Back in December 2012, John McAfee gripped the world with a sudden return to fame. The reclusive technology entrepreneur had lived in the jungles of Belize with a coterie of young women for years, developing new antibiotic drugs.
His new life was far removed from the days when he founded McAfee Anti-Virus software after reading a newspaper article about how computer viruses work.
But after his neighbour was found to have been shot dead, John McAfee fled. Fearing persecution in Belize, he disguised his identity and crossed the border into Guatemala. Reporters from Vice magazine accompanied McAfee on his journey.
A teaser for an exclusive interview with McAfee was posted, titled: “We Are With John McAfee Right Now, Suckers”. A photograph of McAfee with Vice editor-in-chief Rocco Castoro was featured at the top of the interview. It was this photograph that caused John McAfee to be arrested and subsequently deported to the US.
One of the two Vice journalists who had been traveling with John McAfee failed to remove what’s called the “Exif” data from the image. By downloading the image or copying its URL into a free online Exif viewer, readers were able to find exactly where John McAfee was hiding.
The Exif data revealed that John McAfee was standing next to a swimming pool near the Rio Dulce in Guatemala. Along with the precise location, the Exif data showed that the photograph was taken with an iPhone 4S, held horizontally. The flash was turned off. The photograph had been taken at 12:26 PM on December 3rd 2012. That Exif data can be viewed here, using a free online tool.
After the post went up on Vice, Twitter users were quick to spot the mistake. McAfee hastily posted a blog post claiming that he had manipulated the Exif data himself as part of his escape. That post has now been deleted, and McAfee has since admitted that yes, the Exif data gave him away to the Guatemalan authorities. On 5 December, McAfee was arrested for illegally entering Guatemala.
It’s clear that Exif data can have unintended consequences, yet many photographers, amateur or otherwise, are unaware that the photographs they upload may reveal more than they intend. Photos posted on Facebook and Twitter do not display Exif data, but the tags are still uploaded to the site. As a rule of thumb, sending a photograph by email or posting it on any website that isn’t a social network will mean that the Exif data is still viewable.
One organisation who is very interested in Exif data is the NSA. In a presentation leaked by Edward Snowden, Exif data is mentioned as being part of the future data to be collected by XKeyscore, a formerly secret computer program run by the NSA.
With the presentation originating from 2008, it is highly likely that Exif data is already part of the metadata that the NSA collects and searches using XKeyscore.
It’s no wonder that the NSA is interested in keeping a searchable database of Exif data: after midnight on 11 September 2007, a photograph was posted on 4chan’s /b/ messageboard of some pipe bombs. The accompanying post stated that the bombs would be remote-detonated the next morning at 9.11 a.m. in Pflugerville High School in Texas.
It didn’t take long for 4chan users to extract the Exif data from the image and find the name of the student’s father. From there, it was easy to find the student’s name and home address. Calls were made to local police, and the student was arrested.
After examining the devices photographed to post online, police concluded that they were harmless. But 4chan users posted some advice on a follow-up thread that was published after the arrest of the Pflugerville student.
EXIF data is not your friend.
Anon is definitely not your friend.
FBI is serious fucking business.
Which is advice worth remembering if you’re a software entrepreneur on the run or a wannabe High School prankster.