{"id":3730,"date":"2018-06-26T11:00:35","date_gmt":"2018-06-26T09:00:35","guid":{"rendered":"https:\/\/blog.mi.hdm-stuttgart.de\/?p=3730"},"modified":"2023-06-08T17:59:44","modified_gmt":"2023-06-08T15:59:44","slug":"metadata-in-the-world-of-smartphones","status":"publish","type":"post","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2018\/06\/26\/metadata-in-the-world-of-smartphones\/","title":{"rendered":"Metadata in the world of smartphones"},"content":{"rendered":"

Metadata is data about data. Thus, it provides information about data. Examples for metadata are file size, time and date of creation, means of creation of data etc. Every day, we deal with it, but no one really cares about it. Sometimes, metadata gives us more information than the data itself.<\/p>\n

But which devices generate metadata? How often do we use it? One of the largest producers of metadata are our smartphones. For this article we will check which metadata cameras or smartphones save in each picture we take. Normally, a picture is shot and then there is the look for the next one or it will be shared on a social media platform. Most people want to share the nice side of life with their friends.<\/p>\n

But a look at the settings for metadata is worthwhile. Most smartphones write the date and time of recording in the name of the image. Furthermore, metadata knows about the application which is used to take the picture, also date and time, file size and much more. When we take a closer look, we also find information about the camera, camera type, producer and the model. When the photo is uploaded to a website, the operator will know which phone was used and thus how much it cost. But that is a secret that can be public because everyone can see it for example in university or subway.<\/p>\n

The chanciest metainformation is the location. Most smartphones safe the GPS location as a standard setting. It is nice to view pictures after holidays and to know exactly where they were taken. But most of the time normal people aren\u2019t on holidays. And ask yourself, when was the last time you really used this feature? Never? Smartphones are used in the daily business and people use them to share pictures with their friends via WhatsApp, Instagram or other social media platforms. With each image loaded into a social network, a puzzle part for a movement profile is added. With GPS coordinates and Google Maps or a similar service it is easy to figure out your address. A social networking profile usually requires a name, thus this name is known to the service and the address is also known from the GPS information in the images.<\/p>\n

Now the interesting parts start. In times of internet of things, social media and etc. everything can be found online and what’s once on the internet never disappears from there. Here\u2019s a small thought game, which is also possible in reality and without great technical talent.<\/p>\n

Our victim is called Peter Private. His name everyone can be found in one of the social networks. We get his address from the GPS information of this picture with the nice dog below.<\/p>\n

\"A<\/a>
Figure 1: A nice picture of a dog in garden<\/figcaption><\/figure>\n

A glance at the metadata of the harmless image is all it takes. The GPS information is quickly converted into a real address, thanks to Google Maps. Now it continues with a simple Google search. With a full name and an address you can find a lot of information about Peter Private.<\/p>\n

Thus one finds information about the hobbies, the occupation and the income. But are you really that transparent on the net? Yes, but back to our victim Peter.<\/p>\n

The result of the Google search is that Peter plays football in a local team, and on the website of the club there is also a team photo with Peters face. Now we have a face for our victim and his first hobby. On the website of the club we find the training times. Thus Mr. Private is not at home during these times. Wonderful if you want to break into his house. The search continues. On LinkedIn or similar networks Peter publishes information about his education, his profession, his current position and his current employer. As a consequence, his income, i.e. his financial possibilities, can be estimated. Furthermore, we can identify more of Peter\u2019s hobbies, sell these information to web shops, thus he gets personalized advertising online and offline.<\/p>\n

What information have we found about Mr. Private so far? Much more than he’d like. We were able to find his name, his address, his hobbies, his employer and also his financial possibilities. If the data can now be linked with further, such as the user behavior on his smartphone, his shopping habits etc., Peter Private becomes more and more Peter Public. His date of birth is quickly found out and if the information collected so far can still be compared with networks such as Facebook and expanded, it is no longer difficult to influence Peter’s future actions. With the power of social media a complete profile of Peter can be created, this can be linked to the profiles of his friends and as a result more and more data is collected and linked. That should make us all think, because that is exactly what we do not want.<\/p>\n

