Pages

Sunday, 19 January 2014

A collection of examples of data, and metadata, giving away more information than intended

Fascinated by this sort of thing and I've written a few posts on various examples of 'leaky' information. Over the New Year I thought it might be interesting to collect some together and I've been doing so - here's what I've got so far. Please suggest others in the comments and I'll add them, thanks!

This is a continuously updated post as I come across other examples.

Page last updated: 11 October 2019. 1 March 2015

Articles by date (most recent first)

10 October 2019
Stalker 'found Japanese singer through reflection in her eyes' BBC
The singer posted a selfie, presumably using a fairly high res camera. Her stalker zoomed in and found reflected in her eyes the name of the train station she was in. He found where it was via Google, lurked there waiting for her to arrive there, then followed her home and attacked her.

25 February 2015
Celebrities paid to promote new HTC One M8 “Champions League” model both prefer iPhones instead TechDigest
Although official Twitter apps mostly don't tell you which app someone else is using to send tweets from (it used to, then stopped), plenty of other apps do include this information. If you're promoting a particular phone and tweeting from another... watch out.

25 February 2015
Michelle Obama, Reese Witherspoon and other celebs are leaking location information on Instagram Fusion
Referencing the Associated Press' extraction of location data from photographs uploaded to Instagram by Rep Aaron Schock, the author had a look through the Instagram location data for a few celebs and found that they were giving away the location of where the photo was uploaded (not necessarily where the photo was taken). From the maps it appears that the pinpointing is perhaps a bit more accurate than anyone might want, so check your Instagram settings (the teardrop map pin icon). While you're at it, if you're on an iPhone do Settings > Privacy > Location Services and if you have location services on, click on it to see what apps have access and have recently used it.

5 December 2014
Fabulous stuff from Ben Goldacre about apps, medical data and what we share about ourselves unwittingly (and what others share about us).
"At the simplest level, even the act of putting lots of data in one place – and making it searchable – can change its accessibility. As a doctor, I have been to the house of a newspaper hoarder; as a researcher, I have been to the British Library newspaper archive. The difference between the two is not the amount of information, but rather the index."
Date unknown
Tell-all telephone Zeit Online
German politician Malte Spitz sued a mobile telephone company to get hold of his data. He shared this with Zeit who mapped it and you can follow, thanks to the GPS info and internet use of the phone, where Malte was at different points throughout his working day.

25 July 2014
Cat stalker knows where your kitty lives (and it's your fault) NakedSecurity (hat tip @zeno001)
There's a site called 'I know where your cat lives' which helpfully points out that geolocation data in Flickr and Instagram can narrow down where you live quite a bit. See also the entry about John McAfee in the 4 December 2012 entry below.

11 July 2014
Met Police encourages Twitter pile-on Storify
Using . before @ when sending a tweet means that the tweet is 'surfaced' to all followers who are currently paying attention. This can be used well but in this particular case, a combination of unwise use plus a snarky response led to a complainer being exposed to unpleasantness. That this has happened on several previous occasions has called into question whether this is an appropriate way to handle complaints in public.

9 July 2014
Yo messaging app used to alert Israelis about incoming rocket attacks The Independent
(Discovered this via BBC Magazine)
"Yo users in Israel and abroad can now add the user name REDALERTISRAEL on the app to receive push notifications on their smartphones whenever a rocket is inbound.

The notifications are an example of what fans of the app call “one-bit communication” - messages that have no ‘content’ apart from the fact of their existence. These rely on both the recipient and the sender knowing the context of the message – such as using a dropped call to let someone know you’re outside their house."

As a child I and friends would give our parents 'three rings' on the telephone to let them know we'd safely arrived at another's house, as long as no-one answered the phone doing so was free.

7 May 2014
Glass Reflections in Pictures + OSINT = More Accurate Location IOActive Labs Research
"The aim of this article is to help people to be more careful when taking pictures through windows because they might reveal their location inadvertently." - a series of examples of how to use Google Maps, hotel review sites, hotel websites and other corroborating information from social media to work out where you're staying (and which floor, even which room / suite) from the photo you've just posted to Instagram about your amazing hotel view and the reflections of the room itself in the glass windows ;)

OSINT means Open Source Intelligence (Wikipedia link)

15 April 2014
The (Unintentional) Amazon guide to dealing drugs Atlantic
Amazon's "customers who bought that also bought this" algorithm conspires to link purchases of a set of weighing scales to other items one might use in the genre of drug dealing, and suggest those items to users who look interested in the scales.

25 March 2014
Taking steps to prevent re-identification in genomic research Wellcome Trust blog
"...But when data from multiple sources is available, it may, in certain circumstances, allow a more complete picture of an individual to be pieced together. This could result in some confidential information being linked to an identifiable person."

12 March 2014
Volunteers in metadata study called gun stores, strip clubs and more Ars Technica
Relatively small study (500+ participants) of mobile phone metadata which turned out to be extremely revealing.
"...it lays bare the fallacy of the Supreme Court’s mind-numbingly broad wording of the third-party doctrine in an age of big data: just because I reveal data for one purpose—to make a phone call—does not mean that I have no legitimate interest in that information, especially when combined with other data points about me.”"
Spotted via Ben Goldacre's tweet.

2 February 2014
#Awesomestow has yr neighbour @ no38 recently changed their front door+extensive refurbishment? Pls RT & find culprit pic.twitter.com/Zz2c8F6teP
— St James St BigLocal (@stjamesbiglocal) February 2, 2014

Possible solutions to this one would seem to be (a) remove the 3 and the 8 from your door (though it would be easy enough to work out the numbers from the fading pattern below) or (b) don't dump in the first place. No idea if the culprit will be found and it's enitrely possible that the homeowner paid someone to clear up in good faith and the fault lies with someone else. Interesting use of Twitter anyway.

