How to Keep Facebook from Snooping on Your Photos’ Locations

posted in: July 2021 | 0
32 comments

Even many people who are troubled by Facebook’s privacy abuses feel they can’t avoid using Facebook’s iPhone app to stay in touch with their family, friends, and communities. If that’s you, first make certain you’ve turned off Allow Apps to Request to Track in Settings > Privacy > Tracking (see “Apple Releases iOS 14.5, iPadOS 14.5, macOS 11.3, watchOS 7.4, and tvOS 14.5,” 26 April 2021). Also, be sure to set Settings > Privacy > Location Services > Facebook to Never to keep Facebook from tracking your location. Facebook can’t track your location anymore, right? Well, not quite.

Zak Doffman, writing for Forbes, discovered that Facebook extracts location data from any photos you upload. It does this by snagging the EXIF data embedded in any photo you take with your iPhone, which includes location, date and time, and camera settings. In normal usage, the Photos app uses that location data to display a map of where you took all your photos.

Facebook extracts your photos’ location data in a particularly sneaky way, stripping it out between when you upload the photo and when it’s published on Facebook. That might lead you to believe your privacy is being protected. If you download a photo from Facebook, you won’t find any interesting EXIF information, but Facebook silently adds it all to its own data trove. Facebook confirmed that practice to Doffman.

Instagram, which is owned by Facebook, engages in the same behavior, and it’s probably safe to assume any Facebook-owned app does so as well. We wouldn’t trust any other ad-supported services that accept photos either.

If you’re curious about what sort of data is embedded in your photos, you can easily view it on your Mac. To maintain your privacy when sharing photos, we recommend stripping the location data when exporting from Photos on your Mac, iPhone, or iPad, and we’ve made an iOS shortcut to share photos without metadata. Finally, just to be safe, you can block an app’s access to your photo library in iOS so it can’t possibly exfiltrate data.

View EXIF Data on Your Mac

Before you learn how to strip EXIF data, it’s helpful to see for yourself what’s there. That requires a third-party app on iOS, but Photos, Preview, and even the Finder on the Mac can show you that information just by selecting a photo and pressing Command-I. You’ll see the most detailed EXIF data in Preview. Be sure to click the “i” tab, and you can see more EXIF data by clicking General, Exif, and GPS.

Preview EXIF data

Strip EXIF Location Data from Photos on Your Mac

Photos can strip EXIF location data automatically when you drag a photo from Photos into the Finder to export it. This is controlled by a setting in Photos > Preferences called “Include location information for published items.” As long as that’s unchecked, Photos will remove the location data during the export process.

Photos location export setting

If you instead use File > Export > Export X Photos, there’s a Location Information checkbox that controls whether or not Photos will export GPS location data along with the photos.

Strip EXIF Data from Photos on Your iPhone or iPad

You need an app to view all the EXIF metadata on an iPhone or iPad, but you can strip location metadata from photos for free. Open a photo in Photos, and tap the photo to reveal the share icon. Tap the share icon and then tap Options at the top. Turn off Location and tap Done. You can then share or copy your photo to send it out into the world without location data.

Sharing a photo without location data

But it’s easy to forget to do that every time you want to share a photo. If you want a technique that is guaranteed to strip the data each time, I’ve created a shortcut to share photos without location data. Install and open the shortcut, select your photos, and tap Add in the upper-right corner. You can then choose the destination from the share sheet. If you share photos frequently, you could invoke the shortcut via Siri or even customize it to share automatically to your preferred app.

Some apps like Twitter don’t play nicely with the share sheet. For them, I copy the image from the share sheet and paste it into the app.

Protecting Access to Your Photos in iOS

Blocking Facebook's access to your photosIn its ongoing push to ensure that apps can access only data that the user intends them to access, Apple introduced a privacy feature in iOS 14 that lets you control which photos any given app can access. It’s fiddly to select only a subset of photos that you may want to share, and if you’re sharing directly from Photos or the shortcut, apps don’t need access to your photos anyway.

To cut off access to photos, go to Settings > Privacy > Photos > App Name and select None. That way, Facebook and other nosy apps can’t access your photo library at all.

Stripping Location Metadata Should Be the Default

WWDC is only days away, and we’d like to see Apple add better control of location metadata to iOS 15 and iPadOS 15. Photos for Mac can already strip this data on export, and iOS and iPadOS can do it on a per-photo basis. Facebook’s behavior shows that this is not enough.

Apple’s next step should be to add two switches at the top of Settings > Privacy > Photos. The first would globally prevent all apps with access to photos from reading EXIF data, and the second would automatically strip location metadata on export, just like in Photos for the Mac. Apps could request permission to override either setting, and the user could grant such permission on a per-app or per-export basis.