Privacy at risk as Path app lets location data slip

by Casey Newton


I wrote about hacker Jeffrey Paul, who discovered that the social network Path published information about his location even when he disabled location services within iOS. The culprit: his camera's EXIF data:

The case illustrates the fiendish complexity of managing one's privacy in the digital era. An average user who disables location services for a given app likely expects that app would not be able to see where the user is. In the Privacy area of the Settings app, a note says "Photos stored on your iPhone may contain other information, such as when and where the photo was taken." Most users will have trouble determining whether and when their pictures include that information.

One work-around is to disable location services for the camera itself, as described here.

But the larger issue remains. When even software programmers can't navigate their smartphones' privacy settings, what hope does a non-programmer have?

Shortly after my post, Path said it would submit an update to the App Store preventing that information from being shared.