Aim
To research the impact of photos shared on social media, which have serious privacy leak potential from the onset.
Decoding Social Data
In today's fast-paced world, it is challenging to always be up-to-date with the latest technological advancement, and we want to savor it all without paying any attention to its cost: our personal data. People use social media daily to maintain their self-image, make choices and develop perceptions of both themselves and others. These habits create a record of the things they like, dislike, heart, follow and comment on within digital space. In doing so, users unwittingly pass on more clues about themselves than they can possibly fathom.
Social media posts are a trove of information, often offering more data than initially meets the eye. Beyond simply hosting published content, social media's intention is to facilitate interaction and conversation, referred to in marketing industries as engagement: emoji reactions, shares, comments and dialogue. This content encodes the original post with data beyond its pixels, date, time and location, forming a digital trace that indicates which groups of people are connected to a specific image, and what they feel, thinks, and says about it.1
Decoding Visual Data
BeReal is a social media app that encourages users to post unfiltered photos of themselves once a day. At a different time each day, BeReal notifies users that they have two minutes to take a photo with their front and back camera and share it with their friend's network. While the creators of the app state that their intentions are only to make people stay away from the curated and filtered images characteristic of other social media, BeReal also brings about major potential privacy issues.
Let's take an example of a photo posted on BeReal (below). This image belongs to 21-year-old Yasmin Sequeira, who did an interview with ABC news.2 While these observations are purely speculative, there are a few visual cues we can gather about when and where this image was taken. Yasmin might have taken this picture in a public washroom; we can make note of her clothing choices. We can begin to decipher when she is out of her house. Since BeReal asks its users to send a picture at a different time every day, companies could develop a routine of what Yasmin does throughout her day based on background cues or other image details over time. Again, this would be very speculative; the accuracy of this surveilled routine would depend on how strictly Yasmin uses BeReal, i.e. whether she orchestrates or performs when she posts as opposed to posting when BeReal asks, without manipulation of her surroundings. What is perhaps more concerning is that, in one post, we can see Yasmin's laptop screen, with all her windows open; regular users or companies could zoom in on these details and, depending on the photo quality, read sensitive information off of her computer. Regardless of its accuracy, however, a company's ability to piece together a routine through images shared on social media could be the next data privacy frontier.
Source: Yasmin Sequeira.
Source: Yasmin Sequeira.
Decoding Exif Data
More accurately, details about when, where, and how a photo was taken are captured automatically by smartphones and digital cameras, and stored as Exif (Exchangeable Image File Format) data. Information on everything from exposure settings to the altitude of the device may be included. “People should be aware that when they upload a photo there is more to it than just the pixels that they can see,” says Hany Farid, a professor of computer science at the University of California, Berkeley, and a leading researcher on digital forensics. “A lot of people don't even know there's this thing called Exif data that gets shoved along.”3 Exif data travels with the photo—from the camera to your hard drive or a website when posted to social media.
Although tech companies claim they won't use Exif data to target users with advertising messages, information like that is inevitably collected and processed. We can perhaps assume a level of constant surveillance of our activity across digital spaces, as evidenced by other data collection practices. A recent article by TechCrunch highlights how Apple faces a new lawsuit over this activity.
The App Store, for example, was continuing to track information like what app users tapped on, what they searched, what ads they saw, how long they looked at a given app's page and how the app was discovered, among other things. The app also then sent details that included ID numbers, type of phone, screen resolution, keyboard languages and more — information that could be used in device fingerprinting.4
This concern is heightened when considering users who interact with this application while in secure facilities or operating around sensitive data.
Decoding Data Collection
Now that we have established the many ways social media activity can become data about us, it is important to understand all the voluntary and involuntary information we are providing to these companies. Let's look at what kinds of data can be gathered and how.
-
Personal Data
Platforms like BeReal, Facebook, Twitter and Snapchat keep a close eye on all of your interests, political opinions, search history, and even recent purchases. Every time you log in to an app, they ask you to provide a name, email address and/or phone number. In addition to that, a lot of the apps ask their users to enter their birth date which is saved in the servers for many years, or until you contact them. Lastly, the apps will repeatedly ask you to give access to your phone's contacts list, so you can easily add them to your friend list — but it also means that all their phone numbers will be saved in company servers.6
-
Meta Data
Metadata is information embedded in an image (or any piece of digital data), a digital signature of sorts that includes a timestamp, rights information, and other descriptive information. Behind every tweet is about 144 fields of metadata, including information about the post author, when the account was created, a timestamp, URLs, and sometimes geotagging.7
On top of that, one can identify the kind of device someone's using, along with what version of iOS or Android you have, and your IP address. This is how most websites and apps work. IP Address allows companies to know your current general location. Snapchat maps can give a more specific location of the user of the device along with their friends. Having a company constantly know your location can encourage them to sell your data to third-party companies which might use that information to sell you products/services depending on where you are.
