What is metadata?
Many people won’t have heard of metadata, but it is stored in many files and its existence can reveal a lot about you. Metadata is “data about data”. Some image formats (notably JPEG and TIFF) store EXIF metadata, which is created by most digital cameras, scanners, and graphics programs. EXIF data can store a huge range of information about an image, including the time and date it was taken, the camera settings (ISO, f/stop, shutter speed), the camera make, model and serial number, and if your camera supports it, even the location the image was taken (geotagging). Here is an example of EXIF data for an image on Flickr. Scanners regularly store usernames in the files they create, so it may be possible to tell who created an image.
Similarly, Microsoft Word for example, stores metadata about the documents you create, including your username, your company name, the names of all authors, editing time, and even previous revisions of documents (which means deleted text).
Why is this a problem?
Apart from the obvious problems of potentially revealing usernames and locations, image EXIF data also stores a thumbnail (a smaller version) of the image to speed up its display. This thumbnail is not always updated when the main image is changed. This means if you crop or edit out details in an image and save it, the EXIF thumbnail may still reveal the full, unedited image. Several people, often celebrities, have been caught out by this, but the images are a bit risqué to post here.
Metadata in Word documents have also caught out a few people, including police forces, governments, and employers. This BBC article has some good examples.
Some software developers are aware of this problem and provide options to stop metadata being included in documents. Microsoft have a page which explains how to do this in Word.Images are a bit trickier (I haven’t seen an image editor with these options), but you can download programs to easily remove EXIF data from your files.
Which just goes to show – there really is no such thing as anonymity when a computer is involved.