Comment by ieie3366
1 day ago
Most likely: actually using the geolocation is an extremely niche usecase for images uploaded from mobile browsers.
I’d wager 99.9% of the users didn’t realize that they are effectively sending their live GPS coords to a random website when taking a photo.
But yes, a prop to the input tag ’includeLocation’ which would then give the user some popup confirmation prompt would have been nice
My first eye-opening moment working within the government was with team of herpetologists at the state conservation agency. They had a pretty slick public education campaign around protecting Gopher Tortoise habitats and a grand call-to-action "let the agency know where and when they see their nests". The whole thing fell apart because they were getting tons of earnestly-submitted junk data from earnestly-engaged citizens. Turns out the application was just a form that they asked people to fill out. I suggested they ask for user photos and scrape the EXIF data or ask them to opt-into sending their location and got laughed out of the room. Turns out that they discovered users immediately nope out of government websites that ask for their location! What a shame.
A colleague of mine tried doing this after a large sturgeon die off in the San Francisco Bay a few years ago. Citizens were asked to upload photos of dead sturgeon washed up on beaches. They actually got pretty good data (sturgeon are very easily identifiable) and lots of participation, but the location data ending up being largely useless because it was fuzzed (I think by iOS?) to a large enough degree to no longer be helpful, and the fields for manual coordinate entry had very low usage
Oh that's fascinating. I hadn't considered OS-level fuzzing as a hurdle until now. I'm an pixel guy and typically I get decently-accurate location heatmaps in the Photos app when I search by location; I wonder how we would have handled this. HABs are so difficult, they break my heart.
How does iOS decide whether to default to including location?
I coulda sworn, even in earlier versions of iOS 26, if you told it not to include location when sending a photo once then it would not include it by default the next time.
Also I thought that when you uploaded a photo from your camera roll to the web I thought it defaulted to no location. And that seems to have changed too. (Of course, you can still tap a button to withhold location EXIF.)
I wonder if there would be any way to fix this with the right messaging. With infinite funding and the right agency cooperation, I bet you could include this in a state parks app that you could also use for other useful purposes, like pulling up trail maps, paying for parking and camping, fishing licensing, signing up for volunteer events, receiving notifications with news around particular parks you frequent, etc.
But in the real world, if you put a QR code at the trailhead and said "take a picture of this code. When you see a tortoise nest, use the code to go to our website and share your exact location."
If people are wary of sharing their location with the conservation agency, you might have better luck if the website was run by a nongovernmental conservation group?
> I bet you could include this in a state parks app that you could also use for other useful purposes, like pulling up trail maps, paying for parking and camping, fishing licensing, signing up for volunteer events, receiving notifications with news around particular parks you frequent, etc.
I wanted us to do this so badly; inter-agency coordination was the biggest issue with I had with large-scale projects. The funny part about your comment is that each feature you listed was a function that a different agency or contractor handled. I won't name names, but the agency I worked for had better-than-expected public outreach and engagement and were organizationally flexible enough to get low-footprint, high-impact conservation PR like this out the door and in front of people in time to make a difference. But in state government, the idea of several agencies pooling resources for a permanent app store project is totally pie-in-the-sky thinking largely because nobody has the bandwidth to contribute. I'm trying to imagine submitting a PR to 'The State Parks App' org board to get this form shipped and in every instance, I'm getting yelled at.
> If people are wary of sharing their location with the conservation agency, you might have better luck if the website was run by a nongovernmental conservation group?
Our NGO partners were incredible for this sort of thing. People legitimately do not think twice about pinging a facebook group run by, say, the local aquarium and including their location, a description of the site, and photos of what they found. Social media removes a lot of metadata from uploads - they probably keep it someplace and I just can't get at it without a brokerage, idk - but it still gets better results than we did. One fix for the tortoise problem was to supply personal trail maps and golf pencils at trail heads. Hikers were encouraged to take them, mark on the map where they saw burrows along the trail, and put them in a box at the end of the trail/parking lot/ranger station. Park rangers would scan in the maps and upload the scans to our internal site and we would work it out from there.
> earnestly-submitted junk data from earnestly-engaged citizens.
What made the data junk? Were the provided coordinates not precise enough, incorrect, something else?
Well that's just it - in most of the submissions the coordinates weren't supplied at all, and when any location information was given it would come down to just a city name or a park name. They're trying to pipe these results into ArcGIS to inform park rangers where to reroute trails, public works departments where to survey before digging, and real estate developers which lots need proper relocation assistance before building on. They were depending on the average citizen to know how to fill out a technical field in this form and to do so accurately, and without and form validation. The whole project needed re-thinking.
