Facebook has become synonymous with privacy violations in the year since Cambridge Analytica came to light. Now in the same week that details of the record $5 billion FTC fine emerged, an Australian cyber researcher has reopened a years-old debate as to whether the social media giant is embedding “hidden codes” in photos uploaded by users onto the site.
“Facebook is embedding tracking data inside photos you download,” Edin Jusupovic claimed on Twitter, explaining he had “noticed a structural abnormality when looking at a hex dump of an image file from an unknown origin only to discover it contained what I now understand is an IPTC special instruction.” The IPTC (International Press Telecommunications Council) sets technical publishing standards, including those for image metadata.
Jusupovic described this as a “shocking level of tracking,” adding that “the take from this is that they can potentially track photos outside of their own platform with a disturbing level of precision about who originally uploaded the photo (and much more).”
The “IPTC special instructions” that Jusupovic viewed are essentially metadata watermarks that Facebook adds to tag the image with its own coding—those tags can be read later, enabling the “tracking” to take place. This is not new, and at a basic level not especially well-hidden either. It can be used to trace the ownership of images, to resolve copyright infringements, to provide enhanced user services. It can also be used to better target advertising and trace links between different users.
This coding method lets Facebook “know it has seen the image before when it gets uploaded again,” explained a user on Reddit. “It is yet another way to learn associations between people. Person 1 uploaded a bunch of the same photos Person 2 uploaded, let’s show them both all the same advertisements!”,Another user on the same forum linked the coding to the current focus on the spread of fake news.
This latest research, though, will add more fuel to the fiery Facebook debate around social media and privacy.