A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 2.44K Posts
- 57.4K Comments
- Modlog
reminds me of geowizards episodes geolocating vacation photos for fun. this one was insane, similar in detail to the photo in the tweet
Here is an alternative Piped link(s):
this one
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
That photo was more than just some trees
.
deleted by creator
Geo guessing is related to open source intelligence techniques, and it’s pretty easy to get surprisingly good at it.
People who are good at it can take a picture of someone’s room and deduce enough about them (sometimes) to be able to get their name, address and phone number.
It being automatic is pretty cool, but you were already leaking the information to anyone interested.
https://www.sans.org/blog/geolocation-resources-for-osint-investigations/
https://youtu.be/p7_2ZA1HHMo?si=O19_7LA3SoyvZEm1
Yep. If you play geoguessr.com or others you wont find it that surprising.
Yep. If you play geoguessr.com or others you wont find it that surprising.
Here is an alternative Piped link(s):
https://piped.video/p7_2ZA1HHMo?si=O19_7LA3SoyvZEm1
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
what should I do if I was already expecting this level of surveillance
@match@pawb.social @CoderSupreme@programming.dev
What should you do about surveillance technology? Ask a Amish hacker!
This Just In: Most photos uploaded to the internet are not stripped of their metadata, and one of the common things kept in metadata is… (drumroll please)… your GPS coordinates.
This is a lot less interesting than it seems to be at first glance, imho.
Yeah, disable gps metadata in your camera settings. Wondering why it often is default on?
Because people that don’t care about privacy find this to be a nice feature.
There are gallery apps that let’s you sort by location and it’s nice if you want to search for the cool thing you saw once again.
I mean, yes, but that’s not what they’re doing.
https://arxiv.org/abs/2307.05845 https://github.com/LukasHaas/PIGEON
It’s a Stanford project that does what it looks like is happening in the screenshot.
@SnotFlickerman@lemmy.blahaj.zone @CoderSupreme@programming.dev
Some digital cameras and phone cameras can also embed the GPS coordinates in the pixel data so that even if you delete the EXIF metadata the GPS location and device serial number are still present in the image. Many document printers also embed device serial number and other data on printed documents by using nearly invisible dot encodings.
Don’t use propritary camera software then, got it.
That’s crazy. Just read this and I’m just mystified
Wasn’t there some online service to hide documents in your images?
i’m sure there are an endless amount, and there are certainly client-side software that makes it easy as well.
https://en.wikipedia.org/wiki/Steganography
No idea, but I found this wikihow https://www.wikihow.com/Hide-a-File-in-an-Image-File
Back in like 2006 or 7 steganography was used in obscure corners of the internet ( like insurgen.cc, an early anonymous holdout that got broken up by the feds) to pass around hacking tools. You’d unzip the dangerous kitten photo with winrar and extract a set of hacking tools. One I remember passed around widely was the low orbiting ion cannon the /b used to ddos scientologists.
Ah shit. Any easy way to determine if your camera’s doing that? Would that normally be in manufacterer specs?
No easy way at all. The specs would be in-house manufacturer docs. Recall that digital cameras used to embed date and time visibly in images in a corner. The logical progression was to embed other data such as device serial number, geotag data, etc.
Regarding the schemes for steganographic identification in devices such as cameras and printers, this information is usually kept a trade secret. The Secret Service would probably already have the spec docs for data hiding. Many manufacturers already have working agreements to provide back door assistance and documentation for the hardware surveillance economy. Ink chemistry profiles are registered with the Secret Service. The subterfuge is to ‘investigate counterfeiting’ but it is also used to identify whistleblowers and objective targets by their printer serial number or ink chemistry, or the data embedded in any images they are naive enough to publish.
If you are a undercover reporter secretly video recording, unbeknownst to you the video could have metadata encoded using a secret scheme. If you registered that product for a warranty, or bought it online and had it shipped, or paid with a credit card or check, or walked beneath the electronics store cameras without a hat and sunglasses to pay cash, it is easy for the state organs to then follow the breadcrumbs and identify the videographer.
Almost all ‘free’ wifi hotspots offered by chain restaurants and hotels are logged with the data being stored indefinitely, showing your mac address. It takes only a little bit of investigation and process of elimination to find the user on a camera feed history, to see who was connected when a certain message or leak was sent. If you use a wifi hotspot in a McDonalds, Wendy’s, Starbucks, etc. smile for the surveillance camera which will also have your device’s unique MAC address in the wifi history. This MAC address data is automatically sent to a central station, for example at the Wandering Wifi company, and God only knows how long they store it.
None of this nonsense makes anyone safer. These people hate us.
I think we can trust that most phone camera apps do in fact obey the toggle they provide for whether or not to embed the GPS location data in the image.
deleted by creator
Try Polaroid.
I think Lemmy strips it, right? That’s why pictures were uploading sideways for a while?
Lemmy does not remove exif data (unless the code has changed), you need to remove it yourself (also a good practice in general)
Software that doesnt store private metadata
androidGrapheneOS screenshotsI think I have read that on some versions it can store the app’s package name in the metadata. Not sure if that counts private but if and when it does so, it’s good to be aware of
For sure, edited it. GrapheneOS screenshots have no metadata afaik
So it has nothing to do with the trees?
GPS coordinates in metadata isn’t common
Literally just after talking about how people are spouting confident misinformation on another thread I see this one.
People replying to a Twitter thread with photos are automatically having the location data stripped.
God, I can’t wait for LLMs to automate calling out well intentioned total BS in every single comment on social media eventually. It’s increasing at a worrying pace.
I mean… that’s pre-musk information
removed by mod
Pretty sure Twitter strips it out by default.
What about X?
Don’t have the manpower to change that.
I’m sure most people who would put this to test would strip that data or screen grab the image to do the same thing…. If you know about meta data, so does a large amount of other people mate…
The people would be labeled as a fraud very fast if this wasn’t actually a real thing dude.
It’s just sourcing data from Street View or similar. Not that scary. If it picked you out of a crowd in a randomly sourced image from that area, then it’d be scary.
It really isn’t that hard if anything like a silhouette of mountains are in the background and you have a couple of rough hints that give you an idea where to start or how to narrow down possible locations, no AI needed.
You’re misunderstanding the post. It’s not about whether or not someone could guess your location from a picture. It’s about the automation thereof. As soon as that is possible it becomes another viable vector to compromise your privacy.
And you misunderstand my point, it always has been a way to compromise your privacy. Privacy matters most in the individual case, with people who know you. If you e.g. share a picture taken at your home (outside or looking out of the window in the background) with a friend online you always had to assume that they could figure out where you lived from that if there were any of those kinds of features in there.
Sure, companies might be able to do it on a larger scale but honestly, AI is just too inefficient for that right now, as in the energy-cost required to apply it to every picture you share just in case your location might be useful isn’t worth it yet.
That statement is subjective at best. My friends and coworkers knowing where I live certainly isn’t my concern. In today’s day and age privacy enthusiasts are definitely more scared of corpos and governments.
You’re thinking too small. Just in the context of the e2ee ban planned in europe, think what you could do. The new law is set to scan all your messages before/after sending for specific keywords. Imagine you get automatically flagged and now an AI is scanning all your pictures for locations and contacts and what not. Just the thought that might be technically possible is scary as hell.
Governments won’t scan all your pictures to figure out who you are, they are just going to ask (read: legally force) the website/hoster where you posted that picture for your IP address and/or payment info and then do the same with your ISP/payment provider to convert that into your RL info to figure out who you are.
And you might not be worried about your RL friends or coworkers but what about people you meet online? Everyone able to see your post on some social media site?
Nobody is going to scan all the pictures you post for some information that is going to be valid for a long time after it is discovered once. Governments and corporations have had the means to discover who you are once for a long time.
If I ever upload photos publicly, I will add a background blur first
There are techniques to deblur. It’s even how a prolific child sex offender was caught.
Anti Commercial-AI license
I mean I’m sure it depends on how it’s blurred.
True, but that just turns into a cat an mouse game. Also, one the photo is up, the background doesn’t change how its blurred with time --> wait long enough and a technique to unblur will be developed.
Anti Commercial-AI license
You can’t just program data that doesn’t exist into existence.
I do remember 1-2 years ago there is a paper (or model?) that reverse blured images. It’s similar to how ML based object remover and inpainting works. Granted it only works for specific blurring algo.
