How posting photos online can compromise privacy3 min read . Updated: 28 Mar 2019, 09:18 PM IST
- IBM was found using millions of photos taken from image hosting platform Flickr to train its facial recognition systems
- Photos on social media can reveal your location and even be used to unlock your phone
In December 2018, Facebook found a bug that may have affected personal photos of around 6.8 million users, including photos that users had kept out of their timelines. “The bug potentially gave developers access to other photos, such as those shared on Marketplace or Facebook Stories. It also impacted photos that people uploaded to Facebook but chose not to post," pointed out Tomer Bar, who was then an engineering director at Facebook, in an official developer blog post. Facebook has since fixed the bug.
This month, IBM (International Business Machines) was found to be using millions of photos taken from image hosting platform Flickr to train its facial recognition systems.
According to news reports, the photos used by IBM had been annotated with details like skin tone for the training algorithms.
When the photos were shown to photographers, they were surprised as they and the subjects in the photos had no idea that those photos were being used for research. In its official statement to the press, IBM said that it used only images that were publicly available, had been used for an earlier research, and users can request them to be removed if they want.
The race to build the most reliable face recognition platform requires a massive data set of faces. Most existing data sets collected for prior research purposes are very limited and lack racial diversity to train facial recognition algorithms. Clearly, companies in the space will require more facial data. Experts are of the opinion that companies that are collecting and working on face data, need to be more transparent on how the data is stored, who all have access to it and how it is going to be used. While Facebook’s photo privacy concern was pinned on an application programming interface (API) bug, the face recognition project by IBM was a case of oversight. However, in both cases, users had no control over their own photos.
There are several cases where photos shared by users on social media or image hosting platforms were stolen, made public to humiliate or blackmail them and misused for fraud and identity theft. Photos from social media can also be used to unlock stolen smartphones where face unlocking mechanism was poorly implemented. Sometimes, photos can reveal more than is visible to users, like location details.
According to researchers from department of Computer Science in Kent State University, when a user shares a photo on social media, the platform captures their GPS coordinates and appends them to the post. Using the API, anyone can retrieve the exact location of the picture via the metadata, while anyone seeing the post could get the location of the user via geospatial tag in the post. A recent McAfee survey involving 1,000 parents found that 30% of the participants were uploading photos of their children daily and 58% of them did it without the child’s consent.
However, many of the participants feared that the photos of children could lead to cyberbullying, stalking and kidnapping. “Identity theft is no joke. Photos can reveal a lot about your lifestyle, your habits, and they can unintentionally give away your data," cautions Toni Birdsong, family safety evangelist for McAfee, who authored the survey.
A few years ago, Google was accosted by a Canadian woman whose photo in a compromising position was captured by a Google Street View vehicle while she was relaxing on the steps of her home. The photo ended up in the Street View platform.
Though Google had blurred the face of the woman, they did not blur the number plate of her car which made her identifiable. In 2014, an iCloud flaw led to a major privacy breach involving hundreds of private photos of celebrity users. In another more recent case from March 2019, a mobile tracker app, MobiiSpy used by parents to monitor their children, was accused by security experts for leaving 95,000 images of users unprotected on servers that were accessible to anyone.
Clearly, these incidents pose a serious question on how many of platforms are handling users’ photos and whether they are taking the requisite steps to protect them from cybercriminals.
How to take control of your photos
Use face-unlocking tools in social media platforms like Facebook that block others from downloading or taking screenshots of your profile images.
Block geo-tagging of photos on smartphone or tablet. In iOS, it can be switched off in Settings->Privacy->Location, and in Android through camera settings.
Users can check if their photos have been shared online without their knowledge by using Google’s reverse-image search function on both mobile and PC.
Photos taken by an iPhone or Android smartphone automatically gets uploaded to their respective cloud services. A user can switch off the option anytime.