Locational Privacy and Wholesale Surveillance via Photo Services

Presented at The Next HOPE (2010), July 16, 2010, 11 a.m. (60 minutes).

With the plethora of third party services that allow folks to post photos to their Twitter account, how hard would it be for someone to stalk a person’s location via the GPS metadata tagged in their images? Mayhemic Labs did the research and it turns out the answer is “not very.” Over the past few months, Mayhemic Labs has amassed a sizable database of people using these services - and what geographic information has been encoded on their publicly available photos. This presentation will cover the basics of how and why this research was done, why sharing such information is bad, why privacy is hard to get right, attempts at public outreach at ICanStalkU.com, how you can replicate such a system, and various instances of privacy fail. Also, tools will be released that will allow you to test your own (or other people’s) photo streams.


Presenters:

  • Ben Jackson
    Ben Jackson is just another geek from Massachusetts. He spends his days doing InfoSec stuff, generally breaking things, and being relentlessly yet constructively paranoid for a large public sector organization in southern New England. In his spare time, he enjoys being a husband and dad, messing around with computers, VoIP, analog telephones, amateur radio, doing research as part of Mayhemic Labs, and generally pressing anything with a button on it. Ben was the lead author for Asterisk Hacking from Syngress Publishing, former host of Binary Revolution Radio, has spoken at Defcon, HOPE, Source Boston, QuahogCon, and various other conferences and strongly dislikes writing about himself in the third person.

Links:

Similar Presentations: