Skip to main content
SpringerLink
Log in

Privacy Risk Assessment on Online Photos

  • Conference paper
  • First Online:
Research in Attacks, Intrusions, and Defenses (RAID 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9404))

Included in the following conference series:

Abstract

With the rising popularity of cameras and people’s increasing desire to share photos, an overwhelming number of photos have been posted all over the Web. A digital photo usually contains much information in its metadata. Once published online, a photo could disclose much more information beyond what is visually depicted in the photo and what the owner expects to share. The metadata contained in digital photos could pose significant privacy threats to their owners. Our work aims to raise public awareness of privacy risks resulting from sharing photos online and subsequent photo handling conducted by contemporary media sites. To this end, we investigated the prevalence of metadata information among digital photos and assessed the potential privacy risks arising from the metadata information. We also studied the policies adopted by online media sites on handling the metadata information embedded in the photos they host. We examined nearly 100,000 photos collected from over 600 top-ranked websites in seven categories and found that the photo handling policy adopted by a site largely varies depending on the category of the site. We demonstrated that some trivial looking metadata information suffices to mount real-world attacks against photo owners.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    By photographer we mean the person who took the photo rather than who works as a professional photographer.

  2. 2.

    “Classified” refers to the classified advertisements sites such as Craigslist.

  3. 3.

    We crawled the site twice and collected over 1,000 photos.

  4. 4.

    A serial number is unique within a camera brand. Combined with camera make and model, a serial number can uniquely identify a camera.

  5. 5.

    Smartphones typically do not store their serial numbers in their photos.

References

  1. Number of photos uploaded to Flickr. https://www.flickr.com/photos/franckmichel/6855169886/

  2. ExifTool library. http://www.sno.phy.queensu.ca/~phil/exiftool/

  3. Site stolencamerafinder: Find your camera. http://www.stolencamerafinder.com/

  4. Alexa top sites by category. http://www.alexa.com/topsites/category/Top

  5. McAfee’s location is leaked with photo metadata. http://www.wired.co.uk/news/archive/2012-12/04/vice-give-away-mcafee-location

  6. Facebook: https://www.facebook.com/

  7. Twitter: https://twitter.com/

  8. Google+: https://plus.google.com/

  9. 500px: https://500px.com/

  10. Flickr file size limits. https://www.flickr.com/help/photos/

  11. Clark, J.W., Snyder, P., McCoy, D., Kanich, C.: I saw images I didn’t even know I had: understanding user perceptions of cloud storage privacy. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI) (2015)

    Google Scholar 

  12. Ahern, S., Eckles, D., Good, N., King, S., Naaman, M., Nair, R.: Over-exposed? Privacy patterns and considerations in online and mobile photo sharing. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI) (2007)

    Google Scholar 

  13. Besmer, A., Lipford, H.R.: Poster: privacy perceptions of photo sharing in facebook. In: Proceedings of the 4th Symposium on Usable Privacy and Security (SOUPS) (2008)

    Google Scholar 

  14. Henne, B., Smith, M.: Awareness about photos on the web and how privacy-privacy-tradeoffs could help. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 131–148. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  15. Friedland, G., Sommer, R.: Cybercasing the joint: on the privacy implications of geo-tagging. In: Proceedings of the 5th USENIX Conference on Hot Topics in Security (HotSec) (2010)

    Google Scholar 

  16. Mahmood, S., Desmedt, Y.: Poster: preliminary analysis of Google+’s privacy. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS) (2011)

    Google Scholar 

  17. Pesce, J.P., Casas, D.L., Rauber, G., Almeida, V.: Privacy attacks in social media using photo tagging networks: a case study with Facebook. In: Proceedings of the 1st Workshop on Privacy and Security in Online Social Media (PSOSM) (2012)

    Google Scholar 

  18. Fang, L., LeFevre, K.: Privacy wizards for social networking sites. In: Proceedings of the 19th International Conference on World Wide Web (WWW) (2010)

    Google Scholar 

  19. Ra, M., Govindan, R., Ortega, A.: P3: toward privacy-preserving photo sharing. In: Proceedings of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI) (2013)

    Google Scholar 

  20. Ilia, P., Polakis, I., Athanasopoulos, E., Maggi, F., Ioannidis, S.: Face/Off: preventing privacy leakage from photos in social networks. In: Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS) (2015)

    Google Scholar 

  21. Henne, B., Szongott, C., Smith, M.: SnapMe if you can: privacy threats of other peoples’ geo-tagged media and what we can do about it. In: Proceedings of the 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2013)

    Google Scholar 

  22. Besmer, A., Lipford, H.R.: Moving beyond untagging: photo privacy in a tagged world. In: Proceedings of the 28th SIGCHI Conference on Human Factors in Computing Systems (CHI) (2010)

    Google Scholar 

  23. Zerr, S., Siersdorfer, S., Hare, J., Demidova, E.: Privacy-aware image classification and search. In: Proceedings of the 35th International ACM Conference on Research and Development in Information Retrieval (SIGIR) (2012)

    Google Scholar 

Download references

Acknowledgement

We would like to thank our shepherd Chris Kanich and the anonymous reviewers for their insightful and detailed comments. This work was partially supported by ARO grant W911NF-15-1-0287 and ONR grant N00014-13-1-0088. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the funding agencies.

Author information

Authors and Affiliations

  1. University of Delaware, Newark, DE, 19716, USA

    Haitao Xu & Haining Wang

  2. College of William and Mary, Williamsburg, VA, 23187, USA

    Haitao Xu

  3. George Mason University, Fairfax, VA, 22030, USA

    Angelos Stavrou

Authors
  1. Haitao Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Haining Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Angelos Stavrou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Haitao Xu .

Editor information

Editors and Affiliations

  1. Vrije Universiteit Amsterdam, Amsterdam, Noord-Holland, The Netherlands

    Herbert Bos

  2. University of North Carolina at Chapel H, Chapel-Hill, USA

    Fabian Monrose

  3. Université Paris-Saclay, Evry, France

    Gregory Blanc

A Ethical Consideration

A Ethical Consideration

In our study, we leveraged several methods to collect photos, including: (1) soliciting “fresh” photos from crowdsourcing workers, (2) crawling photos from Flickr using its API, (3) random Google Image Search, and (4) crawling top websites for limited amounts of photos. Note that our crowdsourcing study has been vetted and approved by the Institutional Review Board (IRB) at our institution. During our photo collection, we did not receive any concerns or get warnings from those involved sites and did not interfere with their normal operations. In addition, with the collected photos, we anonymized the metadata information embedded before using them for study. We strictly abide by the copyright licenses if present.

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Xu, H., Wang, H., Stavrou, A. (2015). Privacy Risk Assessment on Online Photos. In: Bos, H., Monrose, F., Blanc, G. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2015. Lecture Notes in Computer Science(), vol 9404. Springer, Cham. https://doi.org/10.1007/978-3-319-26362-5_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26362-5_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26361-8

  • Online ISBN: 978-3-319-26362-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation