Your photos and videos know everything about you and can harm your country’s security
In wartime, there are photos and videos that should not be posted on social media or shared in chats. They are used by Russians to select targets. Even if you have hidden the geolocation, there is still a risk! Objects in the background or inscriptions on the walls can give away important intelligence information. What kind of danger do your photos and videos pose? In an interview with Dovidka.info, Oleksandr Korvin, head of the “Security 360” course at the “Boryviter” Military School, told us in which apps should you permanently disable geolocation and how to do it.
What data does a photo or video store?
Any media has such a concept called metadata. This is additional accompanying information to a visual image. The metadata we are interested in may include information about when the photo or video was taken, when it was last edited, and in which editor. But the main thing we are interested in is the coordinates of the location of the photo or video. If they were recorded, this is called geolocation. If geolocation is turned off, then it stops working, because this is the metadata that we restrict. These settings are now available to all users of both Android and IOS systems. How can they be disabled? Open your phone’s settings. Find the category “Privacy and Security”, open it, and then we are interested in location services. If we turn them off completely, they will stop working. You don’t really need this for navigation services. But then there are all your applications that can use the location. You select the camera and specify “Never allow access to location”. This way, all the photos you take in the future will not have access to the location.
When you post these photos on social media, the system itself changes the metadata there. They stop being original. But if you transfer this file unchanged, for example, through the Google Photo service, it will synchronise the photos from your phone with the cloud storage of all your photos.
You may sometimes get a reminder on your phone, for example, that you were in Montenegro or somewhere else 2 years ago. The system knows this from that geodata, because there are coordinates in this file.
You can always either disable geodata at the time you take a photo or you can also remove geodata from a particular photo. You can also edit it and specify any other location.
In what cases may geolocation not be a threat?
You obviously need geolocation in navigation services. It’s almost impossible to use Google Maps or other maps effectively if the system can’t recognise where you are. It won’t be able to provide you with a route. A taxi service will not be able to call a car to your address.
Where can geolocation be temporary? For example, in Telegram. Sometimes you can send your location to a friend to meet up. But there are a huge number of services that don’t need to know where you are physically located at all. For example, news services, shops. Because there you still specify the delivery address when you buy something. So why does an online store need to know where you are? If you don’t understand why the app needs your location, don’t provide it if possible.
Now, in wartime, there are a lot of prohibitions. What can’t be photographed or filmed?
I want to tell you a short story. A video was published on one of the Russian Telegram channels about the alleged shooting of a Ukrainian woman with children by Ukrainian soldiers because she was speaking Russian. The fact is that as soon as this video was published, local users quickly analysed where the video was made. It turned out that this place is very recognisable by the tree crowns. And it was on territory not controlled by Ukraine. And it was a staged video. The location was precisely defined, and not the one stated in the publication.
Therefore, there are certain markers that may not be obvious to you, but will be obvious to those who have it on their fingerprints. When you take pictures of air defence, you think you are photographing the sky with a missile flying and houses, and it doesn’t mean anything to anyone. But there are people who are experts in comparing publicly available photographs, maps, satellite images and understanding where the missile is being launched from. And this is, in fact, an identifier of where the launcher is located, which is a very interesting target for Russian ballistic missiles.
You’ve probably heard stories of Russians attacking, for example, restaurants and the like. We can only suspect how they came to the conclusion that this is a target worthy of attack. But we can assume two things: first, people who go to cafes can take selfies, photos, and post them on the Internet. If they publish these photos unchanged, for example, not just on social media, but send them to each other, then there is this metadata that will very clearly indicate where people are at the moment of taking the photo. Therefore, if you are involved in the military context, if you are going to a training, please don’t take photos with geodata, and even more so, if you have taken such photos, don’t share them unchanged. Because information may leak, and this photo with geodata will fall into the hands of the enemy, who will not even need to investigate. He will simply open the navigation in the maps and find the location.
But, in addition to geodata, there is another factor that can help determine what this photo indicates. These are photo analysis methods. These methods are used by the OSINT (OSINT is a service of a data processing system based on open information). Pay attention to text markers that can appear in the photo. There was a comical story about Prince Harry, who, while serving in the British armed forces, posted a photo on social media, where behind him on a white sheet was the login and password for some internal military system. This fell into the hands of all the investigators.
There are less obvious stories. For example, the story of STRAVA, a fitness app that analyses the activity of runners. Once they published a heat map of traffic along their most popular routes. As it turned out, in places where no one lived, powerful heat maps suddenly appeared, showing that people walked from 8 to 9 am in one direction and from 5 to 6 pm in another. This was analysed and it was found that these were American military bases. And this is an incredible danger, because both the location and the routine of life at these bases were published. No one did anything criminal, but the aggregated data from fitness trackers made this information public. Therefore, certain things may not be obvious to you.
If you are working in a military context or in another context that could be potentially dangerous for you if this data falls into the hands of the enemy, then remove the geo-data and try to anonymise the environment. Shoot indoors, and if you are shooting outdoors, keep in mind that it may be obvious where you’re taking the footage.
There are a lot of different strikes on the territory of Russia, and we see locals filming it and posting footage online. How does this help our intelligence officers identify the location?
Indeed, the people who are now facing such attacks there have not yet developed a culture of dealing with the publication of information. They immediately film and publish it. This way, at the very least, they inform our information environment that the attack was successful. And they discredit the Russian official media, which constantly claim that all the missiles were shot down. Literally 15 minutes later, we see a video from eyewitnesses. This is discrediting their spokespeople, their official communications office, and it works in our favour. I am very grateful to all the people from the Russian side or from the temporarily occupied territories who provide us with this information.