A Picture Is Worth a Thousand Cookies

Ben Sandofsky
Mar 26, 2018
6 min read

This year is turning into a wakeup call for privacy. First we learned about Cambridge Analytica. Now we know Facebook collected call and SMS history for years by abusing Android permissions. It almost feels like every week, we’re seeing another egregious data breach or privacy violation.

Working on a camera app, we have a deep understanding of what’s stored on our phones. We think about privacy a lot, and we’re surprised when people grant access to their photo library without pause.

Modern phones can analyze a thousand photos per minute. Combine your “Selfies” album with machine learning, and it’s trivial to figure out your age and gender.

It bears repeating, this can be done on your phone. No need to upload photos. Just summarize the interesting details, and upload to the cloud in seconds. And once you grant an app access to your Photos, you really do give it access to all your photos.

Here’s the thing: modern neural nets can recognize objects in real-time.

The YOLO Object Detector: “You Only Look Once”

Take a lot of photos of your dog? Ad companies can show you ads about dog food. Ever snap a photo of an awesome dinner? Ad companies can figure out your favorite food. The GPS coordinates stored in your photos can show your travel patterns, where you work, live, and all the places you frequent.

There’s no evidence that Facebook does this now, but they believe OS permissions grant consent for anything they can dream up. They know that if they’re caught they can get away with a statement like “It was just a test!

Not everyone has the freedom to #DeleteFacebook and its subsidiaries. Countries like Brazil and the Netherlands use WhatsApp like a public utility, and Facebook Groups is used by life-or-death support groups and public organizations for crucial information.

We’re no different: as a small outfit building an iOS photography app, we can’t quit Instagram, because it’s the pre-eminent photo sharing platform.

Heck, even if you delete your Facebook account, they can still collect information about you without an account — which leaves you feeling utterly helpless.

So what can you do? Until everyone moves to the next social platform, we can recommend some steps to mitigate Instagram’s mischief.

Step 1: Revoke Access, Use Sharing

Go to system settings, tap on Instagram, and disable access to Photos.

You’re probably wondering how you’ll upload photos. Will you have to toggle this on and off all the time? Nope!

Rather than upload directly through Instagram, open your photo in the system Photos app and tap the share button.

In the share window, tap the Instagram icon.

You can send it directly to Instagram, without granting access to your entire library.

You don’t get access to Instagram’s filters, but this is 2018: There’s tons of free and paid photo filter apps that give even better results.

Step 2: Disable Location, Watch out for Tags

Go back to System settings and make sure you’ve disabled Location.

Problem solved, right? If only it were that simple.

A few weeks ago my family threw me an engagement party in Boston. I took a photo, but didn’t upload it until I was back in California. When I went to tag the location, somehow it knew to suggest Boston!

I was uploading this from 3,000 miles away.

It’s easy to forget photos have location information embedded in them. When you upload a photo to Instagram, this location data comes along for the ride.

Open the “Places” album on your phone. If you’re like me, most photos are clustered around home and work. Facebook can figure this out, too.

What can we do? We thought about this problem from the very beginning of Halide, and included a button to toggle location tagging.

For a long time, we kept location off by default, but many people emailed support, upset their photos didn’t have location tags. In a recent update, we turned this on by default, and users are much happier.

Over time, we’ve accepted that nobody wants to manage this stuff by hand. We’ve racked our brains to figure out a better solution. Normally we don’t pre-announce features, but today we’re making an exception.

In a future update to Halide, we’re removing location data from photos you share to Facebook or Instagram. We haven’t decided yet if this will be opt-in or opt-out, but you’ll be able to change this in Settings (and feel free to let us know your preference!).

Step 3: Disable Tracking

Facebook spends a ton of time and money to convince companies to add Facebook code to their app. It’s known as their ‘Software Development Kit,’ or SDK.

Their SDK makes it really easy to hook up a “Login With Facebook” button, but maybe the biggest reason is conversion tracking. When app-makers run ads on Facebook, they want to know how many people who saw their ad went on to download their app. So Facebook asks developers to “phone home” whenever their app starts.

There’s no opt-out.

Facebook’s SDK sends back the iOS Advertiser identifier. This is a unique number that’s the same across all your apps. Because Facebook sees the same ID, they can cross reference it and figure out who your are what apps you’ve used.

You don’t need a Facebook account. With just the advertiser ID, Facebook can construct a profile about the apps you use. With a web view, they can then link you to cookie and track you on any site with a “Like” button.

What can we do? Open System Settings, tap ‘Privacy,’ ‘Advertising’ and turn on the ‘Limit Ad Tracking’ switch.

This will deny Facebook the identifier that can be tracked back to you. At least, in theory.

Unfortunately, advertising companies have entire teams whose only job is to find clever workarounds to track you anyway. Shout-out to whoever works at Apple playing this game of cat-and-mouse.

Step Impossible: Avoid Apps with the Facebook SDK

When an app uses the Facebook SDK, Facebook gets access to the same permissions that the containing app has. Let that sink in.

I dug through a few popular photography apps on the iPhone with a disassembler. I discovered VSCO uses the Facebook SDK.

Using VSCO, you’d have no idea it’s talking to Facebook. We wager they’re just using it to track ad conversion, but who knows? Sadly, the web has tools like Ghostery to block trackers, but there’s no such solution for mobile apps.

We can do our part, though:

Our Pledge

Your photos are some of the most private and personal data you own. It takes a lot of trust us to grant us privacy permissions, and we will never violate that trust.

We treat your data as private, by default. We do not share any information with other companies. We don’t send your photos anywhere, or analyze them for private information. We don’t use any third party SDKs, and we audit every line of code that makes its way into the app. We will only associate ourselves with people and companies that feel the same way.

Finally, we will be spinning down our Facebook presence and directing people to use our official (off-Facebook) support channels and feeds. We haven’t spent a single dollar in advertising to support Facebook in 2018, and we don’t plan to.

We hope other photography apps to step up and make a similar pledge.