July 16, 2010— -- Keeping tabs on your favorite celebrities might be easier than you think -- and much easier than they want. But they likely have no one to blame but themselves.
According to two teams of computer scientists, Hollywood stars could be unintentionally giving up the exact locations of their homes and private whereabouts through pictures uploaded to the Internet, leaving them wide open to attacks by tech-savvy thieves (not to mention unwanted visits by starstruck fans).
Most cameras and video recorders don't instantly attach location data (or geographic coordinates) to photos and videos. But some smartphones, such as the iPhone, automatically embed the user's latitude and longitude in each photo's metadata. It's possible to disable the function, but the researchers said many people don't even realize that they might need to.
The scientists say geotag data embedded in photos and videos that are uploaded to Twitter and other online sites often reveals location information that stars -- as well as the rest of us -- probably don't want to share.
"Many people are not aware of the fact that there are geotags in photos and videos," said Gerald Friedland, a computer scientist at the International Computer Science Institute in Berkeley, Calif. "If they are, they're most probably not aware of the consequences."
Using simple technology available online, Friedland said he and his colleague Robin Sommer were able to find the private home addresses of a Playboy playmate, a couple of TV hosts and a handful of other television personalities. Out of respect for their privacy, he declined to name the stars.
Ben Jackson and Larry Pesce, computer security experts in Massachusetts, said they were able to uncover location information in photos uploaded by William Shatner, M.C. Hammer, Weird Al Yankovic, Arnold Schwarzenegger and others.
"We have no problem with people posting this data online," said Jackson. "[But] most people don't even understand that they are posting this information online."
ICanStalkU.com Scans Twitter for Pictures That Reveal Location
In May, Jackson and Pesce launched the website ICanStalkU.com to raise awareness of just how much information people share when they post a simple picture to Twitter.
The site's software scans Twitter for images that contain location data and then translates those geographic coordinates into an actual street address or place name. The site then displays a real-time stream of all the tweets broadcasting the precise locations of Twitter users.
"When we initially started setting [this up]… people were shocked that we were grabbing this information," said Jackson, security analyst for Mayhemic Labs in Boston.
For Hollywood stars or lesser known wealthy Twitter users, the consequences can be damaging, he said.
For example, do celebrities really want to leave behind a real-time digital trail for paparazzi to follow? Do they intend to disclose the specific street addresses of their multi-million dollar homes?
And do average people really want to let potential thieves know that they're on vacation, leaving their homes vacant, or where they grab coffee or take an evening run?
Jackson said some people might be perfectly comfortable disclosing their location history, but if they're not, they should be aware so that they can disable the features that make it possible.
Pesce, a security analyst for NWN Corporation, an IT firm in Waltham, Mass., said geotagged photos also pose corporate threats.
Let's say an employee with valuable corporate information stored on a home computer or laptop posts geotagged pictures to Facebook and Twitter. A hacker could use the photos to monitor the person's location history and figure out a good time to make a move, he said.
"Thinking about that from a computer security perspective has some interesting implications as to how someone could gain access to corporate IT data," Pesce said.
These security issues aren't just limited to social media. Online classified sites such as Craigslist can also pose problems.
Craigslist Users Reveal Location Through Pictures
Friedland said some Craigslist users who otherwise make a point to protect their identities online are disclosing the exact locations of their homes through the pictures they post on the site.
People selling couches, desks and other items online might think that they are posting anonymously, but through the photos uploaded to the site, Friedland said, they were able to locate to users within one meter accuracy.
"We found quite a lot of postings where the photos contained geolocation information, some were even anonymized," he said.
Friedland and Sommer will present their findings to the technology community next month at a security conference in Washington, D.C. But Friedland said that there's a takeaway for the non-technical too.
Location-based services, such as Foursquare which can people locate friends and programs that auto-cluster pictures by location, can be helpful and positive, he said. But he emphasized that people need to be careful about what they disclose.
"I think people have to be made aware of the geotagging issue before something really bad happens," Friedland said. "In reality, this is really nice technology. You just have to be aware of it."