A picture is worth a thousand words!

Two Harvard students, Paul Lisker and Michael Rose, have unmasked 229 drug and weapon dealers with the help of EXIF data of pictures taken by criminals and used to advertise their product and services on black marketplaces in the dark web.

In order to analyze the listing images inside each archive, we first searched for and compiled a list of the file path of all JPEG images to ensure that no file went untested. (Images used for listings were only in the JPEG format; any other image formats — PNG, GIF, etc. — were used for website graphics.) Then, using Python and bash scripts, we checked each image’s EXIF data for longitude or latitude data, saving the coordinates for each geotagged photo and its file path to a text file.

The coordinates were then extracted and analyzed to determine the number of unique coordinates — very commonly, a listing and its associated image would be hosted on a DNM for several days, resulting in the same image, and thus the same coordinates, appearing in our results multiple times.

Information was collected from 2013 to 2015, totalling 44 million files or 1.5Tb of data from 83 dark markets and 40 associated forums and are saved into a repository maintained by Gwern Branwen, an independent security researcher.

What is EXIF?

EXIF, stands for “Exchangeable Image File Format,” may contain image dimensions, date and time (when it was originally taken and modified), the model of camera and its settings, information about the software used for editing, it’s creator and copyright information, as well as GPS co-ordinates of the location where the photo was taken.

How remove EXIF data from my photos?

Pretty simple, with the correct tools.

On Windows and Mac, you can use “Exif Purge”:


On Gnu/Linux, you can use a simple bash script with exiftool:

for i in *.jpg; do echo "Processing $i"; exiftool -all= "$i"; done


The original article on Medium


The archive


The bottom line

If you are privacy-obsessed, remove EXIF data from your photos!