29 comments

[ 3.9 ms ] story [ 66.3 ms ] thread
kudos this is an awesome tool!

Maybe personal data forensics is the next big market

I like it. One suggestion: Maybe when it can't read the EXIF data it should say something other than "fail".

I realize there is a more descriptive text underneath, but "fail" seems like it's a meme, not an error message.

Thanks, you're right, I should really make that page look a bit better. ;)
What about other options? Dead/underperforming pixels seem to be a good fingerprint as well I believe.

Would be a whole different level of identification, but would lead to multiple ways to detect photos taken by the same camera.

Interesting, but you'd need a large corpus of pictures to compare - not quite as quick as reading EXIF data.
Most images uploaded to the Web are not at full resolution -- it would be hard to fingerprint individual pixels.
You know, Facebook/Twitter/Instagram have access to the metadata. And location. And facial recognition.

Seems like there's a simple ML classifier here to id phones with a sudden ownership change...

These companies could provide value back to their users for all the data they're hoovering up.

There are probably more profitable ways to use that data against users rather than for them.
They may not be mutually exclusive, though...
And if they implemented that, you know it would be called a privacy violation: "Why are you posting pics using my boyfriend's camera?"

Note that this really is the case for 99% of "privacy violations". Eg, that "FB is reading SMS messages" thing the other day was really a user-friendly feature to enable automatic 2-factor auth on your phone. But because it was seen as a privacy problem because it potentially is.

...yet they didn't even put a list of requested permissions with rationale for each one like some developers do.
what about if you sold a camera or some other form of legitimate transfer, loan, for example. I don't want FB starting to track my product serial numbers thank you.
Another one is CameraTrace http://www.cameratrace.com bigger database and documented recoveries, used by law enforcement
And at a much better price-point, too: $10/camera versus £4.99 ($8.26)/month.
I'm not sure where you got the idea they have a bigger database. I wrote stolencamerafinder and I don't know who has the biggest database! I recommend you try both. You can do a free search on both and see which gives you better results ;)
The URL used for this post has a lot of referal tracking data in it that looks to my untrained eye as though it was copied from facebook. That will mess with their stats if it becomes popular on HN.
Has the OP's profile ID in it too.
hehe, yeah, they've copied the link in some strange way. It goes direct to my servers (not through facebook) but appends a bunch of url parameters that mean nothing to me! Matt (creator of http://www.stolencamerafinder.com)
OTOH, it's a good reminder of the privacy implications of digital images. By default all the photos you take are associated with each other and generally fairly easily connected to you.
We recovered an actual stolen camera this way. But it really only worked because the buyer used Flickr, and otherwise this kind of metadata is pretty hidden.
Excellent! If we haven't already spoken, I'd love to hear your story. matt@stolencamerafinder.com
I post photos online and take the time to put my contact info in the EXIF metadata, and sometimes hear back from people who like the images. This is great and I release many of the photos with a public domain 'CC0' license so copyright isn't a big concern, plus I get to see some of my images used on Wikipedia.

What troubles me is how many services (looking at you, Facebook & Twitter) automatically strip _all_ EXIF data from images, thus preventing others from being able to email me.

What's worse is the UK's new 'orphaned works' law [1] which basically lets others re-use your images for free and without attribution if they can't find the original photographer. Effectively this means that Facebook, Twitter, and others are making it easier to steal copyrighted images by providing lots of plausible deniability. I understand about stripping the GPS coordinates from images taken with a smartphone for example, but do not see why all data must be stripped by default.

In your case and mine, EXIF metadata is desirable and stripping everything seems like a really crude tool. Hopefully a better standard approach will come about as people get more switched on to metadata (thanks Snowden) and how it can help or hurt users.

[1]https://www.openrightsgroup.org/blog/2013/orphan-works-the-n...

I still think EXIF should be stripped by default on social sharing sites but there should definitely be an opt-in feature for informed users to invoke rationally.
This can now be easily defeated by programs like this > http://goo.gl/wvBljq or this http://goo.gl/0ZwURC Also, possible by using linux package 'libimage-exiftool-perl' and command such as 'exiftool -all= *.jpg' Now you can post your pictures on facbook without any metadata ^_^
True, but thieves want to sell stolen property, not use it. If the current owner doesn't know it's stolen they wont wipe exif and then we can track it. Hopefully leading to the thief. If we can reduce the motivation to steal the in the first place even better :)
I wish smartphone makers started embedding serial information in the EXIF too.
On a related note, this sub-page [0] shows you, which camera models embedd their info into pictures taken. Just, you know, if you take pictures of sensible stuff or don't want to be connected to photos taken.

[0] http://www.stolencamerafinder.com/listmodels

Related question: Can anyone find a program that just lets me view EXIF data for a file that isn't some shady freeware? Preferably open source?