I know where your cat lives

by Jo Brodie, Queen Mary University of London

Governments pass laws to protect their citizens privacy. They outlaw reading email, listening in to phone calls and accessing data without permission or a court order. If you really care about privacy though, you need to protect your 'metadata' too: data about data. The police and security services can learn a lot from metadata when they put their minds to it. Anyone else with access can too. You need to take care of yours (and that of your cat).

Imagine you are on the run, hoping not to be found. You would make sure no one took a photograph of you that showed where you were, but you might think you were safe enough if you weren't standing next to a distinctive landmark. Think again. John McAfee (who was on the run from the Police at the time), was located by a photograph, but not because of anything visible in the picture. It was because of the hidden metadata attached to it.

Metadata is all the indexing information that goes with data. So a film on DVD is actual data but the name of the film, the director, information about the actors, and so on - that's its metadata. Similarly, the words you say in a phone call are the data, but who is calling who and from where is metadata.

With photos (the data), the metadata includes where the photo was taken and the camera it was taken with. Smartphones track very precise location information, and, unless you switch this setting off, this metadata of where it was taken is saved with the picture. If the photo is uploaded to a website, the metadata is uploaded too, and that's what happened to John McAfee. A journalist interviewed him and took a photo, intending not to give away his whereabouts. However, he uploaded the photo which gave away the precise location in the metadata. This would have made it easier for law enforcement to catch up with him ... had he not found out about the location-leak first and made his escape in the nick of time.

Location based services on smartphones are really useful. If you want to find out where you are, how far away something is, or use the inbuilt map apps on the phone to plan how to get somewhere, then you need to let the phone know where it is. But you might not want a photograph you take inside your home to share the information of where that house is to anyone who cares to know, stalkers and trolls included.

The website "I know where your cat lives" aims to make more people aware of the information they give away unintentionally. Plenty of people share photographs of their gorgeous pets on the Internet. Most also unwittingly give away the precise latitude and longitude of where they live. The site collects publicly available cat photos with their metadata and plots them on an aerial photo map, showing where each cat's photo has been taken, and so likely where the owner lives

German Green party MP, Malte Spitz, went a step further and published 6 months of records kept (at the time by law) by his phone company about him. To emphasise how scary it was privacy-wise he published it in the form of a minute by minute interactive map, so anyone could follow his exact location (just like the phone company) as though in real time from the location metadata his phone was giving away all the time. The metadata was combined with his freely available social networking data, allowing anyone to see not just where he was but often what he was doing. Germany no longer requires phone companies to keep this metadata, but other countries have antiterrorist laws that require similar information to be kept for everyone. You can explore Malte's movements at www.zeit.de/datenschutz/malte-spitz-data-retention to get an idea of how your life is being tracked by metadata.

Don't just look after your cat, look after your cat's metadata too (not to mention your own)!