Your digital images can be used to track your movements and activities without you even realising. When you take a photo your device adds a range of information hidden in the digital file that can provide an attacker with crucial information that can be used to fuel identity theft and other crimes.

This hidden information is called EXIF Exchangeable Image File Format (EXIF) data and can include details such as:

• Date and time the photo was taken

• Location data - GPS information (latitude, longitude, and sometimes altitude)

• Camera make and model

• Software used to edit the image

This information, along with the information on the social media site or web page you are posting the photos to, can provide a malicious individual with all the information they need to target you online.

Dangers of hidden data in photos

One of the most dangerous things about EXIF data is that it can be used in conjunction with other information on the internet to launch dangerous attacks.

Cyberstalking

If you are being cyberstalked or harassed online it is really important that you control what is shared online. EXIF data gives a potential attacker the ability to track your movements and figure out who you are by sharing your location. It is important this is removed before you post your photos. 

This Vice documentary highlights how social media can facilitate cyberstalking and how it can be used as a tool for tracking people.

Identity Theft 

Alternatively, an attacker could use personally identifiable information like your full name along with pictures you have posted on your social media to learn your date of birth (from birthday posts) and use that information to apply for credit cards or loans. 

Attacking your personal device 

An attacker could use EXIF data to identify the device you are using and try to compromise that device. Once they have access to your device they could control your communications, see your location and harvest private information from the device.

How to remove data from your photos

There are a few ways to remove EXIF data from your photos: 

1. Using a photo editing software program - many have a feature that allows you to remove EXIF data from your photos.

2. Using a web service - there are some free and paid services that remove EXIF data from photos.

3. Social media platforms - some social media websites like Facebook and Twitter automatically scrub images of EXIF data from photos when they are uploaded.

How to remove EXIF data from your devices - Source: Comparitech:

Author: Karimah Ayinde, Advice Subject Matter Expert, The Cyber Helpline