A big problem is escaping this data swirl. Even if you don’t use any social media yourself, your mobile phone number quickly ends up there. One way to get there is WhatsApp. Anyone who has your mobile number stored will inevitably send it to WhatsApp. Of course, just to check if I can be reached via the WhatsApp network or not. It is important to sensitize oneself and one’s surroundings to these topics, one will probably not be able to escape completely today. But sometimes you should rather pay one or two Euros more and buy an application than use the avoidable free version. Because if you don’t pay with money, you pay with your own data. To get back to the beginning: Not only sometimes the metadata gives us more information than the data itself, but almost always. And this during times when as much data as possible is collected and evaluated.<\/p>\n

So my tip for you is: Check the settings of your mobile phone camera and see which permissions your apps really need. Because if we don’t try to give out less data ourselves, we shouldn’t be surprised about scandals like the Cambridge analytica scandal with Facebook.<\/p>\n

Research Issues:<\/strong><\/p>\n

    \n
  • \u00a0<\/strong>How can Messenger be protected against display spying?<\/li>\n
  • What needs to happen to make privacy more important than the habit and convenience of users?<\/li>\n
  • How can data protection and public interests such as terror protection and law enforcement be brought together to provide the highest possible level of security and privacy? Where’s the red line?<\/li>\n<\/ul>\n

    References<\/strong><\/p>\n

    Figure 1:\u00a0https:\/\/cdn.pixabay.com\/photo\/2017\/10\/29\/19\/02\/dog-2900535_1280.jpg<\/p>\n","protected":false},"excerpt":{"rendered":"

