Facebook CEO Mark Zuckerberg testifies before a House Energy and Commerce Committee hearing regarding the company’s use and protection of user data on Capitol Hill. (Reuters/File Photo)

Days after Facebook was fined a record $5 billion fine by the Federal Trade Commission (FTC), the social media giant is embroiled in another privacy controversy. An Australian cyber researcher has claimed to have found “hidden codes” in photos uploaded by users onto the site.

In a Twitter post, Edin Jusupovic, a cybersecurity expert and a law student (LLB) at the University of New England, claimed that Facebook has been embedding codes inside photos that users download. “Facebook is embedding tracking data inside photos you download.”

Jusupovic claims he noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin. He found that it contained an IPTC special instructions and the data image file originated from Facebook

Jusupovic observed that this enables Facebook to track photos outside of their platform with high precision and to track who originally uploaded the photo.

#facebook is embedding tracking data inside photos you download.

I noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained what I now understand is an IPTC special instruction. Shocking level of tracking.. pic.twitter.com/WC1u7Zh5gN

— Edin Jusupovic (@oasace) July 11, 2019

The IPTC special instructions that Jusupovic viewed are a set of metadata watermarks that describes and gives information about other data. Facebook adds these metadata watermarks to tag the image with its own coding. Enabling the “tracking” to take place, these tags can be read later.

However, what the Australia-based researcher has traced is not new and it is not especially well-hidden either at the basic level. It can be used to trace the ownership of images, to settle cases related to copyright infringement and to provide enhanced user services.

In 2015, a StackOverflow member, Patrick Peccatte, had raised the questions about the images uploaded on Facebook. Many images uploaded on Facebook contain IPTC/IIM fields which are apparently automatically added during the upload process: Special Instruction, a string beginning with “FBMD” and Original Transmission Reference, what is this?” Peccatte asked.

Jusupovic warned that if the technology is weaponised, Facebook could potentially track its users without zero proof.