Be sure to wash your hands, brush your teeth, and check your camera settings!

 

 

 

With the recent iCloud account hacks that put private celebrity photos in the hands of Reddit jerks, it’s a good time for us to all take a moment to look over what our phones and online accounts are doing. For most of us there’s no danger of someone running a coordinated attack to access our dick pics, but some of the same steps can also keep you safe in the event of larger cloud storage hacks and security breaches like the Heartbleed bug. They’re also useful if you’re going to be participating in political activism. While our smartphones do a lot of super convenient things, some of them aren’t worth the security risks.

(As a note, I don’t mean to victim-blame here. What happened to Jennifer Lawrence, Kate Upton, Kirsten Dunst, etc. was WRONG and no one’s fault but the hackers’. But it’s still a reminder to practice good data hygiene.)

The biggest security problem, and the one that certainly led to these photos being accessible, is the photo “auto-upload” feature that most cloud services offer. Dropbox, OneDrive, iCloud for iPhone, and Photos for Android all encourage you to enable this feature as soon as you set them up. DON’T! It may seem convenient, but this means that every single picture you take with your phone, be it your dinner, an interesting sign, or your breasts, gets uploaded to the internet without asking. The place they go — your cloud storage — is nominally secure, but as this breach of celebrity privacy has taught us it’s only as secure as anything not fully encrypted can be. So while it’s convenient, it’s better to take the time to manually choose which photos deserve to be backed up. It can be turned off under Settings in whichever cloud storage app you use.

The second setting to turn off, especially if you’re likely to be taking part in political activism, is geotagging. Geotagging adds data to your photos that indicates where the photo was taken. While I’m sure this is huge fun for people who want to impress all their friends with their photos of the Great Wall of China, it’s nearly useless for everyday photos. Worse, when combined with auto-upload, it provides a record of your location information to anyone who can hack into (or subpoena) your cloud storage account. Auto-upload at least has the excuse of providing no-effort backup, which is a genuine feature. Geotagging is tossing unnecessary and even dangerous data out into the world for no real benefit.

Even photos you choose to post to social media can give too much away by having a geotag. That bathroom selfie you only meant to show your friends on Twitter is now a public internet record of not only what you look like, but where you live. The web site IKnowWhereYourCatLives.com has drawn attention to this fact by using the geotags from publicly shared cat photos (the lifeblood of the internet!) to pinpoint the homes of their owners. If you want to be extra secure you can turn off GPS entirely, but I for one rely too much on Google Now’s COTA schedules. An internet search should tell you how to turn these settings off on your specific phone. Even if you have it turned off, apps that use your camera (like Facebook, Twitter, etc.) may still ask to tag your photo locations. Just say no!

It only takes a few tweaks to keep your personal photos personal. So bask in that feeling of security and then come back soon for Data Hygiene Part 2, where I’ll talk more about cloud storage and how to keep prying eyes out of your internet history. After all, if you’re reading the Free Press, the NSA is probably already watching you!