-
Content data
Every time you post a photo on social media, that photo is saved to the company's servers. The same goes for any comments you make or post you interact with or like. Taking photos means you have to give the company access to their phone camera. And to save photos, you have to give access to your phone's camera roll. A lot of companies aren't quite clear about how long they keep this data.
As with Yasmin on BeReal, by posting a random, unfiltered moment every day for a long period of time, the app could build a profile on you, noting where you are, what you typically do and who you interact with. This is no different, of course, from many social media platforms, such as Facebook's laser-like ad targeting and Snapchat's Snap Map feature.8
The blog Security Boulevard took a close look at BeReal's privacy policies and reported the following:
-
Rights
After giving the terms of service a close read, BeReal is granted 30 years in which they can reuse user photos in any form.
-
Reveal
It's very easy to share identifying information (like your location), personal information (like what the inside of your bedroom looks like), or even proprietary information (like a whiteboard at work) on BeReal.
-
Geolocation
When posting a photo, users are asked to turn on/off geolocation and whether they want to share it with the whole BeReal community or just their circle of friends.
-
Cookies
Like Facebook, Instagram, and other social media apps, BeReal uses third-party cookies. That means user activity there is being tracked by advertisers in order to serve personalized ads.9
Conclusion
Social networks aim to allow people to share moments of their lives, both filtered and unfiltered. The potential danger of this activity comes when companies record information thoughtlessly or even unwillingly given by users. The purpose of this report is not to tell people to stop using social media, but to be more mindful of what they put out there. In the end, if something is free, you are the product.
1 Schweiger, T. (2019, June 23). The digital image-history, use in social media, and it's power to influence. Medium. Retrieved November 20, 2022, from https://tinaschweiger.medium.com/the-digital-image-history-use-in-social-media-and-its-power-to-influence-249a2e0d0d1c
2 Silva, A. (2022, September 23). No likes, filters or influencers: Why Millions are using Bereal and why TikTok is trying to copy it. ABC News. Retrieved December 2, 2022, from https://www.abc.net.au/news/2022-09-23/what-is-bereal-tiktok-rival-app-social-media-authentic/101453182
3 Germain, T. (n.d.). How a photo's hidden 'exif' data exposes your personal information. Consumer Reports. Retrieved November 21, 2022, from https://www.consumerreports.org/privacy/what-can-you-tell-from-photo-exif-data-a2386546443/
4 Perez, S. (2022, November 14). Apple faces new lawsuit over its data collection practices in first-party apps, like the app store. TechCrunch. Retrieved November 19, 2022, from https://techcrunch.com/2022/11/14/apple-faces-new-lawsuit-over-its-data-collection-practices-in-first-party-apps-like-the-app-store/
5 Sandle, B. D. T. (2022, August 7). Revealed: Bereal may share your location data without your consent. Digital Journal. Retrieved November 20, 2022, from https://www.digitaljournal.com/social-media/revealed-bereal-may-share-your-location-data-without-your-consent/article#ixzz7liIVAFOS
6 Doering, K. (2021, July 22). 4 tech tools for sleuthing image metadata in social media posts. Pursuit Magazine. Retrieved November 24, 2022, from https://pursuitmag.com/4-tech-tools-for-sleuthing-image-metadata-in-social-media-posts/
7 Khemka, S., Carl, & a. (2021, November 19). Viewpoint: Beware of BeReal. The Hoya. Retrieved November 21, 2022, from https://thehoya.com/viewpoint-beware-of-bereal/
8 Grant, K. (2022, September 7). Bereal: Can my post get me in trouble at work? BBC News. Retrieved November 3, 2022, from https://www.bbc.com/news/newsbeat-62795955
9 Blog, A. (2022, October 6). Bereal has some major privacy issues. Security Boulevard. Retrieved November 3, 2022, from https://securityboulevard.com/2022/10/bereal-has-some-major-privacy-issues
10 Blog, A. (2022, October 6). Bereal has some major privacy issues. Security Boulevard. Retrieved November 3, 2022, from https://securityboulevard.com/2022/10/bereal-has-some-major-privacy-issues
11 Antonelli, W. (n.d.). Is bereal safe? A guide to all the data the app takes, and what you can do to enhance your security. Business Insider. Retrieved November 21, 2022, from https://www.businessinsider.com/guides/tech/is-bereal-safe
12 Using social media images as data in Social Science Research. (n.d.). Retrieved November 29, 2022, from https://journals.sagepub.com/doi/10.1177/14614448211038761
13 Perreau, K. (n.d.). Bereal. your friends for real. BeReal. Your Friends for Real. Retrieved November 28, 2022, from https://bere.al/en/privacy