scorecardresearch

Beware! Facebook embeds tracking data inside photos you download

Days after Facebook was fined a record $5 billion fine by the Federal Trade Commission (FTC), the social media giant is embroiled in another privacy controversy

Beware! Facebook embeds tracking data inside photos you download
Facebook CEO Mark Zuckerberg testifies before a House Energy and Commerce Committee hearing regarding the company's use and protection of user data on Capitol Hill in Washington, U.S. (Reuters/File Photo)

Days after Facebook was fined a record $5 billion fine by the Federal Trade Commission (FTC), the social media giant is embroiled in another privacy controversy. An Australian cyber researcher has claimed to have found “hidden codes” in photos uploaded by users onto the site.

In a Twitter post, Edin Jusupovic, a cybersecurity expert and a law student (LLB) at the University of New England, claimed that Facebook has been embedding codes inside photos that users download. “Facebook is embedding tracking data inside photos you download.”

Jusupovic claims he noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin. He found that it contained an IPTC special instructions and the data image file originated from Facebook

Jusupovic observed that this enables Facebook to track photos outside of their platform with high precision and to track who originally uploaded the photo.

The IPTC special instructions that Jusupovic viewed are a set of metadata watermarks that describes and gives information about other data. Facebook adds these metadata watermarks to tag the image with its own coding. Enabling the “tracking” to take place, these tags can be read later.

However, what the Australia-based researcher has traced is not new and it is not especially well-hidden either at the basic level. It can be used to trace the ownership of images, to settle cases related to copyright infringement and to provide enhanced user services.

In 2015, a StackOverflow member, Patrick Peccatte, had raised the questions about the images uploaded on Facebook. Many images uploaded on Facebook contain IPTC/IIM fields which are apparently automatically added during the upload process: Special Instruction, a string beginning with “FBMD” and Original Transmission Reference, what is this?” Peccatte asked.

Jusupovic warned that if the technology is weaponised, Facebook could potentially track its users without zero proof.

Get live Share Market updates and latest India News and business news on Financial Express. Download Financial Express App for latest business news.