Privacy experts warn of dangers associated with online 'photo scraping'
Michael Oliveira, The Canadian Press
Published Wednesday, January 1, 2014 10:08AM EST
TORONTO -- When a photo of the late Rehtaeh Parsons was used for a dating website's advertisement on Facebook last year, the callous misappropriation of her image shocked those who saw it.
It should've also been seen as a warning, say privacy experts.
Having a photo stolen and reposted elsewhere online could just as easily happen to any of the millions of Canadians who regularly post images to the web without a second thought.
"Many of us are sharing images without considering how others may use them or how we may lose control," says Marian Merritt, the Internet safety advocate for security software maker Norton.
Last September, ads for the now defunct Ionechat.com featured photos of Parsons with the text, "Find Love in Canada! Meet Canadian girls and women for friendship, dating or relationships."
It had been several months since the much publicized death of the Nova Scotia teen in April following a suicide attempt. Her parents said she was the victim of an alleged sexual assault when she was 15, and then bullied about it for more than a year.
The online backlash over the misuse of Parsons's image prompted the company and Facebook to apologize and pull the ads.
It's very possible the images of numerous other Canadians were also swept up in 2012 as part of a digital art project hosted at Lovely-Faces.com.
The website was designed to look like an online dating service and included fake profiles based on images and data taken from one million Facebook users who had their privacy preferences set to public.
The partners behind the project, Paolo Cirio and Alessandro Ludovico, say it was easily put together because of a process called data scraping. They wrote a simple program that automated the collection of Facebook data that was publicly available to anyone and everyone.
"Facebook tries to expose as much as it can, they want search engines indexing that personal information (that isn't marked private)," says Cirio.
"And because of that it was pretty easy to harvest that data."
The website has since been taken down and Cirio says any users who found their photos or data on the site were able to request that it be removed.
He says the project wasn't meant to be nefarious and was designed as a social commentary on the dangers of posting private information online.
"People are not educated and do not know the danger about publishing their private data, especially to a company's platform that makes money and has an aim to expose their personal data to generate more traffic and make more money."
Merritt says even experts find themselves making mistakes online that lead to privacy lapses. And sometimes once the mistake is made, it can't be undone.
Merritt ran into the band Arctic Monkeys while on a vacation with her daughter, who was able to pose for a photo with the rock group.
"We posted it on a social network, which is what you do. And one of her friends was really excited, tagged it with the band, and posted it to their fan page," says Merritt.
"It has subsequently ended up on other social media sites many thousands of times, so we have completely lost control of my daughter's image, and there's not much we can do about it. And it's kind of our own fault."
Luckily, there was nothing embarrassing about the photo, otherwise it could've been much worse.
"You've heard the stories where kids have an unfortunate or embarrassing image, and adults too, and it becomes an Internet meme where people make changes to it (and make fun of it)," Merritt says.
There's even a chance that a photo uploaded to a social network could potentially be used in a way you didn't originally intend by the platform itself.
"You know from the end-user licenses of popular social networks that they do retain the rights to do things with your images," says Merritt.
For example, Facebook's policy states: "for content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP license)."
As for the odds of users finding that their photo has been stolen and used in an advertisement on Facebook, manager of privacy and safety Nicky Jackson Colaco says "statistically it's very, very small." She advises that should it happen to a user, they should click on the Report button to have it resolved.
"If you believe that your copyright has been violated -- either your photo or a photo that you took and someone is using that -- if you report that to us we're definitely going to take the appropriate action, so we want to hear about those cases and to make sure that we're really responsive," says Colaco.
"(Parsons's) case in particular was a very interesting case because it was a violation of our policies and it was also an advertiser not based in the U.S. or Canada, who had chosen that photo at random to use and it was just very, very unfortunate. We felt very badly that that happened but we were able to rectify that situation."