Just about everyone has heard by now the cautionary tale of Vice Magazine’s accidental outing of a source’s location, and that source’s subsequent arrest. John McAfee, computer software tycoon turned colorful fugitive, had recently gone missing after being declared a person of interest in the death of his neighbor in Belize. A Vice editor and photographer caught up with him to document his life on the lam, which they promised readers would be “nothing but absolutely epic.” Their first post from the trip, posted on December 3 of last year, featured a photograph and a headline that taunted and trolled: “We Are with John McAfee Right Now, Suckers.”
That photograph, we now know, had been taken with an iPhone, and had been automatically embedded with information that pinpointed their location to a swimming pool at a hotel in Izabal, Guatemala. Vice soon replaced the photo with a one scrubbed of its GPS coordinates, but he had already been exposed. Guatemalan police arrested McAfee two days later. As Forbes writer Kashmir Hill said of the Vice staffers at the time, “With that posting, they went from chroniclers of vices to inadvertent narcs.”
For any journalist protecting a sensitive source–much less one who is actively being pursued by law enforcement–this is a worst-case-scenario come true. But as well-known as this very cringe-worthy anecdote has become, much less known is how to prevent it from happening.
First, understand what the metadata is. Exchangeable image file format, or Exif, is the format for digital image and sound files as well as the metadata “tags” that accompany them. Metadata for photos taken by digital cameras can include the date and time the file was saved, the settings of the camera, the camera’s make and model, and even a thumbnail version of the photo itself. (A friend recently bought a used digital camera from a camera store; when he uploaded photos he had taken onto his computer, he noticed that the “author” field in the photo information was already filled in with the previous owner’s full name. It wasn’t exactly a security threat, but it still seemed a little creepy.)
GPS, cell-tower, and Wi-Fi connections together add yet another layer of identifying information, a particularly valuable layer, at that–just ask the NSA. A phone’s default settings will record this location information when a photo is taken. Many new (non-phone) digital cameras now have GPS and Wi-Fi capability as well.
PBS’ IdeaLab has an excellent rundown of all of the different ways to scrub metadata from both digital-camera photos and mobile-phone photos, along with a helpful video put together by MobileActive.org. Mac users can view and edit exif tags in Preview using the “Inspector” tool from the “Tools” menu, while PC users can just click on the “Properties” of the file. Googling “Exif viewer” will also bring you to a number of free programs and websites, like this one, that allow you to see the exif tags embedded in your file and then make changes to them.
If you upload your photos to Facebook, Twitter, Instagram, or any other social media service, those services may actually wipe the location information from the photos for you–but, at the same time, the services may be recording your current physical location when you post. To avoid that, make sure you have “Location services” specifically switched off for those apps in your phone’s privacy settings.
If this sounds a little too complicated, there is another, easier solution, which Wired writer Quinn Norton mentioned recently. Norton is very tech-savvy, and is known especially for her reporting on extremely low-profile members of high-profile hacker collectives. But for a 2006 assignment for Wired, she relied on a simple hack to protect the identity of a source who wanted to remain anonymous. Norton had traveled to Sweden to report on the BitTorrent file-sharing website The Pirate Bay. At the time, some of the site’s staffers had already been arrested; the remaining ones, not surprisingly, wanted their identities protected. While reporting, Norton took a photo of one of her sources in his living room (that source, she can say now that his identity is publicly known, was Pirate Bay co-founder Peter Sunde).
When she published her two-part feature, Norton knew that she wanted to keep her source’s identity confidential, even from her editor. She could crop the photo so that the subject’s face was cut out of the frame, but she knew that the exif data would reveal not only the GPS location of his house, but an uncropped version of the photo in thumbnail form. So, to be extra safe (and fast), she opened the photo on her laptop back at home and took a screenshot, and sent that to her editor. The quality wasn’t the best, but any metadata embedded in the screenshot would just point back to her own computer, and Sunde’s identity was safe. “All you saw were his skinny arms,” she says.
So, “the screenshot hack,” as she calls it, will certainly work in a pinch–as long as you’re not revealing anything sensitive about your location at the time. Norton stresses that the standard photo management tools that come with your computer may not hit all the relevant exif fields, so be sure to be thorough and be aware of everything that’s being recorded each time you take a photo.
Norton also points out that digital photos aren’t the only type of files with exif data attached–audio and video files carry that information, too. Word documents and PDF files also have all kinds of embedded stuff that can identify the owner of the computer that created the files and other sensitive information. (Hill’s Forbes piece, referenced above, has some helpful instructions and links to scrubbing software that can clean that metadata up, too.)
In summary: be clean, be safe, and check your defaults.
Lauren Kirchner is a freelance writer covering digital security for CJR. Find her on Twitter at @lkirchner