to your location is not going to end well.

Often people are safe because finding and harming people is hard, but "helpful" technology trivialize it to the point that the risk becomes higher simply because it's "easy". Especially now that AI tools that help analyze photos for location indicators are becoming more and more proficient.

For example, here's a test I did with GeoSpy.ai

It got it within about 18 miles

Using only a Google Streetview picture at random from the Seattle area, it was able to narrow it to about 18 miles of the actual location – and that's just one photo. What if I had 10 or 100? Some people are very prolific posters and every photo gives bad guys more to work with.

Watch your timing! If you're at a restaurant and taking a picture of your food, if you upload it immediately, people will know where you are for the next 20 to 30 minutes. Maybe post later or the next day instead!

It's easy to say "be careful" without offering any specific advice for actually doing so. But anything that's complicated or takes a lot of effort isn't something we'd actually do in practice. With that in mind, here are some simple tips for improving your risk posture:

1. Crop – Easy – just remove the parts of the photo that have any problematic content. Sure, you can meticulously go through the visible papers on your home office desk; you can check with everyone in the photo at the party before posting. OR, you could just crop out that stuff instead.
2. Shrink – There's rarely a time when it makes sense to upload a giant 20 megapixel photo directly to a social site. Why not shrink it by half or more? Even a photo only 1000 or 1500 pixels wide is plenty large for online sharing while making it next to impossible to see fine details like what's in the reflection of someone's eyes.
3. Disable Geotagging – I mentioned there are some legitimate reasons to geo-tag, but those don't apply to almost anyone. If you want them there for something specific, so be it, but unless that applies to you, disable the "feature" and eliminate the risk entirely.
4. Meta stripping tools/apps – These remove META DATA – the geo-tags, your name, and all that other information that I showed you before. All of it is dumped and gone. I don't have any recommendations because I don't upload near enough to use one of these, but if you're prolific, you might want to "clean" tons of photos all at once and then not worry about it.
5. Screencap hack – On a computer, view the photo at about the size you'd want to see it online, then press WIN+SHIFT+S. This is a quick-capture shortcut that lets you snag a portion of your screen which is auto-saved in your screenshots folder. Then you can upload that screen capture which will be drastically size-reduced (but still large enough and have ZERO meta data attached).
6. Caution and diligence – Check backgrounds, zoom in, check reflections, scour each photo carefully for anything that someone might be able to learn. Make sure you don't have any unique and identifiable features near by like street signs or addresses. If you find something or can't tell for sure, maybe reconsider posting.

Keep in mind this is all about risk. If you're not worried, so be it, but if you're at high risk because of your lifestyle, activism, have some measure of notoriety, or have been directly threatened or bullied, the key is to make sure you don't hand your enemies the weapons they use to bludgeon you with. Be smart, be safe.

In what is referred to in the Intel Community as "Imint", images can be scoured for details to find information people didn't realize they gave away. As a public example, Shia LaBeouf constructed anti-trump performance art consisting of a 24-hour livestream that garnered some decent attention both positive and negative.

Due to some hostility, the livestream was relocated to an unknown location showing only a flag labeled, "He will not divide us". Not long after, despite the video showing only the sky and a flagpole, 4chan users were able to deduce its location using flight patterns and mapping stars. The flag was removed and replaced with a Maga flag instead.

While a video offers more clues than a photo, you'd still be surprised what you can learn from a photo with only a little bit of training. Things like...

A lovely glass heart and also fingerprints!

It's wild how often I find copies of peoples' fingerprints online. Someone selling a coin or button. A farmer showing off a growing berry. Or this artistic photo of a glass heart.

But what's the risk? Would people frame you for crimes with your fingerprint? Probably not. But what about unlocking your phone or laptop? With phone/computer access, it becomes trivial to get into every account you have - email, messages, social page, banks... everything.

Of course, they'd have to be able to translate an online photo into something that can defeat print scanners, but that only requires a 3D printer (or Gummi Bear candies in a pinch)

Are you dating someone really paranoid? Do you have a pissed-off 'ex' who might get access to your phone? Could your family use your phone to get access to your bank accounts and credit? Maybe, maybe not. What is certain is that it's hard to abuse someone's prints when you don't have them.

Whenever you're taking a picture of something in your palm, it's worth taking a second to make sure your fingertips aren't in the shot!

You'd be surprised how frequently people post themselves semi-nude because they didn't check reflections.

Long ago, I checked a work trading board for some furniture and found a decent hutch for a good price. Because I'd learned to scan reflections, I noticed that the woman who sold it to me was in her underwear when she took the photo.

Of course I never said anything (I didn't want to embarrass her), but I have told several thousand people since then!

People are constantly putting themselves in compromising positions by not checking reflections. Like the guy I found on LinkedIn who posted a "motivational talk" while apparently in the passenger seat of a car. Except, if you looked at the reflection in his sunglasses, you could clearly see him holding the wheel with one hand, and the phone in the other.

If I was someone who knew him and didn't like him, I could easily post that to the church board, send it to his family, or share it with the police. It wouldn't be the first time something like that happened:

This is a famous example that I've used for years teaching OPSEC.

I have no sympathy for people who film while driving, but what about people who's various states of undress or nearby toys and medicines might not be things they want people to see? Check your reflections, people.

