On the Awareness, Control and Privacy of Shared Photo Metadata

  • Benjamin HenneEmail author
  • Maximilian Koch
  • Matthew Smith
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8437)


With the continuously rising number of shared photos, metadata is also increasingly shared, possibly with a huge and potentially unseen impact on the privacy of people. Users often relinquish the control over their photos and the embedded metadata when uploading them. Our results confirm that the concept of metadata is still not commonly known and even people who know about the concept are not aware of the full extent of what is shared. In this work we present two solutions, one to raise awareness about metadata in online photos and one to offer a user-friendly way to gain control over what and how metadata is shared. We assess user interest in options ranging from deletion and modification to encryption and third party storage. We present results from a lab study (\(\mathrm {n}=43\)) in which we evaluated user acceptance, feelings and usability of the proposed solutions. Many of our participants expressed the desire for user-friendly mechanisms to control the privacy of metadata. 33 % of them did not simply want to delete their metadata, but preferred to use encryption to share, but nonetheless protect, their data.


Metadata Standard System Usability Scale Image Metadata Preview Image System Usability Scale Score 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Besmer, A., Richter Lipford, H.: Moving beyond untagging: photo privacy in a tagged world. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’10, pp. 1563–1572. ACM (2010)Google Scholar
  2. 2.
    Brooke, J.: SUS: a quick and dirty usability scale. In: Jordan, P.W., Weerdmeester, B., Thomas, A., Mclelland, I.L. (eds.) Usability Evaluation in Industry. Taylor and Francis, London (1996)Google Scholar
  3. 3.
    Fahl, S., Harbach, M., Muders, T., Smith, M.: Confidentiality as a service - usable security for the cloud. In: 2012 IEEE 11th Int’l Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 153–162 (2012)Google Scholar
  4. 4.
    Fahl, S., Harbach, M., Muders, T., Smith, M., Sander, U.: Helping johnny 2.0 to encrypt his facebook conversations. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS ’12, pp. 11:1–11:17. ACM (2012)Google Scholar
  5. 5.
    Friedland, G., Sommer, R.: Cybercasing the joint: on the privacy implications of geo-tagging. In: Proceedings of the 5th USENIX Conference on Hot Topics in Security, HotSec’10, pp. 1–8. USENIX Association (2010)Google Scholar
  6. 6.
    Henne, B., Smith, M.: Awareness about photos on the web and how privacy-privacy-tradeoffs could help. In: Adams, A.A., Brenner, M., Smith, M. (eds.) FC 2013. LNCS, vol. 7862, pp. 131–148. Springer, Heidelberg (2013)Google Scholar
  7. 7.
    Henne, B., Szongott, C., Smith, M.: Snapme if you can: privacy threats of other peoples’ geo-tagged media and what we can do about it. In: Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec ’13, pp. 95–106. ACM (2013)Google Scholar
  8. 8.
    Klemperer, P., Liang, Y., Mazurek, M., Sleeper, M., Ur, B., Bauer, L., Cranor, L.F., Gupta, N., Reiter, M.: Tag, you can see it!: using tags for access control in photo sharing. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’12, pp. 377–386. ACM (2012)Google Scholar
  9. 9.
    Mahmood, S., Desmedt, Y.: Usable privacy by visual and interactive control of information flow. In: Christianson, B., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2012. LNCS, vol. 7622, pp. 181–188. Springer, Heidelberg (2012)Google Scholar
  10. 10.
    Mahmood, S., Desmedt, Y.: Poster: preliminary analysis of google+’s privacy. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS ’11, pp. 809–812. ACM (2011)Google Scholar
  11. 11.
    Maurer, M.E., De Luca, A., Kempe, S.: Using data type based security alert dialogs to raise online security awareness. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, SOUPS ’11, pp. 2:1–2:13. ACM (2011)Google Scholar
  12. 12.
    Sheng, S., Broderick, L., Koranda, C.A., Hyland, J.J.: Why johnny still can’t encrypt: evaluating the usability of email encryption software. In: Symposium on Usable Privacy and Security (2006)Google Scholar
  13. 13.
    Shin, D., Lopes, R.: An empirical study of visual security cues to prevent the SSLstripping attack. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 287–296 (2011)Google Scholar

Copyright information

© International Financial Cryptography Association 2014

Authors and Affiliations

  • Benjamin Henne
    • 1
    Email author
  • Maximilian Koch
    • 1
  • Matthew Smith
    • 1
  1. 1.Distributed Computing and Security GroupLeibniz Universität HannoverHannoverGermany

Personalised recommendations