Twitter | Search | |
Edin Jusupovic
is embedding tracking data inside photos you download. I noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained what I now understand is an IPTC special instruction. Shocking level of tracking..
Reply Retweet Like More
Edin Jusupovic Jul 10
Replying to @oasace
The take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more).
Reply Retweet Like
Edin Jusupovic Jul 10
Replying to @oasace
I suppose the more concerning issue here is that there is already a variety of advanced techniques to inject data inside photos using steganography such that it would be impossible to forensically detect. If weaponized, it could be used for tracking; with zero proof.
Reply Retweet Like
˥ǝƃǝᴉds ǝʞᴉds Jul 10
Replying to @oasace
any insight on how screenshots of photos are treated?
Reply Retweet Like
Edin Jusupovic Jul 10
Replying to @REM111KZ
This type of injection would not survive screenshotting since it's at the file level but I would safely assume that a method or technique exists to invisibly watermark the image in a way that could survive even screenshotting; the downside would be less room for tracking data.
Reply Retweet Like
Edin Jusupovic Jul 10
Replying to @REM111KZ
I would say it's definitely possible but whether facebook is using such advanced and sophisticated tracking is a different story; it's highly probable IMO.
Reply Retweet Like
Edin Jusupovic Jul 11
The IPTC special instruction starts with FBMD; if you download a photo from facebook and dump it using any hex editior you'll see a unique IPTC special instruction, we don't know what it's for but it's very likely tracking of some sort considering every photo has a unique one.
Reply Retweet Like
Edin Jusupovic Jul 11
Correct.
Reply Retweet Like
Edin Jusupovic Jul 11
Replying to @dakami
Pinging , this might interest you.
Reply Retweet Like
Dan Kaminsky Jul 11
Replying to @oasace
Took a quick look — looks like FB is just passing EXIF through.
Reply Retweet Like
Edin Jusupovic Jul 11
Replying to @dakami
there's more to this than meets the eye 🤔
Reply Retweet Like
Edin Jusupovic Jul 11
I can imagine a number of different applications, one such example would be identifying the uploader of a photo if that photo was uploaded to Facebook (again) by another person and then correlating the relationship between said photo and person or persons. Many more uses...
Reply Retweet Like
Edin Jusupovic Jul 11
Replying to @oasace
Or even correlating data based on photos from a different platform outside of FB, if they don't strip the IPTC special instructions.
Reply Retweet Like
Edin Jusupovic Jul 12
CC Happy to comment further on it via edin+jusupovic@tutanota.com (remove + from email)
Reply Retweet Like
Edin Jusupovic Jul 12
Nearly forgot
Reply Retweet Like
Edin Jusupovic Jul 12
Replying to @ddomini40
Bleak future 😥
Reply Retweet Like
Francis Roy Jul 12
Replying to @oasace
Did you notice that it was from Photoshop, which allows you to enter them in image properties? Maybe I'm missing something. Have you tried this on many random images?
Reply Retweet Like
Andrew Pullin Jul 12
Replying to @oasace
DARPA has been doing social network mapping with image watermarking / steganography (you would just see noise in an image diff) for nearly 10 years now.
Reply Retweet Like