    Metadata is data about data. Thus, it provides information about data. Examples for metadata are file size, time and date of creation, means of creation of data etc. Every day, we deal with it, but no one really cares about it. Sometimes, metadata gives us more information than the data itself. But which devices generate […]<\/p>\n","protected":false},"author":875,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[26,651],"tags":[163,161,160,164,58,162],"ppma_author":[752],"class_list":["post-3730","post","type-post","status-publish","format-standard","hentry","category-secure-systems","category-system-designs","tag-camera","tag-cellphones","tag-metadata","tag-privacy","tag-secure-systems","tag-smartphones"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":26340,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2024\/07\/23\/tools-for-automatic-creation-of-software-bill-of-materials-sbom\/","url_meta":{"origin":3730,"position":0},"title":"Tools for automatic creation of Software Bill of Materials (SBOM)","author":"Tim Drobny","date":"23. July 2024","format":false,"excerpt":"In times, where software develops at a rapid pace, there is little time to write each component of code yourself. That is why libraries and other tools alike exist - to make our lives easier and to speed up the development process. But how can we keep an overview over\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1373,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/09\/13\/exploring-docker-security-part-3-docker-content-trust\/","url_meta":{"origin":3730,"position":1},"title":"Exploring Docker Security – Part 3: Docker Content Trust","author":"Patrick Kleindienst","date":"13. September 2016","format":false,"excerpt":"This third and last part of this series intends to give an overview of Docker Content Trust, which in fact combines different frameworks and tools, namely Notary and Docker Registry v2, into a rich and powerful feature set making Docker images more secure.","rel":"","context":"In "Secure Systems"","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/Notary.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/Notary.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/Notary.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/08\/Notary.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":25863,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2023\/09\/15\/optimizing-list-views-structuring-data-efficiently-in-firestore\/","url_meta":{"origin":3730,"position":2},"title":"Optimizing List Views: Structuring Data Efficiently in Firestore","author":"js409","date":"15. September 2023","format":false,"excerpt":"While developing our guessing game \"More or Less\", we encountered a common challenge many developers face: determining the structure of our data model. Challenge 1: List vs. Detailed View Many websites show an excerpt of their content in a list view. In our \u201cMore or Less\u201d game, for example, we\u2026","rel":"","context":"In "Allgemein"","block_context":{"text":"Allgemein","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/allgemein\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/09\/3_optimizing_list_views_structuring_data_efficiently_in_firestore.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/09\/3_optimizing_list_views_structuring_data_efficiently_in_firestore.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/09\/3_optimizing_list_views_structuring_data_efficiently_in_firestore.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/09\/3_optimizing_list_views_structuring_data_efficiently_in_firestore.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2023\/09\/3_optimizing_list_views_structuring_data_efficiently_in_firestore.png?resize=1050%2C600&ssl=1 3x"},"classes":[]},{"id":22581,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2022\/03\/03\/cascading-failures-in-large-scale-distributed-systems\/","url_meta":{"origin":3730,"position":3},"title":"Cascading failures in large-scale distributed systems","author":"Harri Fa\u00dfbender","date":"3. March 2022","format":false,"excerpt":"Internet service providers face the challenge of growing rapidly while managing increasing system distribution. Although the reliable operation of services is of great importance to companies such as Google, Amazon and Co., their systems fail time and again, resulting in extensive outages and a poor customer experience. In this context,\u2026","rel":"","context":"In "Scalable Systems"","block_context":{"text":"Scalable Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2022\/03\/figure_1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2022\/03\/figure_1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2022\/03\/figure_1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2022\/03\/figure_1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":4122,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2018\/08\/27\/building-a-serverless-web-service-for-music-fingerprinting\/","url_meta":{"origin":3730,"position":4},"title":"Building a Serverless Web Service For Music Fingerprinting","author":"Alexis Luengas","date":"27. August 2018","format":false,"excerpt":"Building serverless architectures is hard. At least it was to me in my first attempt to design a loosely coupled system that should, in the long term, mean a good bye to my all-time aversion towards system maintenance. Music information retrieval is also hard. It is when you attempt to\u2026","rel":"","context":"In "Cloud Technologies"","block_context":{"text":"Cloud Technologies","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/scalable-systems\/cloud-technologies\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2018\/08\/Architecture-Diagram-300x190.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1575,"url":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/2016\/09\/10\/whatsapp-encrypts\/","url_meta":{"origin":3730,"position":5},"title":"WhatsApp encrypts !?","author":"jh176","date":"10. September 2016","format":false,"excerpt":"The majority of the 1 billion monthly whatsapp users may be a little confused about the tiny yellow info-box in their familiar chat. End-to-end encryption? Is this one of these silly annoying whatsapp-viruses or maybe something good? The first big question is \u201cwhy\u201d. Why do we need a (so complicated)\u2026","rel":"","context":"In "Secure Systems"","block_context":{"text":"Secure Systems","link":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/category\/system-designs\/secure-systems\/"},"img":{"alt_text":"wsap_screenshot","src":"https:\/\/i0.wp.com\/blog.mi.hdm-stuttgart.de\/wp-content\/uploads\/2016\/09\/WSAP_Screenshot-169x300.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"authors":[{"term_id":752,"user_id":875,"is_guest":0,"slug":"rr046","display_name":"Ronny Rampp","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/23b2254b6cb35b8e3c9214f2f8ab7e0050c6095b630d8e279c0be989cfe0d540?s=96&d=mm&r=g","0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/3730","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/users\/875"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/comments?post=3730"}],"version-history":[{"count":4,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/3730\/revisions"}],"predecessor-version":[{"id":3738,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/posts\/3730\/revisions\/3738"}],"wp:attachment":[{"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/media?parent=3730"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/categories?post=3730"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/tags?post=3730"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mi.hdm-stuttgart.de\/index.php\/wp-json\/wp\/v2\/ppma_author?post=3730"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}