Rechercher dans ce blog

Sunday, September 6, 2020

Why You Should Stop Sending Photos On Apple iMessage - Forbes

send.indah.link

Our smartphones leak our personal information—we all know this. There’s a multi-multi-billion-dollar marketing industry tracking where we go, who we visit and what we buy. Facebook’s warning that a change in Apple’s iOS 14 would slash advertising revenue tells you just how welcome a change this will be for iPhone users when it eventually comes. Location data is at the heart of this—our sneaky little smartphones know exactly where we are and, given a chance, they’ll happily share with the world.

Apple and (to a lesser extent) Google are now taking steps to provide more protection on what is shared and with who. Again, location sharing is at the heart of this. Not only will iOS 14 introduce app-by-app permission requests for data sharing—the assumption being we’ll almost always say no, it will also limit most location sharing to an approximate 10 square miles—no more address tagging. Google is playing catch-up in Android 11—but at least it’s now introducing one-time-only options to tag locations.

In reality, location tagging is one of the most useful features on your phone, enabling all your mapping and navigation apps, contextual searches and alerts, weather, news, and the rest. Yes, this has gone overboard—as seen with permission abuse (especially on Android), with countless apps monetizing our location data, but when limited it’s invaluable. And we can see this with our photos. Each photo can embed the date, time and location it was taken, enabling you to categorize photos by location.

Recommended For You

But there’s an issue—a serious one. We now capture and share so many photos, both on social media and to our contacts by our messengers. Occasionally it might be useful to share the time and place those photos were taken, but usually not. Social media apps strip this metadata when they upload and compress your photos—downloading the images will not betray private information. But if you email or SMS your photos, then EXIF (Exchangeable Image File) metadata is also sent.

As I’ve written before, SMS and its RCS upgrade have weak security given their lack of end-to-end encryption and fragmented architectures. Most of us now use other messengers most of the time. The two most popular ones—the highly-secure WhatsApp and less-secure Facebook Messenger, both strip EXIF data when you send images. Unsurprisingly, Telegram and Signal do the same. But what about Apple’s end-to-end encrypted iMessage? Unfortunately, it’s actually not as secure as others.

There are several ways photos can be shared over iMessage. You can select the camera icon when composing a new message—if you then take a photo, no location data is sent, which is good. But if you select the photo album option from within the camera, and then select photos to send, these will be sent with embedded location information. Similarly, if you select the photo app from within iMessage, then any photos sent will not be stripped of metadata—even if you toggle location services off before sending.

Clearly, photos can only include embedded data if it’s captured. You could turn off location services for the camera within your privacy settings and not capture GPS data at all—but then you’d miss all the location functionality associated with your photos.

There is a way to protect your location data within iMessage, but it’s clunky.

In the primary photo app, you have a share option. You can select one or multiple photos and then have the “options” to remove all photo data or just location data. You can then share the photo(s) using any messenger or social media platforms. This is far from ideal—most users are within iMessage when they choose to share a photo, and click through to attach the images they want to send, with no option to strip data before sending. There’s not even a warning that the photos may include private data.

This confusing mix and match for sharing location data embedded within iMessage photo attachments needs to be addressed. There should be a blanket override for stripping EXIF within iMessage or an option each time you send.

It’s simple to just opt for WhatsApp instead—end-to-end encrypted and all metadata stripped by default. But there are actually major advantages in sending photos over iMessage. Images and not automatically compressed, so you can send the original format. And you can share GPS and other data where you need to. But, absent that, such private information should be stripped out, erring on the side of caution.

According to Tommy Mysk, one of the researchers who discovered the iOS clipboard issue that so plagued TikTok, the problem with using the iOS photo app share tool to exclude location data is that “the change is not persisted—the location toggle is always switched on by default. If the user switches it off and shares a photo and then tries to share another photo, the user must tap on options and perform the tedious task of toggling that switch off again. This has to be done every time the user shares a photo.”

As for the option to share photos directly from iMessage, Mysk warned that “the user gets a minimalistic view of their photos. This method does not show any warning if a photo has location info in it. It also doesn’t provide an option to remove location info from the photo. In other words, the user picks a photo and sends it to a contact without knowing that the photo has location information in its EXIF properties.. Many of my friends actually use this method for sharing photos in iMessages.”

This issue doesn’t just hit recently taken photos sent to your friends. Once you lose control of EXIF data, those photos can be forwarded again and again indefinitely. If you send a photo that’s repeatedly forwarded and shared, your data goes each time.

Mysk tested the issue with the latest beta of iOS 14 and told me that “there doesn’t seem to be any change,” although there does not appear to be a “location included” notification next to “options” when you select images from within the photos app.

I have asked Apple if they have plans to address this—given their privacy-first mantra, it remains surprising that this issue has slipped their net. iMessage straddles the line between SMS and WhatsApp—a universal messenger on one hand, a secure end-to-end encrypted platform on the other. This issue is unsurprising on the SMS side, but it is surprising on the secure side. Let’s hope Apple gets this fixed this now.

MORE FROM FORBESHuawei Confirms Dangerous New Switch To Russia The Link Lonk


September 06, 2020 at 04:30PM
https://www.forbes.com/sites/zakdoffman/2020/09/06/apple-iphone-12-ios14-ipad-upgrade-update-imessage-security/

Why You Should Stop Sending Photos On Apple iMessage - Forbes

https://news.google.com/search?q=Send&hl=en-US&gl=US&ceid=US:en

No comments:

Post a Comment

Featured Post

South Dakota to send National Guard troops to Texas - ABC News

send.indah.link South Dakota Gov. Kristi Noem says she will join a growing list of Republican governors sending law enforcement officers...

Popular Posts