2 replies →
> users immediately nope out of government websites that ask for their location
I for one am glad that that's the trained reaction of the masses
iNaturalist is great for stuff like this as it allows organizations to create projects for data collection on specific species.
I've also noticed that iNaturalist also fuzzes exact locations for some species within a geographic grid (example: zebra) even the ranch zebra in California.
Really? You don’t understand why people wouldn’t want to share their location with the government?
I get the reflex to deny permissions (and I also get the reflex to allow anything, in the interest of just getting the annoying pop-up to go away), but it's really tiresome that we have to expect people to avoid thinking even the least bit critically at every juncture.
If you're filling out a form with the express purpose of letting someone know specifically where something is... a request for location information is reasonable, duh. And I won't accept the "people are busy and don't have the time and energy to think this through" excuse. If you're taking the time to fill out this form, then yes, you have the time -- seconds, at most -- to think this through in this particular case.
1 reply →
If a state environmental agency asks you for your location on photos that you volunteered to upload and you freak out, you might be mentally ill.
7 replies →
I was being facetious there, to be clear. my bad.
> I’d wager 99.9% of the users didn’t realize that they are effectively sending their live GPS coords to a random website when taking a photo.
I'd wager 90% of the photos on Google Maps associated with various listings don't actually know their photos are in public. I keep coming across selfies and other photos that look very personal, but somehow someone uploaded to Google Maps, the photo is next to a store or something and Google somehow linked them together, probably by EXIF.
Google prompts you in Google Maps if you want to upload your picture to Maps.
I sometimes do that for random pictures, even like selfies, which I don't mind popping up there.
Wait... You post selfies on Google Maps? The thought never crossed my mind. What would the purpose be? Sorry I'm probably thick...
10 replies →
I had a popup on my iPhone one day "You were in City Park last weekend, would you like to share those photos?". I stopped allowing google access to my photos after that. A little late though, they had apparently scraped all of my data already.
7 replies →
I suspect there used to be a flow which was far too easy to share directly to Google maps. I was browsing the map once and found a picture of a credit card in a room in a hotel. I guess the guy intended to send it to his PA or something.
Like IMG_0001 https://news.ycombinator.com/item?id=42314547
I have friends that do that and it’s intentional. Had a good time at a store or restaurant? Take a selfie and upload to Google Maps. Also take a selfie video and upload to Instagram stories. It’s a way of life that defaults to more sharing.
> actually using the geolocation is an extremely niche usecase for images uploaded from mobile browsers
Is it only for mobile browsers? The article makes it sound [0] as if it is a general thing, even when sharing through bluetooth, and that only copying the image via usb connection allows you to keep geolocation in exif. Not sure what happens when you upload to native apps, eg to some cloud storage app (photo specific or not). I definitely want my location to stay when I make a cloud backup of my photos with an app intended for that.
[0] Quote:
>> Using a "Progressive Web App" doesn't work either. So, can users transfer their photos via Bluetooth or QuickShare? No. That's now broken as well. You can't even directly share via email without the location being stripped away. Literally the only way to get a photo with geolocation intact is to plug in a USB cable, copy the photo to your computer, and then upload it via a desktop web browser?
I'm guessing they changed the default behavior from "include metadata" to "strip metadata" so now any app that wants metadata has to request it explicitly, and any older apps which don't know how to make such a request are simply unable to get location data?
Seems like this is possibly related to the ACCESS_MEDIA_LOCATION permission[1], and Google's recent efforts to force applications to migrate to the scoped storage API. See: https://developer.android.com/training/data-storage/shared/m...
Probably someone more versed in Android's APIs could give a better explanation.
[1]: https://developer.android.com/reference/android/Manifest.per...
Yes, it's about that permission. It's not even that recent, it has been implemented since Android 10. I think it's summarized quite well here [0]:
If your app targets Android 10 (API level 29) or higher and needs to retrieve unredacted EXIF metadata from photos, you need to declare the ACCESS_MEDIA_LOCATION permission in your app's manifest, then request this permission at runtime.
So if the app-developer didn't take explicit effort to request this data (and the user-permission for it), his app will not receive it.
[0] https://developer.android.com/training/data-storage/shared/m...
No way they broke it for Google Photos. Anyone who needs location and doesn’t do cables, or can’t figure this out, can simply subscribe!
Can you compress a folder with a photo it and then email that? Just curious.
> Can you compress a folder with a photo it and then email that? Just curious.
If the app that creates the compressed file uses the media API to get the file and doesn't have the permission to get location-info, the data will be stripped before the OS is handing the file over to that app. This is likely different if the app uses the READ_EXTERNAL_STORAGE permission and API's to read the files though, which is a legacy permission that was mainly kept for file managers now...
