Facebook’s always at the centre of some privacy controversy or other these days. Programmer Edin Jusupovic, spotted something rather odd recently when looking at a hex dump of an image file of unknown origin. After doing a little investigation, it appears to be IPTC “Special Instructions” injected into the image by Facebook. This header is then kept with the file, as it gets downloaded and reposted around the web. This data seems to have been around since at least 2015, but it seems to have largely gone unnoticed. Now, though, it’s seeing renewed interest in light of recent events and it presents, in Jusupovic’s words, a “shocking level of tracking”.
Jusupovic’s initial tweet and two subsequent followups read… Now, there are both good and bad sides to this. Jusupovic alludes to the bad in his tweets. But as for the good, it might potentially help in the event of some copyright disputes. If you upload a photo to Facebook, Facebook injects its tracking data and then somebody downloads it and re-uploads it elsewhere on Facebook, then Facebook can immediately see that it’s somebody else’s duplicated content when it’s spotted and reported. I noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained what I now understand is an IPTC special instruction. Shocking level of tracking.. The take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more). I suppose the more concerning issue here is that there is already a variety of advanced techniques to inject data inside photos using steganography such that it would be impossible to forensically detect. If weaponized, it could be used for tracking; with zero proof. One Redditor suggests, though, that it’s all about advertising. If Facebook sees the same images re-uploaded by multiple users, they can form some correlations and assumptions about those users and what advertisements they might be likely to click on. Similar people have similar interests and buy similar things. But it does offer potentially more wide-reaching intent off the Facebook platform itself. Facebook could, in theory, track those images all over the web. Facebook certainly has the money and technological capabilities to scan the web in the same way Google does, indexing everything. Another user on Reddit, SongForPenny extends this thought by suggesting it could be used by Facebook as a way to build up a view of your entire network of real-world family, friends, co-workers and associates – even if they’re not on Facebook. Again, SongForPenny’s thoughts here are ultimately advertising dollars. But given the data that Facebook seems to so freely throw around, there doesn’t seem to be much in place to prevent 3rd parties from potentially accessing this for more nefarious purposes. It definitely goes into tin-foil-hat territory, but the Reddit post is worth a read. [via Haaretz/Forbes]
