Lingo lesson: The word meta means something that is contained within itself. Never fear, this is not the plotline to Inception (that still gives me a headache). More likely you’ll see it online in threads or forums where people throw in an inside joke or reference from earlier in the same thread and someone will say “That’s so meta”.
The term metadata is then the information about other information.
Each time you create a digital file, that files gets tagged with numerous data, which is its metadata. With photos, some of the data is accessible (e.g. date you took a photo) and some is hidden (e.g. GPS location where you took it). You can’t see the hidden data on your device but it is retrievable via software forensic tools. Many of these tools are available free online, others are run by law enforcement agencies to catch criminals.
Though mostly helpful, sometimes the digital metadata we create can breach our privacy. The best defense we have is to understand what it is, when it is generated, and how we can limit its distribution.
For the people who love details, your photo metadata is called EXIF (Exchangeable image file format). It holds a myriad of information ranging from the camera used to take the photo to the aperture length. Typically the most concerning of the data is your location. Below is a capture of some location data scraped off of a photo using a readily available forensics tool called EXIFTool. Here you can see the details including the exact time the picture was taken along with its position…. right down to the tilt and roll.
Unless you have turned off geotagging in your location services, this kind of information is being attached to every photo you take. The worry is that most of us like to share and post our device photos. That means anyone can capture your location off of a photo. Bigger services, like Facebook, Twitter, and Instagram, started stripping this data off a few years ago. From a safety/security perspective, this is a big relief. That said, photos that you send via text are not stripped. And I cannot guarantee that data is off places like Kijiji, dating sites, or other networks.
When you download a new app, your device will present you with a set of access requests to accept or decline. Common access includes your contacts, email, or location. This should be required to run the application.
For example, Pokemon GO would require your location and access to your camera just to run the game. It does not need your contacts, your photos, or your browser history, so it should never ask for them.
Other apps may request data they do not need to able to run. This invisible data sent back to the app makers is also metadata. They take the data to sell or, worst case, to exploit you. You can easily avoid this by being wary of the apps you (and your kids) download, especially free apps. All companies need to make money so free games or apps may be a lure to access other info from you and your device. A Sudoku game does not need your location. Only accept the access where necessary.
Below are two examples of apps that DO NOT require contact access but are requesting it in order to be able to gather more information about you.
In simplest terms, here are the 3 ways to protect yourself from having your metadata taken unlawfully:
Since devices and technology are here to stay, so is metadata. Be aware of the apps you are using and how you are connecting with them. Turn off the data you do not want shared. As always, *free* online services are an exchange for information. How much you give and take are always up to you.