You do realize that a lot of image recognition was done on scaled down images? Some techniques would even blur the images on purpose to reduce the chance of confusion. Hell, anti-aliasing makes text seem more readable by adding targeted blur.
Deblurring is guessing and if you have enough computing power with some brain power (or AI), you can reduce the number of required guesses by erasing improbable guesses.
Anti Commercial-AI license
this is extremely scary if true. are these algorithms obtainable by every day people? do they work only in heavily photographed areas or do they infer based on things like climate, foliage, etc? I would love some documentation on these tools if anyone has any.
https://github.com/LukasHaas/PIGEON
https://arxiv.org/abs/2307.05845
Basically a combination of what the game geoguesser does, and public geotagged images to be able to get a decent shot at approximate location for previously unseen areas.
It’s more ominous when automated, but with only a little practice it’s easy enough for a human to get significantly better.
EDIT: yup, looks like this is the guy from the Twitter: https://andrewgao.dev/ and he’s Stanford affiliated with the same department that made the above paper and system.
Are you sure? The paper you linked mentioned the model beating a top geoguesser player six times in a row.
I am not sure it’s the same software, but it’s a fairly good guess I think. Same software capabilities and same lab, with the same area of research.
Geoguesser is a subset of the skills used for general image geo location for open source intelligence.
In the specific cases of only using the data present in the image and relying on geographic information, it certainly does better.
Humans still do better, and can reach decent skill with minimal training, at placing images that require spatial reasoning or referencing multiple data sources.
AI tools will likely be able to learn those extra skills, but it doesn’t change that it’s the photo that’s the data leak, and not the tool. The tool just makes it vastly more accessible, and part of the task easier for curious human.
If I’m the dev, I would scrape off Google Street View with cords as data source.
deleted by creator
There are tons of machine learning algorithm libraries easily usable by any relatively amateur programmer. Aside from that all they would need is access to a sufficient quantity of geographically tagged photographs to train one with. You could probably scrape a decent corpus from google street view.
The obtainability of any given AI application is directly proportional to the availability of data sets that model the problem. The algorithms are all packed up into user friendly programs and apis that are mostly freely available.
It might be easier to train the AI to the specific things Geoguessr players have collected as signs that give away a location instead of letting the AI figure all those out again.
https://arxiv.org/html/2307.05845v4
I believe this is the paper
Rainbolt has a couple of videos playing against AI. I don’t remember what they said it was trained on but it’s possible it was based on that.
ooh baby I love a good supervised learning
The tweet:
(Is the preview working for you? For me, it’s not).
The game is called geoguessing and those who do this regularly are crazy good at it, taking into account the kind of trees you see, where the sun and shadows are, even the color of the dirt and the pavement.
Tom Scott did something similar and was frightened too: https://www.youtube.com/watch?v=cGqEBvlmFAQ&pp=ygUSdG9tIHNjb3R0IGZvdW5kIHVz
“A couple of trees…”
And a body of water, and a road, possibly some mountains… (smh)
The embed works for me
https://www.youtube.com/@GeoWizard has a couple videos in a series where he guesses historic photo locations quite accurately too.
Here is an alternative Piped link(s):
https://www.piped.video/@GeoWizard
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
important second frame for context!
& no it isnt. quite sure twitter broke link previews a long time ago alongside guest accounts.
which llm does he use
Looks like Pigeon or Pigeotto https://huggingface.co/papers/2307.05845
tragic that it doesnt include a gguf or safetensors file for easy access. ill load it up eventually. this would be very useful for invasive animal research
https://huggingface.co/geolocal/StreetCLIP/tree/main
Streetclip seems to be the public release. Or a version of it.
thanks, that lets me load it into my setup much quicker. i do environmental research so this will be useful
still a bit of a shame no safetensors or gguf
Andrew Gao why are you still on the fascist site
do you think elonMusk is fascist or do you mean that twitter is fascist?
Yes.
what do you think fascism is?
A word used to tell someone you disagree with them when you have no idea how to express why.
apparently 🤷
Anyone with different opinions, obviously.
Your mom sitting on my face
I didn’t find that in the Twitter UI and wondered why OP thought it was an AI. Thanks for sharing.