24 January 2014
Tweet exchange with @fitnessbird Twitter
This is an unconfirmed Twitter report that Colindale Metropolitan Police were able to cross-match someone's Twitter name with their name on Facebook from which they got their location, and somehow managed to narrow it down with their Tesco clubcard. I've no idea how this works but presume the Police are able to access stuff that the rest of us can't.

21 January 2014
Suspect shares Police Facebook status about him, is quickly arrested Gawker
Police published a photo of A. James L.. and must have been a bit surprised to see a Jimi L... posting it to his own Facebook timeline.

8 January 2014
Facial recognition app matches strangers to online profiles Crave - CNET
Point your cameraphone at someone, get information about them including their dating profiles (if they have any).

5 January 2014
Slide from @kurtopsahl via Twitter showing the importance of metadata, from this tweet https://twitter.com/kurtopsahl/status/419765847037452288, eg "they know you rang a phone sex service at 2.24am for 18 minutes. But they don't know what you talked about."

4 January 2014
"The audacity of Cameron and hypocrisy of ‘help to buy’ ilegal
Piecing together, through social media, the possibility that someone presented as being helped to buy a flat was already well-placed to buy it. However, further discussion on Twitter suggested that the land registry record would not have been updated in time if the property had been bought in December. See also this strong critique of the original article.

3 January 2014
David Cameron’s internet porn filter is the start of censorship creep The Guardian
Highlighting that information must presumably be collected on who has and who hasn’t signed up to what sort of internet censorship.

2 January 2014
How Netflix reverse engineered Hollywood The Atlantic
Not so much "data giving users away", more about getting a better understanding of how a company handles its information, and about tools that can be used to access info.

January 2014
Data protection Duck Out Information Commissioner’s Office
Dumb examples of “we can’t do that … because data protection”.

30 December 2013
Elastic Pathing: Your Speed is Enough to Track You arXiv
Traffic driving patterns gleaned from in-car speedometers provided by insurers can give information about the trips taken raising privacy concerns.

4 December 2012
McAfee's Rookie Mistake Gives Away His Location TechNewsDaily
From Wikipedia "Vice accidentally gave away [John McAfee] location at a Guatemalan resort in early December 2012, when a photo taken by one of its journalists accompanying McAfee was posted with the Exif geolocation metadata still attached"- hat tip @axiomsofchoice

27 November 2013
While my prof was setting up for his lecture high-blogging high-blogging
Found via this tweet https://twitter.com/MattTaylor/status/394396287648694272 “Lecturer who knows everyone reads his filenames off the projector when he's setting up”.

9 June 2013
Using metadata to find Paul Revere Kieran Healy’s blog
Nice example, written in the style of 1772, on ‘social networke analysis’ and what info might be gleaned from little more than people’s names and the groups of which they’re members.

1 June 2012
The perils of sharing URLs - beware
I entered my postcode into a volunteering site to find out about opportunities near me. I spotted something not of interest to me but possibly of interest to some of the people I know on Twitter and at the point of sharing the URL spotted that it still had my full postcode in it. Each page I clicked on 'inherited' my postcode data, so I had to remove it manually before sharing it.

16 February 2012
How Target figured out a teen girl was pregnant before her father did Forbes
People suddenly stop buying contraception and start buying vitamin pills, that sort of thing.

25 November 2011
How a friend's hacked Facebook account can compromise your privacy and security Facecrooks
If your friend can see your information, then so can the person who's broken into their account. Your privacy is only as strong as the weakest link among your friends, so to speak ;) See also Don't assume that your private Twitter account is all that private (by me, on this blog).

15 November 2011
Andy Baio: Think You Can Hide, Anonymous Blogger? Two Words: Google Analytics Wired
Given that Google Analytics codes are unique with just the suffix changing for second, third and so on websites it can be easy to link one website (with public contact info) with another website (presented as anonymous). My Google Analytics code for this blog is UA-16665982-1 (you could find this easily for any website by viewing its sourcecode - on Firefox hit Ctrl+U, or Command+U if on a Mac) - I've just managed to find another website I manage, by using this UA information...

3 July 2009
Dear Garry. I've decided to end it all: The full stop that trapped a killer Daily Mail 
Forensic linguistics used to spot differences between how people who've been murdered typically express themselves and their murderers' impersonation of them in suicide notes, dissembling text messages etc.

Added 6 December 2014
9 May 2009
""The paper clip serves impartially in all areas of the law," he (Jay Stein) writes, "but the record shows that it appears especially often in some. In evidence cases, the 'clipping' function has figured prominently. In one, marking with paper clips and underlining certain passages was evidence that the plaintiff had read a letter in question. In another, a page of an exhibit bore a paper clip imprint not found on the first page."

Sometimes, the paper clip was of even greater import. In one lawsuit, in 1967, "determination of the validity and intent of a will depended on attachment of a paper clip to make a letter a part of the will by incorporation"."





No comments:

Post a Comment

Comment policy: I enthusiastically welcome corrections and I entertain polite disagreement ;) Because of the nature of this blog it attracts a LOT - 5 a day at the moment - of spam comments (I write about spam practices,misleading marketing and unevidenced quackery) and so I'm more likely to post a pasted version of your comment, removing any hyperlinks.

Comments written in ALL CAPS LOCK will be deleted and I won't publish any pro-homeopathy comments, that ship has sailed I'm afraid (it's nonsense).