If your app targets Android 10 (API level 29) or higher and needs to retrieve unredacted EXIF metadata from photos, you need to declare the ACCESS_MEDIA_LOCATION permission in your app's manifest, then request this permission at runtime.
Source: https://developer.android.com/training/data-storage/shared/m...
> extremely niche usecase
Phones are computers though, it’s not up to Google or Apple to decide what’s a good use case for my own pictures.
You are not the target audience :)
Then I'm not the target audience for any mobile OS, given the restrictions of Google's and Apple's platforms, not to mention the inadequacy (for me) of the features sets for any of the niche open source alternatives. While I expect I'm not in the majority, I'm certainly far from unique.
That's not a good position to be in; this duopoly we've allowed to prosper needs to go.
It is absolutely Apple's job to protect people who do not have the desire or capacity to decide what is a good use case or not from predators (yes, the ad industry is 100% predatory).
The whole reason I and my entire family have iPhones is because there are entire classes of scams and scum that you don't have to be constantly vigilant against. If it didn't do that, I wouldn't buy them.
I'm gonna die on this hill, but silently attaching very sensitive PII (including exact lat/lon) to photos has always been a terrible anti-feature. One of those "WTF were they actually thinking?" terrible anti-features. Imagine if you created a word document and Microsoft silently attached your home address to them as metadata. Awful and totally unexpected to the vast majority of users.
Well Microsoft actually did attach metadata to word files, and it led to the arrest of a serial killer. Not saying they should do it, just found it funny that you picked the one example that did actually happen.
https://www.reddit.com/r/wikipedia/comments/am9mzq/its_neat_...
As someone else mentioned it IS entirely problematic how advertisers/others abuse people, and I get WHY location gets stripped. I still think it's abusive to take away the user's choice.
(and why do they have to strip almost ALL EXIF data, instead of just location? [yes, yes, fingerprinting, but there are LOTS of iPhone {NUMBER} whatever out there])
It really just needs to be clearly communicated, opt-in at attach time. Probably with a severely hidden, developer-screen level, or BIG WARNING in security settings to totally disable stripping.
I assume most people won't want it, _usually_, so when adding photos just have it be a double-opt in - you have to both hit an extra button during attachment, then select "include location" or "include location and metadata", then a modal warning/confirmation.
Something like: "Confirm including photo location? This will permit the recipient to see where the pictures were taken. <yes/no>"
I agree with you that, when sharing, location should be stripped by default with an option to include it.
After seeing this post I checked my recent photos. I'm using a Pixel 6 Pro with the most recent android release and the stock camera app. None of my recent photos have location in the EXIF, even locally, and there's no option to turn it on.
It's particularly galling that the Camera app still wants location permissions and if you view a photo in the Google Photos app, the location is still there. Google can have those exact locations, but no one, not even the user, can.
It's abusive as hell.
1 reply →
I want the location on every time, without exception.
The current behavior is exactly what I wanted.
These "all users are imbeciles that need our protection" design pattern needs to die a swift death.
It's maddening, We're constantly taking kitchen knives and replacing them with the colorful plastic toddler version and still have the same cutting tasks.
Seems to be quite simple, an App which wants to access this info just needs to set the permission for it.
Chrome doesn't seem to request that permission, so the OS doesn't provide the location-data to the app.
If your app targets Android 10 (API level 29) or higher and needs to retrieve unredacted EXIF metadata from photos, you need to declare the ACCESS_MEDIA_LOCATION permission in your app's manifest, then request this permission at runtime.
Source: https://developer.android.com/training/data-storage/shared/m...
I was a fan of the idea that the OS would strip location data on any upload via web/app, but would preserve the data when doing specific types of transfers deemed not via third party like direct transfer to computer or AirDrop
Upload file doesn't mean mutate file.
No. Upload file means upload file. If you want to mutate the file, mutate the file.
When tools assume you're stupid and insert silent surprises unrelated to the task they no longer deserve the title "tool" because they are fundamentally doing other things.
11 replies →
And most people don’t want their location shared with random websites.
On that point I would agree - I never used that. But Google also lied why it wanted to destroy ublock origin. It was clear to everyone that they did it because people can break away from ads infiltrating their computers. I can't use the modern www anymore without general content blocker; ublock lite is good but nowhere as useful as ublock origin was. I notice this when I compare e. g. firefox with default chrome. So many websites have a totally broken UI. With ublock origin not only can I get rid of popups or ads but also horrible UI choices. I use that on so many websites to simplify them.
Use IronFox or Fennec, preferably on GrapheneOS. You won't have freedom on Google or Apple controlled devices.
I have not seen an ad in years.
Well Apple has had ad blocking extensions for over a decade and full extension support for a few years
2 replies →