Hint, check the upper-right

The things people forget to check for in the background can occasionally be hilarious. A selfie where the dog is pooping or drinking out of the toilet or maybe your poor friend who's still in the shower... generally there's no harm done.

But what if you have private medical information visible? Passwords or security information? House keys that can be easily copied (even in a photo at an angle or from up to 200 feet away)? Concerning evidence of hoarding, filth, or other mental care concerns?

Giving away a pre-marriage pregnancy (Photo Credit)

Visible password? That's embarrassing. (Photo Credit)

JK Rowling's profile photo showed an apparent black mold infestation

A key where you can see the ridges can be copied. (Photo Credit)

It gets worse; what if the details people find in your background lead to more serious consequences? This is a scary world where people are judged, ostracized, attacked, or killed for:

Trigger warnings: abuse, violence

• Pregnancy before Marriage
• Not following tradition
• Being the 'wrong' religion
• Being the 'wrong' sexual orientation
• Being the 'wrong' gender
• Dating the 'wrong' people

Keeping yourself and others safe means checking the background. What do you see? Are you "outing" yourself? Someone else? Are you giving away more than you realized? Will the visible details put you or anyone else at extra risk? Check every time before you upload.

Remember in the Accidental Oversharing page when I talked about the risk of sharing your screen or taking screenshots at work without thinking about what's the background? This is why you need PhotoSec skills! For video chat, try splitting the important tabs off to a new browser instance and sharing only that. If uploading screenshots to Tech support, crop out anything that's not strictly relevant.

Sometimes the only thing that stops evil people from acting is not knowing where to find the target of their obsession (or A target of their obsession - a.k.a., a target of opportunity). But what good is caution about reflections and details if the photo itself blabs about your exact location?

Do you notice the 'Show settings' link over there on the right? Try clicking it. What happens?

In this very nice selfie that I found on Flickr, you might notice location information on the right; something often seen on photos uploaded to Flicker or Google or Facebook or whatever. It's not that people are taking the trouble to tag their location; the phone does it for them.

The phone records all the settings for the photo, but also other details it has access to. Maybe your name and sometimes your exact location.

Maybe if you're hiking and want to remember exactly where you saw that cool blue lizard, geo-tagged photos are helpful. If you go missing, the search party might find your last known location by the last cloud-uploaded photo you took. But the rest of the time, what does location information do except put you at risk?

Trigger warning: dark possibilities If you post about solo-night since the spouse and kids are out, if you're a battered spouse on the run whose safety depends on not being found. Or if someone simply finds your lifestyle/religion offensive. In all these scenarios, having photos that are GPS tagged directly to your location is not going to end well.

Often people are safe because finding and harming people is hard, but "helpful" technology trivialize it to the point that the risk becomes higher simply because it's "easy". Especially now that AI tools that help analyze photos for location indicators are becoming more and more proficient.

For example, here's a test I did with GeoSpy.ai

It got it within about 18 miles

Using only a Google Streetview picture at random from the Seattle area, it was able to narrow it to about 18 miles of the actual location - and that's just one photo. What if I had 10 or 100? Some people are very prolific posters and every photo gives bad guys more to work with.

Watch your timing! If you're at a restaurant and taking a picture of your food, if you upload it immediately, people will know where you are for the next 20 to 30 minutes. Maybe post later or the next day instead!

It's easy to say "be careful" without offering any specific advice for actually doing so. But anything that's complicated or takes a lot of effort isn't something we'd actually do in practice. With that in mind, here are some simple tips for improving your risk posture:

1. Crop - Easy - just remove the parts of the photo that have any problematic content. Sure, you can meticulously go through the visible papers on your home office desk; you can check with everyone in the photo at the party before posting. OR, you could just crop out that stuff instead.
2. Shrink - There's rarely a time when it makes sense to upload a giant 20 megapixel photo directly to a social site. Why not shrink it by half or more? Even a photo only 1000 or 1500 pixels wide is plenty large for online sharing while making it next to impossible to see fine details like what's in the reflection of someone's eyes.
3. Disable Geotagging - I mentioned there are some legitimate reasons to geo-tag, but those don't apply to almost anyone. If you want them there for something specific, so be it, but unless that applies to you, disable the "feature" and eliminate the risk entirely.
4. Meta stripping tools/apps - These remove META DATA - the geo-tags, your name, and all that other information that I showed you before. All of it is dumped and gone. I don't have any recommendations because I don't upload near enough to use one of these, but if you're prolific, you might want to "clean" tons of photos all at once and then not worry about it.
5. Screencap hack - On a computer, view the photo at about the size you'd want to see it online, then press WIN+SHIFT+S. This is a quick-capture shortcut that lets you snag a portion of your screen which is auto-saved in your screenshots folder. Then you can upload that screen capture which will be drastically size-reduced (but still large enough and have ZERO meta data attached).
6. Caution and diligence - Check backgrounds, zoom in, check reflections, scour each photo carefully for anything that someone might be able to learn. Make sure you don't have any unique and identifiable features near by like street signs or addresses. If you find something or can't tell for sure, maybe reconsider posting.

Keep in mind this is all about risk. If you're not worried, so be it, but if you're at high risk because of your lifestyle, activism, have some measure of notoriety, or have been directly threatened or bullied, the key is to make sure you don't hand your enemies the weapons they use to bludgeon you with. Be smart, be safe.