Privacy risk assessment on online photos

Haitao Xu, Haining Wang, Angelos Stavrou

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations


With the rising popularity of cameras and people’s increasing desire to share photos, an overwhelming number of photos have been posted all over the Web. A digital photo usually contains much information in its metadata. Once published online, a photo could disclose much more information beyond what is visually depicted in the photo and what the owner expects to share. The metadata contained in digital photos could pose significant privacy threats to their owners. Our work aims to raise public awareness of privacy risks resulting from sharing photos online and subsequent photo handling conducted by contemporary media sites. To this end, we investigated the prevalence of metadata information among digital photos and assessed the potential privacy risks arising from the metadata information. We also studied the policies adopted by online media sites on handling the metadata information embedded in the photos they host. We examined nearly 100,000 photos collected from over 600 top-ranked websites in seven categories and found that the photo handling policy adopted by a site largely varies depending on the category of the site. We demonstrated that some trivial looking metadata information suffices to mount real-world attacks against photo owners.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 18th International Symposium, RAID 2015, Proceedings
EditorsHerbert Bos, Gregory Blanc, Fabian Monrose
PublisherSpringer Verlag
Number of pages21
ISBN (Print)9783319263618
StatePublished - 2015
Externally publishedYes
Event18th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2015 - Kyoto, Japan
Duration: Nov 2 2015Nov 4 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference18th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2015

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Privacy risk assessment on online photos'. Together they form a unique fingerprint.

Cite this