Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss]

On Facebook's pictures watermarking
Sat 13 July 2019 — download

I received a couple of enquiries today about yet another Facebook's super dick move: it seems that metadata are silently added to uploaded pictures, in a custom IPTC field, with a value starting with FBDM, likely standing for Facebook Metadata.

This isn't a new trick, as Neal Krawetz already wrote a blogpost about this in 2016, mentioning that this practice dates back to July 2014.

Adding a custom metadata field to pictures allows Facebook to:

  • Track which user downloaded what picture, simply by looking at it, even on other websites: If someone downloads a dog picture from Facebook, and put it on reddit, Facebook will know who uploaded it, when it was downloaded from Facebook, from where, and by whom.
  • Create a cross-site social graph: Alice took a funny picture of cat, and uploaded it on Facebook. Her good friend Malory downloaded the picture, and sent it to her coworker Eve, via MMS. The picture being funny, Eve, who doesn't even have a facebook account, sent it to her Tinder date, Jasin, who uploaded it back on Facebook. Facebook now knows that Alice is friend with Malory and that Jasmin knows that someone who likes cat pictures is friend with Malory.

This is what a sample (courtesy of Dhaval) is looking like via exiftool:

$ exiftool facebook_metadata_sample.jpg | grep FB
Special Instructions            :
FBMD01000a9d03000068040000c0040000e10400001a050000bc05000021060000c9060000ea06000017070000ad070000
Profile Copyright               : FB
$

Fortunately, mat2 can remove them:

$ mat2 facebook_metadata_sample.jpg
$ exiftool facebook_metadata_sample.cleaned.jpg | grep FB
$

So don't forget to remove the metadata from pictures before sharing them. Depending on your platform, there are different possibilities:

And of course, don't use Facebook in the first place.